The Market Ticker
Commentary on The Capital Markets- Category [Technology]
2017-07-16 07:00 by Karl Denninger
in Technology , 188 references
[Comments enabled]  

What the hell is this garbage?

Lawmakers in almost two dozen state capitols are considering ways to bolster consumer privacy protections rolled back with Trump’s signature in April. The proposals being debated from New York to California would limit how AT&T Inc., Verizon Communications Inc. and Comcast Corp. use subscribers’ data.

Ok, as far as it goes.

Now why doesn't it apply to companies like Facebook considering they are based in California?

See how simple that was?

As I've pointed out the real problem is out-of-scope data use.  Nobody expects their ISP to track their web surfing and sell it to health insurance companies.  But they might do that.

Ditto on your Facebook views.

Nobody gets all cranked off about advertisers using your preferences to bring you "better ads."

The problem is that "better ads" doesn't mean discriminating for (or against) you in buying health insurance, or rating you when you buy a homeowner's or auto policy, or for that matter screwing you on price based on the fact that you just drove past a WalMart and thus won't duck in and buy whatever it is there instead!

That is where the problem lies.

It's not using collected data for its intended purpose and on the terms you were given and with the choice to not participate.

It's using it for other reasons, including building a detailed dossier on who you are, where you go to church, what your job and income look like, who your friends are, whether you spend an hour a day in a bar and more.  It's the lie that the data collection is not tied to you personally and on an identifiable basis when it very clearly is.  It's the outrageous second-by-second record-keeping that both Android and IOS do with "location" and the sale of that data to anyone who shows up with a wad of money, along with the same collection of said data by mobile phone companies over which you have no control.  In short it's the inability to say no by inherently tying that collection and out-of-scope use to things that have become essential for modern life, such as (for example) Internet access when you have a kid in the house and part of their homework requires access to the Internet, inherent storage and sale of data by cellular and cable providers and more.

Do not be deceived -- these so-called "state actions" are both incomplete and discriminatory.  Proof of this is that California, which is one of the states involved, is not targeting Zucker****er for the very same level of enforcement.

View this entry with comments (opens new window)

2017-07-13 10:04 by Karl Denninger
in Technology , 854 references
[Comments enabled]  

The last couple of days have been so-called days of action on so-called "Net neutrality" and now a veritable trove of large "consumer" corporations have joined the fray -- Amazon, Facebook and (of course) Netflix among them.

It's time to cut the crap on all of this -- every one of these firms simply wants to shove their costs down your throat, whether you use their services or not.

That's what this is really about, you see.

It's obvious with Netflix, of course, but less-so with the others.  Facebook, for example, has to deliver advertising -- including high-bandwidth video advertising -- to make money.  To do that someone has to pay for the transport of the data from their servers to your computer or phone.

Who pays?

They think it ought to be you.

That's ugly enough but it gets uglier -- you see, all these firms have to have transport to service their applications (e.g. movie viewing, etc) for anyone who might buy their service.  This means that network providers must build out capacity to serve that.  Who gets that bill?

Again, they want the answer to be you, whether you use their service or not!

It should be you who gets the bill if you use the service.  But what if you don't?  What if you have no interest in Netflix?  What if you have no interest in Facebook's ads?  What if you don't want to use Amazon's movie service, or streaming music?  Why should those firms be able to shove off their infrastructure build and operating costs on you if you don't use the service?

Let's take a "closer to you" example.  You are a homeowner.  You have no interest in Netflix but you do have an interest in Internet service.  Your daughter, on the other hand, who lives with you, does like Netflix.  Let us assume for a moment that you're independent entities living in the same house, sharing household expenses, but she's an adult and paying her own way.  Who gets the bill for her Netflix addiction?

You do under a net neutrality paradigm because your "shared" internet connection must be faster and lower-latency to serve her even though she is the only one who requires that.

What if there was no Net Neutrality?

