Sunday, March 13

期货(future)是什么,有什么意义

 这天中午午餐时,朋友们在一起聊着社会、经济,说到一些跳楼事件后,一个朋友A问:“什么是期货?”,跟着一个灵魂追问:“期货有什么用?”


我想着今天的日子,说:

现在是三月份,青黄不接的时候,粮食要7月份才能种出来(我说的可能是南方种两季稻或者三季稻的情况,也有可能我用的是农历的7月份,请不要纠缠细节),我这个农民就要饿死了;你现在给我一千块钱,按照1块钱1公斤的价格,商量好,在7月收获的时候,我就给你一吨谷子。

这就是期货,而它的意义就是:对我来说,我现在就有了钱,能活下来了,能存活到收获的时候。对你来说,你用相对低廉的价格(你认为在7月的时候,价格会比1块钱1公斤更高)买到了粮食。

故事还没有完。期货怎么交易呢?时间飞速来到6月1日,市面价格涨到了10块钱1公斤,所以你(A)可以拿着单子跟B商量,说:你用5000块钱从我这里买这个单子,下个月就能拿到1吨谷子了。好,B给了5000块钱给A,回头又把这个单子以6000块钱卖给了C。从A到B到C,完成了一连串的交易,其实这谷子还没有种出来。

这就是期货的交易。期货的英文词是“ Future ”(未来),这些交易,买卖的就是未来。

在这里,期货交易的意义是:经过多人的预测,越靠近交易日期,这些预测越准确,可以比较有效地避免价格大起大落,对社会造成冲击。



去年原油宝出现了这期货是负的,怎么算呢?


6月份粮食价格风云变幻,忽然降低到了1分钱1公斤的程度;C拿着单子,叫嚷着1分钱1公斤,都没有人来搭理,6月30日,合约就要到期了,而C本身并没有仓库,要是不把这个单子搞出去,农民明天就开着拖拉机把这谷子倒在他的家门口,到时候所需要的清理费(仓储费用、运输费用)还要高,所以他只好换了招牌,说“谁把这个单子拿过去,不仅明天拿到1吨谷子,我还送你一百块钱!”

好好的谷子,白送都没有人要,只好倒贴钱了。


空头又是什么呢?那就要换一个位置了。


现在你给了我1000块钱,我答应你7月份给你一吨谷子;但是我偷懒了,不想去种田, 我就去找另一个相信到时候的价格会便宜的人。我跟D说,这一吨谷子到时只要100块钱就能买到,现在我给你600块钱,你把这个单子(卖单)拿去。D只要认可到时候的价格会比现在的交易价格更低,这个交易就成功了;我什么事都没做,就赚了400块钱;D也不一定去种田,而是转头把这个单子以300块钱又卖给了E。


一群不事生产的家伙,把这一吨还没有种出来的粮食买过来卖过去,变着法子买卖。如果E成功的话,在7月1日交割的时候,从市场上用100块钱买来谷子堆在A的门口,他就赚了200块。


要是最后一天(或者最后10天),粮食价格上涨很厉害,那可怎么样?比如涨到了10,000块?

E以200块钱的价格拿到这个,以为他能以低于这个数字的价格转手出去,或者从市面上以低于这个数字的价格买到粮食,现在失算了,自己点的炮...打碎了牙齿往肚里咽,就只能以市场价格来把这场交易完成了。


几天前青山控股在镍交易上,就是出现了类似这样的打碎了牙齿往肚里咽的事。


Wednesday, February 9

Damn it, I almost got hacked, by "Norton renewal" trick

Declaimer: After I think it over, I don't think it is related to Symantec or Norton.

Declaimer: I was an employee of Symantec for 5 years.



Here is the story: I found a "Purchase update" email :


And the attached invoice has the Norton letter head:





and the information:




I am a ex-employee of Symantec security product, and I like this product, and I did subscript for its service some time in previous years from my own pocket, after I already left the company.  But at this moment I am not using it now, and I don't have intention to use it. I guess I forgot to discontinue the subscription?


