The Market Ticker
Commentary on The Capital Markets- Category [Technology]
Logging in or registering will improve your experience here
Main Navigation
MUST-READ Selection(s):
So What About Kavanaugh?

Display list of topics

Sarah's Resources You Should See
Sarah's Blog Buy Sarah's Pictures
Full-Text Search & Archives
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-07-10 07:00 by Karl Denninger
in Technology , 343 references
[Comments enabled]  

And we should start with AMD:

Chinese-designed "Dhyana" x86 processors based on AMD's Zen microarchitecture are beginning to surface from Chinese chip producer Hygon. The processors come as the fruit of AMD's x86 IP licensing agreements with its China-based partners and break the decades-long stranglehold on x86 held by the triumvirate of Intel, AMD and VIA Technologies. Details are also emerging that outline how AMD has managed to stay within the boundaries of the x86 licensing agreements but still allow Chinese-controlled interests to design and sell processors based on the Zen design.

The cat's out of the bag now.  The structure of this "deal" is legally dubious at best, and it's guaranteed to buttrape Intel eventually.  This is exactly the sort of horse**** that the Chinese pull all the time, multi-level structures that look ok on the front end but result in a 100% technology transfer and then the Chinese stealing said technology wholesale, screwing the owners who aren't Chinese.

This isn't one company that does this every now and again, it is a formal policy of the Chinese government.

We need a 100% trade embargo with these **********s and we need it now.

If this crap is not stopped and everything stolen returned -- 100% of it, either in economic value or physically -- then a complete embargo of anything produced in China will be the only way American technology firms survive.

View this entry with comments (opens new window)

2018-07-07 07:00 by Karl Denninger
in Technology , 167 references
[Comments enabled]  

Gee, this was all in the T&C documents and fairly disclosed and consented to -- right?

Gmail users' private messages are sometimes read by employees at software companies, it has emerged, when the user installs certain apps and grants permission to their Google account.

Though users have to specifically agree to having their emails read when they install the apps, a report from The Wall Street Journal shows that this goes beyond software scanning the contents of email, and includes in some cases human developers reading the messages.

Of course that's clearly stated as ok and agreed to?

Why do I not think so.

Google of course loves this sort of thing, as does Facesucker.

There's never anything private in your email, right?

Tell me again about all the outrage as you buy that next "Alexa" or "Google" speaker and stick in your house where it can and does listen to absolutely everything you say.

Oh, I'm sure it will "only" be used to advertise to you.

Trust me, no company would ever lie, and if they did lie they'd be severely punished..... right?


Repeat: There is no such thing as "free".

I have my email on my own machines.  Since that's a residential connection and every retail ISP blocks that as being an email end point as do interchange carriers for spam reasons (gee, there's nothing there to investigate by the FTC, right, and what about that alleged "net neutrality" eh?) I pay $5/month to run a "cloud instance" that has a publicly-visible point for same.  Yes, it costs me $60/year.  But it's on infrastructure I control and immediately forwards to my private devices, so there is never a database of emails that can be scanned by either some allegedly "free" service nor that can be broken into said cloud provider or a hacker.  IF said email is sent encrypted then it never touches a "public" device in clear text.  Problem solved.

View this entry with comments (opens new window)

2018-06-28 20:10 by Karl Denninger
in Technology , 103 references
[Comments enabled]  

Gee, you should have found a HomeDaemon-MCP distributor -- or become the one. smiley

Swann Security has blamed a factory error for the data breach - which was brought to its attention by the BBC - and said it was a "one-off" incident.

However, last month another customer reported a similar problem saying his version of the same app had received footage from a pub's CCTV system.

Swann said it was attempting to recover the kit involved in this second case.

In the meantime, it said it had notified the UK's data privacy watchdog of both cases.

And this is why either the computer is your computer or it is someone else's computer.

There is no "cloud."

Sorry 'ya had to learn that the hard way.

Who wants the entrepreneurial opportunity to make a bunch of money on a system to do this sort of thing that does not have that issue?

Well...... right here folks.

View this entry with comments (opens new window)

This is the exact sort of scenario that HomeDaemon-MCP prevents by design.

One woman had turned on her air-conditioner, but said it then switched off without her touching it. Another said the code numbers of the digital lock at her front door changed every day and she could not figure out why. Still another told an abuse help line that she kept hearing the doorbell ring, but no one was there.

Their stories are part of a new pattern of behavior in domestic abuse cases tied to the rise of smart home technology. Internet-connected locks, speakers, thermostats, lights and cameras that have been marketed as the newest conveniences are now also being used as a means for harassment, monitoring, revenge and control.

