The Market Ticker
Commentary on The Capital Markets- Category [Musings]
Logging in or registering will improve your experience here
Main Navigation
MUST-READ Selection(s):
America Is DONE

Display list of topics

Sarah's Resources You Should See
Sarah's Blog Buy Sarah's Pictures
Full-Text Search & Archives

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2019-04-12 07:00 by Karl Denninger
in Musings , 2780 references
[Comments enabled]  

Let me point out a few things.

1. I have in front of me my Social Security "benefits and wage record" statement.  It says I have qualified for disability, because I have worked enough credits through my life.  Were I to be able to claim to be disabled right here and now I would get $2,342.00 a month for life -- that is, $28,104 a year tax free.

2. Two years after the date they deem me "disabled" I qualify for Medicare (irrespective of my age) and since I have no other outside income I would pay next to zero for Medicare.  Now I have "free" public health care.

3. Being "low income" and "disabled" I would also qualify for Section 8 housing.  Provided I was willing to move to somewhere there were open slots (typically you have to move to a county outside of the major metro areas to not have to contend with a long waiting list) the government would also give me northward of $500 a month -- or another $6,000 a year -- of housing assistance.

In other words all I have to do is be able to claim I cannot work due to some "disability" and I magically get $34,000 a year, or somewhere north of $20/hour (since there are no taxes withheld from that, but there are from wage income.)  Forever.

If I am an entrepreneur and gross $25,000 a year or less (note -- far less than this disability income) I can have "health insurance" for almost nothing.  In fact I currently pay about $15/month.  Note, however, that this is gross income -- on which I must pay taxes, most-particularly FICA and Medicare tax from the first dollar onward.

That Obamacare subsidy completely evaporates by the time I make less than double that, about $42,000 -- and the monthly charge for that "insurance" is nearly $900 a month, or $9,600 a year -- which I must pay, on top of FICA, Medicare (combined 15.3% of gross) and whatever federal income tax liability (~10% bracket, roughly) is.  In other words out of that $17,000 in additional income from $25,000 to $42,000 I must pay $9,600 + $2,601 + $1,700 = $13,901 plus any state income tax owed.

That is a tax rate of 82% on that $17,000 in earnings before state income taxes. I get to keep nearly nothing of that money but I have to work for all of it.

So I actually have $28,099 (not including the FICA and Medicare tax on the original $25,000) by working hard at trying to build a new business while if I claim to be disabled I have roughly 30% more and I get to sit on my ass and drink beer or (if I live in the right state) smoke weed all day for the rest of my life.

Further, if and when I destroy my health doing that all the medical care I need as a result I don't have to pay for either.  But if I wreck my health by burning the candle at all ends at once (and getting about 4 hours of sleep -- maybe -- a night), as I did for over a decade being an entrepreneur I am entitled to..... nothing.

500,000 fewer small businesses exist now than did a year ago.

Do you now understand one of the major reasons why?

In the mid 1980s I took a salaried job that made $18,000 a year.  It was challenging on a technical and "skill" basis, but miserable in terms of working conditions.  It was several years before I cracked the $40,000 a year barrier in gross earnings.  During all of those years, none of which provided me a nickel in overtime pay I was expected routinely as a professional (coder) to work in many cases as much as 80 hours a week, whether for someone else or self-employed.  With that quite-modest salary and no overtime I managed to provide myself with a modest (1 bedroom) but clean, comfortable and livable apartment, a vehicle, sufficient food (I never went hungry), electric, water, garbage service, phone and similar.  I managed to save enough money to pay for (with cash) a decent TV and stereo.  I did not have much extra money at the end of the month but I received zero government benefits or subsidies, nor did I receive any benefit, subsidy or gift from anyone else either.  I had plenty to eat, enough money to enjoy a night out at the local bar once in a while and enough money to take women out on dates on occasion -- and I was able to afford a place to live by myself, not needing to have a roommate or live with my parents who in fact lived in a different state.

Car insurance was a fraction of what it costs now.

Food was a fraction of what it costs now.

Health insurance was a fraction of what it costs now.

Utilities were much cheaper.

Rent was less than half what it costs now in the same building.

You could actually obtain $500 cars from ads in the paper and they ran perfectly well.  They looked like crap and were old, but were functional to get you to and from work.  When they broke down and required something expensive to fix them another one was available on a trivial basis and the title and tag fees were much smaller than they are today too, so transferring from one to the other was cheap.

All of this happened inside and just outside of Chicago -- a major city -- in the immediate metro area, not somewhere in the sticks.

A few years prior to that it was routinely possible to spin (or deliver) pizzas and make enough to go to college -- room, board, tuition and books.  Again, you wouldn't have a lot of money at the end of the month but you could make it.  You can't today; it's impossible.

The problem isn't income.

It's expenses.

The alleged "no inflation" world we have lived in is a lie.