Without thinking further, I took out my phone and start dialing the listed number 1-872-234-8154 , talked to the representative. The office sounds crowdy because I can hear another representative talking in another line when I am talking to this one.  After I told him I received this email, and I wanted to unsubscribe the service and get my money back, he asked for the invoice number , and confirmed this transaction was already occurred this morning , but he pleasurably assured me that he would guide me through the process and I would have my money back.

That is a good start.

He confirmed I was in front of a computer, then asked which operating system that was, Windows or MacBook. After getting the answer of Windows, he guided me to type Win+R to a command line, and type in "www.anydesk.com" .   A browser is open to visit this AnyDesk website. I checked it, and it looks like a normal remote IT Help Desk platform. So I followed his instruction and download it and got to the setting to type in a password.

Maybe he was not familiar with the procedure, he let me waited 2 minutes when he was looking for password for me to type in (set a password in my client, so that he is able to connect ), so I used this time to google "AnyDesk", confirm it is a legitimate website.



Yes, he comes back with a password "norton1234" for me to type in, and I did so.  I remembered doing similar procedure when I need IT help from headquarter office, they would require me to do similar thing, so that they can control my work computer to fix things.


Wait, I don't need Norton to fix anything in my computer. I don't even have the Norton software installed in this computer. Why do they need to control my computer? I am here to ask them to unsubscribe and get my money back.


Before anything happened, I modified the password in my client from "norton1234" to another password, then I asked him:"why do you want to control my computer?" He assured me this was the process of getting my money back. 


I don't buy it. Insisted on not letting his control my computer. Even if my computer don't have any sensitive data, getting it control would be a humiliation to me, as a de-facto expert in security for all these years. He said this was the only way to get my money back. That is unreasonable! I asked for his manager, and yelled at the manager about him trying to connect/control my computer, but the manager also said that was the correct way to get my money. I refused to let them connect to my computer, and they refused to return to my money. I had to say:" do you have any other way to complain about this process, or do I have to go to court to get my money back?" The manager just simply said:"Yes you can go to the court."


The argument was so heated, my wife in next room came over to make sure things was still under control.


Anyway, I hung up the phone, not accomplished anything. 


 I need to go to Norton website.


Then I logged into my Norton account, and found it says my subscription was expired. Didn't they just charged my $299.99 to renew?  Maybe the transaction is completed but the account is not refreshed with new info? But why  is says $49.99 to renew? That is fishy...


So I came back to the origin "Purchase update" email. The sender is not even from @norton.com. It is from a @gmail.com email address!


Damn, that was a social engineering hack! and I almost fell for it! Had I not reset the password fast enough, the bad guys would have full control of my computer and do things I don't want to know! My sense of "not being remote-control" saved me!


I don't think AnyDesk is part of this hack, but it is being exploited by the bad guys. 

Saturday, July 24

煮饭

两点钟了,饿了,虽然周六早饭都吃得晚,但是这个点,真的应该吃午饭了,孩子们虽然都在玩游戏,但是也要抓来吃 。

到厨房一看,还有很多剩菜,特别是豆豉梅菜扣肉,很下饭的那种,可是没有米饭。

好吧,任务开始:煮饭。

家里的象印牌电饭锅,煮饭很香,可是要一个多小时才能搞好,等不及了。开来今天只好用传统的煮饭方式。

我们用柴火煮饭的时候,淘好米,加上水(秘诀:“渣米拳,糯米掌”。如果是煮糯米饭,就加水覆盖米上一掌,横躺着的掌,那么高的水。如果是另一种米,非糯米,我们叫渣米,那就要在米上有一拳高的水), 然后就要看火候了,什么时候发现出来的水汽是直上的,锅里基本就没有水了,这就是米饭好了的提示,赶紧把火撤了,别烧焦。 在煮饭过程中掀开锅盖来看里面还有没有水,这是绝对行不通的,只会做出夹生饭来。

