The Market Ticker
Commentary on The Capital Markets- Category [Technology]
Logging in or registering will improve your experience here
Main Navigation
Full-Text Search & Archives

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2019-08-23 07:25 by Karl Denninger
in Technology , 74 references
[Comments enabled]  

I'm stunned, I tell you....

Unfortunately, the Fourth Estate has recently allowed misinformation about Section 230 to spread, which is especially regrettable given that falsehoods about Section 230 are already ubiquitous.

The most recent example of such misinformation is an op-ed in The Wall Street Journal by the conservative commentator and Prager University founder Dennis Prager. The first falsehood appears in the subhed: “Big tech companies enjoy legal immunity premised on the assumption they’ll respect free speech.”

This is not true. Congress did not pass Section 230 on the understanding that Internet companies would engage in minimal moderation and “respect free speech.”

CATO is correct.

I was an Internet CEO in 1996 -- I ran MCSNet of Chicago, one of the first firms in the area (second by a day, factually) to sell Internet access to consumers.  We also had a lively business connection aspect, as well as one of the first virtual web-hosting offerings.

In other words I was one of the people who really made what you have and do today happen.

I was also, as a consequence, in the middle of the debate on the Communications Decency Act -- and Section 230.

Prior to that ISPs had only case law to shield them.  It was pretty good law, in the general sense; the seminal case was called Cubby .v. CompuServe, which turned on exactly this issue -- whether CompuServe could be held liable because it failed to restrict speech.

The holding at the time was that retroactive moderation, or the failure thereof, did not give rise to derivative liability.  Left open was the question about prospective moderation -- that is what is commonly known as editorial review.  This is the process that an editor in a newspaper uses, for example: Only that which is actively approved passes.  This was left open to a circumstance-by-circumstance evaluation.

Cubby shielded providers who either did or did not retroactively moderate.  In other words if you had an open forum and either decided to or decided not to, after someone posted, take something down other than on the clear presentation of evidence of wrongdoing such as a copyright claim, you were immune from liability.  If you were presented such a claim at the point of actual knowledge there was risk of liability -- but not before.

This is distinct from the speaker being liable.  That is, the person who actually posted the material was (and remains today) responsible for it.

Section 230 changed all that.  Under Section 230 the operator of the system is not responsible -- period.

It does not matter if they censor.

It does not matter when they censor (before or after the fact.)

It does not matter irrespective of what the material is, including that which normally has the highest First Amendment protections (e.g. political speech.)

The only remaining exceptions that have been broadly found under Section 230 is if you edit (that is, change, not remove or refuse to remove) someone else's speech -- that makes it your speech, not the users -- or if the material is illegal and complicity can be shown in that regard (e.g. hosting child porn where you either know or have reason to know it's there.)

It also leaves in place Copyright suits.  However, the DMCA dealt with that separately provided the operator of the site again (1) is not the original poster and (2) conforms with specific requirements of the DMCA, including taking down claimed violations on a commercially-reasonable basis.

Note that under the law there is no differentiation between a "platform" and not.  It's similar to journalism in that journalism is an activity, not a person.  Anyone engaged in journalism, whether for profit or not, whether their usual means of making a living or not is a journalist at that particular point in time.

I had at the time of Section 230's debate and passage serious concerns over the law as written.  But the current range of censorship and such on the Internet today isn't so much about Section 230 or not, it is about the collusive nature of said censorship and concentration of market power.

It's not the banhammer -- it's that the providers collude to collectively deny basic infrastructure purchases by those they dislike, effectively forbidding them from going somewhere else.  This is exactly what happened with 8Chan recently and many others over the last few years.

That's illegal under 15 USC Chapter 1 and worse for those who engage in this sort of collusive behavior that's not a civil matter either, it's a criminal felony carrying 10 years in the slam-slam per incident and it is applicable to everyone involved from CEOs on down.

But heh -- today nobody goes to jail for violating anti-trust law.  Not in the medical field, not in the pharmaceutical field and certainly not in the social media field.

Every one of these people should go to prison -- right now.  But this is not a failure of enforcement of Section 230; rather, it is a failure to enforce 15 USC Chapter 1 as written, with so-called "interpretations" that have unlawfully given a pass to break felony criminal laws on the books for more than 100 years not only in the technology field but in the medical and pharmaceutical fields as well.

There are relatively-simple remedies for this, along with prison sentences for the current violators of which there are many apparent ones, all of whom ought to be facing indictments right here and now.  We need no new law; the existing 100+ year old anti-trust law is plenty sufficient to send many of these firms CEOs and other executives to prison for a decade and ruin their firms with billions -- or even tens of billions in fines since violations are good for $100m each.