The solution to the problem cannot be to lift wages because if you do not address the cost problem prices will rise faster than wages since nobody works for free and every increase in wages means more than one person touches the money before the employee gets it.  Such an attempt therefore will always screw the people at the bottom the most and those in the middle of the transactions will skim off a piece for themselves, making the people at the top richer!  The paradox is that if you lift the minimum wage from $10 -> $15 some number of people will get zero instead of $10 (they'll be unemployed as they're replaced by a robot, an order kiosk or similar) but even those who get $15 will see their cost of living and taxes, both direct and indirect, go up by enough that they will actually lose standard of living even though in dollars they make more.

This has happened every single time through American history.

It will happen again.

It is regressive enough, and punishing enough, that there is no way I will stand up a company in this environment.  In addition to that the lack of Rule of Law means that if some rich billionaire *******, whether it be Beelzebezos, Zucker****er or other lies, cheats, or even outright steals what I produce I will not able to stop him, sue him and he won't go to prison.  If I try to use the very same tactics these bastards use I will either be sued into bankruptcy or prosecuted and imprisoned, so even if I'm willing to be an unprincipled prick the odds of my getting away with it and succeeding are nearly zero.

We either fix this, starting with the medical scam as I've outlined before, or this nation and its financial future are finished.  Further, unless we fix this intelligent people will not choose to have children since they cannot get ahead of the tax leech that claims disability and sucks off all their money while slugging down beer and drugs by the truckload.

Time's up folks.

View this entry with comments (opens new window)
 



2019-04-04 11:11 by Karl Denninger
in Musings , 124 references
[Comments enabled]  

Cut the crap folks.

America is a Socialist Nation right now.

What is "socialism"?  It is a political system in which government owns or regulates the means of production and distribution of goods and services.

This in turn means that one may receive without producing as the community dictates collectively, and one is obligated to produce without receiving, or will receive only as the community dictates collectively.

The simplest means of determining whether or not a government is in fact socialist is whether government employees receive, on a like-for-like basis for their labor, greater or lesser total compensation than private sector employees.

Why?

Because a government employee is employed at the pleasure of the collective population, and not market forces.  Therefore their risk of becoming unemployed is always lower than someone with a similar job function in the private sector.

If, in aggregate, said employees at a local, state or federal level have a higher total compensation then the government is socialist since in a market economy this is impossible; one's compensation includes the risk of losing one's job.

With all other things being equal therefore in a market economy government always pays less.

Incidentally socialism always collapses because when someone receives without working someone else must work without receiving.  But you can't force the latter person to do actually do so at anything approaching their ability.  They can and will either "slow walk" production or simply quit and choose to receive without working.

This is the lesson of history and it happens every time.

We have six years, at best, before the downward spiral occurs right here.  Once it gathers that amount of speed it will be nearly impossible to stop except by extreme violence.

In other words grow a set now or consign our nation to the status of Venezuela.

View this entry with comments (opens new window)
 

2019-04-02 07:00 by Karl Denninger
in Musings , 1407 references
[Comments enabled]  

Grrrr....

Hindman:   Americans know they need to plan for their later years and get their affairs in order, especially as retirement approaches. But while people recognize that need, too many aren’t following through and taking action.

When someone passes without a will, it means they have died “intestate” – meaning the intestacy laws of the state where they reside will determine how the property is distributed upon your death. But without clear direction on how you would like critical items like financial assets, property, personal possessions and items of emotional value distributed among loved ones, confusion and disarray are a common end result. Not only does the lack of a will create turmoil and headaches – both financial and emotional – for family members; it heightens the risk that your end-of-life preferences won’t be carried out in accordance with your wishes. On the other hand, a well-prepared legacy can give you the simple and satisfying peace of mind of knowing that you’ve done what you can to organize your life, shape your legacy and leave your family with a roadmap of your preferences. It can be one of the greatest final gifts we leave to those we love.

Yes, you should have your affairs in order.

But I really dislike self-interested jackasses peddling crap -- and this falls into that category.

First, there are plenty of people who need no Will at all.  If you have little or nothing in terms of assets, or intend to die broke and have no minor children then a Will is not only a waste of time it is functionally worthless.  In fact in that situation whoever you name as Executor (Personal Representative in some states) would be five-alarm stupid to accept the job and file the Will with the courts because there's nothing to get but once you file there are both costs and responsibilities.  In other words if you know you will either die broke or in the hole and have no minor children then save the money.

You should still have a durable power of attorney and advance directive; those are to some extent state-specific depending on where you live, in an attempt to have what you want to happen actually happen when it comes to you being flat on your back and unable to make decisions.  Make damn sure said advance directive is on file with all the hospitals and other places you might be taken if you collapse without warning; until said place has it and knows they have it they'll do whatever the hell they want and maybe, but not necessarily, whatever someone who identifies as one of your next-of-kin wants.  If this isn't what you want it's bad news and the cost of that, if any, will wind up billed to your estate which your estate will be obligated to pay.  So if you do only one thing make it that advance directive and put it on file at all the local hospitals.

