The Market Ticker
Commentary on The Capital Markets- Category [Technology]
Logging in or registering will improve your experience here
Main Navigation
MUST-READ Selection(s):
There Can Be NO Compromise On Data

Display list of topics

Sarah's Resources You Should See
Sarah's Blog Buy Sarah's Pictures
Full-Text Search & Archives
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-08-10 08:20 by Karl Denninger
in Technology , 102 references
[Comments enabled]  

So now having used it for a few days -- the latest Android version -- I have some observations.

First, Google has done a fair bit of work on how they schedule tasks in the kernel, it appears, keeping most of the background work on the lower-CPU power (and power consumption) cores on modern devices -- most of which have multiple instances of same.  This is more a kernel thing, but it appears to have a pretty material and positive impact.

The "swipe up" capability to get to the "task manager "is an interesting change.

The other big difference is in notification management; the system pays attention to what you do with notifications and if you basically never do anything other than dismiss them it will eventually ask you if you want to shut them up.

Oreo reorganized notifications on a grand scale, requiring "channels" to be registered by applications.  This has problems (as I previously noted) but it also came with benefits, in that you can force off notifications that an application would otherwise try to spam you with.  "P" has made some relatively minor (but, so far, good) changes to this in that it now tries to figure out what you're doing with those notifications, and if it thinks you don't really want them it will "suggest" you shut them off.

There is one EXTREMELY annoying change however -- Google moved the clock over to the left side of the top bar from the right and locked it on.  For those of us who always have a clock on our screen because we want a widget with more information (e.g. dual time zones, when the next alarm is, etc) this is an insanely annoying and duplicative waste of space.  To not make this selectable as is the battery remaining percentage is ridiculous -- typical Goolag horsecrap.

My HomeDaemon android app has required no changes to function properly, which is nice, and the system leaves it alone even though I have it running on a continual basis in the background.  That's good.

In general this appears to be a mostly-incremental change, although I've yet to see anything terrible.  The most-important is the apparent improvement in power consumption -- a change you can't really put your finger on in a concrete fashion, but which is quite important in terms of real-world performance.

All in all I like it but I wouldn't call it revolutionary.  If your device doesn't get updated to it, and remains on Oreo, the differences you will notice will be modest in impact rather than something likely to make you want to run out and buy a new device tomorrow.

View this entry with comments (opens new window)

2018-08-09 15:05 by Karl Denninger
in Technology , 128 references
[Comments enabled]  

Someone has one or more "older" discussion forum or similar systems out there that have had their password file stolen, said file was not hashed, it was in "unix" format (e.g. "login:password") and it's circulating.  I've been getting a series of spam emails that all are of the form "I turned your webcam on and recorded you watching porn; send me $x to this bitcoin address or I'm going to release it" bull****.  Oh well, I don't watch porn...... so sorry, so sad for the fear merchants.  But recently a few of them included in Unix format my email address and a very old, only-used-for-insecure-forums, password -- in plain text.

If you have used the same password on various online forums in the past if that same password is in use anywhere else change it right now.

The Market Ticker has always hashed passwords (using the internal Postgres functions to do so, which have gotten stronger over time as their algorithm support has improved.)  But there are more than a few out there that do not hash, but instead store passwords!  Most of those have been fixed by now, but it used to be trivial to know if that was the case because you could ask the system to send you your password to your email address and instead of getting a link to reset it (since the system doesn't know what it is -- only the hash of a correct entry) you'd get the password in your email!

In addition you should be extraordinarily skeptical of any browser plug-in or alleged "VPN" provider; anything that can "get in the middle" of your communications can be very bad news.  Browser plug-ins are especially dangerous since they can potentially hook the input and steal passwords, as are "custom" keyboards and similar on phones (which by definition must process what you type.)

Good "digital hygiene" is to never use "external" sign-on (e.g. use your Twatter account to log in somewhere else) and always generate a random, high-quality password for each place you log into.  You cannot control the security of some third-party site so the best you can do is make damn sure that if or when they screw the pooch the damage stops with that one site and can not propagate somewhere else.

