Hack the North 2015 CTF

I had the privilege of contributing to Hack the North‘s 2015 capture-the-flag. After just under two days, it was finally solved. In all, this capture-the-flag provided a great learning experience to hundreds of those planning to attend Canada’s biggest hackathon.

The roaring success of this activity can only be described with numbers. So here they are, at least for the portions that I managed:

  • 1290 accesses of the employee panel
  • 988 login attempts on the employee panel
  • 687 attempts on the bank
  • 256 accesses on the admin panel
  • 86 accesses to the keys screen
  • 8 successes on internal node #4 (securehash)
  • 5 unique users completing the challenge

If you’re interested in the contents or solution of this challenge, please check out the in-construction solutions document.

Advertisements

Sampling bias in everyday life

Sampling bias occurs when a survey or series of observations deals with a sample that is, based on something inherent in the methodology, biased in some way. (The Wikipedia article does a much better job explaining it than I ever can.)

This can be seen in everyday life, without conducting systemic studies. I’ve compiled a few examples below.

  • I always seem to travel on the most congested lane. It turns out that this is not just bad luck—the most congested lane has more cars, so basic probability dictates that I’m more likely to be on that lane.
  • How long does the average relationship last? Not as long as you think—you’re more likely to witness a relationship if it lasts longer, so we all have a distorted view of the average relationship.
  • Consider the average number of friends each of your friends has. Because the people you are likely to make friends with are more sociable than the average person, this number is higher than the number of friends the average person has. In effect, this means that most people have fewer friends than their friends do. This is called the friendship paradox.

These fun examples illustrate how observations we make can be biased in subtle ways. Understanding sample bias is not just for the professional statistician, but is in fact important for everyday life.

Orders of Magnitude, Part 1: Money

Inspired by what a trillion dollars looks like, I decided it would be fun to investigate just how much varying amounts of money are. Using a 2014 Canadian Dollar as my baseline, I started from $0.000000001 and went up from there. Of course, none of the below are exact, but I tried my best to find interesting things as close as possible to the monetary value listed.

One “nanodollar” ($0.000000001)

This amount is, as you probably guessed, not enough to buy anything interesting. There are obviously things that cost less (for example, one molecule of water…), but it’s somewhat difficult to come up with anything tangible. Inevitably, I need to find a fraction of something.

RAM is an important part of your computer, but it’s really not worth that much. You can buy very large sticks of RAM for very little money. Between 2010 and 2013, a stick of RAM would on average cost $8 per gigabyte, with one gigabyte being precisely 1000000000 bytes (contrary to popular belief, “giga” is a base-10 prefix—the binary equivalent is a “gibibyte”, which is 1073741824 bytes), which is in turn 8000000000 bits. A single bit represents one of two states, often described as “on” and “off”. So a single bit of RAM will cost one nanodollar, or $0.000000001.

Ten “nanodollars” ($0.00000001)

While we’re on the subject of technology, let’s talk about CPUs. People often measure CPU speed in terms of their clock rate; that is, how many times the CPU clock oscillates. Every few clock cycles, the CPU is able to run instructions; modern CPUs run instructions in parallel, however, so each clock cycle is able to accomplish many instructions on average. It’s not strictly correct to measure how good a CPU is based on its clock rate, but it’s often done anyways.

The Intel i7-3770K gives you 8 threads at 3.5 GHz for around $330. How much would a single Hz, or clock tick per second, on a single thread, cost? Some simple arithmetic leads us to our number—$0.00000001, or ten nanodollars. So every tick per second you buy, that’s the price you pay.

One hundred “nanodollars” ($0.0000001)

The average American car has a fuel economy of 25.5 miles per gallon, which means that every metre driven uses approximately 90 µL of gas. At current gas prices, just over $1 per litre, this works out nicely to costing $0.0000001 per millimetre driven.

We’re up to a hundred times where we were already, and clearly our money still isn’t worth much. Don’t worry: it’ll get more exciting soon!

One “microdollar” ($0.000001)

Everything we’ve talked about above isn’t very tangible—you’d have a hard time noticing one millimetre more of driving, or your CPU doing one more tick per second, or one extra bit of RAM.

I’m told that sand is sold for around $40 per ton. This “ton” is not the metric “tonne” you’re probably used to though—it’s a short ton, which is fourteen million “grains”. Ironically, the average mass of a grain of sand is not one grain! Apparently, sand masses at 23 milligrams per grain, which is approximately a third of a grain per grain. Hence, a single grain of sand will cost you just less than a single microdollar, or $0.000001.

