The Market Ticker
Commentary on The Capital Markets- Category [Technology]
Main Navigation
Full-Text Search & Archives

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

2018-01-18 09:26 by Karl Denninger
in Technology , 284 references
[Comments enabled]  

If you think this is about Zucker****er suddenly giving a crap about you then you need to check in for psychiatric treatment:

Zuckerberg said late on Thursday the world’s largest social network would adjust its centerpiece News Feed to prioritize what friends and family share, while reducing the amount of non-advertising content from publishers and brands.

The problem with ad saturation and "monetizing" platforms are well-understood by everyone except Wall Street analysts, who continually claim the problem doesn't exist -- right up until the business dependent on it collapses.

First, autoplay videos are not only a menace to user satisfaction (especially if sound comes with them) they arguably invite lawsuits and even criminal prosecution for theft by conversion since they force you to pay for the delivery of bits to a device you do not wish to see, and they do so by subterfuge.

This is no small matter; indeed if you look at your data traffic closely on your cellphone I bet you find a solid half of it, if you don't use the phone to do things like watch Netflix, is advertising data.

How much of your "data plan" do you need because of advertising sent to you that you did not request and for products you do not want?

Half, roughly.

Got an "unlimited" plan?

That's nice -- why did you spend the money on it when half of what you transfer wasn't data you wanted to see?

Let me put some perspective on this -- with an adblocked browser and not watching Netflix on my device I often run just over 2Gb of data a month.  That's because textual web pages, even image-heavy ones, and things like Twatter (assuming you have "auto video" turned off!)  don't consume much data.  Neither do emails, contacts, calendar sync, etc.  But I don't have Facesucker on my phone -- at all.  I also downloaded the offline map for my local area, so if I need Google Maps for some reason all the data that has to be sent is for traffic.

I'm by no means a light phone user -- yet without all that advertising traffic directed at me I use very little mobile data at all.  Most people's traffic is largely advertising; that is, they're paying to be abused!

Second, there's a huge problem generally with so-called "algorithmic" targeting of so-called "news."  Since the entire point of these sites is drive this thing they call engagement they are designed to find the patterns in what you believe through what you like and spend time on and then surround you with a bubble that presents only that which reinforces your already-existing prejudices.

You do this of course when you go to the movies; you pick a movie based on what you think you'll like.  But contemplate the problem with filtering alleged news and information this way and you being to see how that sort of paradigm is extraordinarily destructive and intentionally so, since it's how these sites are designed and in fact rely on in order to make money.

Facebook, in short, has a tiny fraction of its present business value unless it reinforces what you already believe because without doing that you won't feel good and thus you won't come back.  The firm's entire intent is to addict you by manipulating your feelings of pleasure and the more successful they are in doing that the more time you spend, the more ads you see, and the more money the company makes.

Any presentation of facts that contradicts what you like thus has to be filtered from your view.

If you don't recognize this as an act of intentional psychological abuse you should.  Adults, of course, are free to engage in as much masochistic behavior as they'd like.  It may be dumb, it may be self-destructive but you have the right to do it.

However, when a company targets those under 18 it's another matter.  That's an arguably-criminal act.  We correctly treat the selling or giving of addictive substances to and engagement in addictive behaviors (such as sex) with minors by adults as crimes.  We do it not because a 13 year old doesn't have the hormone drive to have sex -- he or she does.  We recognize as adults that while adults do engage in sometimes-foolish behaviors that provoke extreme levels of pleasure (sex, for example) there is an inherent power imbalance when adults engage in same with kids and such engagement is inherently abusive.  That is why we have statutory******laws which punish that behavior irrespective of whether said minor gives consent.

The same is true for the use of tobacco and alcohol.  Tobacco is almost universally addictive when consumed in cigarettes and "chew".  But despite the fact that many cigar smokers are not addicted it's still illegal to sell or give a cigar to a 16 year old!  The same is true for alcohol; while booze is not especially harmful in small quantities nor are the majority of users addicted it remains illegal to give or sell it to minors.

Finally, from a social acceptance perspective we need to start calling so-called "social media" that effectively reinforces whatever biases you have exactly what it is:


As for people like Zuckerpig we're well past the point where he should be treated as a drug pusher to our youth and locked up along with every single person who works for that putrid firm's properties.