Warning: Some people will tell you to put someone else on your accounts.  If you are offered this, to be a "second signer" or "co-owner" do not accept unless you are that person's spouse, in which case it is (of course) perfectly ok.  The reason to refuse is that if they do something stupid you are fully responsible legally and financially, and this can ruin you instantly.  Consider someone who has brokerage account and is short at the margin limit of a company that gets taken out and the stock doubles.  They will come after your house!  Don't do it.

power of attorney gives you the ability to take care of business while the other person is alive without that risk and is the correct instrument; there are several forms of that from very limited ones for a specific asset or account and specific directives all the way to a general durable power of attorney that is extremely broad and essentially gives the person who holds it the same rights as the principal.  Just be aware it turns into a pumpkin instantly upon the principal's death and if you are holding one it is a civil and in some cases criminal offense to self-deal or otherwise screw the principal who gave it to you.

If you have or expect to have assets, or in the instance where you have minor children then a Will is appropriate.  Just understand its limitations and do it the right way to minimize them.

Specifically, get anything worthwhile out of the Will and thus out of probate.  This will make your heirs happier as it's faster, cheaper and has a near-perfect capability to have happen exactly what you wish so long as that's legal.

The first thing to consider is that for anything that doesn't trigger gift tax issues (e.g. things worth under $14,000 in total to a single person, but perhaps of immense sentimental value) give it to the people who you want to have it while you're still alive -- but before you're on your deathbed.  This is very unlikely to be challenged and if it is the person challenging it will be forced to spend money on a legal case with no monetary reward.

When you die with or without a Will but with some assets subject to probate then "someone" has to file with the probate court.  If you do not have a Will then whatever is subject to probate is distributed based on state law; there's a table they go down (e.g. "spouse first, then any direct descendant children, then ..... and on and on until the category fills.)  A Will overrides this to any extent you wish and nominates one or more people (in a chain, if the first refuses or is dead, etc) to be the Personal Representative (or "Executor" in some states; same thing, different names depending on the state.)

However, as soon as that Will is filed with someone named as Personal Representative (assuming the designation of either as valid is not contested, and it can be if someone wants to), or Probate is open "intestate" (with no Will) the fees start.  Filing and publication fees are typically in the many hundred dollar range right up front.  Unless that person both lives locally and can and will keep their act together sufficiently to deal with the court on a routine basis then there will also be legal fees involved.  Most people will either want or need at least legal consultation in doing this job; if you have a law office do it "end to end" for you (which is also an option) the cost is going to double or more.  The cost of this process in dollar terms is almost-always well north of a thousand dollars simply in court fees alone by the time it's all said and done; with lawyers involved it only takes one that's a bit of a snake to run the bill through the roof since all time is billed hourly.  Choose wisely and ask lots of questions!

Further, and much worse in many cases than the money hit is the fact that once Probate is opened there are statutory time windows that amount to a virtual standstill in terms of anything being paid out or distributed and similar.  The reason for this is that all states have a "Bar Date" for claims; 3 or 4 months is common and the clock does not start running until Probate is filed and published.  A company or person with a financial claim on the estate has that long to file their claim; if the Personal Representative pays out anything beyond funeral and ordinary maintenance costs (e.g. utility bills on a house, etc) and there are insufficient funds to cover claims he or she can be held personally responsible for those debts!  Therefore the usual (and good) advice is distribute nothing until the bar date passes so you know exactly how much is left.  If the Personal Representative is comfortable enough with the decedent's debt profile (usually only true if you were running that person's money for a couple of years prior to their death) then some distribution can be made sooner, especially of things that have little financial but lots of sentimental value (various bits and pieces of personal property, etc.)  One thing to be very conscious of is anything on a lease; this most-often comes up with cars but it can be anything (e.g. an apartment!)  Death does not void a lease in nearly all cases and the firm or person the decedent took it from can and usually will try to collect the entire remaining balance of payments.  That can be a literal crap-ton of money and is quite capable of turning a modest estate into a smoking hole with negative value.

Next up is that most states assess an inventory fee on estates -- which amounts to a tax.  That's usually assessed on the net value of assets on the day of death. Some assess straight-up taxes as well.  There is also a potential federal estate tax issue but that doesn't hit most people as the limit is quite high ($11.4 million at present); if you're in that bracket then you're a 5-alarm idiot if you don't already have professional legal advice to deal with it in advance with some sort of bypass trust.  There are ways to defray that tax and in some cases completely avoid it but that has to be done well in advance, so if you're that wealthy head thee to a good estate planning attorney pronto.