Then your ISP (cable company, probably) would tell Netflix that they must locate a server at each of their head ends and feed it with their own circuits or they'll be charged back the cost of the infrastructure build to serve them.

What happens then?  Netflix's prices go up but your cable internet bill goes down.

The cost gets shifted to the actual user and the forced, literally at gunpoint by power of law, extraction of those costs from people who have no interest in the services in question ends.

Folks, I'm a former Internet ISP CEO; I ran MCSNet in Chicago at the "dawn" of the consumer Internet age.  I have no dog in this hunt other than an interest in only paying for things I want to use.  Being forced to pay some percentage of my monthly cable Internet bill (or for that matter my monthly cellphone bill) to build infrastructure to support a company's service that I find worthless (Netflix) is an outrage.  If the market was left alone this would not happen because in a competitive market there would be choices -- and those who did try to cross-subsidize in this manner would fail.

As soon as you make it a matter of law then choice vanishes and so do those market forces.  My Internet bill is materially higher than it should be, and my daughter, who likes Netflix, is paying less than she should be -- she is able to effectively shift her costs to me.

There is another problem, and it's equally-serious: What is the valuation of Netflix if the cost is not $8 or $10 a month but $20? How many subs do they lose if only their actual customers pay for their infrastructure buildout instead of every Internet user in America?  I don't know -- but I bet that number is substantial, which means that company and all others lobbying for the same thing are stealing from every single American who has no interest in their service.

Theft is a crime, and these people need to go to prison -- all of them.

View this entry with comments (opens new window)

Yes, all of you.

I wish for an asteroid to impact all your campuses and every last one of your executive's homes.  I will pray for it this evening and every day forward until it happens.

I've pointed out many of the stupid, allegedly "independent" decisions of American tech companies in the past, many of which look intentional.  But the current set of not-funny things I've found of late is so far beyond the pale of reason that it can only be characterized as intentional on a collusive basis.

Let me start with Micro****you Windows.

It includes a VPN client.  There's a problem with it -- it proposes 3DES as the encryption by default for key exchange.  3DES hasn't been secure in a very long time.  What's equally bad is that it also proposes a payload (ESP) encryption that is also not secure. Let me point out that our government uses it for allegedly-secure things, which means this has to be able to be overridden or every single DOD related machine on the so-called "secure" network would be a bad joke.

As it turns out it can be overridden -- here's how.  I've known about this for quite a while but I'm now pissed-off enough to make sure you know about it too.  So if you are actually using Windows VPN client go fix that right damn now.

But, it gets better: If you have Windows Phone (and probably on a tablet too) you can't fix it.  Why not?  Because to actually fix it for VPNs you have to be able to modify the routing, which Windows 10 changed without notice so the default isn't on the secure network.  Windows phone has no way to get into that screen at all -- it doesn't exist.  On Windows 10 it does, if you go into the adapter properties (which is difficult to find, but there.)  So now you know -- Microsoft intentionally crippled VPN support on Windows 10 to make your data insecure on purpose unless you catch and fix it because they changed the defaults in this regard and if you don't catch it much of your data won't route down the VPN at all.

Specifically, you have to go into the Control Panel, click "Network and sharing center", then select change adapter settings (left side.)  You will see your VPN in that list as a "WAN Miniport".  You must right-click that, choose Properties, then the Networking tab, Internet Protocol Version 4 and select advanced once again.  There under IP settings you will find that the "Use default gateway on remote network" box is not checked.  Check that box!

 by tickerguy

Let me make this clear: If you don't catch this yourself all Windows 10 machines have no secure transport actually operating even though they appear to have it working and yes, fixing it is that far hidden down in the options pages.

That path is not available on a Windows Phone.  The good news is that Windows 10 (including Windows phone) will apparently honor some rather baroque proprietary DHCP options (no, not the standard default gateway announcement that all DHCP servers send down!) but the odds of your stock-standard DHCP server that is in basically every VPN gateway ever made having that particular Micro****you option in it is zero.  In other words for the big corporate or government guys they did in fact put a way in there for it to autoconfigure when their "road warriors" connect but for everyone else you're ****ed unless you know about this and manually fix it.  The only good news is that once you fix it the settings will stay fixed -- at least so far they have in my experience (since Win10 first showed up.)

