期權基本策略(一)

期權策略千變萬化，在不同市況可採用不同的策略以獲利。
本篇將由淺入深先介紹只使用一隻期權的基本策略，以後將陸續介紹使用不同期權組合、更複雜的策略。

看漲行情的基本策略

假如看好一隻股票，認為它的股價會向上的話，我們可以探取以下幾個不同的行動：購入股票、認沽短倉(Short Put)、及認購長倉(Long Call)。它們各有不同的成本、潛在回報及風險，各適合在不同的情況及不同性格的投資者使用。

購入股票

購入股票是最基本的策略，亦是很多人唯一會使用的策略。

成本：

相對購入期權，購入股票的成本較高，購入者需付出股價的全部以擁有股票。

潛在回報：

理論上股票最潛在回報是無限的，股價每升一元，投資者便多一元回報。

風險：

最大損失是全部股價，但股價幾乎不可能跌至零。

認沽短倉(Short Put)

售出賣股票的權利，以賺取期權金。
Short Put又可再細分為Cash-Secured Put和Naked Put。Cash-Secured Put的意思是建立短倉時，同時準備足夠的金額，以在期權被行使時購入股票；Naked Put則相反，不會為購入股票作準備，期望期權不會被執行。Naked Put風險很高，一旦被執行，可能要付出高昂利息以獲得緊急現金。本篇提及的Short Put將集中討論Cash-Secured Put。

成本：
建立短倉需付出保險金，視乎到期日及行使價，一般是合約價值的數個百份點至數十個百份點不等。Cash-Secured Put除了保證金外，還額外備用購入股票的金額，其成本與股票相同。
潛在回報：

Short Put的回報是有限的，最大回報是全部期權金。Cash-Secured Put另加上備用金額賺取的無風險利潤。
風險：
當股價跌至低於行使價，期權便可能被行使。投資者須以高於市價購入相關股票，投資者必須準備足夠金錢以購入股票。
期權金收入可彌補部份股價下跌帶來的損失，當股價下跌的損失超過期權金的收入時，便開始產生淨損失，股價每下跌一元，投資者便會損失一元。
股價跌至零時，短倉的損失會達至最大。

認購長倉(Long Call)

買進購買股票的權利，以賺取股價升幅。
Long Call有兩種平倉策略－賣出期權或行使。若投資者期望賣出期權，賣出的時間會影響回報，越遲賣出，剩餘時間值越低。本篇中的Long Call將集中討論前者。

成本：

建立長倉的成本是付出的期權金。

潛在回報：

Long Call的潛在回報是無限的，相關股票的股價每上升一元，Long Call的內涵值便多一元。

風險：

最大損失是全部期權金。如期權到期日股票價格不高於行使價，期權便失去全部價值。

不同市況下的表現

不同市況下，不同策略會有不同表現。本節會以例子比較不同策略下的盈虧，以下會以兩種不同方式比較：

1. 絕對值，以相同數量的股票/期權比較獲得的回報。
2. 百份比，以投入的金額與獲得的回報之比率進行比較。

我們會比較三種不同策略：

1. 購入股價
2. Short Put 輕微價外期權，並持有至到期
3. Long Call 輕微價外期權，並待價而沽

股價大漲

這裡大漲的定義是股價上升幅度遠勝初始的期權金。
以絕對值計，以上三種策略回報最少是Short Put。由於Short Call的全部回報來自期權金，股價的上升並不會令Short Put的回報增加。Long Call的回報取決期權行使價及平倉時的剩餘時間值，期權購入時是輕微價外，股價大漲後變為價內，其內涵值的上升會很接近股價上升；至於其剩餘時間值則會隨時間流逝而減少，但會隨波幅上升而增加，因此，Long Put的絕對回報有可能高於或低於股票。

以百份比計，回報最高的是Long Call，由於其成本遠低於股票，最低回報則只比股票略低。Short Put則相反，成本與股票相同，但回報卻遠遜，因此其回報最低。

股價小漲

這裡小漲的定義為股價上升與期權金相若。

以絕對值計，Long Call的回報視乎剩餘時間值及內涵值的變化，有機會高於或低於股票回報。Short Put的期權金回報與股票相若，但備用金額能產生額外無風險利潤，其回報略高於股票。

