The Market Ticker
Commentary on The Capital Markets- Category [Technology]
Logging in or registering will improve your experience here
Main Navigation
Full-Text Search & Archives

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2019-06-07 07:00 by Karl Denninger
in Technology , 159 references
[Comments enabled]  

Well well look what we have here:

“I realize that I was irresponsible ... that I should have had my cell phone with me, that I should have had some water with me, some kind of preparatory tools that you bring with you when you go hiking,’’ Eller said.

If you're hiking alone then you need more than a cellphone.

Buy a PLB.  About $250.  The newer models are very small and light, about the size of a pack of cigarettes and, as they're designed to be a survival device, extraordinarily rugged.

Fall on your cellphone in your pocket and odds are good you'll break the screen and likely render it useless -- and this assumes you have a signal where you are, which is not certain at all in the backcountry or even just a few miles off the beaten path.

Fall on your PLB and it's a near-certainty it will still work if you need it to.

Go in the drink and most cellphones are ruined instantly.  These laugh at getting wet; they're perfectly suitable for use while boating and most of them float.

PLBs are not toys and not for routine communication.  They're not a "SPOT" or similar; they're life-saving equipment.  They require only a view of the sky, so they're useless in a cave but anywhere outside where they can see upward they work.  They emit both a position (acquired by GPS) to satellites and a low-power 121.5Mhz "homing beeper" so when those coming to find you get reasonably close they can use a simple handheld direction finder to home in on the signal -- and you.  If the GPS signal is blocked for some reason (e.g. poor view of the sky) after a few satellites pass overhead (a couple hours) the satellite system will be able to triangulate your position anyway.  It won't be as accurate and instead of minutes to know where you are it'll take a couple hours but it doesn't have to be real accurate to find you -- it just has to be close enough so those coming to look for you can detect the 121.5Mhz signal.

There's no subscription cost and registration and maintenance of the registration is free.  The battery in it is allegedly good for five years but I have one that's more than double that age and still tests good, so if unused it would probably still work if necessary.  I bought a newer one simply because the newer ones are half the size and mass of the older ones and thus it's more-likely I'll stuff it in my pack.

If you set one of these off someone will come find you; it is only for use in a life-threatening emergency but if you're in one there is no contest what you should have with you.   Finally they work literally anywhere in the world, not just near civilization in the United States.

If you venture away from civilized people, especially alone, it's the cheapest and best $250 insurance policy on your life that you can buy.

View this entry with comments (opens new window)
 



2019-05-31 20:39 by Karl Denninger
in Technology , 151 references
[Comments enabled]  

I have one here.

The "888 style" locks are a newer Kwikset model that is Zwave+ enabled.  It has a newer board in it, basically, and a somewhat-different internal design than the older units.

One word of caution -- some of these are shipping with the "keying" on the front piece upside down.  I don't know exactly how that sort of stupidity happens, but it's trivially easy to fix if it does, or send it back and get another one.  With that said, once you take care of that if you get one that's flipped installing it is easy.  (If you run into this let me know and I can explain how to fix it; takes about 5 minutes.)

It has the KwikSet "rekeying" setup in it, so you can rekey the physical cylinder without having to have a pin set -- provided you have the current key.  The rekey tool is included in the box.  I'm not a big fan of this in general but KwikSet has it in all their locksets now, they're all over residential installations and it works to render all of your entry locks identically-keyed very quickly and without hassle.  Note that the cylinder, unlike the old style units, appears to NOT be removable; it's part of the outside unit with the keypad rather than being an separate component.  With the "instant rekeying" you don't have to be able to easily remove it, but if the cylinder itself was to fail you can't take one out of some other KwikSet deadbolt and replace it.  I prefer Schlage when it comes to the mechanical side (in terms of the actual security of the physical lock itself; it's just a better design on the cylinder portion but requires you hand-rekey, so you need a pin set, the tool for the cylinder and you need to know how to do it) but other than that -- and the lack of the cylinder being separate -- there's nothing negative to say about this one.

In fact, there's a lot that's positive.  The Z-Wave signal is extremely strong from this lock unlike some of the others I've used.  In fact it manages to get directly to my gateway from my work area which is literally on the other side of the house; that's a first for me with Zwave+ units from that distance.  Network-wide include also works as expected (Zwave+ units are all supposed to support it) and it also keyed up secure immediately without any drama.

