Sunday, August 07, 2005

When should we start being really scared?

As an non-economist, when should we start being scared?

1) We have a household savings rate of 0%.

2) Huge deficits in both current account and government, to the tune of several hundred billion a year.

3) A spookily-flat yield curve (my bank will loan me at <6% for 30 years, but will borrow from me at ~3.8% for just 9 months!), which says that some huge amount of long term money is amazingly optimistic.

4) A real-estate market in areas that is so horribly bubbled that tax-adjusted interest, property tax, and HOA/maintinence is vastly more (30%+) than rent.

5) and a government in total denial.

When should us normals start being really, REALLY scared? As Kent Brockman asks on the Simpsons: "Is now the time to panic?"

Thursday, July 28, 2005

Simple Little Delay-Line Hack...

People have proposed requiring the client system to do work as a way of limiting/mitigating DOS attacks, and others have countered that it isn't fair to small devices (eg, phones) as there may be 1-3 orders of magnitude difference in computing power between clients. Thus a followon proposal is many schemes which just force a client to WAIT when the server is under load. I've heard of some rather complicated schemes to do so.

There is a VERY easy way to do this, however:

The server, on startup, creates a random key.

When it gets a request from a client, and it wants the client to wait, it sends back a message saying "Wait x seconds + resend with this cookie". The cookie being E(K, time its allowed, IP). Now the client waits and resends the request with the cookie.

Voila, the clients wait for the specificed time, without the server having to store any per-client state or worry about any delay queue being filled. It requires only ONE encryption operation to create and one to verify, which on a modern CPU is only about a few hundred clock cycles.

So if your DOS-mitigation technique involves having new clients wait, this is all you need.

Wednesday, July 13, 2005

Passive Resistance to Stupid Security

I have a great dislike for stupid security. Airline security in particular ticks me off. It's stupid. ID checks, pointless inspections of shoes, a complete ban on such deadly items as a pair of pliers...

At the same time, they don't screen the ground crews and maintenance staff, who can (and HAVE) smuggled a gun aboard the plane, shot the air crew, and caused a fatal crash killing everyone aboard. And if you print your ticket at home, you can easily eliminate the "flag me" text if you got unlucky and it says 'screen this person'. Or heck, change your name.

So I've been engaging in a minor campaign of passive resistance.

I have my driver's liscence or passport when I travel. But I don't show that anymore. Instead, I use my Lawrence Berkeley Lab ID card. It even says "Guest" on it in my job function. It IS official, issued by a US government lab. It even says so on the back, "Property of the US Government" etc etc etc. And it has a nice Department of Energy logo in the corner.

But the key is that it looks official. Airline desks, airport security, etc. I've used it at least a dozen times now, and I've only been challanged on it once. I would have fought the challenge (it IS a government issued ID), but it was a tight connection so I didn't want to play my normal games.

Now all I need to do is make up something that just LOOKS official. It just needs to have my picture, a good logo, and be printed on thick plastic. I'm thinking "Department of Bonehead Security", with an eagle bonking itself on the head to create the stars around it. Anyone challanges it, yeah, I'd whip out the driver's liscence. But until then, I'll have the nice plastic card.

Likewise, I hate taking off my shoes. I wear shoes with no metal. If the TIA guy says "I recommend you take off the shoes", I ask if I HAVE to. Sometimes the response is "if the metal detector goes off, you will get secondary screening". Fair enough: far too many shoes have metal shanks, and getting those people to take their shoes off removes a huge host of pointless false-positives. Sometimes its "We'll screen you, period". If anything, saying my low-cut hiking shoes are "too chunky". But the screeners have even objected to Tivas, so its obviously whatever the particular guy feels that day.

The other half of the time, no buzz, but secondary screening anyway. And you learn alot. Both times, they did NOT X-ray my shoes. Neither time did the TIA guy at the secondary screening know WHY I was screened. One time they wanded my wallet, the other time I simply held it out and it NEVER got wanded. The walkthrough detectors aren't sensitive enough to detect my cardkeys, but the wands are.

Both times, the TIA agent ordering the screening wasn't interested in security. If they were, they would tell the other agent why I was being screened instead of just sending me over to wait in another spot for the dude with the want. Rather, secondary screening is a punishment for questioning stupid rules. But hey, if I'm not in a hurry, its wasting their time, not mine.