View this entry with comments (opens new window)

A few days ago I had an issue with Digital Ocean's FreeBSD server loads, which has since been resolved.

It was related to their internal configuration software that must run on startup, the side effects if things go wrong with it, and an inter-related security bulletin where the proper response is to update a package -- and doing that can break that configuration software.

Anyway, it was resolved after I dug around for a couple of hours in what their code was doing and their support people have a ticket on it with steps to reproduce and suggestions (specifically, if their config stuff is unhappy don't destroy necessary configuration files so I can't get back into the image and fix it!)

Yesterday afternoon, however, major price drop hit the tape from them.

They're now roughly doubling the RAM and SSD disk storage for the same price in most cases and in some cases the amount of storage included is going up by a factor of four.  In some cases CPU count is also going up.

That's not a small or "moderate" pricing change, it's a huge change.

Needless to say I immediately resized the droplets I have over there to the "doubled" sizes at the same cost.

The performance improvement you're seeing right now on the Ticker is a direct consequence of that.

What's going to be even more-material is what this does to pressure pricing on Amazon AWS and Microsoft Azure, never mind murdering the other "second tier" guys (e.g. Rackspace

Folks, doubling many capabilities for the same price and in some cases expanding it by 400% is extraordinary when it comes as a step function.  You expect more for the same with technology over time, but this sort of change is either going to have to be matched almost-immediately by the other cloud providers in which case their margins are going to get pounded up the ass or they're going to stop growing and start losing customers by the boatload.

This is what always happens to commodity services and products and exactly what I predicted would happen here.

Back when MCSNet was young we figured out how to do virtualization of web services before the other guys did; we called it "VServ."  We had some of our own "internal special sauce" to migrate processes and do other cute things to make it completely transparent to the customer, and that service had a very fat operating margin.  I knew I'd have that for a while, but inevitably not only would others figure out how to do it there would be more-efficient ways to do it added to the web service software and more -- and the price would fall like a stone.  It did, to the point that what was a $75/month service now costs about as much as a coffee at Starbucks.  A few years prior, when MCSNet in its first incantation was a (mostly) VAR-based PC supply conduit we got in on the front edge of the commodity wave in the PC space and made a nice living at it for a while undercutting Compaq and IBM with machines that were better, faster and cheaper.

This to-be-reported quarter will be the last one where the big fat margins will be there for the "major" players in cloud space.  This won't be the last major price reduction -- that much I'm sure of -- but it's the "kneecap" style move that always comes when commodity services and products that people think should be priced to have 30+% operating margins finally grow enough competition that the WalMart model (that is, I'm happy to make 6-10%) shows up.  As you know there has already been quite-material margin compression in this space among the big guys but it's been relatively tame in pace -- well, not any more.

There will be plenty of people who will try to claim that the "big dudes" are immune from this but they're dead wrong; margin pressure from the smaller, faster, more-agile is exactly how commodity businesses have their margins crunched over time because oligopoly firms have no incentive to attack each other so long as they're posting 10+% gross revenue increases.  The smaller guys, on the other hand, have every incentive to do so and every customer they take from the big guys is one those big players never get.  We're a year or two away from saturation on the large players (where organic growth drops under 10%, at which point the big guys will honestly try to eat each other) but that doesn't matter; whacking 10 points off your topline margin puts any sort of cross-subsidy game in serious jeopardy.

The cloud business just had its operating margin monkey-hammered and as such any public market stock price predicated on those fat margins (never mind cost-shifting games such as Amazon plays) just went up in California-legal bongsmoke.

View this entry with comments (opens new window)

2018-01-02 18:26 by Karl Denninger
in Technology , 427 references
[Comments enabled]  

Hoh hoh it really is as bad as I thought.

At best, the vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs.

At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel's memory. Suffice to say, this is not great. The kernel's memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk, and so on. Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data.

No, at worst it means the hole could be abused to read hypervisor data, including encryption keys from other user's workspaces, since the Hypervisor by definition must be able to map all the guest address spaces.

In other words all cloud computing environments are insecure.

What's worse it looks like the root cause of this is that Intel cheated.  In other words their processors speculatively execute code in such a fashion that the actual access takes place before the privilege check is done.  This is good for performance but horrible for security in that it apparently can be leveraged to allow the reading of anything accessible from the hypervisor -- in other words, any other client's data.