以百份比計，由於Long Call的成本遠低於股票及Short Put，其回報最高。Short Put的回報則略高於股票。

股價橫行

股票價格並不會永遠如我們預測的走勢相同，雖然本篇的主題是看漲策略，但股價可能出現不如預期的情況，例如橫行，或下跌，我們要把這些情況都考慮。
股價橫行時，唯一能獲利的是Short Put，只要股價不低於行使價，股價升跌並不影響回報。
購入股票，則不賺不賠。
唯一會出現虧損的是Long Call，由於股價橫行，期權內涵值不會上升；股價橫行亦會導致波幅下降，直接令時間值隨時間流逝。

股價小跌

這裡小跌的定義為股價下跌與期權金相若。

無論以絕對值還是百份比計，Short Put的損失都是最少，期權金的收入可補償部份甚至全部股價下跌帶來的損失。

以絕對值計，Long Call少於股票，股價小跌不會導致Long Call在到期日前損失全部價值，相反，股票則損失卻跟期權金相若。

以百份比計，由於股票的成本遠高於Long Call，其損失百份比要低於Long Call。

股價大跌

這裡大跌的定義為股價下跌遠大於期權金。

以絕對值計，損失最少的是Long Call，由於Long Call的最多損失不會超過全部期權金，其損失遠低於股票。其次是Short Put，期權金的收入彌補了一部份的損失，因此其損低亦少於股票。

以百份比計，損失最多的卻是Long Call，股價大跌將導致Long Call損失大部份價值，股票卻只損失部份價值。Short Put的損失最少，由於成本與股票相同，損失卻少於股票。

總結

投資者可根據不同的市況及風險，選擇不同的投資工具。假如投資者打算選擇期權，他們還要決定期權的行使價與到期日。下篇將簡單介紹行使價及到期日的一些考慮。

Reference:

http://www.optionseducation.org/strategies_advanced_concepts/strategies.html
https://www.hkex.com.hk/eng/sorc/options/stock_options_search.aspx

Vim as a IDE

I have been using vim as my main editor and development tool for more than ten years.  I love its lightweight and speed. I especially love its idea of editing with having your hands leaving the keyboard. It greatly improves my efficiency.
I used to use a bare vim without any plugins. Since I have a few development environments, I do not like to install a lot of dependencies before I can start editing freely. However, bare vim does lack some advantages provided by modern IDE, I took a weekend to investigate some.
Recently I mainly do development in python environment, thus my research foci on python.

.vimrc settings

The settings in .vimrc is very important to make a comfortable development environment.

The following settings does the following tweaks to the development vim environments:

1. Turn on syntax highlight
2. Expand tabs to spaces
3. Show line number on each line
4. Enable auto indentation
5. Set the colouring to be friendly to a dark background
6. Highlight the search keywords

syntax on

set expandtab

set shiftwidth=4

set softtabstop=4

set tabstop=4

set number

set cindent 

set autoindent

set bg=dark

set hls 

The plugin for plugins - Vundle

Before installing plugins, a tool for managing the plugins will make the job much more easier.

Virtually all blogs or tutorials would recommend either Vundle or Pathogen.

Both plugins can help you organize the vim plugins in a centralized way. But Vundle does it in a more elegant way.

To install Vundle, we simply clone the git repository to the vim plugin directory, by:

git clone https://github.com/gmarik/Vundle.vim.git ~/.vim/bundle/Vundle.vim

After that, add the following lines to the top of the .vimrc file.

set nocompatible              " be iMproved, required
filetype off                  " required

" set the runtime path to include Vundle and initialize
set rtp+=~/.vim/bundle/Vundle.vim
call vundle#begin()
" alternatively, pass a path where Vundle should install plugins
"call vundle#begin('~/some/path/here')

" let Vundle manage Vundle, required
Plugin 'gmarik/Vundle.vim'

" All of your Plugins must be added before the following line
call vundle#end()            " required
filetype plugin indent on    " required

Then Vundle will manage other plugins, including installation and update. To install a plugin, we just add a line under "Plugin 'gmarik/Vundle.vim'", and run ":PluginInstall" in vim.

This command support different formats of git repositories, including github, other git hosts and local git repositories, etc. You may check the Vundle github page for more details.

Python-mode

Python-mode is a plugin that adds a lot of IDE-like features to vim.

