The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.
NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.
The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility. Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein. The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)
Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.
Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.
The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)
Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.
Considering sending spam? Read this first.
Hindman: Americans know they need to plan for their later years and get their affairs in order, especially as retirement approaches. But while people recognize that need, too many aren’t following through and taking action.
When someone passes without a will, it means they have died “intestate” – meaning the intestacy laws of the state where they reside will determine how the property is distributed upon your death. But without clear direction on how you would like critical items like financial assets, property, personal possessions and items of emotional value distributed among loved ones, confusion and disarray are a common end result. Not only does the lack of a will create turmoil and headaches – both financial and emotional – for family members; it heightens the risk that your end-of-life preferences won’t be carried out in accordance with your wishes. On the other hand, a well-prepared legacy can give you the simple and satisfying peace of mind of knowing that you’ve done what you can to organize your life, shape your legacy and leave your family with a roadmap of your preferences. It can be one of the greatest final gifts we leave to those we love.
Yes, you should have your affairs in order.
But I really dislike self-interested jackasses peddling crap -- and this falls into that category.
First, there are plenty of people who need no Will at all. If you have little or nothing in terms of assets, or intend to die broke and have no minor children then a Will is not only a waste of time it is functionally worthless. In fact in that situation whoever you name as Executor (Personal Representative in some states) would be five-alarm stupid to accept the job and file the Will with the courts because there's nothing to get but once you file there are both costs and responsibilities. In other words if you know you will either die broke or in the hole and have no minor children then save the money.
You should still have a durable power of attorney and advance directive; those are to some extent state-specific depending on where you live, in an attempt to have what you want to happen actually happen when it comes to you being flat on your back and unable to make decisions. Make damn sure said advance directive is on file with all the hospitals and other places you might be taken if you collapse without warning; until said place has it and knows they have it they'll do whatever the hell they want and maybe, but not necessarily, whatever someone who identifies as one of your next-of-kin wants. If this isn't what you want it's bad news and the cost of that, if any, will wind up billed to your estate which your estate will be obligated to pay. So if you do only one thing make it that advance directive and put it on file at all the local hospitals.
Warning: Some people will tell you to put someone else on your accounts. If you are offered this, to be a "second signer" or "co-owner" do not accept unless you are that person's spouse, in which case it is (of course) perfectly ok. The reason to refuse is that if they do something stupid you are fully responsible legally and financially, and this can ruin you instantly. Consider someone who has brokerage account and is short at the margin limit of a company that gets taken out and the stock doubles. They will come after your house! Don't do it.
A power of attorney gives you the ability to take care of business while the other person is alive without that risk and is the correct instrument; there are several forms of that from very limited ones for a specific asset or account and specific directives all the way to a general durable power of attorney that is extremely broad and essentially gives the person who holds it the same rights as the principal. Just be aware it turns into a pumpkin instantly upon the principal's death and if you are holding one it is a civil and in some cases criminal offense to self-deal or otherwise screw the principal who gave it to you.
If you have or expect to have assets, or in the instance where you have minor children then a Will is appropriate. Just understand its limitations and do it the right way to minimize them.
Specifically, get anything worthwhile out of the Will and thus out of probate. This will make your heirs happier as it's faster, cheaper and has a near-perfect capability to have happen exactly what you wish so long as that's legal.
The first thing to consider is that for anything that doesn't trigger gift tax issues (e.g. things worth under $14,000 in total to a single person, but perhaps of immense sentimental value) give it to the people who you want to have it while you're still alive -- but before you're on your deathbed. This is very unlikely to be challenged and if it is the person challenging it will be forced to spend money on a legal case with no monetary reward.
When you die with or without a Will but with some assets subject to probate then "someone" has to file with the probate court. If you do not have a Will then whatever is subject to probate is distributed based on state law; there's a table they go down (e.g. "spouse first, then any direct descendant children, then ..... and on and on until the category fills.) A Will overrides this to any extent you wish and nominates one or more people (in a chain, if the first refuses or is dead, etc) to be the Personal Representative (or "Executor" in some states; same thing, different names depending on the state.)
However, as soon as that Will is filed with someone named as Personal Representative (assuming the designation of either as valid is not contested, and it can be if someone wants to), or Probate is open "intestate" (with no Will) the fees start. Filing and publication fees are typically in the many hundred dollar range right up front. Unless that person both lives locally and can and will keep their act together sufficiently to deal with the court on a routine basis then there will also be legal fees involved. Most people will either want or need at least legal consultation in doing this job; if you have a law office do it "end to end" for you (which is also an option) the cost is going to double or more. The cost of this process in dollar terms is almost-always well north of a thousand dollars simply in court fees alone by the time it's all said and done; with lawyers involved it only takes one that's a bit of a snake to run the bill through the roof since all time is billed hourly. Choose wisely and ask lots of questions!