Oh, and unlike the August units that I wrote on previously and cannot recommend these are locally supervised as a lock should be (that is, if you open it with a key, or a local code, you get a unique notification back from it so you know someone did that, whether it was the key or, if with a local code, which code.)  As is my usual practice I took my sample apart and the motorizing mechanism is replaceable in a few minutes from the inside, should it get damaged -- assuming you can get parts -- which is nice.  It takes 4 AA alkalines as did the previous revision.

The other thing is that it's got a fairly nice price, unlike some of the others I've seen on the market.

The Z-wave interface is not S2 capable but HomeDaemon doesn't care and with HomeDaemon's recently-enhanced keying it is of little security consequence anyway.  Other gateways are not so good in that regard; oh well, someone ought to think about turning HomeDaemon-MCP into a product, eh?

The older KwikSet units were not bad all things considered, just somewhat dated.  This is a nice update; I'd like a 10-key pad instead of the "dual" (e.g. 1-2, 3-4, etc) one but you can mitigate that easily by using a few-digit longer code.  Six to eight is good considering that on a tamper (e.g. guessing attempts) you could have HomeDaemon-MCP lock the keypad out entirely for a while or even until you manually turn it back on, which would put the kabash on further guessing attempts.  That the motorizing mechanism (and board, if that somehow got fried) is easily replaced is a bonus although I have no idea what parts availability looks like.  They're available in a Satin Nickel, Polished Brass or Venetian Bronze finish.

Over all if you see these I'd use them over the older version, especially considering that KwikSet didn't do the usual thing and whack you over the head with a huge price increase.

View this entry with comments (opens new window)
 

2018-12-03 09:43 by Karl Denninger
in Technology , 230 references
[Comments enabled]  

Someone -- or more like a few someones -- have screwed the pooch.

IPv6, which is the "new" generation of Internet protocol, is an undeniable good thing.  Among other things it almost-certainly resolves any issues about address exhaustion, since it's a 128 bit space, with 64 bits being "local" and the other 64 bits (by convention, but not necessity) being "global."

This literally collapses the routing table for the Internet to "one entry per internet provider" in terms of address space, which is an undeniable good thing.

However, this presumes it all works as designed. And it's not.

About a month ago there began an intermittent issue where connections over IPv6, but not IPv4, to the same place would often wind up extremely slow or time out entirely.  My first-blush belief was that I had uncovered a bug somewhere in the routing stack of my gateway or local gear, and I spent quite a bit of time chasing that premise.  I got nowhere.

The issue was persistent with both Windows 10 and Unix clients -- and indeed, also with Android phones.  That's three operating systems of varying vintages and patch levels.  Hmmmm.....

Having more or less eliminated that I thought perhaps my ISP at home was responsible -- Cox.

But then, just today, I ran into the exact same connection lockup on ToS's "Trader TV" streaming video while on XFinity in Michigan.  Different provider, different brand cable modem, different brand and model of WiFi gateway.

Uhhhhhh.....

Now I'm starting to think there's something else afoot -- maybe some intentional pollution in the ICMP space, along with inadequate (or no!) filtering in the provider space and inter-provider space to control malicious nonsense.

See, IPv6 requires a whole host of ICMP messages that flow between points in the normal course of operation.  Filter them all out at your gateway and bad things happen --- like terrible performance, or worse, no addressing at all.  But one has to wonder whether the ISP folks have appropriately filtered their networks at the edges to prevent malicious injection of these frames from hackers.

If not you could quite-easily "target" exchange points and routers inside an ISP infrastructure and severely constrict the pipes on an intermittent and damn hard to isolate basis.  

Which, incidentally, matches exactly the behavior I've been seeing.

I can't prove this is what's going on because I have no means to see "inside" a provider's network and the frames in question don't appear to be getting all the way to my end on either end.  But the lockups that it produces, specifically on ToS' "Trader TV", are nasty -- you not only lose the video but if you try to close and re-open the stream you lose the entire application streaming data feed too and are forced to go to the OS, kill the process and restart it.

The latter behavior may be a Windows 10 thing, as when I run into this on my Unix machines it tends to produce an aborted connection eventually, and my software retries that and recovers.  Slowly.

