There are a many of news articles and youtube videos which present HFT as a bad thing.
Since large orders are filled by different markets, anyone who has studied the mechanisms via which these orders are full-filled can theoretically arrive at a strategy that might be profitable.
Overtime, more and more people will learn these things and it will no longer be a profitable strategy to implement - this is sort of like the "January Effect" described in the book named intelligent investor.
I don't understand why HFT has to be blamed for a difference in prices across multiple markets. I read somewhere that REGNMS caused market fragmentation and HFT traders spend time studying the current markets and identify inefficiencies that can be used to make profitable trades.
This Reuters article is like an advertisement for the IEX trading platform. IEX figured out a certain way to beat the other algorithms and they told Reuters about it. Now that everyone knows it, I think, pretty soon other algorithm developers will modify their implementations.
Overall, I think that HFT is basically algorithmic trading, but which needs more investment (for renting/buying server/connectivity) and more time/interest (for studying and understanding the order placement/fulfilment mechanisms involved).
It's not that HFT is to blame for differences between markets, but that differences between markets plus the market structure are to blame for (the socially wasteful bits of) HFT.
When I was in India I got antibiotics OTC a few times for myself after I self diagnosed using the internet. Because my mum went to med-school I was always very aware about the need to complete the course. I am sure that not everybody is as careful:
http://ibnlive.in.com/blogs/shalini/211/65030/anitbiotic-res...
In India there are lots of doctors running small individual practices, due to this for simple diagnosis and prescription they would charge a small fee in cash and be done with it. Infact, I know for a fact that the Ayurvedic doctor near our house used to charge less than the standard Doctor.
When I came to the US, I found things here to be more restrictive - but I guess in the interest of safety we have to accept these restrictions.
This way a vulnerable server's log file shows something like give below(ie. the Time object was actually created from the yaml):
Started POST "/users/sign_in" for 127.0.0.1 at 2013-01-10 00:26:40 -0500
Processing by Devise::SessionsController#create as /
Parameters: {"secret"=>1969-12-31 19:00:00 -0500}
A patched server raises a Hash::DisallowedType (Disallowed type attribute: "yaml") exception.
activesupport-3.2.11/lib/active_support/core_ext/hash/conversions.rb has a -- DISALLOWED_XML_TYPES = %w(symbol yaml) -- which is used by its def typecast_xml_value to raise the exception.
I don't see these lines of code in activesupport-3.0.3/lib/active_support/core_ext/hash/conversions.rb
In my case I could upgrade to 3.2.11.
In your case, I am guessing you added the lines of code that disable xml and yaml parameter parsing to an initializer (or application.rb). This way, activesupport simply wouldn't try to convert the parameter value in question into a ruby object.
Thanks for posting this, you gave me the bits I needed to make a simple test I could use to verify the patch, without needing the metasploit stuff. (on rails 2.3, I don't get the disallowedType error, but I can verify in the logs that the patch works)
I saw the /gigapans/ in the URL and googled for it, thinking it must be a super intelligent panoramic "image sticher"+"image viewer" written in flash - but found this: http://en.wikipedia.org/wiki/Gigapan
My first real programming job involved building web apps using OpenACS - http://openacs.org/. OpenACS was all Tcl executing in AOLServer and used postgres or oracle. It was awesome.
I Learned a lot from "Tcl for Web Nerds" and its companion "SQL for web nerds" (all links listed here: http://openacs.org/doc/ ). Back when I started Tcl, I was more like a emacs-lisp script kiddie. Because Tcl was so easy to learn and because OpenACS was such a great MVC style framework, it didn't take long to master the framework itself and dive into the interesting things that were related more with the architecture of a web-app and not just the syntax of a programming language.
Miguel Sofer had described an algorithm for representing hierarchical data in a RDBMS. What he put forward could be thought of as a different kind of a nested set representation. Whereas the nested-set approach involved keeping track of two numeric values (left & right) for each node in our relational records based tree, Miguel Sofer's algorithm would use the ability to lexically sort a base159 encoded string. This way, tree operations could be implemented via sub-string matching and sorting.
His algorithm was implemented in OpenACS because it allowed an efficient implementation of the OpenACS nodes table. Each URI in OpenACS has a node record associated with it and all these nodes are hierarchical records - http://openacs.org/forums/message-view?message_id=16799
The OpenACS nodes system allows the implementation of a fine grained permissions system which enables a child node to auto-magically inherit the permissions of its parent node - this is, if the child node didn't have any specific permissions set on itself - http://openacs.org/doc/permissions-tediously-explained.html
Some of my best programming stories are from hacking TCL on Aolserver. The ability to make up language constructs was so powerful, and something I haven't seen anywhere else - full disclosure, I haven't used lisp yet, but it looks uglier to me than TCL and a clean programmer can produce very nice looking TCL code.
Among other things I remember adding named parameters to tcl procs in like a few hours - a feature some other languages consider a plus.
From what I understand, Linux runs the rover simulator environment - known as RSVP. It consists of a DSL that is used to direct the rover's operations and a visualization environment. This way the ground crew can first plan and test the activities they want the rover to perform in this simulated environment and then upload the action plan to the rover - so overall Linux plays a pretty important part in the the rover tech stack.
Most probably the initial rovers ran VxWorks RTOS, because back then it was the best choice (even now it isn't a bad choice at all) - complex systems are built incrementally.
Since large orders are filled by different markets, anyone who has studied the mechanisms via which these orders are full-filled can theoretically arrive at a strategy that might be profitable. Overtime, more and more people will learn these things and it will no longer be a profitable strategy to implement - this is sort of like the "January Effect" described in the book named intelligent investor.
I don't understand why HFT has to be blamed for a difference in prices across multiple markets. I read somewhere that REGNMS caused market fragmentation and HFT traders spend time studying the current markets and identify inefficiencies that can be used to make profitable trades.
This Reuters article is like an advertisement for the IEX trading platform. IEX figured out a certain way to beat the other algorithms and they told Reuters about it. Now that everyone knows it, I think, pretty soon other algorithm developers will modify their implementations.
Overall, I think that HFT is basically algorithmic trading, but which needs more investment (for renting/buying server/connectivity) and more time/interest (for studying and understanding the order placement/fulfilment mechanisms involved).