Further, and much worse in many cases than the money hit is the fact that once Probate is opened there are statutory time windows that amount to a virtual standstill in terms of anything being paid out or distributed and similar. The reason for this is that all states have a "Bar Date" for claims; 3 or 4 months is common and the clock does not start running until Probate is filed and published. A company or person with a financial claim on the estate has that long to file their claim; if the Personal Representative pays out anything beyond funeral and ordinary maintenance costs (e.g. utility bills on a house, etc) and there are insufficient funds to cover claims he or she can be held personally responsible for those debts! Therefore the usual (and good) advice is distribute nothing until the bar date passes so you know exactly how much is left. If the Personal Representative is comfortable enough with the decedent's debt profile (usually only true if you were running that person's money for a couple of years prior to their death) then some distribution can be made sooner, especially of things that have little financial but lots of sentimental value (various bits and pieces of personal property, etc.) One thing to be very conscious of is anything on a lease; this most-often comes up with cars but it can be anything (e.g. an apartment!) Death does not void a lease in nearly all cases and the firm or person the decedent took it from can and usually will try to collect the entire remaining balance of payments. That can be a literal crap-ton of money and is quite capable of turning a modest estate into a smoking hole with negative value.
Next up is that most states assess an inventory fee on estates -- which amounts to a tax. That's usually assessed on the net value of assets on the day of death. Some assess straight-up taxes as well. There is also a potential federal estate tax issue but that doesn't hit most people as the limit is quite high ($11.4 million at present); if you're in that bracket then you're a 5-alarm idiot if you don't already have professional legal advice to deal with it in advance with some sort of bypass trust. There are ways to defray that tax and in some cases completely avoid it but that has to be done well in advance, so if you're that wealthy head thee to a good estate planning attorney pronto.
Note that if you do not file probate on an estate then there is still a statute of limitations on debts -- typically two years, but in some states it can be materially longer. In other words if there are debts then it's to advantage to bar any who don't pay attention by filing Probate -- but only if there are assets to pay the debts with and, when that's done, something will be left! Otherwise the correct action is to walk away and let the creditors pound sand; that you're named in a Will does not mean you're obligated until and unless you accept the appointment. Figure out if it's worth it (there will be something left, in your best estimation, and whatever you'll receive is enough to be worth your trouble) before you file!
IMHO, assuming no minor children, your goal while alive should be to make it not worth it to Probate the Estate even if there are assets and by doing so deny both the lawyers and the courts their fees.
Many times this can be done.
First, financial accounts of various sorts can for zero cost have what is known as "POD" put on them. That's payable on death and it's exactly what the name implies. You designate who gets what percentage and it's a simple form you fill out at the bank or brokerage. If you die your heirs need only present a death certificate, which they can usually obtain within a week or your passing, and the money is theirs -- period. A cashier's check is cut and that's the end of it. Likewise life insurance policies should always name specific beneficiaries and not your Estate. If you have modest debts -- such as a credit card for ordinary monthly expenses -- and someone you trust to pay it when you die then POD them an account specifically for that purpose with just enough in it for that to happen. They pay the debts after you pass with that money and that's the end of it.
Second, if you have Real Estate and it's owned and has a positive equity then the superior means of dealing with it is usually a Revocable Living Trust. It costs money to set one up if you use a lawyer (typically a couple of thousand) and it's state specific as is a Will but only at initiation. Once established it remains valid even if you move to a new state. The only thing to be careful of is the potential for state tax considerations in states that have a death or income tax. If you live in such a state and intend to move to a state where such is not the case move first, then set it up in the new state. If you already have a trust in a hostile tax environment state then revoke it, transfer the assets out once you move and set up a new trust in the "friendly" state, transferring them into the new one. A trust, once set up, must be funded by having the assets transferred into it. In other words for a house you re-title the house into the Trust. There are people who claim that a trust "hides" ownership -- this is not really true unless you name someone else as Trustee to manage it, which is very dangerous and for most people should be done, because title has to vest in a person; thus it's something like "Karl Denninger as Trustee for blah-blah Trust of date-set-up." But, since the Trust document itself is private who's named as a beneficiary is not disclosed and the Trust is not filed with a court after you die. In the trust documents you name a successor trustee who is the person (or chain of persons) who obtains control of the trust after you die. You can designate pretty much anything that's legal which you want done in a Trust. Revocable living trusts can be modified at-will including assets being moved into and out of them during your life, you can change beneficiaries, etc. Note that a revocable living trust does not provide any sort of tax protection since you maintain control over the assets until your death, at which point it becomes irrevocable and cannot be changed.
Trusts can also have financial accounts re-titled into them and that's frequently done if, for example, you have minor children and a fair bit of money -- or adult children you don't want to have get all the cash at once. Thus the term "Trust Fund Babies"; if there's plenty of money you may be perfectly ok with having a law firm named as the successor trustee to carry it out when you get hit by a bus since you don't care about the fees and costs. For most people designating the chain of heirs is sufficient, but once you get into high net worth situations you may make a different choice.
Note that in most cases you do not want to title vehicles into a trust; the reason is that in many states it is difficult to obtain insurance on them. They're one of the few things you should basically never put in a revocable trust, unless it's something like a classic car collection.