This is a really big deal folks.  I've heard rumblings of a severe Xen problem (a common hypervisor) for a while now -- several months of relatively loud rumbling, starting with some little chirping about a year ago and change.  If this is the issue and is embedded in the architecture of the CPUs involved in modern systems then any cloud-based system will be forced to use the mitigation code which will slow it down dramatically.

Incidentally "not doing that" turns a "one machine cycle for one instruction" thing into, in many cases, a couple hundred machine cycles.  It's that bad and properly "fixed" via code workaround the performance bite will be taken on every system call.

The economic impact of this renders most so-called "cloud computing" arguments moot since we're talking performance hits of 30% or more for many common workloads -- especially those that make a lot of kernel calls!

You can bet the so-called "analysts" won't pay a bit of attention to this -- but they damn well should.  The "correct answer" is change all the CPUs to ones without this flaw -- RIGHT NOW -- but I'm sure you can figure out how happy some CIO (or CEO, or investors) will be to hear that.  The other answer is "buy 30%+ more CPUs to cover the performance deficit", which I'm sure will produce exactly the same sort of howl and should produce the same sort of hit to stock prices.

It probably won't, but it damn well should.

Then there's this -- it appears AMD's processors are not subject to this problem -- and it's been strongly hinted at by AMD that this is because they don't speculatively start execution of an instruction before determining whether it will result in a page fault.  A common complaint is that AMD's chips are somewhat slower than Intel's for "equivalent" clock speed and capability (generation, etc.)  Is the reason they were slower that Intel knowingly cheated and, if so, what implication does that have across the computing universe, especially in places where security is considered important like, oh, pretty-much everywhere?

View this entry with comments (opens new window)

2018-01-02 07:00 by Karl Denninger
in Technology , 289 references
[Comments enabled]  

As I have long maintained in the computing world unless you have physical control over a box and supervisory control over every single employee that has privileged access to said box you have no security whatsoever.


There will always be another bug.  Or a "misfeature", whether it arises out of hubris, incomplete security review, hurried production or malfeasance of some sort.

There is now some evidence that exactly that sort of "you're screwed" problem has been discovered that may well be a hardware issue in at least some commonly used processors in so-called "cloud" environments.

This would, if true, allow one "client" to "jump the fence" and either access someone else's memory (in other words, a different client) or, much worse, possibly get them access to the hypervisor at which point all pretense of security on said box falls to pieces. 

Please realize that any such breach is a "game over" sort of event because it allows recovery of active encryption keys and other highly-sensitive data in active use by said other customer/client.  If I can get your encryption key I can pretend to be you (bad) or simply steal all your encrypted data and decode it (maybe worse!)

The pointer to some specific discussions on this point was sent to me by a reader -- and perusing through it, and where that led me, leads me to believe this is quite real and a handful of people are extremely worried -- not only about it but about keeping it real quiet.

The question is whether that's an attempt to forestall "bad guys" from using it or customers of some of the biggest cloud providers from discovering that it can impact them and fleeing.

Given where this looks like it's aimed and heading my money is on the latter.


View this entry with comments (opens new window)

2017-12-30 16:53 by Karl Denninger
in Technology , 384 references
[Comments enabled]  

Done being a "fanboy" yet?  No?  You must like getting ripped off.

Hiding something you know is defective in a manner that will cause people to think their device should be replaced with a newer one, instead of either having it fixed under warranty or performing a relatively inexpensive repair, is outrageous.

Apple is being sued on this basis alleging consumer fraud, and IMHO rightly so.

Make no mistake -- Apple only came clean after being caught.  They didn't tell anyone up front, they didn't disclose the presence of the software change they made in anything like release notes that accompanied the new code, nothing.

They in fact said nothing despite people noting a problem until they were caught by irrefutable evidence that was presented to the public by a customer, and only then did they come clean as to what they did.

That is evidence of bad faith and intentional misconduct and I hope the plaintiffs shove it so far up Cook's and Apple's ass that they can taste it.

That was not a mistake.  It was in fact just the latest manifestation of what Apple as a company is -- an extractive firm that has managed to create a religious cult of fervent grape Kool-Aid drinkers among Americans who parade around like they've got some part of God in their pockets and thus are blessed.

The truth does not matter to any of those fanbois however, nearly all of whom will keep buying their crap despite now having hard evidence that they've been intentionally screwed.