It’s not easy, but you can see a grain of sand.

Ten “microdollars” ($0.00001)

We’re getting richer now, though we’re not yet rich enough to buy a luxury car. But things from now on will get increasingly decadent!

Funnily enough, a grain of rice masses around 25 milligrams, which is pretty close to how much a grain of sand masses. Rice is a lot more expensive, however, for obvious reasons. You can save money by buying big bags, but at best you can hope for half a kilogram to the dollar. That means that a single grain of rice works out to just a tad more than ten microdollars, or $0.00001. It’s not a lavish dinner (nor is it enough calories to be a real meal), but hey, it’s cheap.

One hundred “microdollars” ($0.0001)

If you’re thrifty, you can get a haircut for just $10! Actually, that’s getting a whole head’s worth of hair cut. How much does it cost to cut a single strand of hair? Well, since there are 100000 hairs on a human head, that number would be $0.0001. So a hundred microdollars is enough to get a single hair cut.

I always found it odd how cutting a single hair costs about 10 grains of rice, but it makes sense when how much labour goes into each is considered. Rice farming is mostly automated, and each individual grain of rice needs very little human attention. On the contrary, your barber spends several milliseconds on each hair that you get cut, which is substantially more.

One mill ($0.001)

Did you know that the mill is a real unit of currency? In fact, we still use it today, when we fill up our cars with gasoline. The pumps display prices with an extra decimal digit past the cent—that is, prices accurate to the nearest mill.

Singing “Hot cross buns” as a kid makes me want to buy a hot cross bun for half a penny. At the time, a pound sterling was worth 240 pence, as money in England had yet to be decimalized. So just two mills would be enough for a heated pastry!

Those days are over now, though. On the bright side, there are still everyday objects that cost a single mill. A pack of 5000 staples from Staples® is selling for just a tad less than $5, putting the cost of each individual staple at just under a mill.

One penny [or cent] ($0.01)

Just a few years ago, the penny was our smallest denomination of coin here in Canada. Now, this honour is held by the nickel, but many of our transactions are still rounded to the nearest penny. Unfortunately, there was a good reason for getting rid of the penny—there isn’t anything you can buy for just a single penny. Asking your local stationary store for a single paperclip will come across as very obnoxious, and your request will be refused (or, they’ll just give the paperclip to you for free).

It is true however, that on average, a cheap paper clip will cost a cent. As a kid my teachers taught me that a paper clip massed approximately one gram. They’re also approximately a centimetre wide and a millimetre thick. And, if you get the plastic ones, they might even displace a millilitre of water. So I’ll add the fact that paperclips cost one cent each to these handy approximations.

One dime ($0.10)

When I was a kid, there were vending machines that spit out a small candy when you put in a dime. These don’t seem to exist anymore—they all ask for quarters now.

But I’m not a kid anymore, and my desire for gumballs has been supplanted by my need for pencils. Pencils are very nice. They’re comfortable, erasable, and cheap too! You have to buy them in packages, but their average cost is just one dime per pencil.

One dollar ($1.00)

Back when I was very little, this was the combined balance of my piggy bank, accumulated thanks to the tooth fairy. Back then, the dollar store sold things for $1.00. Nowadays, it seems dollar stores are selling things for two or even five dollars, which is ironic, given how they still call themselves dollar stores.

The new “dollar stores” are music stores it seems. One of the few remaining places where just about everything costs a dollar is iTunes (unless that has changed too recently). It seems that this price is a bit steep for some: flying the jolly roger is increasingly commonplace. So, most of the music probably isn’t worth a dollar, but that’s how much you’re “supposed” to pay for them anyways.

Ten dollars ($10.00)

Now we’re getting somewhere! At most fast food places, $10.00 is more than enough for a meal. At my local subway it’ll get you a footlong and a drink, and you’ll have plenty of change to spare. Places like Burger King, McDonalds, or Tim Hortons are even cheaper, and with $10 you can probably get a lunch for two.

On the other side of the spectrum, restaurants such as steakhouses can charge well in excess of $20 for even a light meal, especially at dinner. But these generally aren’t an everyday thing. And, of course, these restaurants are a lot more rare than fast food places.

For the average person, I’d say eating out costs (on average) $10 per meal, or maybe a tad more. I can’t confirm this with any hard sources, but personal experience and some averaging gives something close.

One hundred dollars ($100.00)

Now we’re getting serious. $100 can go pretty far, especially if you’re frugal.