I'm just getting started, however -- Redmond is just the first place I wish for an asteroid to impact.

The second is Google.

Android is deliberately coded so that all hotspot or tethered connections will not route down an active VPN.  In fact if you try it what you'll probably find is that nothing works at all while your VPN is up because the DNS servers are all hosed.  But even if you get around that you'll find it doesn't matter -- the traffic is going down the non-VPN'd link.

There is no way around this without root and no, BlackBerry did not fix it in their phones.  So **** you BlackBerry, you just went on my **** list and you're staying there until you force those **********s at Google to either stop this **** or stop selling allegedly-secure phones entirely.

Why is this important?  We'll get to that in a minute, but understand this -- you can use the StrongSwan app on Android to set up an extremely secure VPN that even the NSA probably cannot break.  However, you can't then tether a device off that phone and have it protected as well because Google decided to route tethered data down the non-VPN interface and you can't change that.  Of course that's not obvious either which means you will probably think you're secure when you're not.

May Google and everyone who works there be hit by an asteroid: In my opinion this is an intentional and malicious decision as it forbids you from protecting tethered devices with a very solid and secure VPN with no known work-around.

Now we get to the cherry on top of the above horse****.  Windows, as noted above, has a built-in VPN client and if you know what you're doing you can make it reasonably secure (it's definitely not "out of the box".)  But the latest outrage, which belongs to Comcast, Cocks, the various mobile carriers and others, is what data network folks are doing inside their networks.

They are dropping fragmented packets.

Let me explain why this matters.  When you have a VPN during the setup process you must exchange certificates if you wish to use said VPN in a secure manner.  Passwords are never sufficiently secure simply because they're tiny and almost-always insufficiently random.  Certificates are very secure if properly generated; they are nearly impossible to break.  The problem is that a certificate will not fit in a single packet with the other data that has to be there to set the connection up.  This means a fragmented UDP packet -- at least a couple of them -- must pass for the connection to come up.

Block fragments and you block secure VPNs - such as IKEv2, unless the client knows to ask for fragmentation on the initial connection.  Oh by the way, IKEv2 is not only secure it is capable of IP hopping and renegotiates keying automatically, which not only makes it even more-secure it means it can be nailed up while you move around where your address may change (e.g. on a phone that is actually moving.)  Once the VPN comes up the protocol can internally handle all of this and there's no problem but during the negotiation it doesn't know what it needs to do because it hasn't set up the connection yet.

Guess who's IKEv2 client can't handle that and doesn't ask?  Windows, again -- and by the way, this very same limitation has been there since Windows 7.  Microscrewyou has not seen fit to update their gateway software since 2009; it is now almost eight years later and IKEv2 fragmentation is still not supported on Windows.  At all.

The effect of this outrage if you have a Windows machine if any ISP or device in the middle between you and your VPN server drops fragments the connection won't come up at all.

On Android I can work around this because the StrongSwan client can have the server's certificate loaded locally and then it can be told to not ask for it, and the client knows how to do fragmentation.  The former requires you to trust that the server's key has not been compromised since it bypasses revocation and signature (by the Certificate Authority) checks but it also avoids the need during setup to send the massive packets and thus the problem doesn't occur.  But see above for why this can't protect your other machines -- Google intentionally prevented you from protecting them behind your active VPN!

Since Windows won't similarly negotiate a connection without getting the machine certificate from the server (it always asks and if it doesn't get it the client throws up; it refuses to look in the local certificate store) this means that any ISP that blocks fragments also blocks all secure connections at the same time from said Windows machines with no work-around.