这种做饭方式比较考验火候、技巧。我们熟手能够正好放一灶柴火,正好烧完柴了,饭也正好,不夹生,也不糊锅。这年头没有人用柴火,这个手艺也就成了屠龙之技。


其实,我们还有另一种做饭方式,不需要技巧。过10分钟来继续写。先去看锅。

2:20饭成。

这种新的方式(老的方式)是在锅里放多一些水,就跟煮粥一样;水开之后注意米汤不要溢出来,可以把火关小,也可以把锅盖打开。总之就是跟煮粥一样;时不时捞一些米粒出来看看,只要里面没有了白点,就可以把饭用漏勺捞出来了;如果喜欢软一些的米饭,可以煮更久一些。

是的,这个方式就叫做“捞饭”。捞出米饭后,锅里留着一些,你同时还得到了一锅粥! 不用担心糊了锅,也不用担心夹生。老少咸宜,真是居家旅行必备技巧。

Tuesday, June 15

wildcard in no_proxy

 I searched information about no_proxy , and this post open my eyes. In summary, it shows the discrepancy between upper case HTTP_PROXY, HTTPS_PROXY, NO_PROXY and lower case http_proxy, https_proxy, no_proxy, and the tools behave differently to them. Basic rule: only use lower case of these variables.


no_proxy was not very famous, and I wonder why. Whenever you set proxy to visit out-of-network resource, it is guarantee that you need to set no_proxy to visit local network resources without going though the proxy.


Anyway, that post tested 5 different tools (curl, wget, ruby, python, go), and for no_proxy setting, it tested *.hostname . Now I want to report that "no_proxy=192.168.0.*" would not work for curl and wget, but it is working for telnet .




Yes it is all so strange. I agree with the title of that post: We need to standardize no_proxy.

This comment has been removed by a blog administrator.
 

Sunday, April 18

下载youtube音乐

 Copyright disclaimer: 本文介绍开源工具YOUTUBE-DL,可以从YOUTUBE下载音乐、视频。仅用于个人娱乐用。


我经常在YOUTUBE看到好的音乐,下载下来刻在CD里,开车的时候播放。每次需要下载时就在Google临时搜索“ YOUTUBE MP3",在找到的链接里操作。这些链接大多充满广告,而且经常改变,我都忍下来了,理解他们谋生不易。可是我上次辛苦找到的一个能够让我下载部分音频(比如把前面的21秒广告、后面的1分钟语音切掉)的链接,今天果然失效了,连着翻了1屏幕的google链接都没有能够找到能够用的,我知道,我需要修改方法了。


youtube-dl 是一个很成熟的下载youtube的开源软件,命令行操作,你可以下载源代码编译,也可以在它页面上找到WINDOWS版本的链接;如果你用MacBook,可以执行


brew install youtube-dl
或者
sudo port install youtube-dl
安装。
安装后,如果要下载整个视频:
youtube-dl https://www.youtube.com/watch?v=lWwmYn0nXLE
视频就被存在本地一个 MP4 文档里了。
如果只要音乐(音频),指定用MP3格式:
youtube-dl -x --audio-format mp3   https://www.youtube.com/watch?v=lWwmYn0nXLE
这个音频里,我只要1分5秒之后,到5分15秒,共4分钟10秒的音频:
youtube-dl -x --audio-format mp3 --postprocessor-args "-ss 00:1:05 -t 00:04:10"   https://www.youtube.com/watch?v=lWwmYn0nXLE


Saturday, April 10

陋室铭

周末早上起来,自己坐在客厅里,忽然想起了刘禹锡的这首《陋室铭》: 