Along with the Trust you usually want what is called a "pour over" Will, which simply states that anything not in the trust and otherwise undisposed goes into the Trust on your death. Note that the Will still has to be probated; if it's a "small estate" this is cheap and fast but the entire point of using the Trust and POD in the first place is to avoid the cost and hassle of formal probate -- if you don't re-title things properly you spent the time and trouble (never mind money if a lawyer was involved) to set the trust up fro nothing since the pour-over Will still have to be probated!
The key difference with a Trust is that just like a POD on a financial account it doesn't go through probate; the court never gets their hands on it and thus there are no delays or fees assessed by same. This means the heirs get possession and control literally as soon as you die, which makes things a lot simpler. In addition nobody has access to your list of who gets what other than the trustee; unlike a Will which is filed with the court and becomes public a Trust does not.
Consider that if you have all your assets covered by a Will -- a house, a bank account, maybe a brokerage account -- and you die, until someone files that Will and is named Personal Representative how does the power bill get paid at the house? Your bank account is locked on the day of your death and a power of attorney to access that account becomes worthless. Someone is going to have to fork up their money to take care of that until the Will can be put into probate and Estate accounts set up and financial accounts transferred or liquidated, all of which costs time and money. In addition there's a very clean argument that nobody has the right of possession (e.g. to live there!) in said house at the moment of your death until Probate is established and on the day the Probate Court appoints the Personal Representative that person immediately has a fiduciary duty to preserve the value of same for the benefit of all the heirs. This can easily conflict with reality; let's say you have someone living in the house who is a partial heir but is a drug user and might trash the place or interfere with the sale required since no heir has the means or desire to buy out the others; the PR can, if the house isn't to pass solely to said person, have a legal duty to forcibly evict them no matter who it is and no matter what else is in the Will as their duty is to protect the Estate assets for the benefit of all the heirs (not just the person living there) and that duty is not to the dead person it's to the court!
If the bank account is POD'd to your heirs in some percentage distribution and the house is in a Trust that specifies that "X" has a right of possession then you immediately (within a couple of days) have the funds to pay the power bill and whoever is so-designated has the rights set forth in the Trust document no matter whether it's to the benefit of the asset -- or the rest of the estate -- or not. In other words your desires before your death are continued exactly after your death and as long as whatever you put in that document is legal it's enforceable. Even better is that whatever people have the right to possession of the property need do nothing to enjoy it, and the title remains undisturbed since the Trust still owns it.
Now the successor trustee, once you die in the case of a Revocable Living Trust, still has to dispose of the property as the Trust directs. But re-titling the house out of the Trust into someone's hands (if it's a 100% gift) or selling it and splitting the proceeds is no different than any other Real Estate transaction, as opposed to filing a Will, having the PR appointed, getting letters of authority and similar, along with all the delays and costs involved.
Finally none of this changes tax and debt obligations; you cannot evade either. If you try creditors (or the IRS) can (and if its worth it for them will) sue to claw back whatever you try to distribute outside of the process. If you have $10 large in a bank account and owe $25 large on a credit card, thinking you can POD the bank account to your daughter as a way to screw the credit card company out of the $25,000 that's likely to fail and get her sued a few months after you pass, quite possibly after she's already spent the money! Don't do that.
Finally there are "small estate" rules for people who die with little in the way of assets but the limits vary from state to state and in some states are laughably low, to the point that someone with nothing more than a modest car exceeds them.
As you can see this can be a lot more complex than it first appears, even if you aren't particularly wealthy. The only place it doesn't matter at all is if you either are or intend to die broke (or even better, deeply in the hole) -- in that case then **** 'em and do nothing with regard to finances (e.g. POD, will or trust), on purpose, but make damn sure nobody else has joint responsibility for anything so the people who you owe can't come after someone else when you die.
In short get competent advice -- there are plenty of people out there who are outright snakes and whoever is managing things for you when you pass is going to get to meet a bunch of them.
I just recently wound up my later mother's estate; I'm not a lawyer nor did I set up her affairs originally, but I did hold powers of attorney for both financial matters and health care and was her Personal Representative, and have seen the flat-out ugly bullcrap that everyone in the world tries to pull. I got dozens of spammy and in some cases scammy letters from various entities and people, along with more than a few phone calls. It's a five alarm pain in the ass and a good thing that I'm pretty-much a pissed-off alligator when someone steps on my tail and am more than willing to chase-and-bite -- hard. Most people would have been butt****ed by some of the crap that was pulled -- as it stands everyone who was legitimately owed money (not many) got paid and there was something left, with none of the schemers and scammers getting anything. That's the way it should be but it was overly complex -- when my time comes it won't be.
I've had my Lenovo X220 for a long time. Time has moved on and yet until this last year I saw no compelling reason to spend money again. The X220 works great and the "improvements" have been small in number but large in price -- and thus not worth it, in my view.
