The Market Ticker ®
Commentary on The Capital Markets - Category [Musings]
Login or register to improve your experience
Main Navigation
Sarah's Resources You Should See
Full-Text Search & Archives
Leverage, the book
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions. For investment, legal or other professional advice specific to your situation contact a licensed professional in your jurisdiction.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility; author(s) may have positions in securities or firms mentioned and have no duty to disclose same.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must be complete (NOT a "pitch"; those get you blocked as a spammer), include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2024-09-22 07:05 by Karl Denninger
in Musings , 268 references
[Comments enabled]  
Category thumbnail

Well look what we have here.

WAMBUI KAMAU, BYLINE: The lawsuit seeks over $100 million to recoup the costs of reopening the Fort McHenry Federal Channel and the Port of Baltimore, following the collapse. Benjamin Mizer is with the U.S. Department of Justice. He says the Singapore-based Grace Ocean, which owns the ship, and Synergy Marine, which operates it, are financially responsible for the cleanup - not U.S. taxpayers. Mizer says they knew of vibration problems on the ship that could lead to blackouts, and didn't fix them.

As with most disasters which have at their core human action (or inaction) there's more than one thing that has to be compromised due to stupidity or the disaster does not occur.

The usual count is three, but two sometimes suffice.  That's because engineers typically will try to mitigate faults and thus one fault does not lead to a disaster because the mitigations are there to avoid a failure (which can always happen) turning into a disaster.  It is thus typically the second or even third act of stupidity that results in the serious "oops."

We know the basic timeline -- the ship left dock, it was steaming toward the bridge, it lost all electrical power, recovered it for a brief time before losing power again and, by the time power came back on the second time it didn't matter as collision was inevitable.  It also appears that at no time after the first power loss was main propulsion restored (only electrical power), but that's not established.

A few things to note here, most of which I've covered before.  Modern ships all have computer-controlled engines for emissions reasons.  Old ocean-going (and even recreational) diesels, from pretty-small (e.g. truck engine size) to huge (train, ship, etc.) were mechanical and once started (which frequently could be done with a reservoir of compressed air rather than electrical power) they'd continue to run provided they had air, fuel and lubricating oil.  Meeting modern emission standards this way is impossible, thus now they're all electronically controlled and that in turn means they require electrical power all the time.  That, in turn, means such a ship is engineered with two electrical buses, transformers and similar to provide full redundancy since its essential that you not lose the portion of the electrical system required for propulsion and steering to work at minimum.

If you recall it was discovered that the crew had some sort of problem with electrical power loss while at the dock.  The presumption was that they had found the cause and fixed it, never mind that due to the critical nature of electrical power for modern ships you have two redundant systems such that losing one does not screw you.

What was found is that the power loss at the dock wasn't actually from the same cause that led to the collision; that was an error on the part of one of the crew members.  However, that event led the crew to switch to the second set of switchgear and transformer which was the one active when the Dali left.

During the local repairs and inspection investigators found a loose connection on that second control system for the transformer bank that provided main power to the Dali and were able to reproduce the condition by messing with it.  This would cause that transformer to trip but there is an automatic fail-over to the other one so that event should not have caused the extended and dual outage.  It did because, it appears from reports, the crew had the selector for said automated fail-over shut off!

Worse is that they apparently had the generator fuel system automated change-over turned off as well!  You see the fuel pumps of course require some sort of power and thus you have a chicken and egg problem; if you want to start up the ship with nothing running (thus batteries and/or stored air for pneumatics only -- note that pneumatics also run things like the ship's horn) something has to pressurize the fuel system so the generator can start.  That system is typically pneumatically driven and is also used to polish the fuel -- but it is not capable of operating for an extended period of time (since it will run out of air in the tank!) nor can it supply enough flow for full operational power.  It doesn't have to since once there is electrical power you've got plenty for the normal fuel system to run and recharge the pneumatics.  The fuel system is quite complex because, among other things, once again for emissions when in and near port the main engine runs on diesel but because it runs at a very low (by our standards with trucks and such) RPM it also is perfectly capable of operating on bunker fuel, which is much cheaper (but dirtier) and thus once out of the EEZ of nations who care that's what they use.  That fuel has to be both heated and scrupulously cleaned because it is extremely thick at ordinary temperatures and in any event diesels are extremely intolerant of contaminants in their fuel; water in even tiny amounts will destroy the injectors and any sort of contamination can stick them open which on modern engines will almost-immediately cause them to self-destruct.  Since the fuel tanks on a ship of that size are huge and ships float on water (and get rained on) which could conceivably find its way into the fill or vent pipes the potential for contamination is always there and thus the fuel system is both quite-complex and needs a lot of power to operate normally.

So they take the first fault and are dark for a fairly extended period of time because the automated switch-over has been disabled.  Then, when they get the power up again it fails a second time either due to the same fault or because the generator's fuel flow is insufficient to carry the load.  By the second time they get power back its too late and they hit the bridge.

Admiralty law is very different than what you're used to in the world of car accidents and similar and covers a lot of incidents that occur with ships (more than you'd think), but this looks an awful lot like they believe they can go after various entities under US domestic law, which if true could turn this into a fairly-basic negligence claim.

The obvious question here is that there should be a pre-departure checklist for the entire engineering space on the vessel so why did they leave the dock configured as they were?

This will be interesting to follow as it winds its way through the judicial system and more facts come to light.

View this entry with comments (opens new window)
 

2024-01-07 09:15 by Karl Denninger
in Musings , 371 references
[Comments enabled]  
Category thumbnail

... and it does not matter what the topic is.

I've written on this before but I believe it bears repeating: You can choose the basis of evaluation for virtually anything but if the outcome matters to you then there is only one acceptable decision, and that is engineering-based.

Engineering takes the current circumstances as the "baseline" and refuses to accept any path which cannot be proved to make it better, and further expects that if you represent it will be better and it isn't you lose all the money you made and if harm comes to others you go to prison.

No exceptions are allowed.

If the bridge has a sign on it that says "10 ton weight limit" provided your vehicle does not mass more than ten tons it must be safe to drive across said bridge no matter how many other vehicles are on the bridge.  The sign didn't say "one vehicle only", it said "10 ton weight limit."  The engineer who specified that has certified that provided the materials were not fraudulently sourced and that the bridge was assembled according to his stamped plans it is safe for you to drive over it with a vehicle that masses no more than ten tons.

Period.

