The Market Ticker
Commentary on The Capital Markets
Logging in or registering will improve your experience here
Main Navigation
MUST-READ Selection(s):
There Can Be NO Compromise On Data

Display list of topics

Sarah's Resources You Should See
Sarah's Blog Buy Sarah's Pictures
Full-Text Search & Archives
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-08-14 13:05 by Karl Denninger
in POTD , 71 references


Snakes, I tell you!  There are snakes crawling out of the wall!  AIEEEEEEE!

Yeah, ok chickie, put down the acid..... smiley

Email to put this unique, one-of-a-kind piece of abstract art on your wall!

View this entry with comments (opens new window)

2018-08-14 12:51 by Karl Denninger
in Company Specific , 117 references
[Comments enabled]  

Sleep with dogs, wake up with fleas -- or get sexed.

It used to be that "online dating" (which is really nothing of the sort) had at least some colorable reality attachment.  This was in the days of dozens of actual competing sites and web properties -- Yahoo dating, Match, PlentyOfFish, OkCupid and many more. I have personally used several of them over the last 20 years and prior to about 10 years ago met a few interesting people, and had a couple of good relationships come out of it.

But over the last decade or so IAC/Match has "swallowed" all of them -- including virtually all of the "newer" ones, such as Tinder, which was inextricably tied to Facesucker (you had to have a Facesucker account to register on it.)

Thus, while there are still many "names" in so-called "online dating" there is in fact only one company -- IAC/Match.  Of course that's not apparent when you have dozens of alleged "brands"......

Match was spun off but the fact remains that this is an effective monopoly business with exactly one large firm controlling effectively all of the so-called "online dating" space.

The "space" has become riven through with fraud, scams and schemes, with the most-obvious being the simple: The entire point of these sites is to extract money from you in the form of a subscription, and how that happens doesn't much matter.

Let's face it, "love" (and sex) is one of the big "push-buttons" for virtually everyone.  Tinder was referred to a couple of years ago by some runners I know as Tinder-banging and with good reason.  Meh; if you're into looking for an online meat market for a quickie I suppose it works, but swipe right just isn't my thing.

So it's no surprise that now we hear that the Tinder founders are suing IAC, alleging manipulation and game-playing to basically rob them of the value of their stock options.

Let's be real here -- IAC has seen an explosive increase in its valuation over the last few years as has the spun-off part known as "Match."  Does anyone actually believe the bull**** put forward that one finds "love" via such a mechanism?

Or is it far more-likely that IAC/Match has used the same tools Facesucker does to push your buttons in such a way that you believe if you just spend another $20, $50 or $100 you'll find "love" -- but you never actually do and that's by design and intent, not accident.

Oh, don't get me wrong -- I'm sure there are plenty of exceptions to the rule but let's just apply basic logic -- if you get on one of their sites, find your "true love" and are honest and interested in one person neither of you ever spends another nickel with said firm ever again.  How does such an outcome work out for IAC/Match's stock price?  Not so good, right?

So what do you think the odds are of their "testimonials" being in any way related to reality rather than this firm instead running a basic dopamine extraction racket -- just like Zuck****?

Logic sucks doesn't it -- and while the Tinder executives may well be right as to the merits of their case (we'll see) I find it rather amusing that a service that was founded on the idea of screwing anything that walks irrespective of whether you're truly single or not, turning sex into nothing more than an electronic version of a free *****-house, has now led its founders into...... getting screwed.

View this entry with comments (opens new window)

2018-08-14 11:51 by Karl Denninger
in Editorial , 142 references
[Comments enabled]  

Scratch another state off my maybe I should live there list....

The state judge who on Monday set a $20,000 bail for five defendants arrested at a remote New Mexico compound where authorities say children were being trained to conduct school shootings has a history of issuing low bail to violent offenders.

Judge Sarah Backus, an elected Democrat, ordered the two men and three women wear ankle monitors, have weekly contact with their attorneys and not consume alcohol or own firearms while on bail. She said although she was concerned by “troubling facts,” prosecutors failed to articulate any specific threats to the community.

Oh really?

Teaching kids to shoot up schools as an act of jihad isn't a "specific threat"?

Never mind the rather-clear evidence that one of the defendants kidnapped his son, crossed state lines unlawfully with him and that said kid ultimately died in no small part as a consequence?  Remember that this kid had specific medical needs -- needs which were unmet, and now the kid is missing, although a child's remains were found there (and are presumed to be him -- but this is not yet confirmed.)

This is "no specific threat" to the community either?

Yeah, ok.

It's not against the law to live in an "unconventional" manner.  But it is against the law to kidnap a child, and it is against the law to harbor a fugitive who has done so and fled across state lines.

So tell me once again what justification exists for this ruling and why the people of New Mexico stand for it?

View this entry with comments (opens new window)

I have one here.  Why?  The big one is that it's the only device I've found that has S2 in it right now, so it's a nice "convenient" device for me to screw around with S2 and see if I can get the HomeDaemon code to talk to it in that mode.