If you’re not frugal though, and prefer to waste money on something less useful, you can get some basic jewelry. My birthstone is the ruby, and it turns out that some of the cheaper ones can be purchased for just over $100.

Jewelry varies in price a lot, and gemstone jewelry prices sometimes don’t make sense at first glance. For example, a 2-carat ruby is worth much more than two 1-carat rubies, because the former is more rare. You can cut a 2-carat ruby into two 1-carat rubies, but merging two 1-carat rubies back into a 2-carat one is impossible. This problem doesn’t exist with gold, of course, but any sizeable quantity of gold will drill large holes in one’s wallet.

One grand [or one thousand dollars] ($1000.00)

For most people, a grand is a lot of money. It’s generally well over what most people carry around in their pockets. And it can buy some really neat stuff.

They say a picture is worth a thousand (ha!) words. Here’s one of the nicest things I found for just a thousand dollars:

 Gazebo

Ten grand [or ten thousand dollars] ($10 000)

In some places, yearly income averages out at just ten thousand dollars. I’m lucky to live here, where it’s much higher. Even so, ten thousands dollars isn’t something that’s spent without a lot of consideration beforehand.

One of the things whose steep price I have recently been annoyed at is university. Tuition costs here in Ontario are expensive. The average cost of one year’s worth of engineering tuition is around $10000, according to the linked chart. Luckily, I’m not planning to go into engineering, but still…

It’s better here than in many parts of the United States, of course. Plus, there are always scholarships to minimize the burden.

One hundred grand [or one hundred thousand dollars] ($100 000)

We’re already above the median yearly income in 98% of countries at this point. A house is the only thing that many people will buy that’s worth this much. Some might additionally buy a cottage, or an expensive car, or an investment in something.

But in the corporate world it’s different. Even the smallest things can be worth a lot, because they require a very high level of reliability, and a very high level of service. That’s why some advertising companies pay almost $100000 for a 3D modelling program!

In contrast, Blender is free, and more than enough for any personal use. But it’s not enough for a giant corporation, which needs all top-of-the-line features and, most importantly, technology support.

One million dollars ($1 000 000)

Many people will not buy any one single thing worth one million dollars. But a lot of people in this world do have the means. They buy things like mansions, luxury cars, jewelry, and a lot more. When you divide the price by the weight, to get the price per kilogram, there’s one stunning thing commonly bought that’s as expensive as jewelry: art.

Below you can view Henri Matisse’s “La Jardin”, worth one million dollars:

Le Jardin

Ten million dollars ($10 000 000)

The numbers are getting big now. Many people will not make $10 million in their lifetimes! But there are still people who will buy things for $10 million, even things that don’t make sense to most of us.

The most expensive things by mass are not precious metals, nor gemstones, but rather stamps. Just this year, a small one-cent stamp sold for just short of ten million US dollars.

You don’t have to be a millionaire to enjoy collecting stamps, though. If you still send snail mail often, keep a stamp for every year of your life. It’ll be worth showing your grandchildren.

One hundred million dollars ($100 000 000)

With few exceptions, a hundred million is not generally spent by individuals. But that doesn’t mean we never encounter them—many objects around us do cost that much. Aeroplanes, for example. Boeing sells many types of airliners, some more expensive and some less so. At the time of writing, the 737 MAX is close to $100 000 000.

The price tag may seem steep for a vehicle holding a few hundred people at most, but aeroplanes see a lot of use before they’re retired. Given the price of air travel, most airlines can make a handsome profit.

One billion dollars ($1 000 000 000)

Few people have a net worth this high—estimated as less than a hundred worldwide. But for many companies, a billion dollars is routine. It’s also a nice round number when it comes to acquisitions. Instagram of course comes to mind. In 2012, tech giant Facebook acquired the image host for approximately a billion dollars. That’s a lot, but it’s hardly Facebook’s largest acquisition.

Instagram makes the unusual choice of confining photos to a square shape. I don’t know whether this increases profit—I do not see any obvious advantage in doing so. Indeed, square images make full-screen viewing on most mobile and tablet screens difficult. Perhaps I’m simply too square (pun intended) to understand why the designers did it this way.

Ten billion dollars ($10 000 000 000)

This is no doubt a lot of money. Even most corporations would balk at spending that much, unless the company they’re acquiring is very important. Governments have been known to be a bit more liberal in terms of spending money, however.