This means you need some sort of good "password safe" (because there's no possible way for you to remember a dozen or more good, secure passwords) and its security is paramount.

I personally like KeePass because it can use a composite key -- both a key file and a password, and it is multi-platform.  Steal either the password or the key file and you have nothing; you need both.  It is of course very, very important that the key file never be put on any sort of "cloud" storage, EVER -- you must physically copy it to the devices that need it, and only the devices that need it.  If you suspect any of those devices are compromised you re-generate it and replace it.  Of course the risk with this approach is that you had damn well better never lose the key file yourself but the risk with the key file being lost is easily remedied by putting it on a USB key and then sticking THAT in your safe deposit box at the bank.  Now if you manage to lose your operating copy (e.g. your computer's disk crashes) you still have it.

In any event if you're like 90% of the people out in cyberspace you use only a couple of passwords and you use them in multiple places.  If you're one of those folks stop that right now, because there are plenty of poorly-engineered storage locations out there on various back end systems and penetrations of said sites is not unusual at all.

View this entry with comments (opens new window)

2018-08-06 10:15 by Karl Denninger
in Technology , 4580 references
[Comments enabled]  

It appears the left is actually trying to provoke a civil war.

And let's be non-charitable -- this includes Apple (banning Infowars), Facebook (ditto), Twitter (banning Candace Owens, only to reverse it -- sort of) and indeed most of Silly Valley.  It includes the NY Times, which just hired and defends an openly-racist woman who attacks the very people who made it possible for her to be alive and free.

And it includes the so-called "antifa" folks, none of whom have been thrown off social media or banned, despite not only encouraging but actually committing felony assaults and, in a few cases, even arsons.

A large part of this devolves back into the CDA, which was a poorly-written law egged on by a bunch of technologists, and which has now been abused mightily by everyone on all sides.

So let's fix it, before it fixes us.

Specifically, it's time to make the following changes in Section 230, along with related law.

To avail yourself of Section 230 yet be allowed viewpoint discrimination in any form the platform in question must be (1) branded and (2) visible on the immediate surface to a user who connects through or to said platform or resource.

This immediately stops "de-platforming"; a DNS provider, line-seller (e.g. telco), email or a web host service provider (or similar) cannot ban any lawful speech (no matter how offensive) without taking full legal responsibility as a publisher for everything distributed through their systems -- including child pornography.  Yes, this means not only civil (copyright) responsibility but felony criminal responsibility as well.

If iTunes wishes to pull Alex Jones' podcasts it may do so.  If Youtube wishes to do so it may as well.  Both are branded on first impression to the user.  So is The Market Ticker.

However, GoDaddy, Amazon's AWS or Akamai's CDN (nor any other similar business) may not refuse Alex Jones (or Spencer!) service nor may they discriminate for or against like kind and quantity buyers or they immediately and permanently lose all Section 230 CDA defenses, both civilly and criminally.  A person using a web address does not, as a matter of first impression, know who hosted the site nor who provided the DNS resolution for it.  Such is discoverable with modest effort but neither is a branded product displayed to the user on first impression; one must search for it.

This one singular change will mostly correct the problems with the CDA.  It doesn't force Facebook to put Alex Jones back on their site -- but it prevents them, and others, from pressuring domain and hosting providers into blocking his speech.

He might have to pay to distribute it but a free press does not mean you get to take your printing costs from other people.

The market will likely take care of the rest.  Infowars is rather popular; there's nothing preventing Alex Jones from mounting a campaign to destroy Facebook's advertising base, nor Apple's.  Indeed he ought to do both in response; why would you buy a phone at double the price when the maker is a censorious piece of crap?  Maybe you think Jones is a crackpot, in which case iTunes and Apple products are fine.  But if not, well, don't buy it.