We must apply this to all matters of public policy, particularly when we consider same to be more than a suggestion.  The NEC works this way; you can run 20 amps on 12 gauge non-metallic wire (e.g. type NM, usually called "Romex") in a house.  If the breaker is not larger than 20 amps the wire will not overheat and catch your house on fire provided it is actually the specified 12 gauge and made out of copper.  Every wire downstream from that breaker which connects between things must be 12 gauge for this reason; the breaker protects the wire and the engineering standard says that this combination will produce a safe -- that is, the wire will not overheat and catch your house on fire -- outcome.  (Yes, this is a bit simplified and the tables have "but for" limitations, but its generally the case.)

Note that while this table was developed using engineering any runt with a pair of lineman's pliers and some wire staples can run cable without being able to do the calculations to independently determine this.  A table is sufficient for an electrician wiring your house; he does not have to understand the math, only the rules which are clearly on the table.

Now it may be the case that in certain circumstances you may not find the performance acceptable but provided you follow that "engineering" rule in a typical residence per the table it is safe.

The standard against one judges in this paradigm is always the status quo; that is, a bridge must not fall down because while you may find it inconvenient (or even unacceptable) to not be able to cross the river without it (absent either a boat or swimming) you won't fall from height and possibly be crushed by the debris without the bridge existing, and obviously a person now under the bridge and subject to having tons of concrete and steel fall on him can't have that happen if its not there.  That is, the status quo is that you are safe from being crushed from above or dropped from height and thus that status quo must not be violated by building the bridge.  If you cannot assure that and, if it that standard is violated someone will be punished for it appropriately, including being asset-stripped, thrown in prison or even executed then you must not build the bridge.  Period.

We must apply this to the status quo when it comes to energy, medicine, appliances and everything else -- and insist that our governments do so without exception.  Further, for those who make said policy or act on it if they violate this stricture they must be held personally accountable for all of the damage that occurs without exception -- no "waivers" or "immunity" may ever be permitted in that regard.

Want a real goal for 2024 in terms of enforcing a change in our so-called "social contract"?

Now you have one.

View this entry with comments (opens new window)
 

2023-01-29 07:00 by Karl Denninger
in Musings , 884 references
[Comments enabled]  
Category thumbnail

My previous piece on this general topic was on the difference between people who take a science view of things and an engineering view of them.  I explained how an engineering view, when faced with an unexpected failure of some sort, immediately stops whatever they're doing and reverts it if something was recently changed.

A "science" view holds that statistical power is enough.

The problem is that each human is not a statistical problem; you are an engineering example.  That is, there is only one of you just like for any individual road over water there is one bridge.  One bridge failure is not tolerable because there may be cars on the bridge when it fails and the people in the cars will die.

The key to an engineering view is that engineering looks at the world as deterministic and thus statistical failures are not permitted.  That is, it looks at the world like physics does even given our imperfect understanding, and thus seeks to place outcomes well beyond confidence intervals.

Physics says that kinetic energy is always 1/2 mV^2.  Never anything else.  2H2 + O2 -> 2H2O + energy, always.  You never get gold, you always get water.  Gravity (on earth) accelerates all objects at 32 ft/sec^2, always.  It does not matter if the object masses one gram or one ton; that is the acceleration.

Here's the functional difference, and what you must understand: Everything in the universe is in fact deterministic.

But wait, you say -- medicine never seems to be.  Nor does weather.  Nor, for that matter, is so-called "climate science"; remember we were told by scientists the polar icecaps would be gone 10 years ago?  Well, they're not.  The weatherman can't even tell you with certainty whether it will rain tomorrow at 2:00 PM and he's wrong more-often than right.  The NOAA forecasters can't give you where the hurricane will hit in five days and how strong it will be either, or if a tornado will form.

Every one of these outcomes is in fact deterministic -- that is, it has exactly one outcome, just like hydrogen and oxygen always produce water and energy when combined at or above the activation level of heat.

Note that it was, for quite some time, believed that a rock and a feather were acted upon differently by gravity and this, it was believed, was part of why birds could fly.  It wasn't until we figured out how to construct a vacuum pump and remove the air from a chamber we proved otherwise.  That which looked not to be deterministic (gravity) in fact is; it didn't look that way because we did not understand enough of the full system in which it applied.

So why is it that when you are told you have cancer the doctor cannot tell you whether or not he can cure it?  At best he can give you some set of odds.  Ever notice that a medical study that claims a "p < 0.001", that is, almost-certainly the result is allegedly real, still does not claim that everyone is cured or helped?  It doesn't have to in order to get that "p" value -- it just has to have an outcome that is wildly improbable to be due to chance.

It is active fraud to use such to claim you should or must do a given thing.  To suggest a course of action is fine, but to cajole, coerce or mandate it is not.

Why?  Because you're always a trial of one.

So why is it that we can't actually tell you where the hurricane is going to hit a week out, whether the tornado will come (and where if it does), whether the medicine will cure you or whether you need your umbrella in two hours?

Simple: We do not actually understand the thing we are analyzing; at best we have only a partial understanding.  When it comes to biochemistry that understanding beyond the basics (e.g. metabolism of foods into ATP and thus your survival) is in fact quite poor in both depth and breadth.  This is also true for essentially all large-area physical systems on Earth and indeed through the universe.

An example from the planet we live on: Despite the claims that CO2 emissions are driving the warming of the earth nobody, to my knowledge, has been able to accurately provide the carbonate buffering reaction between the atmosphere and the oceans.  This is in fact critical to being able to accurately model anything related to same because there is far more carbon dioxide in the ocean in the form of carbonate than that which is in the atmosphere as a gas.  Without being able to describe this buffering reaction accurately (and several scientific groups have realized, after much experimentation that they have no accurate idea at all how to do so) you can't possibly determine how this will all balance out -- or, even more-importantly, which is the driver and which is the driven element -- or whether both in fact are in different places and times!

We lack the understanding required to be able to accurately describe it and, despite decades of trying, we are nowhere near being able to do so.

Yet in fact the outcome -- that is, the buffering reaction -- is deterministic and, if we understood what we were analyzing we could tell you 100% of the time what was going to happen.  The reason we can't is that we're ignorant of significant parts of what's being treated or predicted.

That's all it is folks.

There are myriad buffering reactions in every living thing.  We do not understand how most of them work accurately enough to describe them with a formula, function or model yet all are utterly essential to survival.  I can list a dozen off the top of my head and every single one of them is essential to the continuation of that organism's life.