All in all, airline security is a general exercise in silly security theater. But at least you can have fun with it.

Sunday, June 19, 2005

Coming Soon...

The disadvantage of doing a content-only blog, or attempting one, is that content CREATION is vastly harder than content referencing, especially when one has a day job.

Nevertheless, there are some upcoming rants/topics that I plan on pursuing in the near term. This is a preview.

"Stupid VM Tricks", or why you should hold off on infrastructure upgrades. How to leverage upcomming VM-friendly x86s and open-source software to build Windows networks with quick recovery, built in security primitives, ease of managemement, and easy patch rollout and rollback.

"Stupid VLAN Tricks", or why you should make sure that your switches are VLAN capable. The use of VLANs as sophisticated management and response tools for intrusion response and prevention.

"Home Users and Worm Defense". The one page of recommendations for home users to make their systems more secure.

"Consumer-Grade High-Tech Weapons". We have seen "consumer-grade" (cheap, plentiful) weapons (AK47, RPG) in the hands of our enemies. Might there be high-tech consumer-grade weapons? What might they look like?

"Attacking Document Collaboration". What changes should be made easy to use in Word/Word Perfect to prevent some pretty insidious attacks during contract creation/other collaboration with possibly hostile parties.

"Passive Resistance to Stupid Security". So much 'security' these days is ridiculous theater. ID checks and a fair amount of the airport security screening process is one of them. I'll describe some experiments in very simple, by the book passive resistance against these stupidities.

Monday, June 06, 2005

Should We Close Reagan National Airport?

Matthew Dodd over at SFTT comments that a proposed policy allowing "private" planes to fly into Reagan National Airport represents another instance of Politics over Security.

I actually take an even more extreme view: I don't believe Reagan National should be open for ANY nongovernmental/nonmilitary flights.

The reopening of Reagan national to even commercial flights was a triumph of convenience over security: I guess senators didn't want to take a taxi from Dullis. The addition of "private" flights (read this as King Airs, Gulfstream IVs and Boeing Business Jets belonging to political contributors, not random Cessnas) is just an additional example.

My worry is not another hijacking to use a plane as a weapon, but an accidental (or ?faked?) deviation in flight which would cause the air defense systems around the White House and Pentagon to fire on a civilian airliner.

The landing aircraft pass so close to the White House that a quick-response air defense system must be in place to prevent a plane on final approach from being used against either the White House or the Pentagon. A flight deviation at the wrong time and some poor soldier is either going to have to shoot immediately or explain how he allowed a 737 to crash into the West Wing. Thus the air defense must be on a hair trigger during certain stages of a plane's approach. Mistakes can happen. And there could always be bug in the missile battery.

Yet imagine the disaster if the US military mistakenly shot down a civilian plane over Washington. Have the Iranians forgiven the US for the USS Vincennes shooting down Iran Air flight 655 back in 1988? Have the South Koreans ever really forgiven the Russians for Korean Air flight 007?

Lets say that an accident would be a One in a Million event for a given flight. With 800 commercial flights a day, that would be a 25% chance every year (1 - (1 - 1/1000000) ^(800 * 365)). Even if odds were 1 in a hundred million, thats still a .2% chance each year. Not wonderful odds, simply due to the sheer number of flights.

Combine both the non-negligible probability of such a disaster (there was at least one "near miss" with Kentucky Governor Ernie Fletcher's plane) with its impact, as well as the still existing possibility of a deliberate crash, and keeping Reagan National open becomes exhibit A in how security takes a back seat to the personal convenience of those running this country.

Monday, May 09, 2005

So What Will Happen To Real Estate?

So what is my prediction? After all, I'm deliberately staying out of the real estate market, so why am I making this decision. The first question is how are people able to buy at all, with prices so high? With the example 2 bedroom condo requiring over $3000 a month in cash flow, and over $2200 a month in tax-neutral cashflow, how can anyone afford anything?

Of course, people aren't paying quite this much. The buyer of a house looks at the monthly cost more than the total value, and the monthly cost is greatly reduced through the use of adjustible rate mortages, especially ones with interest-only or negative amortization. And the statistics are showing that these have become increasingly popular. Yet even with those options its not a good deal to buy: at 3.5%, the tax neutral nonsavings is still no cheaper than renting.