In any event on IPv4 it never happens, but then again IPv4 doesn't use ICMP for the sort of control functionality that IPv6 does.  One therefore has to wonder..... is there a little global game going on here and there that amounts to moderately low-level harassment in the ISP infrastructure -- but which has as its root a lack of appropriate edge-level -- and interchange level -- filtering to prevent it?

Years ago ports 138 and 139 were abused mightily to hack into people's Windows machines, since SMB and Netbios run on them and the original protocol -- which, incidentally, even modern Windows machines will answer to unless turned off -- were notoriously insecure.  Microsoft, for its part, dumped a deuce in the upper tank on this in that turning off V1 will also turn off the "network browse" functionality, which they never reimplemented "cleanly" on V2 and V3 (which are both more-secure.)  Thus many home users and more than a few business ones have it on because it's nice to be able to "see" resources like file storage in a "browser" format.

But in turn nearly all consumer ISPs block those ports from end users because if they're open it can be trivially easy to break into user's computers.

One has to wonder -- is something similar in the IPv6 space going on now, but instead of stealing things the outcome is basically harassment and severe degradation of performance?

Hmmmm....

View this entry with comments (opens new window)
 

2018-06-06 16:23 by Karl Denninger
in Technology , 102 references
[Comments enabled]  

Nope, nope and nope.

Quick demo of the lock support in the HomeDaemon-MCP app including immediate notification of all changes (and why/how) along with a demonstration of the 100% effective prevention of the so-called Z-Shave hack from working.

Simply put it is entirely under the controller's choice whether it permits high-power keying for S0 nodes.  For those controllers that have no batteries and no detachable RF stick, which is a design choice, there's not a lot of option.

But for those who follow best practice that has been in place since the very first Z-Wave networks you're 100% immune to this attack unless you insist and intentionally shut off the protection -- even in a world where S2 adoption becomes commonplace (which certainly isn't today but will become more-so over time.)

HomeDaemon-MCP is available for the entity that wishes to make a huge dent in the market with a highly-secure, very fast and fully-capable automation, security and monitoring appliance, whether for embedded sale (e.g. in the homebuilding industry) or as a stand-alone offering.  Look to the right and email me for more information.

View this entry with comments (opens new window)
 

2018-05-31 13:27 by Karl Denninger
in Technology , 147 references
[Comments enabled]  

There's a story making the rounds that appears to have some corroboration at this point, but my sourcing is too thin (and specific to people) to document.

Apparently if you bought an "Alexa" and activated it you can wind up with an un-asked for Prime subscription and it can wind up linked to some other card you have out there that Amazon managed to get their claws on.

Of course some people won't care because their entire point of buying one of these "Smart speaker" things is to link it with Prime for their "shopping" purposes.  Well, ok, but whatever happened to informed consent?

There might well be, somewhere, one of those "buying this will subscribe you to X at price Y" deals somewhere in the fine print on the startup or registration page.  In fact I wouldn't doubt it if it's there somewhere, maybe in the "click-through" terms and conditions that nobody actually clicks through and reads the entirety of.

My question is why is this sort of thing happening at all?

Let's be real here: These so-called "smart speakers" are anything but.  They aren't "smart", they're pattern-recognition devices and you're the pattern.  They're linked to "the cloud" because the CPU, RAM and similar requirement to run voice recognition is quite high but extremely bursty since you only give the unit a command once in a long while; the rest of the time it is either idle or (and you hope it's not!) simply recording what it hears.  Putting the capability for fast, decently-accurate response in the unit when it would be active 0.1% of the time at most is why these devices are all "cloud-powered"; they would be stupid-expensive if not.

But these things don't exist for your benefit, they exist for someone else's benefit.  If you want to know what sort of imagery gets conjured in my mind when I hear of people installing and using them it's from the first part of WALL-E..... you know, this one.

Yeah.

That looks appealing.

Not.

Heh, I get it.  You like convenience.  So do I.  I like being able to see what's going on in my house, even if I'm not there, especially if I get alerted to something sketchy going on.  After all that video evidence is useful for the cops to prosecute someone with if they try stealing my stereo.  I like sitting in the bar, pushing a button, and having the hottub ready for me when I get home a half-hour later.  That's convenient.  And I like knowing with hard confirmation that I really did remember to close the damned garage door on the way out.  Peace of mind and all that.