Among more-permanent structural remedies are classifying "unbranded" utility-style services as those forbidden to discriminate for or against like kind and quantity buyers.  These would be DNS providers, cloud hosting services, anyone offering colocation services irrespective of their specific type of primary business, CDNs (including those that work to prevent DDOS attacks from working such as Cloudflare, etc.), circuit providers (e.g. telcos, fiber companies, etc), payment processors and aggregating firms irrespective of whether they're in the "fintech" or "traditional" money handling businesses and meet-point operators.

PS: Want someone on air to talk about this was actually there at the time as CEO and won't BS you?  You know how to find me..... 

View this entry with comments (opens new window)

2019-08-05 10:03 by Karl Denninger
in Technology , 214 references
[Comments enabled]  

I'm literally speechless reading this.

Unfortunately, this is not an isolated incident. Nearly the same thing happened on 8chan before the terror attack in Christchurch, New Zealand. The El Paso shooter specifically referenced the Christchurch incident and appears to have been inspired by the largely unmoderated discussions on 8chan which glorified the previous massacre. In a separate tragedy, the suspected killer in the Poway, California synagogue shooting also posted a hate-filled “open letter” on 8chan. 8chan has repeatedly proven itself to be a cesspool of hate.

8chan is among the more than 19 million Internet properties that use Cloudflare's service. We just sent notice that we are terminating 8chan as a customer effective at midnight tonight Pacific Time. The rationale is simple: they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit.


We reluctantly tolerate content that we find reprehensible, but we draw the line at platforms that have demonstrated they directly inspire tragic events and are lawless by design. 


Cloudflare's mission is to help build a better Internet. At some level firing 8chan as a customer is easy. They are uniquely lawless and that lawlessness has contributed to multiple horrific tragedies. Enough is enough.

In other words despite the fact that publishing a manifesto is not illegal in the United States and the site in question is based in the United States, despite the fact that "hate speech" is protected by the First Amendment according to the Supreme Court (multiple decisions on same have been rendered) and despite the fact that as a platform there is no mandate to proactively moderate content these folks have declared this specific site, and others, to be "lawless."

But the fact is that they're not lawless.  They in fact are fully within the boundaries of the law.

Nobody has alleged that 8Chan, or Daily Stormer, has refused legal process or tried to evade it.  Indeed, in order to avail yourself of the protections under Section 230 you can't evade it and you must publish, in a Library of Congress mandated format, contact information and act on take down notices in a reasonably-expeditious fashion.  If you don't you can get tagged for liability, and in the case of something like this, that liability could be criminal.

In other words what Cloudflare has done is declare what the law is on their own as a corporation.  They have declared multiple web properties lawless when in fact they are not.  That's knowingly false, it's actionable and it's the action of a firm that by its own statements claims market power standing alone, along with going even further and claiming to be efforting to work with others in collusion to effectuate and enhance that market power and enforce its corporate viewpoint upon others.

I remind you that 15 USC Chapter 1 makes any such attempt to monopolize or restrain trade, especially when it infringes on a Constitutionally-guaranteed protection, felonious.  It does not matter if you succeed; the mere attempt is a criminal felony.

Yet in today's world everything is, indeed, backward.  Those calling other people "lawless" appear, on their face, to arguably be engaged in collusive action intended to violate Constitutional rights, despite claiming otherwise.  Indeed, Cloudflare admits they have no ability to set actual laws, yet they wish to dance on the head of a pin -- on the one hand claiming the common business right to "refuse service to anyone" and at the same time claiming to be directly involved in trying to change the political landscape to what they want it to be.

Corporations do not have the ability to vote for a very good reason.  And hate, whether online or otherwise, is a serious issue.  However, hate speech is not illegal nor can any legitimate government make it so as hate speech is really nothing more than an extension of hate thought, which is exactly where this goes next: Into the gulag you go if you don't agree with a position that some political leader adopts.

They're doing that right now in China, but China is hardly the first nor shall it be the last.  Stalin "purged" a huge number of people because..... they disagreed with him.  Hitler murdered 6 million Jews because.... he disagreed with them.  Right now, today, you can be criminally punished in some nations for using a pronoun that someone finds disagreeable yet is factually accurate.  We had a declared candidate for President in the present cycle (he has since withdrawn for lack of support) who threatened to nuke anyone who opposed his gun control proposals.  We have an active candidate who threw 1,500 people in prison for a crime she herself committed and has admitted to (consumption of marijuana) and she laughed about it on national television.  We have a cadre of media organizations who have tried to cover that up and a government office that has conspired with them to remove those arrest statistical records from easy, public view.  We have another batch of candidates (Democrats) who have all promised to violate the Constitution, intentionally, upon election in multiple forms and fashions, including but not limited to the right to keep and bear arms.  And we have corporate media who have engaged in the most-outrageous of hate speech themselves.