The claims of anyone in these fields are not facts -- they're guesses.  Perhaps educated guesses but they are guesses and you must never confuse them with facts.

Policy, especially binding policy, is never legitimately made from a guess.  That is no different than religion; I may believe in God, but that belief is a guess.  I cannot prove it and you cannot disprove it; we both lack the ability to reach a deterministic outcome.  There is one but neither of us know what it is and by the time we know its too late to change our minds.

A climate "scientist" might tell you that we must reduce CO2 because he claims that humans emitting CO2 will cause the earth to get warmer and the sea level to rise, both of which are claimed to be bad and must be avoided.  I'll leave the "warmer" thing out for a minute and focus on the sea level aspect.  Said "scientist" in fact has made two claims, not one: First, that the sea level will rise (the bad outcome) and second that CO2 emissions by man are the cause -- that is, if we stop doing that the sea level will not rise.

This claim has multiple problems not the least of which is that he can't design an experiment to validate his hypothesis because said scientist doesn't have a spare earth laying around that is identical to this one upon which to run his experiment nor does he have the hundred years or more to prove he's right.  Therefore all he's got is back-fit mathematics which do not meet the scientific method that, I remind you, requires a hypothesis, formulation of an experiment in which only the desired variables are changed, recording and analysis of results and then publication of all of it so the results can be replicated by any interested party.

A back-fit model is never scientific; it is not, by definition, a test of a hypothesis.

Remember, the alleged "scientist" has not only claimed an outcome will occur he claims he knows why.  He has no evidence for either of these claims other than a historical back test which, anyone who's worked around any system that has a lot of unknowns (e.g. the stock market, for example) will tell you almost never validates on a forward basis.  These sorts of models don't even have the record of a coin toss; they nearly always fail to be predictive.  There are plenty of people who have blown up their trading accounts believing they have found the exception to this rule and nobody that I've ever heard of who has even a decent record of being right with what they've discovered in that regard in any system that exhibits evidence of non-deterministic, as we see it, behavior.  If such could be done the person who did it would wind up with all the money, obviously.

Let's ask what happens if he's wrong about the reason the sea level will rise?  Let's first presume that he's right in part and the sea level does rise.  He can't prove that his claim of cause is correct, however, as he cannot show determinism; he doesn't have enough facts to produce a deterministic result.  If he turns out to be wrong we take all the costs, societal, economic and otherwise, to reduce CO2 emissions and yet the people will still get screwed because the sea level rises anyway!

That is the alleged "solution" makes it worse than if you did nothing; the people still get hosed by the sea level rise but you first confiscated a large amount of their money by raising the cost of power, transportation, heating, cooling and agriculture so your "solution" screws them twice!

The engineering view of this problem, assuming the fear is that sea level will rise and destroy property and people is deemed both reasonable and worth defending against, is to build walls and otherwise insulate people and property from the sea level rise, or move the people and things out of the way so they don't get flooded out.  That, provided you do so beyond a reasonable confidence interval of said rise and are far enough on the safe side of it, will always work.  That is the engineering solution; it is deterministic in that provided you build the wall to the correct height with the specified materials of a given strength and/or move the stuff the bad result will not occur.

Why the sea rises from the engineering perspective is irrelevant.

When the pandemic hit in the first couple of months it was clear that young, healthy people were at statistically no risk (materially less than the flu) yet older, more-morbid people were at serious risk I put forward an engineering-style solution, albeit an imperfect one as we had wildly insufficient knowledge to get a decent confidence interval, which was ignored.  That is, the sanitarium model which was used for tuberculosis.  That absolutely would have worked far better than what we did because it did not rely on anything that we did not know was correct; there was no element of guesswork in the solution.  The only people allowed in and out of facilities housing said high-risk people would be those who had seroconverted and thus were known unable to acquire or transmit the infection.  We had no choice but to accept the "who's living there and has tested negative now is ok" but that risk only had to be accepted once for a given facility at the very outset when few people were infected at-large.  This meant putting up housing (e.g. rented RVs) at said facilities on site for workers who hadn't seroconverted and paying them whatever was required to work and stay there with food and other essentials brought in and sanitized.  If they rotated out for any reason they could not come back in until and unless they had seroconverted.  As the young, healthy people in the general population got the virus, shook it off and did seroconvert they could be hired to work safely and not have to stay on-site.  Within a couple months with no attempt to contain spread among the low-risk side of the population there would have been tens of millions of available seroconverted workers and those who found the premise of on-site lodging onerous could have been replaced.  There were no unknowns that could result in ineffectiveness; while we might have had some failures here and there due to human mistake (people are not perfect) beyond that it would have with near-certainty prevented the infection from getting into those facilities and very few high-risk people would have died.  Instead we did the exact opposite in several states and shoved infected people into those buildings, attempting to rely on masks and testing to prevent transmission. The masks and testing regimes repeatedly failed as they were based on statistical reductions which we had every reason to believe was irrelevant (once you cross the threshold of enough virus to become infected how much more gets into you doesn't materially matter with a virus since viruses replicate exponentially) and many died because the fools implemented a scientific method focused on probability and statistical reduction in emitted particles rather than an engineering approach that relied on deterministic process designed to be well beyond reasonable confidence intervals.

Engineering is always deterministic because it has to be as a discipline; if its not people die and the engineers who did not employ deterministic methods are held responsible for the failure.  Scientific methods only are deterministic and thus interchangeable on a functional basis when all the variables are known and correct.  The practitioners of scientific methods are almost-never held responsible when they're wrong; when was the last time a hurricane forecaster was charged with manslaughter when he incorrectly predicted where the storm was going or failed to predict the intensification of the Cat 2 storm to a Cat 3 or 4?  The engineering answer is always superior since it does not rely on that which is not known to be correct -- or even known at allIf I do not know, for example, what the physical load a bridge pier that is driven to 80' can take without displacement under a specific set of conditions then I have to measure that before I can accept 80' as a suitable depth.

The scientific answer often kills people when all the inputs and variables are either not known or incorrect because it is a guess and guesses are frequently wrong.  The more unknown variables the worse the guess will be.

Facts are absolutes.  Physics is a set of facts.  Chemistry is a subset of physics, when you get down to it; it describes the physical interaction of atoms and molecules, which are comprised of protons, neutrons and electrons (and then subatomic particles beyond that.)