But all of this nonsense in today's world seems to be centered around not your convenience and security, but rather someone else mining your data for profit, not telling you what they're doing with it, or even lying about when they collect it, for what purpose they use it, and who gets access to it.

In our world of today we don't jail executives for that sort of crap.  We should, but we don't.

I get the limitations as well. But what I don't get is the insane price ripoffs that come with it, never mind the privacy and data security implications, especially when you bring something like this into your house or, even worse, your bedroom.

For an example price out a "NEST" thermostat.  You'll blanch.  For half the price I can buy a Z-wave enabled thermostat from Trane.  You probably heard of them -- they make air conditioners and heating systems and have a decades-long history of building high-quality, reliable gear.  It doesn't need "connectivity" to work; it's a thermostat.  Indeed, the one on the left at that link is the one I have in my house.  Oh, and it monitors service intervals too (e.g. for your filters), which is nice -- and you can set them to suit the level of general dust and such in your environment.  But, you can talk to it over Z-Wave and both see what's going on and control it if you want to.

Like, for example, right here:

 

That's real-time, right now, and if I tap it I can change the temperature it's set for.  HomeDaemon-MCP has an outdoor temperature sensor and switches its mode automatically; there's no need to be in "auto" or "heat" mode around here for half the year or more; if it's 70+F outside you won't want heat!  But in the "middle seasons" it's nice to have it automatically switch between the two because there might actually be a reason for that, and in many other parts of the country (especially at higher elevations) where temperature swings of 30-40F are not uncommon during a single 24 hour period it's very useful.

Someone who buys HomeDaemon-MCP and stands up the business to retail it could easily sell the entire package including the controller, a software license and the thermostat for the same sort of money as one "Nest."  But what you'd get is not just a thermostat in that case -- it can run your entire house at the cost of simply adding more modules that are reasonably priced.

Want a camera too?  Nest wants $200 for them.  What?

Amcrest wants $81 for an indoor camera with double the resolution!  If you're happy with the same 1080p that Nest offers and shop around you can get 'em for about $60, or less than a third of the price.

Instead of demanding you use a "cloud" service which inherently means no security as the data is not yours and is being stored and transmitted to a big company that might use it for "whatever" (good luck proving it if they do and you'll need an act of God to hold them accountable if you catch them either doing so or someone hacks it and uses it to target your house for a break-inwith HomeDaemon-MCP only you ever have the data, your cameras can be 100% firewalled from the outside so they cannot speak in or out beyond the perimeter of your network directly and yet you can have access to both snapshots (which you can have it take when it sees movement, etc) and real-time, streaming video any time you'd like over a high-grade encrypted connection from anywhere.

Oh, and the second camera isn't another $200+ either -- or $300 if you want one in an outside-rated enclosure!

With a couple of motion sensors and a garage door sensor (magnetic) you can set it up so that the camera automatically points at the wall when you're home (for the paranoid), when you leave it "arms" itself and points at the room, and if there's motion seen without the "authorized" path being taken (e.g. opening your legitimate garage door with the button in your car) you get alerted immediately so you can grab a video or screen shot for the police. 

What the hell is wrong with people?  Do you really want a copy of video of your house to be in someone's cloud machine ever?  Think about it folks -- we're talking about data that if some malefactor gets ahold of it and pattern-matches it they can figure out if you're home, when you're home, when you go to work and when you're on vacation!

Why the hell would you want that data anywhere except on your premise and on your personal device on demand only and delivered only over a secure connection if it ever leaves your home at all?

Never mind that it's better, faster and cheaper to do it that way.

So who wants to make a billion dollars?  The ask for the entire package will never be lower than it is now; there is exactly one thing needed to deploy it commercially and that's a customer-facing web interface to automate the certificate keying the license system uses.  The code to actually use those certificates and enforce them is already in the package as is the server side which can hit a Postgres instance (in other words nearly-infinitely scaleable and easily extended as you may wish.)

Is there actually a desire to sell products and services to people any longer that are theirs, that deliver value to the customer, or has everything turned into a scheme to data-mine you, get you to pay two, three, five or ten times as much for less functionality and try to stick you with a recurring bill you can't opt out of without turning your investment into dust?  Adobe anyone?

If you want to be that guy or gal that disrupts this space, look to the right and email me.

The answer to the problem is ready to go -- right here, right now.

View this entry with comments (opens new window)