Note that if you do not file probate on an estate then there is still a statute of limitations on debts -- typically two years, but in some states it can be materially longer.  In other words if there are debts then it's to advantage to bar any who don't pay attention by filing Probate -- but only if there are assets to pay the debts with and, when that's done, something will be left!  Otherwise the correct action is to walk away and let the creditors pound sand; that you're named in a Will does not mean you're obligated until and unless you accept the appointment.  Figure out if it's worth it (there will be something left, in your best estimation, and whatever you'll receive is enough to be worth your trouble) before you file!

IMHO, assuming no minor children, your goal while alive should be to make it not worth it to Probate the Estate even if there are assets and by doing so deny both the lawyers and the courts their fees.

Many times this can be done.

First, financial accounts of various sorts can for zero cost have what is known as "POD" put on them.  That's payable on death and it's exactly what the name implies.  You designate who gets what percentage and it's a simple form you fill out at the bank or brokerage.  If you die your heirs need only present a death certificate, which they can usually obtain within a week or your passing, and the money is theirs -- period.  A cashier's check is cut and that's the end of it.  Likewise life insurance policies should always name specific beneficiaries and not your Estate.  If you have modest debts -- such as a credit card for ordinary monthly expenses -- and someone you trust to pay it when you die then POD them an account specifically for that purpose with just enough in it for that to happen.  They pay the debts after you pass with that money and that's the end of it.

Second, if you have Real Estate and it's owned and has a positive equity then the superior means of dealing with it is usually a Trust.  It costs money to set one up (typically a couple of thousand if a lawyer does it) and it's state specific as is a Will so if you're planning on moving then choosing your venue can be important as well as state tax considerations can come into play.  A trust, once set up, must be funded by having the assets transferred into it.  In other words for a house you re-title the house into the Trust.  A material advantage of this if you do it before you buy the house in the first place is that it largely "hides" who owns it in the public records (e.g. "Green Acres Trust" as opposed to your name) and since Trusts are private it takes a fair bit of work to uncover who it is (it's not impossible, so if you're trying to screw someone you'll likely fail -- but it keeps the nosy out of your business without a fair bit of work and cost to run it down.)  In the trust documents you name a successor trustee who is the person (or chain of persons) who obtains control of the trust after you die.  You can designate pretty much anything that's legal which you want done in a Trust.

Trusts can also have financial accounts re-titled into them and that's frequently done if, for example, you have minor children and a fair bit of money -- or adult children you don't want to have get all the cash at once.  Thus the term "Trust Fund Babies"; if there's plenty of money you may be perfectly ok with having a law firm named as the successor trustee to carry it out when you get hit by a bus since you don't care about the fees and costs.  For most people designating the chain of heirs is sufficient, but once you get into high net worth situations you may make a different choice.

The key difference with a Trust is that just like a POD on a financial account it doesn't go through probate; the court never gets their hands on it and thus there are no delays or fees assessed by same.  This means the heirs get possession and control literally as soon as you diewhich makes things a lot simpler.

Consider that if you have all your assets covered by a Will -- a house, a bank account, maybe a brokerage account -- and you die, until someone files that Will and is named Personal Representative how does the power bill get paid at the house?  Your bank account is locked on the day of your death and a power of attorney to access that account becomes worthless.  Someone is going to have to fork up their money to take care of that until the Will can be put into probate and Estate accounts set up and financial accounts transferred or liquidated, all of which costs time and money.  In addition there's a very clean argument that nobody has the right of possession (e.g. to live there!) in said house at the moment of your death until Probate is established and on the day the Probate Court appoints the Personal Representative that person immediately has a fiduciary duty to preserve the value of same for the benefit of all the heirs.  This can easily conflict with reality; let's say you have someone living in the house who is a partial heir but is a drug user and might trash the place or interfere with the sale required since no heir has the means or desire to buy out the others; the PR can, if the house isn't to pass solely to said person, have a legal duty to forcibly evict them no matter who it is and no matter what else is in the Will as their duty is to protect the Estate assets for the benefit of all the heirs (not just the person living there) and that duty is not to the dead person it's to the court!

If the bank account is POD'd to your heirs in some percentage distribution and the house is in a Trust that specifies that "X" has a right of possession then you immediately (within a couple of days) have the funds to pay the power bill and whoever is so-designated has the rights set forth in the Trust document no matter whether it's to the benefit of the asset -- or the rest of the estate -- or not.  In other words your desires before your death are continued exactly after your death and as long as whatever you put in that document is legal it's enforceable.  Even better is that whatever people have the right to possession of the property need do nothing to enjoy it, and the title remains undisturbed since the Trust still owns it.

Finally none of this changes tax and debt obligations; you cannot evade either.  If you try creditors (or the IRS) can (and if its worth it for them will) sue to claw back whatever you try to distribute outside of the process.  If you have $10 large in a bank account and owe $25 large on a credit card, thinking you can POD the bank account to your daughter as a way to screw the credit card company out of the $25,000 that's likely to fail and get her sued a few months after you pass, quite possibly after she's already spent the money!  Don't do that.