These are dangerous times, but the real debate here ought not be over "hate speech", which virtually everyone finds reprehensible -- but nonetheless protected under the 1st Amendment.  The debate ought to be over the real lawless entities -- those business firms that think they have a right to intrude into setting political policy, to conspire with others to take opposing viewpoints and remove them from the public, to monopolize huge swaths of our economy in direct contravention of 100+ year old law and to lie, intentionally, with impunity.

View this entry with comments (opens new window)

2019-07-30 07:00 by Karl Denninger
in Technology , 275 references
[Comments enabled]  

Oh here we are....

Capital One Financial Corp. said data from about 100 million people in the U.S. was illegally accessed after prosecutors accused a Seattle woman identified by Inc. as one of its former cloud service employees of breaking into the bank’s server.

While the complaint doesn’t identify the cloud provider that stored the allegedly stolen data, the charging papers mention information stored in S3, a reference to Simple Storage Service, Amazon Web Services’ popular data storage software.


There you have it.  The bank had data that was highly confidential and let another company with thousands of people who could access it, none of whom the bank knew by name or could vet, have said data by intentionally putting it on that other firm's computer systems in the name of "cloud computing."

One of those people did allegedly access and steal it.  It doesn't matter how they did so; the fact that the data was there provided the "honeypot" and a large base of people who knew it was there instead of said data being on your own corporate infrastructure behind access controls that you, and only you, are responsible for.

Gee, how dumb are you?

How many times have I pointed this out?  Dozens.  Has anyone given a crap?  Not so far!  Did Amazon see its stock price (which is all a consequence of AWS having the only reasonable profit margin among its business interests) instantly collapse by 90%?  Nope.  Why not?  Because you're stupid.

Once you use a "cloud provider" it's not your data anymore despite your claims otherwise.  The data is, in fact, accessible by anyone who has administrative access at the cloud company and they don't work for you nor can you vet them.  Further, those people working there now know the data is there which gives them a big fat "target list" to take a crack at.  Those people with that knowledge and at least some expertise in getting in, including perhaps even direct credentialed access through ordinary administrative procedures number in the thousands at large firms like Amazon or Microsoft if not tens of thousands and you not only can you as the "customer" not vet them you have no idea who the hell they are.  Some of them probably aren't even American citizens! H1b (not this time, but you can bet in general) for the win!

[[Update 7/30 6:50 AM: It appears that the person who did the "hacking" not only was employed by Spamazon the individual claims to be here in the US illegally.  So how'd they get the job?  Spamazon, for its part, disclaims responsibility and says "it wasn't hacked."  Disclaim whatever you want Amazon; the fact is the data was on your box and was stolen by what appears to be an ex Amazon employee.  Such a wonderful job of vetting you do eh, never mind all the SJW/insanity connections allegedly present with this individual too.]]

Congratulations Capital Zero, 100 million records stolen because you were ****ing stupid and put saving a buck in front of data security.  This should be treated by banking regulators as criminal negligence; ditto for any other firm that has its data stolen after employing such a "cloud" environment where there was any expectation of privacy or protection of said data.

This is why you don't use cloud computing for anything you give a crap about and has to be kept secure.


**** you Corporate America who have "rushed" to this for the sole purpose of trying to "save a buck" and **** all the media companies who should have smashed these firms -- including most-specifically Spamazon and Microsuck, years ago for exactly this reason.  You bought into this bullcrap and deserve to be asset-stripped to your underwear for doing so.

Never mind the government and anything it has put into these systems.

I've been screaming about this for years.

Unless you own the computer in your building and you have vetted every single person who can get into said machine either administratively or physically and who understands the configuration thereof the data is no longer under your control and you cannot claim it is -- not legally, ethically or otherwise.  Period.

Welcome to Hell; you bought the ticket, now enjoy the ride *******s.

Many more are right behind you.

View this entry with comments (opens new window)

2018-12-03 09:43 by Karl Denninger
in Technology , 233 references
[Comments enabled]  

Someone -- or more like a few someones -- have screwed the pooch.