There is no clean answer to this for anything "cloud connected" where the putative buyer retains control via some link to the purchase through said cloud connection.

The issue is even worse than a "hacker" in that the person in question doing it has the full assistance of the company that made the damn thing in harassing you or worse.

Yet a non-cloud based system, such as HomeDaemon-MCP, is utterly immune to this.

If you have administrative access you sign into the unit, change the password on the admin account (to prevent setting up another account), then change your user password.  Access to the other instances signed in is instantly revoked and so is access to everything behind HomeDaemon-MCP at the same time -- your thermostat, lights, locks and cameras.

If the person in question is the only one with the admin password and won't give it to you then it's trivially easy to take the SD card out of the unit and either reset the account that way, or if you don't know how, to ask someone to help you -- which you will only have to do once.

Having done that there's no back door way back in since there is no "cloud" to come back in through.

Try this in a typical "cloud-connected home" and you wind up having to screw with a dozen or more discrete things and if they're interconnected via the cloud then just one that's missed can let the harasser back into the rest of them!

Last night while waiting for Jurassic Park to start in the theater I was treated to a commercial for such a cloud-connected vision from a major company.  I about threw up right then and there in my seat as the obvious means by which you can be screwed with or worse were immediately and instantly apparent to me, and the "convenience" factor over the alternative of not cloud-connecting such a set of capability was virtually zero.

Again faux convenience has been sold when it actually is dumb and ought to be a matter of liability -- both from an insurance perspective and, when criminal law (e.g. harassment) is implicated as accessories before the fact as well.

Of course the latter will never be enforced against the tech giants but the former is another matter.  Insurance-related issues are real and they ought to get a lot more real.  We're already seeing some of this with cars, where the very capability I pointed out a few years ago with "no push" entry and start, which makes silent intrusion and theft of said vehicle trivially easy, is showing up in theft rates and insurance premiums.

It gets even worse if there's a microphone -- or camera -- involved.  For the latter to be "cloud-connected" is an absolute disaster as that's a flat-out spying device if abused, and the former might even be worse since interception of your conversations in your own home is probably second only to someone getting video of you walking around naked in your bathroom.

You can see how HomeDaemon-MCP prevents and mitigates these problems right here; click all the little houses on the left for each point, and why it matters to you.

Then, if you're of the entrepreneurial sort, make contact.  The package is for sale -- lock, stock and barrel -- and you can be firm that resolves these issues once and for all (making a hell of a lot of money in the process.)

View this entry with comments (opens new window)

2018-06-21 07:00 by Karl Denninger
in Technology , 119 references
[Comments enabled]  

This sort of thing never ceases to amaze me....

For the second time this month, federal prosecutors say they’ve obtained a trove of encrypted messages from one of President Trump’s former top associates. 

The relative ease with which investigators appear to have accessed the messages of Trump's longtime personal lawyer Michael Cohen highlights an often overlooked reality: encrypted apps like Signal and WhatsApp are only as secure as users choose to make them. 

Uh huh.

Let's cut the crap: They're only as insecure as the app writers choose to make possible.

Why would an app-writer choose to make it possible insecure storage of encrypted communications?

For the same reason you are dumb enough to stick a microphone in your bedroom that allegedly "does things" for you: Convenience.

It it possible to design an app that never stores an encryption key or the content of messages persistently?  Yes.  Further, Android can be told not to back up data for a given application in the manifest, which the user cannot override.

So why would you, as the writer of an allegedly "secure" application to communicate with someone, put intentional privacy-destroying "features" into your application?  Simple: "convenience".  Specifically, if the app never stores the messages or keys on a persistent basis then they're not there "later on" and further, if you are in an area without immediate and available data service you can't get to anything at all since it's not present on the device.

If you never store the messages on the device beyond the point at which the user exits the app's "in-use" state (that is, the app intentionally destroys any in-memory or on-storage copies when it is closed, exited or hidden) then they can't be retrieved as they're not there.  If they're only transported encrypted with a key generated through secure negotiation then the lifetime of said message in terms of being able to intercept it, absent a failure of the encryption itself, is limited to that of the app's instance.

But this is "inconvenient", you see.  Well, ok, "less convenient." 

Yet people are led to believe that these sorts of communications are "secure" when in fact they're not, intentionally, due to how the app is designed and works.  Rather than explain in great detail that the basis of such a claim is only to prevent interception while in transit and that no security of data on the device is either implied or, realistically provided these folks instead "market" said applications as "safer" than something like a text message.

That may be true but only in the marginal sense, and it does exactly nothing for you if your device is physically compromised or one of the people involved voluntarily turns their device over to someone.

View this entry with comments (opens new window)