Finally there are "small estate" rules for people who die with little in the way of assets but the limits vary from state to state and in some states are laughably low, to the point that someone with nothing more than a modest car exceeds them.

As you can see this can be a lot more complex than it first appears, even if you aren't particularly wealthy.  The only place it doesn't matter at all is if you either are or intend to die broke (or even better, deeply in the hole) -- in that case then **** 'em and do nothing with regard to finances (e.g. POD, will or trust), on purpose, but make damn sure nobody else has joint responsibility for anything so the people who you owe can't come after someone else when you die.

In short get competent advice -- there are plenty of people out there who are outright snakes and whoever is managing things for you when you pass is going to get to meet a bunch of them.

I just recently wound up my later mother's estate; I'm not a lawyer nor did I set up her affairs originally, but I did hold powers of attorney for both financial matters and health care and was her Personal Representative, and have seen the flat-out ugly bullcrap that everyone in the world tries to pull.  I got dozens of spammy and in some cases scammy letters from various entities and people, along with more than a few phone calls.  It's a five alarm pain in the ass and a good thing that I'm pretty-much a pissed-off alligator when someone steps on my tail and am more than willing to chase-and-bite -- hard.  Most people would have been butt****ed by some of the crap that was pulled -- as it stands everyone who was legitimately owed money (not many) got paid and there was something left, with none of the schemers and scammers getting anything.  That's the way it should be but it was overly complex -- when my time comes it won't be.

View this entry with comments (opens new window)
 

2019-03-28 07:00 by Karl Denninger
in Musings , 131 references
[Comments enabled]  

It was just a matter of time....

Now researchers have turned to yeast to do something more improbable: manufacturing the cannabis compounds CBD and THC. By loading brewer’s yeast with genes from the cannabis plant, they’ve turned the miracle microbes into cannabinoid factories. It’s a clever scheme in a larger movement to methodically pick apart and recreate marijuana’s many compounds, to better understand the plant’s true potential.

Oh my.

Without yeast there would be no beer or wine.  Nor bread, for that matter (leave aside the hosts in the local Catholic Church which are unleavened!)

Essentially what's happened here is that people have bioengineered what goes on in the cannabis plant -- except they are doing it selectively, which is very cool for a whole host of reasons.

First, you can get exactly what you want -- and none of what you don't.  Isolating CBD is not very hard but growing plants and then isolating it from them is, well, more trouble.  And risky -- what if there's more than a trace of THC in there?  The entire batch is a zero.

But with this method there is no THC produced and thus there is no risk.  Oh never mind that it's probably also easier and more-prolific in terms of the amount you can produce in a given amount of space.

I like it.

A lot.

View this entry with comments (opens new window)
 

I've had my Lenovo X220 for a long time.  Time has moved on and yet until this last year I saw no compelling reason to spend money again.  The X220 works great and the "improvements" have been small in number but large in price -- and thus not worth it, in my view.

This last year the X1 Carbon Gen 6 units showed up.  The previous models were nothing special -- but the "6" was nice.  The problem was that "nice" came with a screamingly-stupid price tag, so I passed.  But now you can get the X1 Carbon Gen 6 models in a good configuration (i7, 16Gb RAM and a 500Gb SSD) at a nice price -- refurbished, but still with a decent amount of remaining factory warranty.

Incidentally, Lenovo has a rather nice "companion" app that allows you to (among other things) set the charge controller's maximum charge point on these machines (!!!)  Setting it to 80% will cost you 20% of your runtime but it will double or better the battery's cycle life.  In addition if you're connected to wall power and in the "no-charge window" (e.g. 75%-80%) the system will take its power from the A/C line but not charge, so the battery does not cycle in that state at all.  Setting this is not a Windows thing either -- it programs the charge controller hardware so once set it is persistent even if you boot something other than Windows or the computer is plugged in but off.  I like that a lot -- this ought to be mandatory on any sort of battery-powered mobile device (e.g. a phone), especially if the battery is not user-replaceable.  You know damn well Apple, Samsung and the rest will never do that however since it's part of how they sell both computers and phones -- build them so the battery pukes in about a year and guess what -- you're back in their store!  Oh Tim Crook you piece of crap jackass, why isn't this capability standard on all your MacBooks since you're allegedly the "innovation leader"?

In any event these machines can go 6+ hours of moderate use even with the charge point restriction in place, so you're not giving up much and with this set leaving the unit connected to power does nothing to battery cycle life, unlike virtually every other machine on the market.  Incidentally, the new Coffee Lake processors (Intel Gen 8) are damn fast on a comparative basis.  This is the first "innovation" in laptop CPUs that has been worth spending money on in five+ years, so if you're wondering if it matters -- it does.  In addition these units have Samsung nVME SSDs in them which are blistering fast, plus a Thunderbolt 3 port that can drive external video cards if you wish.  I've seen no reason to "upgrade" from my X220 until now; it's still perfectly functional too, by the way.....