To install python-mode, we simply add this line to .vimrc:

Bundle 'klen/python-mode' 

And then type :BundleInstall in vim to let vundle install it.
After installation, you may need to change some settings to make it most useful for yourself. Type :h pymode in vim to get the full documentation.
If you have no idea what to change, you may check some references such as this.

Some of the most useful features include code checking, autofix PEP8 errors and go to definition, etc.

One thing I cannot make it working is the autocompletion. The shortcut for autocomplete is Ctrl-Space. However, in Mac, it will bring Spotlight instead. I have searched for a while but seems no one else is having this problem.

NERDTree

NERDTree is a filesystem explorer that let people look for and open files.
To install Nerd, add this to .vimrc:

Bundle 'scrooloose/nerdtree'

And More

After trying for a few plugins, I think they do help to increase productivity. They are more to try. I will introduce other interesting findings here in the future.

References:

• Pathogen vs Vundle: http://lepture.com/en/2012/vundle-vs-pathogen
• Vim as a Python IDE: http://unlogic.co.uk/2013/02/08/vim-as-a-python-ide/
• Vundle homepage: https://github.com/VundleVim/Vundle.vim
• Pymode homepage: https://github.com/klen/python-mode
• Some more useful vim plugins: http://vimawesome.com/?q=tag:python

期權定價

期權的定價分為兩部份：內涵值及時間值。

內涵值

期權的內涵值是指執行期權時產生的價值，等於期權的執行價與相關資產現價之差。只有實值期權擁有內涵值，平值和虛值期權都不具備內涵值。

時間值

期權的時間值是指除內涵值以外的價值。

時間值不只受時間影響，會影響它的因素包括：

1. 剩餘時間
   剩餘時間越少，期權價值越低
2. 利率
   利率會影響資金成本，從而影響期權價格
   與買入股票相比，買入認購期權可延遲至期權到期日才付出買入股票的金額，該筆款項可獲得無風險利率。因此，利率上升會導至認購期權價格上升，反之亦然。
   與賣出股票相比，買入認沽期權延遲至期權到期日才獲得賣出股票的金額，該筆款項可獲得的無風險利率減少。因此，利率上升會導至認沽期權價格下降，反之亦然。
3. 相闗資產波幅
   波幅的提高，會令期權的賣方風險增加，導致期權價格上升。
4. 相闗資產分紅率
   分紅只有資產的持有者可以享有，買入認購期權並不會獲得相關資產。因此，若相關資產在認購期權到期日分紅，分紅上升會導致認購期權價格下降，反之亦然。
   買入認沽期權可延遲賣出相關資產的時間，若相關資產在到期日前分紅，分紅上升會導致期權價上升，反之亦然。

理論價格與市場價格

以上影響期權價格的因素之中，只有波幅在計算價格時是未知的。期權的確實波幅，只有在到期日才能計算。計算波幅時，己知的只有過去的歷史波幅，未來波幅只能根據各項資料作出預測，以得出一個理論價格。

理論價格與市場價格可能不同，由於所有因素之中唯一的未知值是波幅，假設計算無誤，價格的差異反映雙方預測的波幅不同。從市場價格得出的波幅稱為引伸波幅。

Reference

港交所期貨及期權價格：https://www.hkex.com.hk/chi/ddp/ddp_index_c.asp

港交所期權/權證計算機：https://www.hkex.com.hk/chi/sorc/tools/calculator_stock_option_c.aspx

證券衍生工具初探

本篇將簡單介紹三種證券衍生工具：股票期權、認股證(窩輪)及牛熊證。

股票期權 (Stock Options)

簡單地說，股票期權是一個在指定期限內買(認購期權、Call)或賣(認沽期權、Short)股票的權利，就像為股票價格買保險。

認購期權(Call)

認購期權是買入股票的權利。

舉例說，如我以5元買了一隻與ABC股票掛勾、下月到期、行使價100元的認購期權，我便有權在到期前以100元的價格向賣家買入ABC股票。假如在到期日ABC股票升至超過105元，我便獲利；反之，若當日股價低於100元，與其行使認購期權購入股票，倒不如直接在市場上購入股票，認購期權不會被行使，並在到期日變成廢紙。

認購期權的操作包括買入認購期權(Long Call)及賣出認購期權(Short Call)。

與買入同樣數量的股票相比，Long Call由於要付出期權金，其盈利永遠比購入股票少；可是，股票最大虧損是全部股票價值，期權的最大虧損則不會超過全部期權金。

認沽期權(Short)

