The Market Ticker
Commentary on The Capital Markets
Login or register to improve your experience
Main Navigation
Sarah's Resources You Should See
Full-Text Search & Archives
Leverage, the book
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions. For investment, legal or other professional advice specific to your situation contact a licensed professional in your jurisdiction.


Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility; author(s) may have positions in securities or firms mentioned and have no duty to disclose same.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must be complete (NOT a "pitch"), include full and correct contact information and be related to an economic or political matter of the day. Pitch emails missing the above will be silently deleted. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2024-02-16 07:00 by Karl Denninger
in Technology , 251 references
[Comments enabled]  

Oh, you have a "discrete" TPM in your machine and this means your disk encryption is "safe" if someone steals it, right?

Uh, no.

We're very familiar with the many projects in which Raspberry Pi hardware is used, from giving old computers a new lease of life through to running the animated displays so beloved by retailers. But cracking BitLocker? We doubt the company will be bragging too much about that particular application.

This isn't really "cracking"; the Pi is simply used as a snoop to capture the key after the TPM releases it.  Which it will do, if its happy with the hardware configuration and such (e.g. same disk, nobody's tampered with the machine that it knows about, etc.)

Calling this a "hack" is, well.... wrong.

An "encrypted" disk in a machine that has a TPM in it, and no password, simply means if you steal only the disk you can't decrypt it because you don't have the key which is in the TPM.  If you steal the entire machine including the TPM and disk and can convince the TPM it has not been compromised (which, if nothing has been removed or added, it hasn't) it will release the key and since they are two pieces of hardware separated by a wire you can pick it off quite-trivially.

The correct answer is "don't do that if this is your threat model"; use a password along with the "built-in" TPM.  Now the TPM only has part of the key and you have the rest, which can't be snooped off the hardware because it is in your head.

(The same applies if you use a CAC-style card or similar authentication device; if you don't have it you have no way to know what that part of the key is.)

It is possible to design a device that has "tamper detection" hardware (e.g. a pin switch that opens if the case is opened to get to the drive) and which "trips" the TPM if it detects chassis intrusion so that it refuses to release the keying (or erases itself) but as far as I know none of the laptops out there in common use have that addition.  Most server boards of reasonably recent vintage have a connector for it but of course your case has to have the appropriate switch(es) in the correct places and this would still not help if, for example, someone knows its there and cuts through the metal away from the switch.

A "hack" would involve, for example, finding the IV and keying on the disk somewhere you can read it.  Now you need nothing other than the drive itself because you can obtain the IV and key -- and with both you can decrypt the device's data.

This is not a "hack", it is merely clever interception of data that the system's security chip was willing to give up, and said hardware wasn't tricked into doing it either.

If you're not going to put a PIN/Password on your laptop Bitlocker you might as well run with it turned off (and get the performance improvement from not doing the encryption in the CPU at all since in most instances Windows refuses to use the OPAL hardware encryption on the disk itself anyway as they claim they're not confident it is actually secure.)

View this entry with comments (opens new window)

2024-02-15 12:47 by Karl Denninger
in POTD , 125 references


View this entry with comments (opens new window)

Let me put this forward to you: Assuming no recession and no detonation of any of the debt accumulation anywhere with short rates around 5% and long ones headed there or somewhat above the discounted S&P 500 trades at about 2,000 and the Naz trades somewhere around 3,000-4,000.

I know, that sounds crazy.

Except it isn't, since that is in fact materially above the 1576 where the S&P traded just before all the zero-interest rate games started after 2008.

In other words if we look at where the economy actually went and we assume that 2007 prices were not unreasonably elevated then that would be a reasonable expectation in a world were the cost of short money was about 5%.

Of course there was plenty of asset bubble in 2007.  Indeed there was a heck of a lot of it, and yes, there has been economic expansion (for real) and productivity improvement since then (for real) as well -- but enough to account for a double if 30% of the S&P price was inflated?

Hmmmm.... maybe -- and maybe not.

Oh, and this assumes none of the debt-driven mess blows up in our face.  None of the "drive the cost higher" games in health care, for example, blow up CMS in the Federal Budget and start taking down all those non-care-providing jobs.  All those people who refinanced mortgages, resetting their amortization early in their ownership thus halting the paydown of principal, do not all become massively underwater as prices fall.  And so on.