This last year the X1 Carbon Gen 6 units showed up. The previous models were nothing special -- but the "6" was nice. The problem was that "nice" came with a screamingly-stupid price tag, so I passed. But now you can get the X1 Carbon Gen 6 models in a good configuration (i7, 16Gb RAM and a 500Gb SSD) at a nice price -- refurbished, but still with a decent amount of remaining factory warranty.
Incidentally, Lenovo has a rather nice "companion" app that allows you to (among other things) set the charge controller's maximum charge point on these machines (!!!) Setting it to 80% will cost you 20% of your runtime but it will double or better the battery's cycle life. In addition if you're connected to wall power and in the "no-charge window" (e.g. 75%-80%) the system will take its power from the A/C line but not charge, so the battery does not cycle in that state at all. Setting this is not a Windows thing either -- it programs the charge controller hardware so once set it is persistent even if you boot something other than Windows or the computer is plugged in but off. I like that a lot -- this ought to be mandatory on any sort of battery-powered mobile device (e.g. a phone), especially if the battery is not user-replaceable. You know damn well Apple, Samsung and the rest will never do that however since it's part of how they sell both computers and phones -- build them so the battery pukes in about a year and guess what -- you're back in their store! Oh Tim Crook you piece of crap jackass, why isn't this capability standard on all your MacBooks since you're allegedly the "innovation leader"?
In any event these machines can go 6+ hours of moderate use even with the charge point restriction in place, so you're not giving up much and with this set leaving the unit connected to power does nothing to battery cycle life, unlike virtually every other machine on the market. Incidentally, the new Coffee Lake processors (Intel Gen 8) are damn fast on a comparative basis. This is the first "innovation" in laptop CPUs that has been worth spending money on in five+ years, so if you're wondering if it matters -- it does. In addition these units have Samsung nVME SSDs in them which are blistering fast, plus a Thunderbolt 3 port that can drive external video cards if you wish. I've seen no reason to "upgrade" from my X220 until now; it's still perfectly functional too, by the way.....
If you want my short list of complaints with "modern" laptops it's the port problem. Specifically, small and light means compromises when it comes to interior space and thus ports. Full-size SD slots (for example) consume interior space which is at a premium, so they're disappearing. Worse, on many machines so are USB Type A connections, which is IMHO utterly unconscionable. Yes, I know Type C is both smaller and comes with USB-PD, which is superior but there are literally a billion USB-connected devices out there that come with and require a Type "A" plug -- or some sort of adapter -- to use. Those devices aren't going away for a very long time, and as such having at least one (and preferably two) Type "A" port is IMHO required. Dell has screwed the pooch in this regard with their latest "ultrabook" models; Lenovo has only partially done so (there's no full-size SD slot, but there are two Type A ports.)
One big advantage of USB-PD connections found on newer devices is that we're moving closer to true interchangeability when it comes to power in the mobile world. Specifically, I can use the laptop's charger to charge my phone, I can use my phone USB-PD charger (provided it can do 20V output) to charge the laptop (slower, but it should work), my car's USB-PD charger can charge the laptop (I no longer need an inverter) as well my phone and I can use the laptop battery to charge the phone as well. The latter means that if I need to I can plug the car into the laptop and the phone into the laptop as well on the second USB-C port and both will charge. This allows me to get rid of multiple things I used to have to carry, or continue to carry them and gain redundancy -- and that's a good thing.
One of the things I find insanely annoying -- and insecure -- is anything Microslug. Sadly I, like a lot of other people, cannot get away from it in that there's just too much software that I use on a regular basis but is either Apple or Microsoft only. I prefer a FreeBSD desktop for a lot of things, never mind that I want to do some code development on it when traveling, which of course means I want the code environment I write in 90+% of the time on my laptop.
So if you're inclined the same way I am when it comes to operating systems here's how to dual-boot it -- yes, with UEFI (the "new way of the world.") Oh, and to do so with full-disk encryption for both environments. I consider full disk encryption essential on a portable machine because they're much more likely to be lost or stolen than a desktop. Full disk encryption obviously won't stop someone from stealing the computer but it will make sure if someone does steal it they can't get to any of the data on it.
First, shut off secure boot in the BIOS settings. That's a Microsoft-signature thing. It does provide (some) security on the boot process, provided you trust Microsoft. I do not, so therefore..... yep. Note that if you have Bitlocker turned on (and you should if you've been using the machine) the restore process below will result in a non-encrypted Windows installation. That's fine; you can re-enable it later (and should.)
Next, use Macrium Reflect (the free edition is fine) to make room for a FreeBSD partition. The best way to do this is to back up the machine (make damn sure you create "boot media" and test it!), then RESTORE all the partitions using that boot media back to the machine's internal disk and, when restoring, resize the system ("Windows") partition to leave an appropriate amount of free space. 100Gb is quite a lot of storage for a user-style FreeBSD system, unlike most WinBlows machines that are flat-out bloated pigs -- which means that pigheaded Winblows and nice FreeBSD will handily fit on a 500Gb nVME SSD and even a 250Gb disk is more than enough (although you may wish to downsize the FreeBSD side to ~60Gb in that event, which is still going to leave you an insane amount of room on that side.)