IPv6, which is the "new" generation of Internet protocol, is an undeniable good thing.  Among other things it almost-certainly resolves any issues about address exhaustion, since it's a 128 bit space, with 64 bits being "local" and the other 64 bits (by convention, but not necessity) being "global."

This literally collapses the routing table for the Internet to "one entry per internet provider" in terms of address space, which is an undeniable good thing.

However, this presumes it all works as designed. And it's not.

About a month ago there began an intermittent issue where connections over IPv6, but not IPv4, to the same place would often wind up extremely slow or time out entirely.  My first-blush belief was that I had uncovered a bug somewhere in the routing stack of my gateway or local gear, and I spent quite a bit of time chasing that premise.  I got nowhere.

The issue was persistent with both Windows 10 and Unix clients -- and indeed, also with Android phones.  That's three operating systems of varying vintages and patch levels.  Hmmmm.....

Having more or less eliminated that I thought perhaps my ISP at home was responsible -- Cox.

But then, just today, I ran into the exact same connection lockup on ToS's "Trader TV" streaming video while on XFinity in Michigan.  Different provider, different brand cable modem, different brand and model of WiFi gateway.


Now I'm starting to think there's something else afoot -- maybe some intentional pollution in the ICMP space, along with inadequate (or no!) filtering in the provider space and inter-provider space to control malicious nonsense.

See, IPv6 requires a whole host of ICMP messages that flow between points in the normal course of operation.  Filter them all out at your gateway and bad things happen --- like terrible performance, or worse, no addressing at all.  But one has to wonder whether the ISP folks have appropriately filtered their networks at the edges to prevent malicious injection of these frames from hackers.

If not you could quite-easily "target" exchange points and routers inside an ISP infrastructure and severely constrict the pipes on an intermittent and damn hard to isolate basis.  

Which, incidentally, matches exactly the behavior I've been seeing.

I can't prove this is what's going on because I have no means to see "inside" a provider's network and the frames in question don't appear to be getting all the way to my end on either end.  But the lockups that it produces, specifically on ToS' "Trader TV", are nasty -- you not only lose the video but if you try to close and re-open the stream you lose the entire application streaming data feed too and are forced to go to the OS, kill the process and restart it.

The latter behavior may be a Windows 10 thing, as when I run into this on my Unix machines it tends to produce an aborted connection eventually, and my software retries that and recovers.  Slowly.

In any event on IPv4 it never happens, but then again IPv4 doesn't use ICMP for the sort of control functionality that IPv6 does.  One therefore has to wonder..... is there a little global game going on here and there that amounts to moderately low-level harassment in the ISP infrastructure -- but which has as its root a lack of appropriate edge-level -- and interchange level -- filtering to prevent it?

Years ago ports 138 and 139 were abused mightily to hack into people's Windows machines, since SMB and Netbios run on them and the original protocol -- which, incidentally, even modern Windows machines will answer to unless turned off -- were notoriously insecure.  Microsoft, for its part, dumped a deuce in the upper tank on this in that turning off V1 will also turn off the "network browse" functionality, which they never reimplemented "cleanly" on V2 and V3 (which are both more-secure.)  Thus many home users and more than a few business ones have it on because it's nice to be able to "see" resources like file storage in a "browser" format.

But in turn nearly all consumer ISPs block those ports from end users because if they're open it can be trivially easy to break into user's computers.

One has to wonder -- is something similar in the IPv6 space going on now, but instead of stealing things the outcome is basically harassment and severe degradation of performance?


View this entry with comments (opens new window)

2018-06-06 16:23 by Karl Denninger
in Technology , 103 references
[Comments enabled]  

Nope, nope and nope.

Quick demo of the lock support in the HomeDaemon-MCP app including immediate notification of all changes (and why/how) along with a demonstration of the 100% effective prevention of the so-called Z-Shave hack from working.

Simply put it is entirely under the controller's choice whether it permits high-power keying for S0 nodes.  For those controllers that have no batteries and no detachable RF stick, which is a design choice, there's not a lot of option.

But for those who follow best practice that has been in place since the very first Z-Wave networks you're 100% immune to this attack unless you insist and intentionally shut off the protection -- even in a world where S2 adoption becomes commonplace (which certainly isn't today but will become more-so over time.)

HomeDaemon-MCP is available for the entity that wishes to make a huge dent in the market with a highly-secure, very fast and fully-capable automation, security and monitoring appliance, whether for embedded sale (e.g. in the homebuilding industry) or as a stand-alone offering.  Look to the right and email me for more information.

View this entry with comments (opens new window)