All but the most diehard football fans would agree that the recent World Cup in Brazil is an example of overspending, with its price tag of $14 billion USD. This is more than twice the cost of the most expensive World Cup before 2014, and is comparable to the cost of the 2012 Summer Olympics in London. In fact, it would take the average Brazilian a million years to earn that much money!

One hundred billion dollars ($100 000 000 000)

Imagine a hundred billion dollars being spent on infrastructure and property by the citizens and governments of a small geographic area. That’s a lot of infrastructure! But in a matter of days, it could be gone.

That’s what happened in 2005, when Hurricane Katrina plowed into Louisiana. In 2005 USD, the property damage was estimated at $108 billion dollars. That’s worth even more today due to inflation. Indeed, Hurricane Katrina was the costliest disaster in American history.

The price tags that come along with hurricanes are easy to ignore, because they’re small numbers with a “billion” attached at the end. Hopefully reading the above has convinced you otherwise of just how devastating one of these is.

One trillion dollars ($1 000 000 000 000)

No publicly-traded corporation is worth a trillion dollars today. There are rumours that Saudi Armaco, a state-owned oil company, could be worth between $2 trillion and $7 trillion, but this is hard to measure because the company is not sold on a stock exchange.

Capitalism, despite what modern media will have you believe, is nowhere near as centralized as it used to be. Before the mid-20th century, monopolies over important industries were common. Companies like Standard Oil or the Pennsylvania Railroad or the South Sea Company were vastly bigger than even the largest today. Not even state-owned Saudi Armaco can compare.

In the last half-century, no public companies have reached $1 trillion in market capitalization (meaning, the combined value of that company based on the price people are willing to pay for their stock). But one has come extremely close—Microsoft.

Briefly in 1999, Microsoft stock reached an inflation-corrected $856 billion USD. This is likely to be, although I’ve not conducted an exhaustive search, the most valuable public company since 1950. Nowadays, Microsoft is not worth as much—indeed, companies like Apple have overtaken it.

It’s worth noting that $856 billion USD is $930 billion CAD, which is even closer to a trillion.

Ten trillion dollars ($10 000 000 000 000)

I should note that somewhere along the line, I stopped talking about physical, cash money. When the physical coinage and bills of every country of the world are added up, the result is merely a few trillion dollars. Most money does not take the form of physical coinage, but rather numbers in a bank’s computer system.

During the fallout of the Great Recession, several banks were in grave danger. In one of the most controversial secret acts of the US Federal Reserve, $16 trillion was approved to bail out foreign and domestic banks. These bailouts obviously were not done with physical cash money. Instead, the Federal Reserve “creates” money by electronically crediting their accounts. This lowers the required reserve that a bank must keep (that is, it can loan out or invest more of its customers’ deposits than it was legally allowed to before), as it has an electronic credit from the Federal Reserve to back the legally-mandated proportion of deposits.

The mechanics of this are fairly complicated (and additionally very controversial), so I’ll cap it at that.

One hundred trillion dollars ($100 000 000 000 000)

The combined assets of the entire US economy are estimated to be worth $188 trillion USD. This has little in common with GDP, which is a measure of economic productivity over a period of time (usually one year)—this number instead measures something similar to “combined wealth”. Of course, many things are double-counted, because often one person’s asset is another person’s liability.

For example, if I lend $1000 to a farmer, who buys a cow with the money, that money will be counted twice. I have $1000 of assets because the farmer owes me that much, and the farmer also has $1000 of assets because he or she owns the cow.

One quadrillion dollars ($1 000 000 000 000 000)

The numbers just keep getting bigger. It’s hard to go on from here, given how we’ve already likely reached the entire world’s assets. At a certain point, assigning a monetary value just stops making sense.

One quadrillion dollars is a lot of money. It’s enough to buy the whole world’s oil reserves ten times over. The world’s gold reserves a hundred times over. But you can’t buy that much oil, nor that much gold (ignoring supply and demand for now). It simply doesn’t exist on our planet!

What’s the rest of the Earth worth? Environmentally, it’s priceless, but in the real world, it’s really not. It turns out, if something’s valuable, someone would have taken it already. That’s how modern capitalism works. The oceans, however big they are, are not worth much in a monetary sense—otherwise someone would have taken them. Same goes for the atmosphere.

The mantle probably has a lot of useful stuff, but it’s too costly to reach. So, economically, its value is zero. Same goes for most of the crust, and the core. Everything that has a value seems to be owned already, and the stuff that hasn’t can be bought with the change.

What can we buy for a quadrillion dollars? It’s possible that the best answer to this question is, at least today, “planet Earth”.