The CDA was bad law advocated for and passed by a crooked Congress and President; it "addressed" a problem that mostly did not exist, in that Cubby .v. CompuServe had already established via case law what it codified in statute.  What led to the CDA, for the most part, was ISPs freaking out about people like myself who were raising the issue of them knowingly storing, transporting and distributing grossly-illegal material such as child pornography -- a fact that was trivially discoverable at the time via the simple matter of volume where unlawful binary content over Usenet was consuming ten or more times the bandwidth and storage of legal, textual content.

Prosecutors of the time (mid to late 1990s) were just as crooked as they are now; despite knowing this, which was trivially able to be determined from public information they utterly refused to go after any of the distributors (ISPs and big Usenet houses) and put a stop to it.  They had plenty of existing legal authority to do so, but simply refused to act.  Knowing distribution of this content was, at the time, a criminal felony -- and still is.

The ISPs of the time (quite reasonably) got rather concerned -- eventually someone in a prosecutor's office was going to get a bee in their bonnet and toss a few of them in prison, which would end the practice -- and profits from same -- immediately.  And don't think for a minute it wasn't being done for rank profit -- at my company we received daily calls from prospective customers who explicitly and directly asked if we carried such material -- and upon being told no in response they went and bought from a competitor.  Given the cost to carry that crap it simply beggars belief that those who did were doing so by "accident"; having to buy 5 or 10x as much storage and CPU, never mind the transport congestion, is not done without actual knowledge.

So those profiting from the practice lobbied, and got the CDA -- which quite literally shielded this exact outrageous practice -- child sexual exploitation -- from legal sanction.

But it also made deciding that someone was "persona non-grata", not on a branded product but on a utility product, not only legal but easy -- and as soon as market power accumulated that became part and parcel of the landscape, as we now see.

This must be corrected, because once freedom of speech can be not just tampered with but outright destroyed by such back-door means it is only a matter of time before violence follows; indeed, we are already seeing the beginning of it with the "antifa" people being the inciters of same.

This must not stand.

View this entry with comments (opens new window)

2018-08-02 12:05 by Karl Denninger
in Technology , 131 references
[Comments enabled]  

I filed a bug on this, but want to share it WIDELY as well.

Android "O", which is now showing up on basically all new phones and being retrofit back to older ones, changed the behavior of notifications quite significantly.

Notifications are those little pop-up things that tell you that you have a new text message, for example.

One of the problems historically is that certain app writers have been rather abusive in their use of these.  They'll spam incessantly with them, and some make it very hard or even impossible to stop it without uninstalling the app.  One of the worst abuses was the refusal to honor "shut the **** up" (e.g. do not make noise) requests without putting the entire phone in "total silence" mode; that is, the app writer set a sound for each of their "events" and gave you no way to override or stop it.

Oreo changed this; in order to post a notification from an app you must first set up a notification channel in your app code.  Once you do that the app cannot change it, and the user has control over whether it is on, off, whether the LED flashes, the vibrator motor goes, what sound (if any) is played when a notification is posted under it, whether it can override the "do not disturb setting", etc.  This is, in general, a very good thing in that irrespective of what the app writer tries to do you, rather than they, have control over whether said notification does whatever you want it to do.  It's an especially good change for those apps that formerly allowed nothing to be set by the user in that regard at all.

Well, sort of.

But Google left two things that are not exposed in that user settings area: The color of the LED that is flashed, if you have one on your device and the pattern of the vibration, if that's enabled.  (The vibration can be a "one shot" or a "pattern"; it can be set to any series of "on" and "off" pulses in milliseconds.)  In other words I can turn the LED flashing on or off (likewise with the vibration) as the user but I cannot change the color or the vibrating pattern.

The problem is this: If you have multiple apps on your device, and everyone does, you probably want to set the color of the LED notification if your phone is capable of it differently for each app you use frequently.