If you want my short list of complaints with "modern" laptops it's the port problem.  Specifically, small and light means compromises when it comes to interior space and thus ports.  Full-size SD slots (for example) consume interior space which is at a premium, so they're disappearing.  Worse, on many machines so are USB Type A connections, which is IMHO utterly unconscionable.  Yes, I know Type C is both smaller and comes with USB-PD, which is superior but there are literally a billion USB-connected devices out there that come with and require a Type "A" plug -- or some sort of adapter -- to use.  Those devices aren't going away for a very long time, and as such having at least one (and preferably two) Type "A" port is IMHO required. Dell has screwed the pooch in this regard with their latest "ultrabook" models; Lenovo has only partially done so (there's no full-size SD slot, but there are two Type A ports.) 

One big advantage of USB-PD connections found on newer devices is that we're moving closer to true interchangeability when it comes to power in the mobile world.  Specifically, I can use the laptop's charger to charge my phone, I can use my phone USB-PD charger (provided it can do 20V output) to charge the laptop (slower, but it should work), my car's USB-PD charger can charge the laptop (I no longer need an inverter) as well my phone and I can use the laptop battery to charge the phone as well.  The latter means that if I need to I can plug the car into the laptop and the phone into the laptop as well on the second USB-C port and both will charge.  This allows me to get rid of multiple things I used to have to carry, or continue to carry them and gain redundancy -- and that's a good thing.

One of the things I find insanely annoying -- and insecure -- is anything Microslug.  Sadly I, like a lot of other people, cannot get away from it in that there's just too much software that I use on a regular basis but is either Apple or Microsoft only.  I prefer a FreeBSD desktop for a lot of things, never mind that I want to do some code development on it when traveling, which of course means I want the code environment I write in 90+% of the time on my laptop.

So if you're inclined the same way I am when it comes to operating systems here's how to dual-boot it -- yes, with UEFI (the "new way of the world.")  Oh, and to do so with full-disk encryption for both environments.  I consider full disk encryption essential on a portable machine because they're much more likely to be lost or stolen than a desktop.  Full disk encryption obviously won't stop someone from stealing the computer but it will make sure if someone does steal it they can't get to any of the data on it.

First, shut off secure boot in the BIOS settings.  That's a Microsoft-signature thing. It does provide (some) security on the boot process, provided you trust Microsoft. I do not, so therefore..... yep.  Note that if you have Bitlocker turned on (and you should if you've been using the machine) the restore process below will result in a non-encrypted Windows installation.  That's fine; you can re-enable it later (and should.)

Next, use Macrium Reflect (the free edition is fine) to make room for a FreeBSD partition.  The best way to do this is to back up the machine (make damn sure you create "boot media" and test it!), then RESTORE all the partitions using that boot media back to the machine's internal disk and, when restoring, resize the system ("Windows") partition to leave an appropriate amount of free space.  100Gb is quite a lot of storage for a user-style FreeBSD system, unlike most WinBlows machines that are flat-out bloated pigs -- which means that pigheaded Winblows and nice FreeBSD will handily fit on a 500Gb nVME SSD and even a 250Gb disk is more than enough (although you may wish to downsize the FreeBSD side to ~60Gb in that event, which is still going to leave you an insane amount of room on that side.)

CAUTION: Do not be tempted to use a partition resizer to do this instead of using Macrium to take a full backup and restore. Several of the below steps have no "are you sure" option or safeties to prevent data destruction; the commands below assume you know what you're doing and take effect instantly.  If you screw up during any of those steps and don't have a backup everything on the machine may be destroyed and it can be rendered unbootable, including any built-in recovery partition.  Without recovery media or a backup and boot media for it you're in big trouble if that happens. Doing it right means knowing you have a good backup and can restore it before you begin, which is exactly what you just did and proved.

Now go here https://www.rodsbooks.com/refind/ to download his EFI boot manager, then install it.  UEFI machines are supposed to provide a decent set of boot management options but damn near none actually do; this bit of code overcomes that problem.  The pages look sort of scary in terms of the amount of material present; they're not.  You need the "zip" file which contains all the pieces necessary.  Grab the package and read the Windows installation instructions; it's very simple to install this from the Windows command prompt.  You only want the "x64" version (there are three; delete the other two before you copy it over.)  To test the installation reboot; the system should show you a boot menu, but the only "real" bootable option will be Windows.  If you screw up typing something what will probably happen is that Windows will start instead of you getting the menu -- go back and check your work if that happens.  You're now set up to choose multiple operating systems painlessly every time you boot the machine.