CAUTION: Do not be tempted to use a partition resizer to do this instead of using Macrium to take a full backup and restore. Several of the below steps have no "are you sure" option or safeties to prevent data destruction; the commands below assume you know what you're doing and take effect instantly. If you screw up during any of those steps and don't have a backup everything on the machine may be destroyed and it can be rendered unbootable, including any built-in recovery partition. Without recovery media or a backup and boot media for it you're in big trouble if that happens. Doing it right means knowing you have a good backup and can restore it before you begin, which is exactly what you just did and proved.
Now go here https://www.rodsbooks.com/refind/ to download his EFI boot manager, then install it. UEFI machines are supposed to provide a decent set of boot management options but damn near none actually do; this bit of code overcomes that problem. The pages look sort of scary in terms of the amount of material present; they're not. You need the "zip" file which contains all the pieces necessary. Grab the package and read the Windows installation instructions; it's very simple to install this from the Windows command prompt. You only want the "x64" version (there are three; delete the other two before you copy it over.) To test the installation reboot; the system should show you a boot menu, but the only "real" bootable option will be Windows. If you screw up typing something what will probably happen is that Windows will start instead of you getting the menu -- go back and check your work if that happens. You're now set up to choose multiple operating systems painlessly every time you boot the machine.
Download FreeBSD-12 (the x64 version) from https://freebsd.org in the memory stick format and use your favorite tool (e.g. "dd" or win32diskimager) to copy it to a USB key or other similar thing (an SD card in a reader works just fine too.) Note: You want FreeBSD 12. You can use 11.x if you wish, but the nice integrated encrypted storage option I'm describing here might not work; I'm not sure if the encryption-aware EFI loader was MFC'd back to 11.x. You can still set up for encrypted disk storage without that but it's a lot more of a pain in the ass to do than what I'm describing here and makes maintenance using FreeBSD's internal tools more-complicated unless you're quite careful. Use 12; it's both more-secure in that there is no "exposed" non-encrypted boot partition and easy to set up by comparison.
FreeBSD's installer should, in theory, be able to handle a "multi-boot" environment with reasonable facility but doesn't and the only option it offers for automatic setup with encrypted storage uses ZFS on the entirety of one or more disks. That's reasonable on a dedicated machine with multiple drives but not for a laptop or other computer with one disk and a dual-boot requirement -- so you get to do the disk setup by hand.
Now boot the stick with FreeBSD-12 on it. On the Lenovo hit ENTER on initial start when prompted and then select F12 to change the "default" boot order and select the USB stick from the drop-down menu. Start the installer but when you get to the disk layout (there will be four choices; one of which is UFS and one of which is ZFS) select manual (it'll warn you that you have to be an "expert.")
You'll get a "#" (root) prompt.
Now type "gpart show | more" and look. You should see something like "nvd0" at the top -- which is your SSD. There should be a large unallocated space (marked " - free - ") of the size you left. Note it, and that it will not have an index number.
If there is no free space of the size you left YOU ARE LOOKING AT THE WRONG DISK.
# gpart add -t freebsd-ufs -l freebsd-root -a 4k nvd0 (assuming your disk is named "nvd0" in the above)
This will tell the system to add a partition for FreeBSD to the disk named, consume all remaining available space in that nice large block and put a label on it of "freebsd-root." This is probably what you want; the label is optional but will help you avoid mistakes while putting the system together.
Now look again at "gpart show | more"; you should see the freebsd-ufs partition you created. Remember the index number next to it. If it's "6" then the disk partition is in /dev/nvd0p6. The numbers may not (probably will not, if you resized from a backup) be in order. That's ok.
Warning: If you do any of the following to the wrong partition you will destroy whatever is in it. There are no warnings or safeties on any of these commands; you're acting as "root", and it is assumed "root" knows what he's doing. That backup you made as the first step will come in real handy if you screw up here so don't do anything stupid to wherever you put the backup -- like erase or destroy it!
BEFORE you press RETURN in any of the below steps look -- TWICE -- at what you just typed or be prepared to use that backup you made and start over!
# geli init -b -g -l 256 -s 4096 /dev/gpt/freebsd-root (note that "-l" switch is the letter "l" -- not a numeral one)
This initializes encryption on this partition. "-b" and "-g" tell the system you are going to boot from it, and that the boot system should ask you for the password. "-s 4096" sets the block size; 4096 is a good choice with a decent split between performance and XTS fuzzing (security), and matches most SSD page sizes which is important on SSDs. "-l 256" says to use 256-bit AES instead of 128 and is optional. There's debate over whether 128 or 256 is more-secure; 256 is a bit slower, but not much. Note that you cannot change either the sector size or AES length once the partition is initialized without erasing everything in the partition you are encrypting. Unlike Bitlocker on Windows there is no "encrypt in-place" option.