認沽期權是賣出股票的權利。

與例說，如我以5元買入一隻與ABC股票掛勾、下月到期、行使價100元的認沽期權，我便有權在到期前以100元的價各向賣家賣出ABC股票。假如在到期日ABC股票跌至低於100元，我便可在市場以低價購入股票，並以100元賣出獲利；反之，若當日股價高於100元，與其行使認沽期權以賣出股票，例不如直接在市場上賣出股票，認沽期權不會被行使，並在到期日變成廢紙。

認股證

認股證(Warrant)又稱窩輪，是跟期權非常相似的概念。認股證跟期權有以下幾個不同：

1. 期權投資者可作購入(Long)及賣出(Short)的操作，但認股證則只可做Long。
2. 行使股票期權時，會涉及現貨(股票)交收；但認股證則只會現金交收。
3. 港股期權由港交所發行，選擇較少，只有部份指數及指數成份股可選；認股證由金融機構發行，選擇較多，流通量亦較大。
4. 買賣期權需以特定的期權戶交進行，認股證則可像一般股票般在普通證券戶口交易。

牛熊證

牛熊證是跟認股證相似的衍生工具，跟認股證有以下幾個不同：

1. 牛熊證設有回收機制，當掛勾資產的價格觸及回收價，牛熊證便會被強制回收。根據不同的牛熊證種類，被回收的牛熊證可能會一文不值或有部份剩餘價值。
2. 引伸波幅影響認股證價格，但對牛熊證價格影響輕微。
3. 牛熊證時間值較認股證低。
4. 牛熊證選擇較認股證少。

總結

本篇介紹了三隻衍生工具的基本概念，之後會介紹期權的定價及策略。

Reference:

股票期權 https://www.hkex.com.hk/chi/prod/drprod/so/Stk_Opt_c.htm
期權認股認分別 http://orientaldaily.on.cc/cnt/finance/20110926/00269_007.html

認股證牛熊證分別 https://warrants-hk.credit-suisse.com/cbbc_tutorial_8r_c.html

Study on SSH tunneling

What is SSH?

Secure shell, better known as ssh, is a very popular protocols that enables users to remote control a machine through a shell securely. 

Besides a shell, ssh also supports other functions such as secure file transfer and tunneling. Today I studied and experimented the reverse ssh tunnel feature.

What is SSH tunneling?

Tunneling means transferring data of one protocol over another protocol.

In the case of SSH tunneling, ssh can transfer data of other protocols from a local port to a remote port (forward tunnel) or from a remote port to a local port (reverse tunnel). These two tunnels can be useful in different scenarios.

Forward tunnel

Forward tunnel is to map a local port to a remote port. 

For example, there is a ssh client, called C and a ssh server, called S, which are located in different networks. S has a service that listens to port 12345, but the firewall of the network only allow incoming SSH traffic. To access the service, C can setup a ssh tunnel to S, which map an arbitrary local port, say 54321, to the remote 12345 port. After the tunnel has been set up, C can access the service by connecting to port 54321 of localhost instead. The traffic will then be tunneled to port 12345 or S.

Reverse tunnel

Vice versa, reverse tunnel is to map a remote port to a local port. 

For example, now we want to access C through remote desktop (RDP), however, C is located in a NAT'ed network. Suppose port forwarding in the network gateway is not possible since it is not under C's control. It can be fulfilled by reverse tunnel. C can setup a ssh tunnel to S, which maps an arbitrary remote port, say 11111, to the local RDP port. Then, S can access C by RPD through the tunnel.

How to set up a SSH tunnel?

SSH tunnels by command line OpenSSH client and PuTTY will be described here.
[Warning: There are security risks in SSH tunnel, especially reverse tunnel. Try only if you know what you are doing.]

Forward tunnel

OpenSSH

The OpenSSH option -L can be used to setup a forward tunnel

-L [bind_address:]port:host:hostport

Using the previous example, to map local port 54321 to remote port 12345, we use the following command:

ssh -L 54321:localhost:12345 hostname_of_S

PuTTY

In connection->ssh->tunnels, enter the following:

And then click "Add" and "Apply".

Reverse tunnel

OpenSSH

Use the option 

-R [bind_address:]port:host:hostport

To map the remote port 11111 to local port 3389, we use the following command:

ssh -R 11111:localhost:3389 ip_of_S

PuTTY

Enter the following in PuTTY:

Example: Access the inaccessible network

[Warning: Again, mind the security risks. Try only if you know what you are doing.]