I think I'll take the under on that bet.

You do have to have marvel at the fact that the hot CPI -- which basically ruined the Rate Cut mantra -- only managed to get people concerned for one single day.  Both the TNX and IRX relaxed in the 48 hours that followed but both did so in approximately equal amounts, so their ratio didn't change much.

It works until it doesn't.

View this entry with comments (opens new window)

2024-02-14 07:00 by Karl Denninger
in Market Musings , 398 references
[Comments enabled]  

Gee, there go the rate cut expectations!

The Consumer Price Index for All Urban Consumers (CPI-U) increased 0.3 percent in January on a seasonally adjusted basis, after rising 0.2 percent in December, the U.S. Bureau of Labor Statistics reported today. Over the last 12 months, the all items index increased 3.1 percent before seasonal adjustment.

The index for shelter continued to rise in January, increasing 0.6 percent and contributing over two thirds of the monthly all items increase. The food index increased 0.4 percent in January, as the food at home index increased 0.4 percent and the food away from home index rose 0.5 percent over the month. In contrast, the energy index fell 0.9 percent over the month due in large part to the decline in the gasoline index.

The index for all items less food and energy rose 0.4 percent in January. Indexes which increased in January include shelter, motor vehicle insurance, and medical care. The index for used cars and trucks and the index for apparel were among those that decreased over the month.

So 0.4% core is 4.91% annualized or more than twice the Fed target of 2%.

There go all your rate cuts folks -- they're gone.

Much worse is that never mind the unadjusted 0.6% -- which annualizes out to close to 8% -- and both transportation and medical services, both of which are "burn your finger" level hot, with transportation being up 1%!

And oh, by the way, gasoline is up ~15-20% from the last sample week to now and is now pushing $3/gal around here, up quite-materially from mid-January.  If that holds the nice gasoline contribution is going to be very nasty next month.

Services, less energy services, are up 0.7% monthly unadjusted.  Services are ~70% of the economy so yeah, we have not solved anything and The Fed has not managed to "bring down" inflation.

What is particularly ominous in this report is in hospital services -- up 1.6% on the month, which annualizes to 21%.  I have pointed this area of trouble out for the last 20 years and at this rate is going to blow up in our face this year.

You didn't bet on lower rates pumping the market this year, did you?

View this entry with comments (opens new window)

2024-02-13 07:00 by Karl Denninger
in Technology , 274 references
[Comments enabled]  

I found this ad particularly offensive -- and troubling.

It was for Microsoft's vision of AI ("Copilot") and a bunch of different scenarios; all people struggling to do a given thing that has some element of original thought associated with it -- making a scifi movie, for example.

Here comes AI to the rescue which sounds great, right?

Uh, no, its actually bad.

Why is it bad?

Because it puts forward the premise that the human in question can't do it on their own, and of course all these humans have different "diversity" elements to them.

That's basically a thinly-veiled claim that we're all "defective" in some way and that the human experience, that of finding a path and innovating, is dead, to be turned over to what amounts to a glorified robot.

Advertising is always and everywhere about trying to sell you something, of course.  If you buy this car you won't just get to work you'll also get the girl.  If you back this company you'll get a cure for cancer (and, of course, the imagery used is of a young kid and while its not inaccurate as kids do get cancer the disease is largely one of lifestyle and hits older people the vast majority of the time.)  If its not an outright sales job then its about feeling good about the company doing the selling (the beer commercial which featured using draft horses because, of course, there was too much snow for a truck.)  And so on.

But I find it troubling when the thing being sold implies that you're just not good enough as a human being in a creative context -- but a machine is. 

That, to me at least, is not only over the line and offensive -- its false and has implications you will not like.

Specifically, under Copyright Law and the decisions handed up by the courts in such cases a "production" by said machine, if you use it, obviously isn't yours (you didn't create it, the machine did) and more to the point in the context of creative acts isn't copyrightable at all, by anyone.

Thus it would not be "your movie" as just one example.

View this entry with comments (opens new window)