You will be asked for a password. Use a strong password and do not forget it. There is no way to recover anything on that partition if you lose it. Ever. Period. There is no recovery key ala Bitlocker; you either have the password (the system does allow you to set a second one but that's beyond the scope of this document) or there's nothing you can do to get the data back.
When that command completes type:
# geli attach /dev/gpt/freebsd-root
And enter the password when prompted. If it's correct you'll see a couple of lines announcing the filesystem is attached and another root prompt. If the password is wrong it will tell you; repeat the command and put in the right one. If you accidentally put in the wrong device name the password will obviously not work since it's not the correct part of the disk.
# newfs -t -J -U -L rootfs /dev/gpt/freebsd-root.eli
Note: The ".eli" name on the end denotes the encrypted partition you just attached. This initializes the filesystem itself; you are telling the system you are on an SSD and want it to use "TRIM" ("-t"), you want Journaling and Soft Updates (both good for performance and data security / reboot speed) and you also want a label called "rootfs". The last switch isn't really necessary -- but it's good practice.
Now you have to mount that filesystem where the installer wants it so it can put the operating system on there for you:
# mount /dev/gpt/freebsd-root.eli /mnt
And then create two files necessary for the system to boot when you're done -- an /etc/fstab file to tell the system where the filesystem is you created and a loader.conf file so the system knows where to find the root filesystem and to load the encryption driver during the boot process:
In /tmp/bsdinstall_etc/fstab put:
/dev/nvd0p6.eli / ufs rw 1 1
And in /tmp/bsdinstall_boot/loader.conf place:
"vi" is a good choice to do that, assuming you know how to use that editor. "echo" will work too (one line at a time.) So will "ee" (Easy Editor.)
(nvd0p6.eli may be different depending on what you saw above -- if unsure look again with "gpart show | more" and look for the index number of the partition. Note there is no "/dev" prefix and that ".eli" on the end must be present; that's the attached encrypted copy. Without it the system won't boot as it will try to read the unencrypted device and will see garbage.)
Now you need to mount the existing EFI partition on the drive and copy in the FreeBSD loader. The UEFI boot manager you installed earlier will be able to find it automatically, but to do so you must place the FreeBSD loader that knows how to scan for and read encrypted disk partitions in the correct place. The following commands will do that (the "#" is the root prompt), assuming "nvd0p1" is your EFI boot partition on the disk:
# mkdir /tmp/mount
# mount -t msdos /dev/nvd0p1 /tmp/mount
# mkdir /tmp/mount/EFI/FreeBSD
# cp /boot/loader.efi /tmp/mount/EFI/FreeBSD/bootx64.efi
# umount /tmp/mount
# rmdir /tmp/mount
Now you can type "exit" at the "#" prompt and you will be back in the installer with all the "bits" in the right place for it to put the system on the disk for you. Do the other usual things in the installer, including setting up networking and similar.
When you're done let the installer run and finish. When it goes through the normal process and you reboot you should get a boot manager screen with TWO usable options (there will be others as well); one of them should be FreeBSD's "Beastie Head", and selecting that option should immediately prompt you for a password, which is required to unlock and boot the partition you have just set up.
Congratulations; you can then set up X11 if you'd like (e.g. gnome, etc); be aware that the Carbon Gen 6 wants the "scfb" driver declared for X11 to work which is a bit annoying; a file called "driver-scfb.conf" goes in /usr/local/etc/X11/xorg.conf.d once you have xorg loaded and should contain the following to tell it to probe that driver:
Without that Xorg's auto-configuration will not find the Intel graphics and X11 will refuse to start.
Now reboot into Windows and turn Bitlocker back on. Unlike with X220 where I had to do some rather arcane things with the Group Policy Editor to make that work (Bitlocker would otherwise throw up as soon as I booted FreeBSD) so long as you have loaded the UEFI boot manager and the FreeBSD loader into the EFI partition before you do this it should be fine with you switching back and forth between operating systems -- it is on my machine. Expect it to raise hell if you tamper with anything in that EFI partition after Bitlocker has initialized, but once you've set everything up there is no reason to screw with that area of the disk again, and in fact if someone does it's probably good for the system to raise a stink about it. Do be aware that if you use Gnome by default it will try to mount all the partitions it can find when you sign in and will complain a lot if you have the Windows partition encrypted (as expected); the best option there is to turn the automount feature in Gnome off. Be aware that without policy editing Bitlocker is only as secure as your physical machine and the login passwords on it; TPM-2.0 machines will boot a Bitlocker disk without a PIN entry so if your login password is crap or you use the fingerprint sensor the Windows partition is not secure against someone who can guess or spoof either and the very real possibility exists that Microsoft has a way in to such a booted machine via some Redmond-placed back door.
Finally, delete any existing Macrium Reflect backup XML profiles you used for Windows and re-create them. Attempting to use the old ones from before you resized the partitions will not work since you've changed the partition layout; they will appear to run initially but error out during the process. Make a final, new base backup for your Windows side and make sure it verifies, then use the FreeBSD tools of your choice to do so for the Unix side so you're protected there as well.