Here I list an example that utilize both forward and reverse tunnels to access a computer in an inaccessible network.

Suppose there are two networks, network A and network B, both networks do not allow incoming traffic. If a computer in network A wants to remote desktop another computer in network B, it can be done by tunneling through an accessible SSH server.

1. First, the computer in network B needs to setup a reverse tunnel to the SSH server, mapping an arbitrary remote port, say 6789, to the local RDP port, i.e. 3389.
2. Now, we want to access the reverse tunnel from network A. However, by default the reverse tunnel is accessible by SSH server only -- the mapped port only receives traffic from localhost. One way to access the reverse tunnel remotely is to set up a forward tunnel to it. We can setup a tunnel from a computer in network A to the SSH server, mapping local 6789 port to the remote 6789 port.
3. Lastly, the computer in network A can be initiate a RPD connection to localhost:6789. It will be forwarded to port 6789 of the SSH server by the forward tunnel, which will in turn be forwarded to port 3389 of the computer in network B by the reverse tunnel.

Security Risks of SSH tunnel

From the example, we can see that covert channels can be created very easily in a company, by using SSH.  

Due to the flexibility and security of SSH, the risks of SSH tunnels are very difficult to mitigate. In order to mitigate the risks, the administrators need to:

1. Forbid the use of any SSH tunnels unless approved.
2. Forbid any unnecessary use of SSH client.
3. Disable unnecessary SSH servers.
4. Disable SSH port forwarding if not needed.

However, these measures are very difficult to execute.

Since all network traffic of SSH is encrypted, it is very difficult, if not impossible, to monitor the activities in a SSH session. The administrators do not know what is being transferred out, don't know what is being transferred in, don't know whether there is a forward tunnel or reverse tunnel. Nothing.

Not only is SSH difficult to monitor, it is also difficult to block.
To block covert channels from incoming SSH connections, administrators need to carefully configure sshd.

PortFoward should be disabled, if it is not necessary, to prevent any unexpected inbound forward tunnels. Administrators should also be aware of the possibility of a user running his own version of sshd so that he can has his desired configuration.

On the other hand, outgoing SSH traffic is very difficult to control. Since sshd can be run in any port, port blocking does not work unless very restricted outgoing rules are set (e.g. only allow outgoing traffic to a specific address or even block all outgoing ports). Otherwise, a user can just setup a SSH server running on any open port. It is very difficult for the administrators to identify and block the tunnels.

References:

http://en.wikipedia.org/wiki/Secure_Shell
http://en.wikipedia.org/wiki/Tunneling_protocol
http://unix.stackexchange.com/questions/88274/i-need-to-rdp-to-a-server-through-a-reverse-tunnel
http://www.sans.edu/research/security-laboratory/article/top-firewall-leaks
http://www.informit.com/articles/article.aspx?p=602977

道德經第二十二章及九陽真經隨想

道德經第二十二章：

曲則全，枉則直，窪則盈，敝則新，少則得，多則惑。

是以聖人抱一爲天下式。

不自見故明，不自是故彰，不自伐故有功，不自矜故長。

夫唯不爭，故天下莫能與之爭。

古之所謂「曲則全」者，豈虛言哉！誠全而歸之。

道德經其中一個難讀之處，在於一個概念會分散在多個不相連的章節同提及；但同一章又會有多於一個看似不相關的概念。

「不爭」是一個被多次反覆提及的概念，「夫唯不爭，故天下莫能與之爭」這句令我咀嚼良久。
現今社會，人人爭名逐利。在紙醉金迷的香港情況更嚴重，從出生開始便不斷地競爭。上學前爭取贏在起跑線；上學後爭取學得比人多、學得比人深，補習班、興趣班不斷；再之後爭公開試，爭好工作，爭賺更多錢。
人人都想得到更多，忽略了「少則得，多則惑」的道理。要有空間，才可有所得；相反擁有太多則會感到迷惑。
凡事皆爭，不如不爭。如不與人爭，天下人便不能與你爭。那是不是說，凡事皆以消極、放棄的態度去應對？那亦不是，其中第七十三章的段說明了：

天之道，不爭而善勝，不言而善應，不召而自來，繟然而善謀。

要做到不爭而善勝。