Nor does it matter to Jeff "**********" Sessions or the FTC, both of whom should have come in and nailed the executives of Apple to the ****ing wall ten seconds after this deception was disclosed, for the company has without question profited to the tune of billions of dollars as a result of it.

No, instead of the government doing its job and kneecapping people who pull that sort of crap we have private litigation, which I hope bears fruit.

But heh, just like when your local hospital ass-rams you to within an inch of your physical life (and beyond your financial life) not one ******n finger is lifted by the criminal justice system in this country despite there being clear and in fact admitted evidence of intentional concealment.

For those who care (that seems to be basically nobody) there is a proper way to handle lithium chemistry batteries and their charging requirements. 

It's not very complicated either -- in fact, it's far simpler to charge these than NiMH cells, as those are quite-tricky to determine when they're actually full.  With lithium chemistry batteries it's easy:

1. If the voltage has been allowed to drop under 3.0v (the device should prevent this by turning off before that level is reached) then charge at 1/10c maximum (for a 3,000mah battery this means no more than 300mah) until the battery reaches 3.0v.  Display a warning to the user if this occurs that the cell may be permanently damaged in capacity due to abusive over-discharge.  This is extremely important because an over-discharged cell may be shorted and if you hit it with high current it may burst.  If the voltage does not rise to 3.0V in a reasonable amount of time (a half-hour or so) or if during this phase temperature rises to over 100F then call the battery dead (because it is) and refuse to charge it until manually informed that it has been changed.

2. Charge at up to 0.7c (you can go up to 1.0C if you've got good thermal monitoring) until the voltage on the cell reaches 4.2V.  For a fully discharged cell this will take about an hour.  The battery will be somewhere between 60-80% charged at this point depending on the rate at which you stuffed power in and how hot it is.  Do not permit continued charging over a cell temperature of 100F; if that temperature is reached stop the charge until the temperature falls back.  This should not happen unless the ambient temps are quite high.  If the CPU temperature is not elevated but the battery gets hot and this happens more than once sequentially display a warning to the user that the battery may be damaged and dangerous to continue to use (it may be partially shorted internally, to be specific.)  At the termination of this phase display a message to the user that rapid charging has ceased so if the user wishes to unplug they can do so; there is no harm in partially charging lithium batteries and in fact their life is extended by not going fully through the next (saturation) charge phase!

3. At 4.2V switch to constant-voltage charge at 4.2V and continue until the current drops to between 0.1 and 0.03C (for a 3,000mah battery, this means between 100 and 300ma.)  Split the difference if you'd like (e.g. 150ma.)  This will take about another 90 minutes to two hours.  If cell temperature goes over 100F, terminate the charge until it drops under.  Heating is normal during this part of the charge and thus if ambient temperatures are elevated it should be expected that the cell will get warm.  Again, unless the CPU temperature is elevated the cell should not go over 100F however (that is, unless ambient temps are high.)  When the cut-off current is reached the cell is full.

Further, the manufacturer should offer an option to the user to terminate the charge entirely at 80-85%.  Why?  Because doing so materially extends the number of cycles the battery will survive -- that is, how long it will last.

Why doesn't any cellphone manufacturer I'm aware of, including Apple, use this profile?

Because it takes three hours to charge the battery this way (that is, properly) and that assumes you have a charger with enough current delivery to run phase 2 at full potential.  If you don't then it may take four or more hours for a full charge.  It also requires on a technical level accurate instrumentation both at the charger circuit output (for voltage and current) and at the input to the voltage regulator for the phone's circuits (so the charging circuit can subtract back out the energy consumed by the phone if it's "on" when being charged and thus knows actual charge rate going into the battery.)

People are lazy and demand "right now", in short.

Charging beyond 4.2V without tapering the current does fairly severe damage to the cycle life (the number of times you can charge and discharge the battery before it loses enough capacity to******you off.)  Charging materially beyond 4.3V is dangerous and can cause gas pressure development in the cell, which causes it to bulge and can cause the cell to burst.  Continuing to charge beyond the point where the cell is "full" can plate lithium metal and cause internal shorts, which then lead to the potential for fires.

The answer to quickly-trashed batteries is for manufacturers to stop abusing them and for customers to demand that a proper charge profile be used for them, understanding that this means you cannot fully charge such a cell in an hour.

View this entry with comments (opens new window)