The only "gotcha" I've noticed is that 802.11ac WiFi isn't recognized but I believe this is still a FreeBSD limitation as of 12-RELEASE. I don't have an external Thunderbolt dock so I have no idea if an external video card will come up, assuming appropriate entries in the x11 configuration files.
Note: The options I specify above in setting up the encryption environment make the basic assumption that the purpose of encryption is to protect against a thief getting access to your data. If your assumption is that you're trying to protect against a determined adversary with nearly-unlimited resource (e.g. a government, a police force, etc) then you have plenty of work to do before choosing those options -- never mind that Bitlocker on Windows is likely not secure against such an adversary at all.
So, if I want to be "done" there's an easy way to do it.
Sell my LLC -- that runs this joint.
What do you get?
The Ticker -- the (registered) Trademark, the site, the domains, etc.
HomeDaemon-MCP -- as I've posted before.
Permanent RTU (right to use) on the forum / blog code -- we can talk about the source and right to distribute; I might be ok with that too.
And maybe I'll do guest articles from time to time too.
What is this? A "Make me Move" sort of deal.
You know how to find me (look to the right, fool -- the link is right there.)
Yeah, I'm thinking about it, and it's cheaper now than later -- like next year -- when I can kill the "mandatory" Obamacare policy (which I don't need) and keep as much cash flow as all of the above can generate but the lower income-tax liability on the earnings.
So, if you want it, this is your opportunity to get it -- whether its to have it or to just shut me up.
There's been some attention paid to all the "screen time" that our kids get these days -- and that this "screen time" makes us less, rather than more, happy.
Ever think about it folks?
And then you should remove Facepig, Messenger and all the other social apps from your phone.
Think about it folks. Look at Facepig and beyond all the ads, sponsored clickbait garbage (which I've written on repeatedly) and such what's on there?
Someone doing something fantastic, right? Someone you know on a cruise. Another person winning a race. A third person having a beer. A fourth on top of a mountain somewhere. A fifth, sixth and seventh posting 500 pictures of their cute baby or child (who by the way most-certainly could not have consented to their visage being permanently stolen by Zucker****er).
Think about the image this presents to you as what life is supposed to be.
It's all smiles.
Now I want you to contemplate something: Have you ever seen someone take a **** on Star Trek - or any other TV show? You've got eight Star Wars movies, and yet I don't recall one person having to stop and take a crap. The only time you do see that is when it's a joke as part of the plotline -- like in Jurassic Park with the lawyer.
Now let's expand that a bit.
You've never seen anyone actually do laundry. Nor have you seen someone do the dishes, or even unload the dishwasher. You've never seen them sit in traffic for an hour commuting to or from work.
Why not? Because if you actually put someone's daily life on television you'd never watch it; 95% of it is the normal daily grind -- we get up, we make a coffee, we ****, shower and shave, we get in the car to go to work and listen to music while stuck in traffic, we buy groceries, etc.
What do you see on Facepig, Snapass and similar? The 1%, all the time, which inexorably leads you believe that your life should be that 1%, all the time.
But it can't be.
Nobody lives like that.
Even a billionaire who has no care in the world for making another nickel, ever, and has a building full of paid servants still has to ****, shower and shave. The kid in High School has to sit in class and then do his or her homework. Even the retiree doesn't get to live like that; he's gotta go to the doctor and get poked here and there, cook dinner, etc.
So what are you doing when you are continually looking at Facepig or Snapping away? You're engaged in someone else's -- and your own -- fantasy. A fantasy that is guaranteed to make you miserable because nobody can live a life that consists of even five percent of the projected thing you are viewing.
The fact is that nobody takes a crap on Star Trek because nobody would watch the show -- or the movie -- if they did. Yet if we ever do master faster-than-light space travel the people on board that ship are still going to spend 90% of their time doing things that amount to "****, shower and shave."
They do it now on the ISS, they did it on Apollo, in Gemini and Mercury and they will in the future just like you do now.
Zucker****er likes to talk about bringing people together and other similar tripe. It's crap. In fact it's worse than crap, it's a knowing lie. Zuckerpig knows that even if there was no clickbait, fake deals and other garbage on the site that you'd still be made miserable simply by being there because the "face" you see is one you cannot possibly live. It therefore cannot bring you joy -- it can only bring you tears to some degree.
Don't tell me about how it helps you "keep up" with your 457 "friends". You don't have 457 friends. In fact, I'm willing to bet that you can count the number of people who you can legitimately call "friend" on your fingers.
If you assert that's not true then I will make a declaratory statement in reply: None of those people are actually your friends -- they're all acquaintances, every single one of them.
I recently heard that a record number of kids committed suicide last year in our local High School. I'm willing to wager 100% of them spent a huge amount of time with their faces buried in a hand-held fantasy machine that made them miserable while stealing a record of everything they did to try to make a profit off that same misery.
Those kids are dead; their misery has ended but the profit still went in Zuckerpig's pocket.