Download FreeBSD-12 (the x64 version) from https://freebsd.org in the memory stick format and use your favorite tool (e.g. "dd" or win32diskimager) to copy it to a USB key or other similar thing (an SD card in a reader works just fine too.)  Note: You want FreeBSD 12.  You can use 11.x if you wish, but the nice integrated encrypted storage option I'm describing here might not work; I'm not sure if the encryption-aware EFI loader was MFC'd back to 11.x.  You can still set up for encrypted disk storage without that but it's a lot more of a pain in the ass to do than what I'm describing here and makes maintenance using FreeBSD's internal tools more-complicated unless you're quite careful. Use 12; it's both more-secure in that there is no "exposed" non-encrypted boot partition and easy to set up by comparison.

FreeBSD's installer should, in theory, be able to handle a "multi-boot" environment with reasonable facility but doesn't and the only option it offers for automatic setup with encrypted storage uses ZFS on the entirety of one or more disks.  That's reasonable on a dedicated machine with multiple drives but not for a laptop or other computer with one disk and a dual-boot requirement -- so you get to do the disk setup by hand.

Now boot the stick with FreeBSD-12 on it.  On the Lenovo hit ENTER on initial start when prompted and then select F12 to change the "default" boot order and select the USB stick from the drop-down menu.  Start the installer but when you get to the disk layout (there will be four choices; one of which is UFS and one of which is ZFS) select manual (it'll warn you that you have to be an "expert.")

You'll get a "#" (root) prompt.

Now type "gpart show | more" and look.  You should see something like "nvd0" at the top -- which is your SSD.  There should be a large unallocated space (marked " - free - ") of the size you left.  Note it, and that it will not have an index number.

If there is no free space of the size you left YOU ARE LOOKING AT THE WRONG DISK.

Type:

# gpart add -t freebsd-ufs -l freebsd-root -a 4k nvd0 (assuming your disk is named "nvd0" in the above)

This will tell the system to add a partition for FreeBSD to the disk named, consume all remaining available space in that nice large block and put a label on it of "freebsd-root."  This is probably what you want; the label is optional but will help you avoid mistakes while putting the system together.

Now look again at "gpart show | more"; you should see the freebsd-ufs partition you created.  Remember the index number next to it.  If it's "6" then the disk partition is in /dev/nvd0p6.  The numbers may not (probably will not, if you resized from a backup) be in order.  That's ok.

Warning: If you do any of the following to the wrong partition you will destroy whatever is in it.  There are no warnings or safeties on any of these commands; you're acting as "root", and it is assumed "root" knows what he's doing.  That backup you made as the first step will come in real handy if you screw up here so don't do anything stupid to wherever you put the backup -- like erase or destroy it!

BEFORE you press RETURN in any of the below steps look -- TWICE -- at what you just typed or be prepared to use that backup you made and start over!

# geli init -b -g -l 256 -s 4096 /dev/gpt/freebsd-root  (note that "-l" switch is the letter "l" -- not a numeral one)

This initializes encryption on this partition.  "-b" and "-g" tell the system you are going to boot from it, and that the boot system should ask you for the password.  "-s 4096" sets the block size; 4096 is a good choice with a decent split between performance and XTS fuzzing (security), and matches most SSD page sizes which is important on SSDs.  "-l 256" says to use 256-bit AES instead of 128 and is optional.  There's debate over whether 128 or 256 is more-secure; 256 is a bit slower, but not much.  Note that you cannot change either the sector size or AES length once the partition is initialized without erasing everything in the partition you are encrypting.  Unlike Bitlocker on Windows there is no "encrypt in-place" option.

You will be asked for a password.  Use a strong password and do not forget it.  There is no way to recover anything on that partition if you lose it.  Ever.  Period.  There is no recovery key ala Bitlocker; you either have the password (the system does allow you to set a second one but that's beyond the scope of this document) or there's nothing you can do to get the data back.

When that command completes type:

# geli attach /dev/gpt/freebsd-root

And enter the password when prompted.  If it's correct you'll see a couple of lines announcing the filesystem is attached and another root prompt.  If the password is wrong it will tell you; repeat the command and put in the right one.  If you accidentally put in the wrong device name the password will obviously not work since it's not the correct part of the disk.

Now type:

# newfs -t -J -U -L rootfs /dev/gpt/freebsd-root.eli

Note: The ".eli" name on the end denotes the encrypted partition you just attached.  This initializes the filesystem itself; you are telling the system you are on an SSD and want it to use "TRIM" ("-t"), you want Journaling and Soft Updates (both good for performance and data security / reboot speed) and you also want a label called "rootfs".  The last switch isn't really necessary -- but it's good practice.