山不在高,有仙則名。水不在深,有龍則靈。斯是陋室,惟吾德馨。

苔痕上階綠,草色入簾青。談笑有鴻儒,往來無白丁。

可以調素琴,閱金經。無絲竹之亂耳,無案牘之勞形。

南陽諸葛廬,西蜀子雲亭。

孔子云:「何陋之有?」


这么多年没有想起过它,现在一想起来,也许这短短81字,一直在牵引着我,在潜意识里提醒自己应该过着什么样的生活:物质追求放在其次,与“有趣的灵魂”结识、交友,摆脱“案牍之劳形”。


最后一句话“孔子云:「何陋之有?」” 以前没有注意到,现在一查,在《论语。子罕》里有这句:


子欲居九夷。或曰:「陋,如之何!」子曰:「君子居之,何陋之有?」



孔子真是坦率:有我在的地方,怎么会陋呢?我到了哪里,光明就到了哪里。










Wednesday, April 7

Say no to SB-82:

 California is proposing SB-82, to make some crimes that would be felony in the current law, into misdemeanor. The summary text of the bill is:

This bill would define the crime of petty theft in the first degree as taking the property from the person of another or from a commercial establishment by means of force or fear without the use of a deadly weapon or great bodily injury.


Previously (currently), if somebody use force or fear to "take" money from others, that is robbery. He doesn't have to use gun or sharp knife, he can just say "I am making an offer you can't refuse", or put one hand in his pocket, pretending that is a gun.  In the proposed new law, this is no longer a robbery, it is a "petty theft" now!

Only if the person is using gun or sharp knife (It's hard to say whether a metal baseball bat is "deadly weapon" or not), or the target is dead or bleeding (great bodily injury), then this becomes a robbery, a felony that has longer jail time and criminal record.


I object to this change. Whenever the person is using force or fear to attack others, take away the valuables, that is no longer a theft. The force or fear brings nightmare to the innocent receiver, creates insecurity to the community, it definitely should be a felony.

Wednesday, March 17

Herd immunity 打疫苗,保护自己,保护你所爱的人

 大多数人听到“群体免疫”,是一年前英国一位大官说的。


其实“群体免疫”(herd immunity)是传染病防治里的一个标准概念,大概在70年代成型。比如天花、麻疹等,虽然疫苗是现成的,但是总有人因各种原因不能接种疫苗,比如对疫苗所用的试剂过敏,或者有某疾病,若接种疫苗就引起冲突,或者刚出生半年的婴儿,或者老人,或者有人引用宗教原因拒绝接种(这其实也很能理解,中国人在一百年前还因为剪辫子而哭天抢地呢)。那么怎样保护这些人,确保这些传染病不会死灰复燃呢?简单:把这些人周围的人都打上疫苗。当外人带来病菌时,有很大机会不会传染到这些敏感人员上;退一万步说,即使传染到一两个,因为周围很多已接种的人士,这病菌也没有太多机会继续传染下去,形成传染链。这就是“群体免疫”的概念:并不需要“全体免疫”,只要有足够多的人免疫,就可以避免大规模传染,保护敏感人群。


英国那位大官提到的“群体免疫”,为什么被人诟病?那时候疫苗还没有出现,产生抗体的唯一方式就是被感染,而那时候感染者的死亡率居高不下(现在有比较完善的处理规程,医疗资源也充足,死亡率下降了很多),“感染后熬过去获得免疫能力,达到群体免疫”的做法,简直就是玩俄罗斯轮盘(不是扔骰子的那种,是拿着左轮枪对着脑袋扣扳机的那种),死不死看天时。


现在已经有了疫苗,COVID-19的群体免疫可以正式提上日程了。


要百分之多少的人有了抗体,才能达到群体免疫的效果呢?这是根据“这个疾病的传染性有多强”来决定,有一个公式。有人说一本书里有一个公式,销量就下降50%,所以我就不把公式摆出来了,总之传染性越强的疾病,需要的百分率越高,比如对麻疹,这个数字是95%。COVID-19的传染性现在还在研究过程中,而且不断变化,没有准数,所以业界对这个群体免疫指数也有不同的计算结果。按我的估计,应该要在90%左右。但是有人很温和,说70%或者80%也可以。