If and when we ever manage to understand biological systems sufficiently we will reach the point of determinism in medicine.  We will not say "you have a chance of beating this condition"; we will know what the outcome will be and whether the condition can be resolved or not -- and if so what you must consume or do to resolve it.

The same is true for "climate"; what is currently proclaimed may be a scientific process but it is not engineering and must never be used to drive policy because we simply do not understand what we're studying well enough to make accurate predictions nor establish causation.  The predictions that have been made have almost-all been proved wrong and as such they don't even qualify as educated guesses.  To make policy decisions on that basis is to make the wrong decision in virtually every instance, that is to screw people in some form or fashion who then have the bad thing happen anyway.

Some day we will reach an engineering level of understanding when it comes to medicine, climate, and many other things -- just as we have with chemistry and, at least at the atomic level, physics.

That day is not today, whether we are talking about climate, weather or all manner of biological things around us - including medicine.

View this entry with comments (opens new window)
 

2019-04-02 07:00 by Karl Denninger
in Musings , 1461 references
[Comments enabled]  
Category thumbnail

Grrrr....

Hindman:   Americans know they need to plan for their later years and get their affairs in order, especially as retirement approaches. But while people recognize that need, too many aren’t following through and taking action.

When someone passes without a will, it means they have died “intestate” – meaning the intestacy laws of the state where they reside will determine how the property is distributed upon your death. But without clear direction on how you would like critical items like financial assets, property, personal possessions and items of emotional value distributed among loved ones, confusion and disarray are a common end result. Not only does the lack of a will create turmoil and headaches – both financial and emotional – for family members; it heightens the risk that your end-of-life preferences won’t be carried out in accordance with your wishes. On the other hand, a well-prepared legacy can give you the simple and satisfying peace of mind of knowing that you’ve done what you can to organize your life, shape your legacy and leave your family with a roadmap of your preferences. It can be one of the greatest final gifts we leave to those we love.

Yes, you should have your affairs in order.

But I really dislike self-interested jackasses peddling crap -- and this falls into that category.

First, there are plenty of people who need no Will at all.  If you have little or nothing in terms of assets, or intend to die broke and have no minor children then a Will is not only a waste of time it is functionally worthless.  In fact in that situation whoever you name as Executor (Personal Representative in some states) would be five-alarm stupid to accept the job and file the Will with the courts because there's nothing to get but once you file there are both costs and responsibilities.  In other words if you know you will either die broke or in the hole and have no minor children then save the money.

You should still have a durable power of attorney and advance directive; those are to some extent state-specific depending on where you live, in an attempt to have what you want to happen actually happen when it comes to you being flat on your back and unable to make decisions.  Make damn sure said advance directive is on file with all the hospitals and other places you might be taken if you collapse without warning; until said place has it and knows they have it they'll do whatever the hell they want and maybe, but not necessarily, whatever someone who identifies as one of your next-of-kin wants.  If this isn't what you want it's bad news and the cost of that, if any, will wind up billed to your estate which your estate will be obligated to pay.  So if you do only one thing make it that advance directive and put it on file at all the local hospitals.

Warning: Some people will tell you to put someone else on your accounts.  If you are offered this, to be a "second signer" or "co-owner" do not accept unless you are that person's spouse, in which case it is (of course) perfectly ok.  The reason to refuse is that if they do something stupid you are fully responsible legally and financially, and this can ruin you instantly.  Consider someone who has brokerage account and is short at the margin limit of a company that gets taken out and the stock doubles.  They will come after your house!  Don't do it.

power of attorney gives you the ability to take care of business while the other person is alive without that risk and is the correct instrument; there are several forms of that from very limited ones for a specific asset or account and specific directives all the way to a general durable power of attorney that is extremely broad and essentially gives the person who holds it the same rights as the principal.  Just be aware it turns into a pumpkin instantly upon the principal's death and if you are holding one it is a civil and in some cases criminal offense to self-deal or otherwise screw the principal who gave it to you.

If you have or expect to have assets, or in the instance where you have minor children then a Will is appropriate.  Just understand its limitations and do it the right way to minimize them.

Specifically, get anything worthwhile out of the Will and thus out of probate.  This will make your heirs happier as it's faster, cheaper and has a near-perfect capability to have happen exactly what you wish so long as that's legal.

The first thing to consider is that for anything that doesn't trigger gift tax issues (e.g. things worth under $14,000 in total to a single person, but perhaps of immense sentimental value) give it to the people who you want to have it while you're still alive -- but before you're on your deathbed.  This is very unlikely to be challenged and if it is the person challenging it will be forced to spend money on a legal case with no monetary reward.

When you die with or without a Will but with some assets subject to probate then "someone" has to file with the probate court.  If you do not have a Will then whatever is subject to probate is distributed based on state law; there's a table they go down (e.g. "spouse first, then any direct descendant children, then ..... and on and on until the category fills.)  A Will overrides this to any extent you wish and nominates one or more people (in a chain, if the first refuses or is dead, etc) to be the Personal Representative (or "Executor" in some states; same thing, different names depending on the state.)

However, as soon as that Will is filed with someone named as Personal Representative (assuming the designation of either as valid is not contested, and it can be if someone wants to), or Probate is open "intestate" (with no Will) the fees start.  Filing and publication fees are typically in the many hundred dollar range right up front.  Unless that person both lives locally and can and will keep their act together sufficiently to deal with the court on a routine basis then there will also be legal fees involved.  Most people will either want or need at least legal consultation in doing this job; if you have a law office do it "end to end" for you (which is also an option) the cost is going to double or more.  The cost of this process in dollar terms is almost-always well north of a thousand dollars simply in court fees alone by the time it's all said and done; with lawyers involved it only takes one that's a bit of a snake to run the bill through the roof since all time is billed hourly.  Choose wisely and ask lots of questions!

Further, and much worse in many cases than the money hit is the fact that once Probate is opened there are statutory time windows that amount to a virtual standstill in terms of anything being paid out or distributed and similar.  The reason for this is that all states have a "Bar Date" for claims; 3 or 4 months is common and the clock does not start running until Probate is filed and published.  A company or person with a financial claim on the estate has that long to file their claim; if the Personal Representative pays out anything beyond funeral and ordinary maintenance costs (e.g. utility bills on a house, etc) and there are insufficient funds to cover claims he or she can be held personally responsible for those debts!  Therefore the usual (and good) advice is distribute nothing until the bar date passes so you know exactly how much is left.  If the Personal Representative is comfortable enough with the decedent's debt profile (usually only true if you were running that person's money for a couple of years prior to their death) then some distribution can be made sooner, especially of things that have little financial but lots of sentimental value (various bits and pieces of personal property, etc.)  One thing to be very conscious of is anything on a lease; this most-often comes up with cars but it can be anything (e.g. an apartment!)  Death does not void a lease in nearly all cases and the firm or person the decedent took it from can and usually will try to collect the entire remaining balance of payments.  That can be a literal crap-ton of money and is quite capable of turning a modest estate into a smoking hole with negative value.