Now you have to mount that filesystem where the installer wants it so it can put the operating system on there for you:

# mount /dev/gpt/freebsd-root.eli /mnt

And then create two files necessary for the system to boot when you're done -- an /etc/fstab file to tell the system where the filesystem is you created and a loader.conf file so the system knows where to find the root filesystem and to load the encryption driver during the boot process:

In /tmp/bsdinstall_etc/fstab put:

/dev/nvd0p6.eli / ufs rw 1 1

And in /tmp/bsdinstall_boot/loader.conf place:

geom_eli_load="YES"
vfs.root.mountfrom="ufs:nvd0p6.eli"

"vi" is a good choice to do that, assuming you know how to use that editor.  "echo" will work too (one line at a time.)  So will "ee" (Easy Editor.)

(nvd0p6.eli may be different depending on what you saw above -- if unsure look again with "gpart show | more" and look for the index number of the partition.  Note there is no "/dev" prefix and that ".eli" on the end must be present; that's the attached encrypted copy.  Without it the system won't boot as it will try to read the unencrypted device and will see garbage.)

Now you need to mount the existing EFI partition on the drive and copy in the FreeBSD loader. The UEFI boot manager you installed earlier will be able to find it automatically, but to do so you must place the FreeBSD loader that knows how to scan for and read encrypted disk partitions in the correct place. The following commands will do that (the "#" is the root prompt), assuming "nvd0p1" is your EFI boot partition on the disk:

# mkdir /tmp/mount
# mount -t msdos /dev/nvd0p1 /tmp/mount
# mkdir /tmp/mount/EFI/FreeBSD
# cp /boot/loader.efi /tmp/mount/EFI/FreeBSD/bootx64.efi
# umount /tmp/mount
# rmdir /tmp/mount

Now you can type "exit" at the "#" prompt and you will be back in the installer with all the "bits" in the right place for it to put the system on the disk for you.  Do the other usual things in the installer, including setting up networking and similar.

When you're done let the installer run and finish.  When it goes through the normal process and you reboot you should get a boot manager screen with TWO usable options (there will be others as well); one of them should be FreeBSD's "Beastie Head", and selecting that option should immediately prompt you for a password, which is required to unlock and boot the partition you have just set up.

Congratulations; you can then set up X11 if you'd like (e.g. gnome, etc); be aware that the Carbon Gen 6 wants the "scfb" driver declared for X11 to work which is a bit annoying; a file called "driver-scfb.conf" goes in /usr/local/etc/X11/xorg.conf.d once you have xorg loaded and should contain the following to tell it to probe that driver:

Section "Device"
    Identifier "Card0"
    Driver "scfb"
EndSection

Without that Xorg's auto-configuration will not find the Intel graphics and X11 will refuse to start.

Now reboot into Windows and turn Bitlocker back on.  Unlike with X220 where I had to do some rather arcane things with the Group Policy Editor to make that work (Bitlocker would otherwise throw up as soon as I booted FreeBSD) so long as you have loaded the UEFI boot manager and the FreeBSD loader into the EFI partition before you do this it should be fine with you switching back and forth between operating systems -- it is on my machine.  Expect it to raise hell if you tamper with anything in that EFI partition after Bitlocker has initialized, but once you've set everything up there is no reason to screw with that area of the disk again, and in fact if someone does it's probably good for the system to raise a stink about it.  Do be aware that if you use Gnome by default it will try to mount all the partitions it can find when you sign in and will complain a lot if you have the Windows partition encrypted (as expected); the best option there is to turn the automount feature in Gnome off.  Be aware that without policy editing Bitlocker is only as secure as your physical machine and the login passwords on it; TPM-2.0 machines will boot a Bitlocker disk without a PIN entry so if your login password is crap or you use the fingerprint sensor the Windows partition is not secure against someone who can guess or spoof either and the very real possibility exists that Microsoft has a way in to such a booted machine via some Redmond-placed back door.

Finally, delete any existing Macrium Reflect backup XML profiles you used for Windows and re-create them.  Attempting to use the old ones from before you resized the partitions will not work since you've changed the partition layout; they will appear to run initially but error out during the process.  Make a final, new base backup for your Windows side and make sure it verifies, then use the FreeBSD tools of your choice to do so for the Unix side so you're protected there as well.

The only "gotcha" I've noticed is that 802.11ac WiFi isn't recognized but I believe this is still a FreeBSD limitation as of 12-RELEASE.  I don't have an external Thunderbolt dock so I have no idea if an external video card will come up, assuming appropriate entries in the x11 configuration files.

Enjoy!

Note: The options I specify above in setting up the encryption environment make the basic assumption that the purpose of encryption is to protect against a thief getting access to your data.  If your assumption is that you're trying to protect against a determined adversary with nearly-unlimited resource (e.g. a government, a police force, etc) then you have plenty of work to do before choosing those options -- never mind that Bitlocker on Windows is likely not secure against such an adversary at all.

View this entry with comments (opens new window)