对于95%保护力的Pfizer疫苗来说,如果有73%的人打疫苗,能够达到70%的群体保护力;需要94.7%的人都打上疫苗,才能达到90%的群体保护力;


如果疫苗保护力更低的,所需要的疫苗接种数就更高了。


现在还没有16岁以下孩童的疫苗(12岁到16岁的正在试验中,0.5岁到12岁的正在研究中),所以为了保护这群人,我们成年人应该100%都打上疫苗才好。



Sunday, March 7

美国的三种新冠疫苗: Moderna, BioNTech (由Pfizer分销),Johnson & Johnson 的区别,现在我们所知道的

 美国现在有三种新冠疫苗: Moderna, BioNTech (由Pfizer分销),Johnson & Johnson 

20210413更新:今天CDC,FDA暂停了 强生J&J 疫苗的使用。


1,Moderna和Pfizer都是同一技术,数字也差不多;有一个要更低温保存,但是在效果上没有什么区别;


2,J&J的数字差一些,是说在三期试验里,接种疫苗后,依然被感染出症状的比例比其它两个多一些;具体地说,J&J是66%的保护力, Moderna是94%,Pfizer是95%

同样的环境里,比如有1%的不打疫苗的人得病的话,只有0.34%的已打J&J疫苗的人会得病,只有0.06%的已打Moderna疫苗的人会得病。 所说的”得病"是感染后有感冒的症状。


3,三种疫苗的三期试验期间,接受疫苗的都没有重症住进医院,没有死亡的;

比如0.1%的不打疫苗的人得重症需要住进医院治疗, 0.01%的人病死;在打各种疫苗的人中,这两个数字都是0.

但是,对照组(不打疫苗的)需要进医院、病死的,数字只有几百、几十。这个数字有点小。虽然打疫苗的组是零,还不能够从统计意义上说“100%保证不得重病、不死亡”,虽然有一些媒体用了这些说法。


4, J&J的三期测试是在近期在南非完成的,所以他的66%的数据是对现在的南非变异的抵抗力;而其它两个是在三个月前在美国、欧洲完成的,那时还没有很多的变异病毒; 也许(仅仅是也许)Moderna/Pfizer现在在南非做三期,也许也是J&J现在的水平。


5,过三个月、过半年后来到我们身边的是什么病毒变异品种,谁也不好说。


6, J&J的疫苗只有一针。其它两个要打两针。


本质上,还是说,三个疫苗都很有好处;看起来前两个的数字好一些,但是没得挑的时候,J&J也不是坏事。



为了讨论的完整性, 我再补充“感染”的事情:


这些疫苗的研究,都不考虑“感染后成为无症状者”的情况。 我们已经知道,有些人在感染后成为不表现任何症状,也可以传染给别人。可是这些疫苗的研究不管这种情况,他们只管“感染后出现症状”。 所以我们并不知道严格意义上“疫苗能够防止感染”的数字。这三个疫苗以及国产的疫苗都是如此。


所以,即使打了疫苗之后,你还是有一定可能会感染并有症状(比如上面所说的0.34%),有更高的可能会感染,无症状,但是会传染给身边的人。所以还是要继续带口罩,保持社交距离,既降低被感染的可能,也降低“已感染,传染给旁人”的可能。


Thursday, January 21

学西班牙语之二

 上次我说过已经学习西班牙语很长时间了,8个月了。


这天全家到一个公园,走着走着看见一个牌子,大意是说这里有什么野生生物:





英-西对照的。不是上面这个牌子,这个牌子是我在公园出口时再照的,所以内容不完全一致。

我正在学西班牙语,很高兴终于有了用武之地,兴奋地抑扬顿挫地把第一句整句读下来:

"Serpiente y pájaros, hay un servicio gratuito que traduce instantáneamente palabras, frases y páginas web entre aquí"
(并非原句)



读完最后一个词,吐了一口气,说:

aqui, 表示“这里”。终于见到一个认识的词了。