In the pristine Ivory Tower, The Maths are perfect, and beautiful. But, when they climb down into the grubby, dirty, real world and get used by actual people, weird things can happen…sometimes, Math breaks. This set of posts explores some of those places; while nominally part of the Cybersecurity Awareness Month series (and, related in many ways) this is a fascinating topic in its own right. Today, singularities and boundary conditions.

In math, a singularity is a place where a mathematical object like a function is not defined or not well behaved, for example a fraction where the denominator is zero. In Ray Kurzweil’s 2005 book *The Singularity Is Near*, the singularity he discusses is the point in time when computers are demonstrably smarter than humans, which he estimates to be 2045 (some believe this singularity actually occurred earlier this year when a computer arguably won the Turing test, under highly favorable rules). I use a more generic definition, which is that a singularity is a place where you find you are in trouble and can’t get out of it by retracing your steps. Works pretty well for math, or science, or even human interaction (think first kid, or war, for example). Singularities occur in the middle of a range where you may not expect them; boundary conditions occur at the edges of the range, like sailing off the edge of the flat earth.

So, do we see singularities and boundary conditions in the real world? Yes, in places large and small. Some people put at least part of the blame for the severity of the Great Recession on blind spots in the mathematical models used by the large banks (see Copula), which treated various risk components in the mortgage markets as independent, when in fact they were linked. The resulting liquidity crisis turned out to be a singularity, and the road back has been long and painful.

Boundary conditions are found in many places, including cybersecurity. The Heartbleed bug, among others, resulted from a missing “bounds check”, leading to an exploitable vulnerability. In the case of a missing bounds check the system doesn’t realize it has reached the end of a data field, and just keeps going, interpreting whatever it finds…perhaps malicious code.

When the nuclear power plant at Three Mile Island experienced a partial nuclear meltdown in 1979, people pointed to inadequate training of the power plant operators. The training simulators at the time had a series of known faults, would set up a training situation for each fault and follow one path or the other depending on operator actions. The boundary conditions were well established, and each scenario could run perhaps 15 minutes at a time before the simulated conditions veered away from reality; you could keep the models running, but they no longer represented anything in the real world. Not included in the known scenarios, the actual accident involved a singularity, a steam bubble forming in the reactor where it wasn’t supposed to be. Once it formed, there was no easy way back.

In each case, the application of math to model or operate in the real world broke. Failure to realize boundary conditions, or the conditions leading to singularities either within or outside the known boundaries, resulted in disaster. So this is one important area…where math breaks.