Next up is that most states assess an inventory fee on estates -- which amounts to a tax.  That's usually assessed on the net value of assets on the day of death. Some assess straight-up taxes as well.  There is also a potential federal estate tax issue but that doesn't hit most people as the limit is quite high ($11.4 million at present); if you're in that bracket then you're a 5-alarm idiot if you don't already have professional legal advice to deal with it in advance with some sort of bypass trust.  There are ways to defray that tax and in some cases completely avoid it but that has to be done well in advance, so if you're that wealthy head thee to a good estate planning attorney pronto.

Note that if you do not file probate on an estate then there is still a statute of limitations on debts -- typically two years, but in some states it can be materially longer.  In other words if there are debts then it's to advantage to bar any who don't pay attention by filing Probate -- but only if there are assets to pay the debts with and, when that's done, something will be left!  Otherwise the correct action is to walk away and let the creditors pound sand; that you're named in a Will does not mean you're obligated until and unless you accept the appointment.  Figure out if it's worth it (there will be something left, in your best estimation, and whatever you'll receive is enough to be worth your trouble) before you file!

IMHO, assuming no minor children, your goal while alive should be to make it not worth it to Probate the Estate even if there are assets and by doing so deny both the lawyers and the courts their fees.

Many times this can be done.

First, financial accounts of various sorts can for zero cost have what is known as "POD" put on them.  That's payable on death and it's exactly what the name implies.  You designate who gets what percentage and it's a simple form you fill out at the bank or brokerage.  If you die your heirs need only present a death certificate, which they can usually obtain within a week or your passing, and the money is theirs -- period.  A cashier's check is cut and that's the end of it.  Likewise life insurance policies should always name specific beneficiaries and not your Estate.  If you have modest debts -- such as a credit card for ordinary monthly expenses -- and someone you trust to pay it when you die then POD them an account specifically for that purpose with just enough in it for that to happen.  They pay the debts after you pass with that money and that's the end of it.

Second, if you have Real Estate and it's owned and has a positive equity then the superior means of dealing with it is usually a Revocable Living Trust.  It costs money to set one up if you use a lawyer (typically a couple of thousand) and it's state specific as is a Will but only at initiation.  Once established it remains valid even if you move to a new state.  The only thing to be careful of is the potential for state tax considerations in states that have a death or income tax.  If you live in such a state and intend to move to a state where such is not the case move first, then set it up in the new state.  If you already have a trust in a hostile tax environment state then revoke it, transfer the assets out once you move and set up a new trust in the "friendly" state, transferring them into the new one.  A trust, once set up, must be funded by having the assets transferred into it.  In other words for a house you re-title the house into the Trust.  There are people who claim that a trust "hides" ownership -- this is not really true unless you name someone else as Trustee to manage it, which is very dangerous and for most people should be done, because title has to vest in a person; thus it's something like "Karl Denninger as Trustee for blah-blah Trust of date-set-up."  But, since the Trust document itself is private who's named as a beneficiary is not disclosed and the Trust is not filed with a court after you die.  In the trust documents you name a successor trustee who is the person (or chain of persons) who obtains control of the trust after you die.  You can designate pretty much anything that's legal which you want done in a Trust.  Revocable living trusts can be modified at-will including assets being moved into and out of them during your life, you can change beneficiaries, etc.  Note that a revocable living trust does not provide any sort of tax protection since you maintain control over the assets until your death, at which point it becomes irrevocable and cannot be changed.

Trusts can also have financial accounts re-titled into them and that's frequently done if, for example, you have minor children and a fair bit of money -- or adult children you don't want to have get all the cash at once.  Thus the term "Trust Fund Babies"; if there's plenty of money you may be perfectly ok with having a law firm named as the successor trustee to carry it out when you get hit by a bus since you don't care about the fees and costs.  For most people designating the chain of heirs is sufficient, but once you get into high net worth situations you may make a different choice.

Note that in most cases you do not want to title vehicles into a trust; the reason is that in many states it is difficult to obtain insurance on them.  They're one of the few things you should basically never put in a revocable trust, unless it's something like a classic car collection.

Along with the Trust you usually want what is called a "pour over" Will, which simply states that anything not in the trust and otherwise undisposed goes into the Trust on your death.  Note that the Will still has to be probated; if it's a "small estate" this is cheap and fast but the entire point of using the Trust and POD in the first place is to avoid the cost and hassle of formal probate -- if you don't re-title things properly you spent the time and trouble (never mind money if a lawyer was involved) to set the trust up fro nothing since the pour-over Will still have to be probated!

The key difference with a Trust is that just like a POD on a financial account it doesn't go through probate; the court never gets their hands on it and thus there are no delays or fees assessed by same.  This means the heirs get possession and control literally as soon as you diewhich makes things a lot simpler.  In addition nobody has access to your list of who gets what other than the trustee; unlike a Will which is filed with the court and becomes public a Trust does not.

Consider that if you have all your assets covered by a Will -- a house, a bank account, maybe a brokerage account -- and you die, until someone files that Will and is named Personal Representative how does the power bill get paid at the house?  Your bank account is locked on the day of your death and a power of attorney to access that account becomes worthless.  Someone is going to have to fork up their money to take care of that until the Will can be put into probate and Estate accounts set up and financial accounts transferred or liquidated, all of which costs time and money.  In addition there's a very clean argument that nobody has the right of possession (e.g. to live there!) in said house at the moment of your death until Probate is established and on the day the Probate Court appoints the Personal Representative that person immediately has a fiduciary duty to preserve the value of same for the benefit of all the heirs.  This can easily conflict with reality; let's say you have someone living in the house who is a partial heir but is a drug user and might trash the place or interfere with the sale required since no heir has the means or desire to buy out the others; the PR can, if the house isn't to pass solely to said person, have a legal duty to forcibly evict them no matter who it is and no matter what else is in the Will as their duty is to protect the Estate assets for the benefit of all the heirs (not just the person living there) and that duty is not to the dead person it's to the court!