But then it also looks interesting because it's a retrofit lock set for a deadbolt, only replacing the inside part (the knob.)  The rest of the lock remains intact, which, if you have fancy-dancy stuff on your house, looks attractive at first blush.  Who doesn't like that idea.  It's a bit expensive, but then again what isn't these days?

The unit itself has a magnetic cover behind which are the batteries, and it retains the "knob" function; you twist the outside.  An adapter plate goes in place of the inside knob along with a plastic piece that fits the original lock's cam (there are three included for various makes and models of deadbolts) and then the unit just snaps on the plate with two little camlocks.  The physical design is quite-elegant, if a bit large (it has to hold 4 AA batteries for power!)

Then you load an app on your phone (mandatory; it only speaks bluetooth and Zwave native) and use it to set everything up and, if you want, control it.  The first time I ran it the app spent a couple of minutes updating the firmware on the lock; apparently that's how it's kept current.  Oh, and you need location on for initial setup -- it will refuse to find the lock without it enabled on the phone.

The app itself is, well, an app.  It works reasonably well for what it is, but it's a bit clunky, mostly because it has to "get" the connection to the lock every time you open it to do something.  Ok, fair enough.  You can also give "guest keys" to people, which basically means letting other people use your door (uh....)  And it has a clever mode (which requires location on) that senses when you get close to the house, and unlocks the door when you're there -- and locks it when you leave on its own.  Sounds interesting, except what you have to divulge to get that capability.

Specifically, the privacy policy is troubling, in that the unit talks to momma and gives momma a lot of data, including who is opening and closing your door -- and when.  Me no like at all, and of course the standard "we'll give anything to any LEO who asks" clause is in there too.  It's not a camera, but who came and went -- and when -- is still bad news.

Who wants a third party having a detailed database of every time you open and lock your front door, and who does so, accessible any time someone asks "nicely" (cough!) enough or if the company gets sold, has a change of control, etc?

Me neither.

I'm also troubled by there being zero information on exactly what prevents someone from forging access credentials.  Bluetooth is somewhat secure -- but note the operative word here is "somewhat."  Since the unit has no physical hard-reset button I am forced to assume the manufacturer has a back door into it for the case where it loses its mind or you sell it to someone else -- which means it can be forcibly broken into via that mechanism, if someone figures it out.  I'd like to know exactly what the internal security architecture is that prevents this, and the maker's documentation and FAQ is completely silent on that point.

I will give the app credit for having a decent set of notification options although without documentation on how asynchronous messages are delivered I am forced to assume it uses Firebase (Google's cloud-based notification facility) which means now Google knows when someone opens or locks your door too.  I like that even less than August having the same information.

There's also the reality of a clunky, slow "app-based" reality involved in using said app for everyday lock/unlock.  It would drive me insane.  I ran into this same sort of crap with the Hilton "digital key" deal recently.  You register for it at one of their hotels using their Honors app, then when you want to open your room you open the app and select to open the door while standing in front of it -- with location on, of course.  It's slow as hell compared with just swiping a damn keycard -- to the point that I have no interest in using it!  WTF was Hilton thinking with that "design"?

Same deal here, really, when you get down to it.

At first blush, however, it appears there's an answer to most of this problem -- use the app to pair it on Z-wave in secure mode then stop the app or even remove it entirelySince the lock doesn't talk WiFi and it also can't talk to your phone to leverage its internet connection (because you killed the Bluetooth connection) in theory momma learns nothing; your Z-wave gateway is now in control of things.  The remaining risk is via a takeover through someone who knows you have it and can tamper with it through their bluetooth stack -- without a full and fair disclosure by the manufacturer I have no way to judge the level of vulnerability to that, unfortunately.

But using Z-Wave only, having removed the app from your phone entirely, you can do nice things, like (as I showed you recently) wave your phone at an NFC tag and securely use the phone as a key -- and it's as fast and convenient as a typical prox card used in building security.

Me likes that a bit better.

I don't have S2 working yet in the HomeDaemon code, but the lock pairs right up and works fine using S0.

All of this would be good enough to recommend the lockset, with the potential caveat of not being able to evaluate the potential for a hostile takeover via Bluetooth, except for critical flaws I have found during my testing that, quite unfortunately, have no workaround.

First, all locks I have seen, other than the August one, send exceptions ("alarms") for virtually everything that happens.  They send an exception for local operation (key or the twist knob inside), keypad use (including the index number of the code used) and if an operation fails (e.g. the bolt is blocked, you tell it to lock and it is physically unable to comply with the request.)

The August lock sends none of these.

Then there's a real "screw you" that could lead you to get trivially broken into and is, from what I can determine, a fatal flaw.

If the unit gets jammed (door not completely closed therefore the bolt doesn't go in all the way to the "locked" position, etc.) there's no exception logged for that and, much worse, in some cases the unit reports it is secured (locked) when it actually is not because the bolt was blocked from finishing its travel.

Note that this last and fatal flaw is not exclusive to Z-wave -- if you open their app after the reported locking that never completed their own app will show the lock state as secure also when in fact it is open!  I have been able to reproduce this by holding the handwheel with my hand while commanding the unit to lock, preventing it from extending the bolt and rotating far enough toward the "locked" position to engage the bolt.