And these mortgage carry a price: uncertainty. If interest rates on the ARM jump from 3.5% to 4.5%, thats an extra $200 in tax-neutral cost per month for my example. And long-term interest rates are unnaturally, incredibly depressed: Roubini and Setzer argue that interest rates are artificially lowered by 200 basis points, 2%, because of asian central bank currency intervention. So if George Bush gets his way and China floats its currency, say hello to a large interest rate jump.

Assuming Roubini and Setzer (and numerous others) are correct, and that the currency situation can't last forever, or something else will cause interest rates to rise, why get an ARM? If you are going to sell in 2-3 years an ARM is the way to go as the long term uncertanty isn't significant for a short-term loan. But this is the classic bubble assumption: prices keep going up (and it has to go up at least 6% to cover transaction costs when selling). Otherwise, to reduce payments for a longer time, its a huge gamble: If interest rates go up to 6%, its tied, and beynd that, its a catastrophe. Given long term interest rates so historically low, why take the risk?

Whats worse is that people are using these alternate mortgages in order to afford a house at all. If someone is squeeking by, leasing their car and with an ARM on their house, leveraged to the hilt, what happens if interest rates jump? If the economy goes south? There is now a huge number of people with no margin for error.

So what is my prediction: Well, interest rates are going to go up a little and the market will freeze: Buyers will stop buying as their monthly costs go up, but sellers won't lower their price. Taking my example, to have the same tax-neutral cost/month, a rise in interest rates from 6% to 8% requires a drop from $450,000 to $395,000 in the sale price of the condo. So a 2% rise in interest rates in my example requires a price drop of 12%, even with buyers willing to spend the same amount as they currently are.

Now a flat market for a few years would be a nice, best-possible hypothesis. But I worry that the soft scenario won't happen. Rather, what I believe will happen is that after a year or two of freeze, with interest rates going up (and the economy shrinks as the refinanced-driven spending disappears), is that the crisis will hit: some small number of people will be forced to sell, yet buyers will be unwilling to pay more per month than they currently are. With a drop of 10% or more, this might end the bubble-mentality.

The worst case scenario, with a 200 basis point (2%) or more rise in interest rates, would thus be a huge collapse in price, as the bubble assumption is proved horribly false. And the collapse may be severe: Given 8% interest rates, the selling price to have rent-equivelent tax-neutral nonsavings cost for my example (observed over 4 years) would be $250,000, a nearly 45% drop in prices!

Of course, I hope (even as a non-homeowner) a tokyo-level collapse will not happen, and would be very unlikely (I hope). Yet a 15% drop seems certain, and a 30% drop would not be out of question. If prices dropped 30%, even with higher interest rates, then I'll probably buy a house: it gives a huge hedge against inflation, the value will go up if interest rates go back down, and the price won't be so obscenely out of line when compared with renting.

(note, minor edits for clarity)

Friday, May 06, 2005

Why I'm Not Buying A House..

As I've graduated, and now have a stable job and income, I'm supposed to think about buying a house, rather than continuing to pay rent. But with Bay Area home prices at dizzying levels, I have to ask whether it makes sense to buy or keep renting. Being logical, I decided to use everyone's favorite financial "what if" tool, a spreadsheet, to construct a model of the various costs.

But before I get to the spreadsheet, what are the costs? There's the obvious mortage payment, but there are also property taxes, insurance, maintenance, and homeowners association dues. There are also tax savings, both with and without AMT to consider. Rather than just one cost for ownership, I consider 3 costs: the raw cash-flow, the tax-neutral cost, and the tax-neutral nonsavings cost. The first is obvious: how big per month are the checks. The second value is the first reduced by the tax savings from deducting interest and property tax. The final, tax-neutral nonsavings, also excludes payments on principle.[1] It is the last two which are the key values: what you pay (some of which you get back as principle when you sell the house), and what you pay and don't expect to ever get back.

You would expect that the tax-neutral nonsavings cost to be less then rent. After all, you should be able to buy a dwelling, rent it out, and make at least some profit. And, assuming you have the cash and cash flow, if tax-neutral nonsavings is less than rent, you need to buy.

Unfortunatly, with the current prices, this is not the case. Lets use the real numbers. I live in the Richmond Marina Bay area (aka the Yuppie Prison Complexes). My rent is $1325/month for a 2 bedroom apartment [2]. Recently, another, almost identical complex with the same floorplans and the same construction started being converted to condominiums, at $450,000 to $480,000 for the 2-bedroom units. The only major difference is that the other complex has some fake lakes, which only serve to attract the migrating geese and the rotting fecal matter they produce.