If the bank account is POD'd to your heirs in some percentage distribution and the house is in a Trust that specifies that "X" has a right of possession then you immediately (within a couple of days) have the funds to pay the power bill and whoever is so-designated has the rights set forth in the Trust document no matter whether it's to the benefit of the asset -- or the rest of the estate -- or not.  In other words your desires before your death are continued exactly after your death and as long as whatever you put in that document is legal it's enforceable.  Even better is that whatever people have the right to possession of the property need do nothing to enjoy it, and the title remains undisturbed since the Trust still owns it.

Now the successor trustee, once you die in the case of a Revocable Living Trust, still has to dispose of the property as the Trust directs.  But re-titling the house out of the Trust into someone's hands (if it's a 100% gift) or selling it and splitting the proceeds is no different than any other Real Estate transaction, as opposed to filing a Will, having the PR appointed, getting letters of authority and similar, along with all the delays and costs involved.

Finally none of this changes tax and debt obligations; you cannot evade either.  If you try creditors (or the IRS) can (and if its worth it for them will) sue to claw back whatever you try to distribute outside of the process.  If you have $10 large in a bank account and owe $25 large on a credit card, thinking you can POD the bank account to your daughter as a way to screw the credit card company out of the $25,000 that's likely to fail and get her sued a few months after you pass, quite possibly after she's already spent the money!  Don't do that.

Finally there are "small estate" rules for people who die with little in the way of assets but the limits vary from state to state and in some states are laughably low, to the point that someone with nothing more than a modest car exceeds them.

As you can see this can be a lot more complex than it first appears, even if you aren't particularly wealthy.  The only place it doesn't matter at all is if you either are or intend to die broke (or even better, deeply in the hole) -- in that case then fuck 'em and do nothing with regard to finances (e.g. POD, will or trust), on purpose, but make damn sure nobody else has joint responsibility for anything so the people who you owe can't come after someone else when you die.

In short get competent advice -- there are plenty of people out there who are outright snakes and whoever is managing things for you when you pass is going to get to meet a bunch of them.

I just recently wound up my later mother's estate; I'm not a lawyer nor did I set up her affairs originally, but I did hold powers of attorney for both financial matters and health care and was her Personal Representative, and have seen the flat-out ugly bullcrap that everyone in the world tries to pull.  I got dozens of spammy and in some cases scammy letters from various entities and people, along with more than a few phone calls.  It's a five alarm pain in the ass and a good thing that I'm pretty-much a pissed-off alligator when someone steps on my tail and am more than willing to chase-and-bite -- hard.  Most people would have been buttfucked by some of the crap that was pulled -- as it stands everyone who was legitimately owed money (not many) got paid and there was something left, with none of the schemers and scammers getting anything.  That's the way it should be but it was overly complex -- when my time comes it won't be.

View this entry with comments (opens new window)
 

Category thumbnail

I've had my Lenovo X220 for a long time.  Time has moved on and yet until this last year I saw no compelling reason to spend money again.  The X220 works great and the "improvements" have been small in number but large in price -- and thus not worth it, in my view.

This last year the X1 Carbon Gen 6 units showed up.  The previous models were nothing special -- but the "6" was nice.  The problem was that "nice" came with a screamingly-stupid price tag, so I passed.  But now you can get the X1 Carbon Gen 6 models in a good configuration (i7, 16Gb RAM and a 500Gb SSD) at a nice price -- refurbished, but still with a decent amount of remaining factory warranty.

Incidentally, Lenovo has a rather nice "companion" app that allows you to (among other things) set the charge controller's maximum charge point on these machines (!!!)  Setting it to 80% will cost you 20% of your runtime but it will double or better the battery's cycle life.  In addition if you're connected to wall power and in the "no-charge window" (e.g. 75%-80%) the system will take its power from the A/C line but not charge, so the battery does not cycle in that state at all.  Setting this is not a Windows thing either -- it programs the charge controller hardware so once set it is persistent even if you boot something other than Windows or the computer is plugged in but off.  I like that a lot -- this ought to be mandatory on any sort of battery-powered mobile device (e.g. a phone), especially if the battery is not user-replaceable.  You know damn well Apple, Samsung and the rest will never do that however since it's part of how they sell both computers and phones -- build them so the battery pukes in about a year and guess what -- you're back in their store!  Oh Tim Crook you piece of crap jackass, why isn't this capability standard on all your MacBooks since you're allegedly the "innovation leader"?

In any event these machines can go 6+ hours of moderate use even with the charge point restriction in place, so you're not giving up much and with this set leaving the unit connected to power does nothing to battery cycle life, unlike virtually every other machine on the market.  Incidentally, the new Coffee Lake processors (Intel Gen 8) are damn fast on a comparative basis.  This is the first "innovation" in laptop CPUs that has been worth spending money on in five+ years, so if you're wondering if it matters -- it does.  In addition these units have Samsung nVME SSDs in them which are blistering fast, plus a Thunderbolt 3 port that can drive external video cards if you wish.  I've seen no reason to "upgrade" from my X220 until now; it's still perfectly functional too, by the way.....

If you want my short list of complaints with "modern" laptops it's the port problem.  Specifically, small and light means compromises when it comes to interior space and thus ports.  Full-size SD slots (for example) consume interior space which is at a premium, so they're disappearing.  Worse, on many machines so are USB Type A connections, which is IMHO utterly unconscionable.  Yes, I know Type C is both smaller and comes with USB-PD, which is superior but there are literally a billion USB-connected devices out there that come with and require a Type "A" plug -- or some sort of adapter -- to use.  Those devices aren't going away for a very long time, and as such having at least one (and preferably two) Type "A" port is IMHO required. Dell has screwed the pooch in this regard with their latest "ultrabook" models; Lenovo has only partially done so (there's no full-size SD slot, but there are two Type A ports.) 

One big advantage of USB-PD connections found on newer devices is that we're moving closer to true interchangeability when it comes to power in the mobile world.  Specifically, I can use the laptop's charger to charge my phone, I can use my phone USB-PD charger (provided it can do 20V output) to charge the laptop (slower, but it should work), my car's USB-PD charger can charge the laptop (I no longer need an inverter) as well my phone and I can use the laptop battery to charge the phone as well.  The latter means that if I need to I can plug the car into the laptop and the phone into the laptop as well on the second USB-C port and both will charge.  This allows me to get rid of multiple things I used to have to carry, or continue to carry them and gain redundancy -- and that's a good thing.