The other locksets I've seen have never done this in my experience.  Locked is locked, open is open, and I've never had one fail to report a state change either; even in a nasty RF environment they are very good about making damn sure state changes get through to the controller and I've never seen one of them incorrectly report a secured state when it is not.  Even the lowly Kwikset (commonly thought of as the "cheapie" in residential locks; Schlage is IMHO better both cosmetically and security-wise) gets this right.  Further, they report local control (key or twist-knob inside) and mechanically-failed operations via exceptions.  And unlike the August, which will give up on a first attempt at a blocked bolt the others will try at least twice (most try three times) before reporting failure and they have materially higher bolt pressure (torque on the cylinder shaft) as well.

As an aside remember that Z-wave's S0 is only a material risk while pairing, once your units are in the network the key is not passed in the clear so other than breaking into the controller (and stealing it) or ripping off a unit physically (and extracting it from the NVRAM inside) you're fine.  S2 does nothing for either of those risks either; steal the controller and Bob's still your uncle.  And, for properly-designed controllers (cough-HomeDaemonMCP-cough!) the default should be to deny keying over the air at high power, so you pull the stick and do it locally at very low power, reducing the effective intercept range to inches.  (Of course this doesn't work if there is no stick and no battery in the controller unit which make most of the controllers on the market potentially-insecure.)

I'm going to keep this device simply because it's S2-enabled -- and right now it's the only device I can find in the US market that's both shipping and is.  Some work should result in a functional S2 implementation provided there are no nasty surprises awaiting me in the August firmware.  Hopefully not....

But August needs -- badly -- to enhance the Z-wave firmware in this thing so it behaves like every other lockset on the market, with exceptions reported on state changes and failures to change state when commanded to do so also being reported asynchronously.  They also must make damn sure the unit does not ever report your door is secure when in fact it's unlocked!  And they must publish full documentation on their Bluetooth security model so one can judge the risk of someone being able to crack it by disassembling their app code and "pretending" to be authorized to perform a factory reset, since the capacity is stated to be present for the company to clear a previously-set association between one of their accounts and a given lockset.

Oh, and finally I have sent two separate emails to their support email address -- the first inquiring if there was a hidden local hard reset function (in case I managed to screw the pooch while working with the lock) and the second with an overview of the operational problems I've noted here.  Neither got a reply, and while it's only been a couple of days since the first email if you can't get back to customers within one business day something is wrong.

The privacy problems are real but can be worked around with a proper (and non-cloud enabled) Z-wave controller such as HomeDaemon-MCP.

Unfortunately the operational problems, along with the lack of documentation of the firm's security model, are severe and mean that at present I cannot recommend this device for home or business access control.  I have emailed the company and if they fix the problems via a firmware update I will advise, but for the present time my recommendation is that you buy a Schalge or Kwikset Z-wave lock instead.  Check-the-box style "security" (e.g. S2) is in fact no security at all standing alone.

View this entry with comments (opens new window)

2018-08-14 06:40 by Karl Denninger
in 2ndAmendment , 124 references
[Comments enabled]  

On this one I agree with the prosecutor, from the visible evidence.

The shooting, which was caught on video, reignited debate around the “Stand Your Ground” law, and led to demonstrations by protesters who criticized Pinellas County Sheriff Bob Gulatieri for not arresting Drejka, a white man who shot and killed an unarmed black man.

The color of the people involved is immaterial.  Suck my dick Faux Snooz; your inclusion of that is intended to stoke racial hatred and nothing more, and for it your firm should be shut down and razed with a Cat D8.  I'll drive.

The facts are that the video appears to show the person who was shot shoving to the ground as an act of aggression (assault) the shooter.

But then he turned and it looks like he was walking away.

I want to see the rest of the video of the encounter before passing judgement, but from what the news has presented it appears that the assaulting party terminated his assault before the shooter fired.

If that is in fact the case then it's manslaughter -- the shooter was provoked and assaulted however once the assault ends so does your legal authority to terminate the assault (because it's no longer happening!)

The only question is whether, from a reasonable person's perspective, having just been assaulted, the assault had been terminated by the assaulting party or would a reasonable person, based on the actions of the assaulting party at that instant, believe it was about to continue.

The clip, which is not complete, appears to show that the assaulting party was turning to walk away when he was shot.  If that's what it actually shows when the entirety of it is made available to the jury then no, it's definitely not a "stand your ground" case.

The jury will of course get to see the whole thing, but from what the media has put forward this looks like manslaughter -- and not "stand your ground" -- to me.

PS: Whether the shooter had previously pulled a weapon in other instances where he was assaulted, as is being put forward, is immaterial.  He didn't shoot anyone in those other encouners; to draw a weapon when you believe you will imminently have to shoot, only to determine that you are not justified in doing so and thus not firing, is not evidence of being "hot headed" or any such thing.  In fact it argues for the opposite.  Nonetheless, if this is as it appears then he was properly charged and should be convicted after a full and fair trial.  We shall see.

View this entry with comments (opens new window)