Folks, there's no value here for you in any of these "systems." It's all net negative and it gets even worse when the data is mined off and sold as I've pointed out repeatedly. We put these little spying machines in our pockets but how many people will stick them on silent or ignore them when they ring say much less toss 'em in "Airplane" mode?
It wasn't that long ago that if someone wanted to talk with you they called your house and if you were home you could talk to them. But only one person at a time could do so in said house because there was only one phone line. If there were five people in your family and one of them was on the phone, the other four could not make or receive a call. If you were out getting groceries or even just mowing the lawn there were no voicemails either; the phone just rang and nobody answered it. There were no text messages, Facepig posts or anything else of the sort. If you were separated by more than a few tens of miles of distance the long-distance charges made sitting on the phone for an hour at a time punitively expensive and nobody could afford it. Your only reasonable answer to a desire to say more than a few sentences for a birthday or other major life event was to sit down and write an actual letter and stick a stamp on it, then wait days for delivery and a reply. You only did it on any sort of regular basis if the person you were corresponding with was an actual true friend or more; acquaintances, even those you call "family", you spoke with for 5 minutes on the phone on a birthday or anniversary, and perhaps you saw them over the holidays for dinner when one or the other of you traveled. Most people had two or three such correspondents and no more simply because you had to invest a material amount of time to write said letters and there were only a few people who were worth it.
The number of people worth it in your life has not changed folks; instead interaction has been cheapened to the point of worthlessness.
How many posts do you think I've made on my Facepig timeline this year?
One talking about Facepig's spammy ads and two more being single-sentence replies to someone else's post.
Let me count that again for you folks: THREE.
Yeah, I've made a handful of other comments, but in terms of timeline posts -- it's three and only one of substance. The other two were the prototypical 2 minute pre-cellular phone call.
I'm not trying to expand my reach on the Internet for monetary gain. If I was then yes, it would make some sense for me to post things on Internet sites; that's called advertising. But I'm not.
I have zero interest in posting my "personal triumphs" and gloating about them on social media. My ego is simply not that large. If you're interested in knowing what I'm doing and whether I happen to take satisfaction in some accomplishment then you probably know how to get ahold of me personally and we can share that. It might actually mean something to both of us in that case.
More to the point if you wish to call me friend then you won't expect me to find your events, triumphs or whatever on Facepig. You'll think enough of me to call, recognizing that if I don't answer immediately it's not because I don't like you but because I might be having dinner, mowing the lawn or in the middle of one of the three Ss of life -- and if you choose to leave a message I'll call you back when I can devote some time to us. Ditto with a text; I might reply right away, but if not it's as likely to be because I'm under my car changing the oil or cleaning the gutters on the house as anything else. You know, part of that daily ****, shower and shave routine.
Do I look here and there at Facepig? Yes. But what I see is what I talk about above. Is it worth my "engagement" in the general sense? No; I recognize that not one bit of that will ever translate into changing the necessity of my life which, just like yours no matter how rich or poor you are revolves around ****, shower and shave.
But what said "engagement" will do, if I embrace it, is make me less-happy and more-miserable.
It must, because by its nature it portrays a fantasy that nobody can actually live. Zucker****er knew this originally and in fact had "girl rating" pages on his Haaaarrrrrvvvaaarrrddd site which were exactly as "nice" as you might expect they'd be. You don't really think he forgot that, do you, nor their popularity with his "friends" -- right? (BTW what's his wife think about that? I bet a few billion dollars makes her not care and that tells me everything I need to know about her.)
No, what Zucker****er did was turn your increased misery and reduced happiness into billions of dollars for him. The founders of Snap and all the other so-called "social media" have done likewise. They don't even give a **** if the misery their "engagement" contributes to causes nine teens to kill themselves in one semester at a given local school. What's even worse is that they've done all of that in concert with people like John Legere, the brash CEO of T-Mobile who, along with Verizon, Sprint and AT&T, charge you in both money and slower performance, never mine crappier battery life, to deliver ads for the sole purpose of capitalizing on your decreased happiness. Any of those carriers could put a stop to a large part of it in an afternoon by putting in place a switch you can turn on in your account that blocks all common advertising domains.
This would not be a "net neutrality" violation since you would choose to turn it on, not them.
But none have, and none will.
They won't because misery is profitable.
People who are truly happy don't need to spend on "aspirational" things. They certainly don't need $1,000 iFrauds to make them feel good. Miserable people are another matter; that smiling face with a nice big fat $1,000 iFraudy phone is a "message" they can try to get you to bite on, with the hope that it might make you smile -- at least until you see someone on a cruise, at which point you're back to being unhappy because you need to ****, shower and shave while Jane is on Facepig with a $5,000 vacation smile and a fat Mai Tai in her hand.
None of these apps are on my phone folks. If I want to look at Facepig I'll do it on a browser, which I can close when done so it can't root around in my device and steal information on whatever else I'm doing. I don't do "messenger", Snap or any of those others for the same reason.
You shouldn't either, and if you stop doing all of them I predict you will smile more.
Oh, and you'll also pay less -- in both misery and money.