One of the things I find insanely annoying -- and insecure -- is anything Microslug.  Sadly I, like a lot of other people, cannot get away from it in that there's just too much software that I use on a regular basis but is either Apple or Microsoft only.  I prefer a FreeBSD desktop for a lot of things, never mind that I want to do some code development on it when traveling, which of course means I want the code environment I write in 90+% of the time on my laptop.

So if you're inclined the same way I am when it comes to operating systems here's how to dual-boot it -- yes, with UEFI (the "new way of the world.")  Oh, and to do so with full-disk encryption for both environments.  I consider full disk encryption essential on a portable machine because they're much more likely to be lost or stolen than a desktop.  Full disk encryption obviously won't stop someone from stealing the computer but it will make sure if someone does steal it they can't get to any of the data on it.

First, shut off secure boot in the BIOS settings.  That's a Microsoft-signature thing. It does provide (some) security on the boot process, provided you trust Microsoft. I do not, so therefore..... yep.  Note that if you have Bitlocker turned on (and you should if you've been using the machine) the restore process below will result in a non-encrypted Windows installation.  That's fine; you can re-enable it later (and should.)

Next, use Macrium Reflect (the free edition is fine) to make room for a FreeBSD partition.  The best way to do this is to back up the machine (make damn sure you create "boot media" and test it!), then RESTORE all the partitions using that boot media back to the machine's internal disk and, when restoring, resize the system ("Windows") partition to leave an appropriate amount of free space.  100Gb is quite a lot of storage for a user-style FreeBSD system, unlike most WinBlows machines that are flat-out bloated pigs -- which means that pigheaded Winblows and nice FreeBSD will handily fit on a 500Gb nVME SSD and even a 250Gb disk is more than enough (although you may wish to downsize the FreeBSD side to ~60Gb in that event, which is still going to leave you an insane amount of room on that side.)

CAUTION: Do not be tempted to use a partition resizer to do this instead of using Macrium to take a full backup and restore. Several of the below steps have no "are you sure" option or safeties to prevent data destruction; the commands below assume you know what you're doing and take effect instantly.  If you screw up during any of those steps and don't have a backup everything on the machine may be destroyed and it can be rendered unbootable, including any built-in recovery partition.  Without recovery media or a backup and boot media for it you're in big trouble if that happens. Doing it right means knowing you have a good backup and can restore it before you begin, which is exactly what you just did and proved.

Now go here https://www.rodsbooks.com/refind/ to download his EFI boot manager, then install it.  UEFI machines are supposed to provide a decent set of boot management options but damn near none actually do; this bit of code overcomes that problem.  The pages look sort of scary in terms of the amount of material present; they're not.  You need the "zip" file which contains all the pieces necessary.  Grab the package and read the Windows installation instructions; it's very simple to install this from the Windows command prompt.  You only want the "x64" version (there are three; delete the other two before you copy it over.)  To test the installation reboot; the system should show you a boot menu, but the only "real" bootable option will be Windows.  If you screw up typing something what will probably happen is that Windows will start instead of you getting the menu -- go back and check your work if that happens.  You're now set up to choose multiple operating systems painlessly every time you boot the machine.

Download FreeBSD-12 (the x64 version) from https://freebsd.org in the memory stick format and use your favorite tool (e.g. "dd" or win32diskimager) to copy it to a USB key or other similar thing (an SD card in a reader works just fine too.)  Note: You want FreeBSD 12.  You can use 11.x if you wish, but the nice integrated encrypted storage option I'm describing here might not work; I'm not sure if the encryption-aware EFI loader was MFC'd back to 11.x.  You can still set up for encrypted disk storage without that but it's a lot more of a pain in the ass to do than what I'm describing here and makes maintenance using FreeBSD's internal tools more-complicated unless you're quite careful. Use 12; it's both more-secure in that there is no "exposed" non-encrypted boot partition and easy to set up by comparison.

FreeBSD's installer should, in theory, be able to handle a "multi-boot" environment with reasonable facility but doesn't and the only option it offers for automatic setup with encrypted storage uses ZFS on the entirety of one or more disks.  That's reasonable on a dedicated machine with multiple drives but not for a laptop or other computer with one disk and a dual-boot requirement -- so you get to do the disk setup by hand.

Now boot the stick with FreeBSD-12 on it.  On the Lenovo hit ENTER on initial start when prompted and then select F12 to change the "default" boot order and select the USB stick from the drop-down menu.  Start the installer but when you get to the disk layout (there will be four choices; one of which is UFS and one of which is ZFS) select manual (it'll warn you that you have to be an "expert.")

You'll get a "#" (root) prompt.

Now type "gpart show | more" and look.  You should see something like "nvd0" at the top -- which is your SSD.  There should be a large unallocated space (marked " - free - ") of the size you left.  Note it, and that it will not have an index number.

If there is no free space of the size you left YOU ARE LOOKING AT THE WRONG DISK.

Type:

# gpart add -t freebsd-ufs -l freebsd-root -a 4k nvd0 (assuming your disk is named "nvd0" in the above)

This will tell the system to add a partition for FreeBSD to the disk named, consume all remaining available space in that nice large block and put a label on it of "freebsd-root."  This is probably what you want; the label is optional but will help you avoid mistakes while putting the system together.

Now look again at "gpart show | more"; you should see the freebsd-ufs partition you created.  Remember the index number next to it.  If it's "6" then the disk partition is in /dev/nvd0p6.  The numbers may not (probably will not, if you resized from a backup) be in order.  That's ok.

Warning: If you do any of the following to the wrong partition you will destroy whatever is in it.  There are no warnings or safeties on any of these commands; you're acting as "root", and it is assumed "root" knows what he's doing.  That backup you made as the first step will come in real handy if you screw up here so don't do anything stupid to wherever you put the backup -- like erase or destroy it!

BEFORE you press RETURN in any of the below steps look -- TWICE -- at what you just typed or be prepared to use that backup you made and start over!