Congratulations America.  By sitting on your ass and not giving a **** about privacy and data security for two decades, along with allowing Zuckerpig and the rest to data mine you to oblivion the marketers and everyone else in the Internet and device business have gotten together and slowly strangled the ability to actually secure your data.  They are of course doing this so they can sell your data which they collect without your knowledge or consent.

You can bet their communication channels have workarounds for some or all of this.

Yours do not.

Welcome to the Hell that you built with your heads buried in your damn smartphones.

Now let me tell you how you get around this, because I've figured out a way.  It's somewhat of a pain in the ass but it works.

1. On your Android phone download PDANet.  Pay June Networks their one-time license fee.  It's worth the money.  Download their desktop software plug-in for your Windows machine.

2. Get a USB cable for your Android phone.  Set up StrongSwan on said Android phone and get it working to your VPN.  Start said VPN and connect it with a nice, strong and secure link.

3. Use PDANet to tether via USB.

Now your tethering routes down the the VPN you have set up on the phone.  **** you Google, **** you Microsoft, and **** you all the ISPs and others who are dropping fragmented packets.

I win, you lose; the only thing lost by doing this is network browse if you have an internal network of windows machines due to how addressing works in this configuration but you can still mount resources by name -- you just can't register with the WINS server so network browse doesn't operate.

View this entry with comments (opens new window)

2017-07-06 14:54 by Karl Denninger
in Technology , 368 references
[Comments enabled]  

This is an interesting article sent to me by a reader; it's ~6 months old, but there's a hell of a lot of truth in there.

So, at the end if the line, on average, it looks like you are probably getting somewhere about 3¢ worth of actual ads seen by actual people for every dollar you spend on display advertising.

The funny part of this analysis (read the whole thing; it's amusing) is that the overhead is utterly ridiculous.  Sixty percent is "absorbed" before a single pixel reaches a single screen.

You know a so-called "industry" is nothing other than a giant fraud-filled theft ring when that sort of number shows up.  Nobody gets away with absorbing 60% off the top without either using a gun or a scam somewhere -- usually both.

I used to oversee the entire ad budget at MCSNet; one of the pleasures of being a reasonably-small corporation is that the CEO sees basically everything that gets spent and someone has to justify that spend to said CEO before it happens -- without exception.

Further, we basically never dealt with any sort of "agency."  There were a few exceptions, but not many.  I recognized those as pure overhead, of course, as they didn't get me anything for the money spent.  The only argument you could make to me as such an agency was that you'd save one of my people (perhaps me) a great deal of time -- which has value, of course.  Few were able to make that pitch work.

Here's what I found from my years in the Internet business: Radio, carefully targeted, worked and was worth the money spent.  Local shows of any sort were usually worth the money spent (and thus we did a lot of them.)  Virtually nothing else returned enough on a provable basis to be worth the investment notwithstanding the claims of all the people trying to get us to buy ad space in their media.

I suspect when you get down to it essentially all video ads are worth zero on an ROI basis.  They cost too much to produce and run, never returning enough in profit (not sales) to cover their expense.  "Display" ads (e.g. through things like adsense) work in some cases.  Any sort of "aggressive" advertising does not work at all (e.g. pop-unders, pop-ups, etc) and pisses off more customers than it gains by a good margin, so it actually does you harm to use them or be associated with any property on the web that does.

This leaves aside the utterly-insane claims of what counts as a "viewed impression", which I found shocking.  50% of the pixels in view for one second counts as an "impression"?  Since when can you identify a specific product and/or brand in 1 second with half of whatever image obscured, and what would lead anyone to conclude that you should pay for such an "impression"?

You gotta be kidding me.

So why does a company like Facebook, which exists only because it claims such "ads" have value, in fact exist?  Well, to be blunt, there are a lot of suckers in the corporate world.

They "believe" that if their competitors buy an "ad" on a platform like this they have to as well.

For..... what, exactly?

See, my philosophy as a marketer is that if someone else wants to waste millions of dollars on a thing that gets them no sales (and certainly not enough profit to make back the millions of dollars they spend) I should let them do it and tattoo them with my materially lower cost of operation, which means I can beat them on price, the quality of what I sell or the Holy Grail of business: BOTH.