Your desired color may change from time to time as well; you might install a new app and that one might not let you choose at all, but may define a color and not have any way to override it.  Google themselves is guilty of this with apps like the built-in text message application (which insists on being "blue")!

The only way to work around this as an app writer is to refuse to allow any notifications to post (that is, do not create the channels at all) until the user chooses a color from your settings.  But once he does choose it he can't change it without destroying all the stored data or uninstalling the app because that's the only way to get rid of the "stickyness" of those channel settings, which in the case of an app that stores something hard or impossible to retrieve is a serious pain in the ass (e.g. lose all your stored high scores for a game, as an example) and for any app it means destroying whatever settings and credentials the user may have previously set.

This is an outrageously stupid thing for Google to have done.  Their developer documentation claims you can destroy the channel and re-create it in your program but even if you do that the settings will not change; the system remembers the old ones and refuses to allow you to overwrite them.

I don't know what sort of ****wit came up with this crap for Oreo but it's just another example of how this codebase is in fact "1,000 monkeys" and not some grand "innovation."  What possible reason is there to not allow the app to change the color of the LED or the pattern of the vibration?  If the user turned it off then it's off!  If you're not going to let the app change the color then a color picker has to be in the app's system settings -- unless you have the IQ of a box-o-rocks or think screwing users is amusing.

You really have to be a special brand of stupid, in short, to screw users like this -- or maybe, just maybe, Google is trying to softly "force" you into allowing their "voice assistant" to run...... and oh by the way the switch to shut that off is quite-well hidden.  I found it in the latest OS versions but it took quite a while.

Gee, they wouldn't do that so your mic is on all the time, would they?

"Don't be evil" my ass.

PS: If I missed a way to do this someone is free to comment here and show me a working code snippet.  Good luck; I've spent quite a bit of time going through Google's docs which claims you can do it via a delete/create in the app although doing so will log it on the user's settings screens so they can see that you did so, but no, you in fact can't.

View this entry with comments (opens new window)

Nobody who is sane would argue against using advanced scientific techniques to catch someone who rapes and murders a child.

An Indiana man confessed Sunday to the 1988******and murder of an 8-year-old girl after investigators linked evidence found on the child's body and in a series of creepy notes sent after the killing to DNA samples extracted from used condoms in the suspect's trash, court documents showed.

The cops got the "lead", presumably, by using one of the "public" DNA database systems (e.g. 21 and me, etc.)  This in turn led them to look at this guy's trash because they were able to narrow the potential matches to a small number of people, which they needed no warrant for (he threw it out voluntarily) and in there they found used condoms.  From that they were able to nail him conclusively.

What keeps the cops from doing this for something as routine as a traffic ticket is that it's relatively expensive and time-consuming.  That will not be the case for very long.

It is nearly a Holy Grail sort of thing for marketers and other business folks to find a near-zero-cost and fast means of instantly identifying someone with exacting specificity.  Doing that allows taking gross advantage of you in terms of what's marketed to you and at what price, yet it is allegedly "color blind" and thus does not, by definition, raise "discrimination" questions.

The problem is that the technology to do this isn't far off and a whole lot of people not only subject themselves to it voluntarily they also screw everyone in their family at the same time, who did not consent, because there is enough of a match between family members who share one or both parents to narrow the list of possible matches to a few people.  As such if anyone in your family consents to such a service by uploading their DNA everyone in that family, including those not yet born of the same people, inevitably has their privacy impacted without any possibility of consent.

Of course the visceral reaction when a scumbag like this guy gets caught is to cheer -- loudly.  He got away with raping and murdering a kid 20 years ago, or so he thought.  20 years later, he's busted -- conclusively so.

The problem isn't with using technology like this to catch rapists and murderers like this.  It's that as technology advances the cost of such isolation of one person out of a possibly field of billions will drop from both a lot of time and money to effectively zero time and fractions of a cent.

At that point there will be exactly nothing you can do as any hint of privacy, anywhere, will have been irrevocably destroyed. 

View this entry with comments (opens new window)