# geli init -b -g -l 256 -s 4096 /dev/gpt/freebsd-root  (note that "-l" switch is the letter "l" -- not a numeral one)

This initializes encryption on this partition.  "-b" and "-g" tell the system you are going to boot from it, and that the boot system should ask you for the password.  "-s 4096" sets the block size; 4096 is a good choice with a decent split between performance and XTS fuzzing (security), and matches most SSD page sizes which is important on SSDs.  "-l 256" says to use 256-bit AES instead of 128 and is optional.  There's debate over whether 128 or 256 is more-secure; 256 is a bit slower, but not much.  Note that you cannot change either the sector size or AES length once the partition is initialized without erasing everything in the partition you are encrypting.  Unlike Bitlocker on Windows there is no "encrypt in-place" option.

You will be asked for a password.  Use a strong password and do not forget it.  There is no way to recover anything on that partition if you lose it.  Ever.  Period.  There is no recovery key ala Bitlocker; you either have the password (the system does allow you to set a second one but that's beyond the scope of this document) or there's nothing you can do to get the data back.

When that command completes type:

# geli attach /dev/gpt/freebsd-root

And enter the password when prompted.  If it's correct you'll see a couple of lines announcing the filesystem is attached and another root prompt.  If the password is wrong it will tell you; repeat the command and put in the right one.  If you accidentally put in the wrong device name the password will obviously not work since it's not the correct part of the disk.

Now type:

# newfs -t -J -U -L rootfs /dev/gpt/freebsd-root.eli

Note: The ".eli" name on the end denotes the encrypted partition you just attached.  This initializes the filesystem itself; you are telling the system you are on an SSD and want it to use "TRIM" ("-t"), you want Journaling and Soft Updates (both good for performance and data security / reboot speed) and you also want a label called "rootfs".  The last switch isn't really necessary -- but it's good practice.

Now you have to mount that filesystem where the installer wants it so it can put the operating system on there for you:

# mount /dev/gpt/freebsd-root.eli /mnt

And then create two files necessary for the system to boot when you're done -- an /etc/fstab file to tell the system where the filesystem is you created and a loader.conf file so the system knows where to find the root filesystem and to load the encryption driver during the boot process:

In /tmp/bsdinstall_etc/fstab put:

/dev/nvd0p6.eli / ufs rw 1 1

And in /tmp/bsdinstall_boot/loader.conf place:

geom_eli_load="YES"
vfs.root.mountfrom="ufs:nvd0p6.eli"

"vi" is a good choice to do that, assuming you know how to use that editor.  "echo" will work too (one line at a time.)  So will "ee" (Easy Editor.)

(nvd0p6.eli may be different depending on what you saw above -- if unsure look again with "gpart show | more" and look for the index number of the partition.  Note there is no "/dev" prefix and that ".eli" on the end must be present; that's the attached encrypted copy.  Without it the system won't boot as it will try to read the unencrypted device and will see garbage.)

Now you need to mount the existing EFI partition on the drive and copy in the FreeBSD loader. The UEFI boot manager you installed earlier will be able to find it automatically, but to do so you must place the FreeBSD loader that knows how to scan for and read encrypted disk partitions in the correct place. The following commands will do that (the "#" is the root prompt), assuming "nvd0p1" is your EFI boot partition on the disk:

# mkdir /tmp/mount
# mount -t msdos /dev/nvd0p1 /tmp/mount
# mkdir /tmp/mount/EFI/FreeBSD
# cp /boot/loader.efi /tmp/mount/EFI/FreeBSD/bootx64.efi
# umount /tmp/mount
# rmdir /tmp/mount

Now you can type "exit" at the "#" prompt and you will be back in the installer with all the "bits" in the right place for it to put the system on the disk for you.  Do the other usual things in the installer, including setting up networking and similar.

When you're done let the installer run and finish.  When it goes through the normal process and you reboot you should get a boot manager screen with TWO usable options (there will be others as well); one of them should be FreeBSD's "Beastie Head", and selecting that option should immediately prompt you for a password, which is required to unlock and boot the partition you have just set up.

Congratulations; you can then set up X11 if you'd like (e.g. gnome, etc); be aware that the Carbon Gen 6 wants the "scfb" driver declared for X11 to work which is a bit annoying; a file called "driver-scfb.conf" goes in /usr/local/etc/X11/xorg.conf.d once you have xorg loaded and should contain the following to tell it to probe that driver:

Section "Device"
    Identifier "Card0"
    Driver "scfb"
EndSection

Without that Xorg's auto-configuration will not find the Intel graphics and X11 will refuse to start.

Now reboot into Windows and turn Bitlocker back on.  Unlike with X220 where I had to do some rather arcane things with the Group Policy Editor to make that work (Bitlocker would otherwise throw up as soon as I booted FreeBSD) so long as you have loaded the UEFI boot manager and the FreeBSD loader into the EFI partition before you do this it should be fine with you switching back and forth between operating systems -- it is on my machine.  Expect it to raise hell if you tamper with anything in that EFI partition after Bitlocker has initialized, but once you've set everything up there is no reason to screw with that area of the disk again, and in fact if someone does it's probably good for the system to raise a stink about it.  Do be aware that if you use Gnome by default it will try to mount all the partitions it can find when you sign in and will complain a lot if you have the Windows partition encrypted (as expected); the best option there is to turn the automount feature in Gnome off.  Be aware that without policy editing Bitlocker is only as secure as your physical machine and the login passwords on it; TPM-2.0 machines will boot a Bitlocker disk without a PIN entry so if your login password is crap or you use the fingerprint sensor the Windows partition is not secure against someone who can guess or spoof either and the very real possibility exists that Microsoft has a way in to such a booted machine via some Redmond-placed back door.

Finally, delete any existing Macrium Reflect backup XML profiles you used for Windows and re-create them.  Attempting to use the old ones from before you resized the partitions will not work since you've changed the partition layout; they will appear to run initially but error out during the process.  Make a final, new base backup for your Windows side and make sure it verifies, then use the FreeBSD tools of your choice to do so for the Unix side so you're protected there as well.

The only "gotcha" I've noticed is that 802.11ac WiFi isn't recognized but I believe this is still a FreeBSD limitation as of 12-RELEASE.  I don't have an external Thunderbolt dock so I have no idea if an external video card will come up, assuming appropriate entries in the x11 configuration files.

Enjoy!

Note: The options I specify above in setting up the encryption environment make the basic assumption that the purpose of encryption is to protect against a thief getting access to your data.  If your assumption is that you're trying to protect against a determined adversary with nearly-unlimited resource (e.g. a government, a police force, etc) then you have plenty of work to do before choosing those options -- never mind that Bitlocker on Windows is likely not secure against such an adversary at all.

View this entry with comments (opens new window)