It stuns me that this hasn't sunk into the consciousness of marketing managers at our nation's businesses, both large and small.  Advertising that cannot provably bring in more gross profit than it costs to run with all costs accounted for is idiotic to purchase and further when it comes to being a Board Member or executive buying same violates your fiduciary duty to the firm's shareholders!

It's one thing to experiment with various forms of marketing -- you have to do that.  The world is always changing and so is the media.  What works in one place or on one day may not in a different place or on a different day.  But the numbers put forward in this link are damning, and the overhead alone makes the overall picture essentially impossible to pencil out.


In short these digital media systems appear to exist simply to justify their own existence; the fact that they deliver alleged "advertising" is not the point, it's a side effect that just happens to be necessary to justify being there while grabbing 60 cents of every dollar off the top.

When you boil it all down the entire so-called "internet ad ecosystem" is a scam and thus all the firms that are connected to and dependent on it have an actual intrinsic value of zero.

We'll see how long it takes before all the modern-day Pets.coms have their moment of market recognition.

Good luck Zuckerpig and friends.  You're gonna need it.

View this entry with comments (opens new window)

2017-06-27 13:21 by Karl Denninger
in Technology , 188 references
[Comments enabled]  

We have yet another "ransomware" game going on globally.

Let me point out that this is driven by idiocy in corporate America.

Ransomware attacks only work because the computers in question are not properly backed up, they do not have a decent plan to keep data safe, they are interlinked including the ability for data to be corrupted "on storage" (such as "in the cloud") and the entire bubble economy in tech is based on more, not less, of this.

Run your "backups" to the cloud?  That's nice -- how fast is your connection and their throughput if you have to restore every machine in the office?  Will it take hours, days or weeks?

That assumes it works too.  When was the last time you verified that?

I know the answer for myself: I verified that my backup system worked this week.  How?  I ran a restore to my laptop.  It took 20 minutes from a cold start off a USB key to being back where it was on a "new" disk.  I didn't do this "in extremis", I did it as part of my regular prove-up that the infrastructure I constructed still works.

That's what competent IT departments do.

Further, I have multiple backup versions available, so if I have to go back to an earlier copy due to some sort of infection I can.  I can also go back to just before the bad thing happened, copy off any changes somewhere else, then restore the earlier one if I have reason to suspect there's a latent problem and then layer over that.

On my servers I can literally go back to a snapshot taken a few hours ago, a few days ago, or a few months ago at any time within seconds.  A full restore of those systems takes quite a bit longer just due to the size of the data store involved but provided the hardware is ok I can revert on a snapshot basis in seconds, making a corrupt file or even entire corrupt filesystem a minor, no-big-deal annoyance.

If you have me install infrastructure in your office I can put that same capability on your network.  Now a "ransomware" attack means nearly nothing other than a (moderately severe) annoyance since once we determine in which hour and which day it hit I can simply revert the snapshot to the one prior to that time and your files are all back to where they were before they got encrypted.  Then we restore the system in question from load media and you're back in business inside of 20 minutes.  Yes, the file you were editing at that moment in time is destroyed, but everything else is fine. We then talk about the recommendation to ****can the idiot who was downloading porno or whatever on his work computer and got infected by doing so, and yes, I can usually figure out who it was.

If your enterprise cannot do this then your IT people have traded off your corporate data security for some ****headed "buzzword" like "cloud."

For this they should be stuffed in the career wood chipper -- feet first -- and if your firm is publicly traded it should be a zero as should those public companies that have advanced and promoted such stupidity.

How many times does this have to happen before the stupid stops?

Apparently the answer is "at least once more."

View this entry with comments (opens new window)

Main Navigation
MUST-READ Selection:
A One-Sentence Bill To Force The Health-Care Issue

Full-Text Search & Archives
Archive Access

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.