There are a few other assumptions needed: tax rates, loan terms, insurance HOA costs and inflation. This spreadsheet assumes a very healthy income, with a 28% marginal federal tax rate, a 9.3% state tax rate, and a 1.2% property tax rate. The loan I assume as 6% fixed, 30 years, with 10% down: a good loan for the long haul. Insurance I assume as .2%, which is actually low: earthquake insurance in the area costs .3-.4% depending on coverage level. I set the HOA fees/maintenance to $250/month. Finally, I assume that both rent and HOA fees increase by 3% annually. Toss the numbers into the handy spreadsheet and out pop some terrifying numbers.

Buying instead of renting simply costs a fortune. Beyond the $3200 a month of cash flow (hello Top Ramen dinners), the tax-neutral cost is still an outrageous $2200 a month. The real shocker is the tax-neutral nonsavings cost: $1880 a month, or over $550 more than renting. That's a real loss of $550 a month, for the privilidge of owning a glorified 2 bedroom apartment (err, "condominium home"). I can buy a nice car for $550 a month. It takes 7 years of inflation (by which time I would save $34,000) before my monthly non-savings cost would be equal to rent. It would take 18 years! until the net cost is the same.

Note that I did not consider asset appreciation in this analysis. Mostly because I feel that this is a dangerous bubble, and over the next 5-10 years, prices are going to be, emm, interesting (more details in a subsequent post). But lets say I want to sell after 7 years. Prices will have to have gone up by another 13% to even break even compared to renting, considering the 6% cost of transaction when selling a house.

It simply does not make sense to buy in this housing market. With shacks in the Richmond 'hood going for $300k, I'm going to stick with renting. For others considering buying, in other markets, use the spreadsheet yourself.

[1] An important note: I do not consider asset appreciation in the model. When there is such a feeling of speculative bubble, I don't want to include speculative gains in the calculation. But I do assume, by considering the money paid to principle as savings, that the value won't drop below the down payment.

[2] Two other factors I'm also excluding: the complexes considered are in Richmond California (a truely atrocious school district) and are built on bay fill. In the event of a major earthquake, every dwelling in the area is going to be red tagged. As a renter, that just means I need to move my stuff. If I was an owner, even with insurance, its a catastrophe.

Export License Required to Log In...

The Commerce Department, in the Federal Register, has proposed some significant changes to the Export Control Rules. The changes seem subtle and arcane (a change of 'and' to 'or', changing country of citizenship to country of birth OR citizenship (whichever is more restrictive), and a couple of "clarifications"). But the implications appear huge, especially the 'and' to 'or' change. Assuming I'm reading this correctly, it sounds like whoever allows a foreign citizen to use a supercomputer (or other export controlled device) has to get an export license and approval from the federal government. And just about every remotely decent cluster qualifies. Will universities be forced to deny access to Chinese graduate students? What if someone had the misfortune to be born in Iran? Or Cuba? It's not too late to submit comments (mail to, with "RIN 0694-AD29" in the subject line), as the comment period extends until May 27th.

For export purposes, a "Supercomputer" is a system capable of 190,000 MTOPS (Million Theoretical Operations Per Second). The definition generally includes clusters of systems, not just individual computers. As the MTOPS is basically any instruction, at the maximum theoretical peak of every functional unit running as efficiently as possible, a normal computer actually scores very high. AMD conveniently publishes theses values, so a Dual Processor Opteron 248 is 15,000 MTOPS. Thus a cluster of only 13 $3000 Sun Fire v20z would be called a supercomputer and subject to US export controls. A computer lab where users can submit jobs to multiple systems simultaneously might also qualify.

Note, I initally saw this elsewhere today (I don't remember where), but I decided to actually look at the proposed rule. Yes, it is this scary.

Sunday, May 01, 2005


I figure that I'm enough of an egomaniac that I finally should start up a blog. After all, it is only academics with LARGE egos which should be blogging... This is not really very active yet, but I expect to use it in the future to post original items.

For background, my research area is computer security and computer architecture. I received my Ph. D. from UC Berkeley in the fall of 2003, and since then I've been a researcher at the International Computer Science Institute (ICSI).

This blog, however, will also include my thoughts on random topics of which I am completely unqualified as well as information on computer architecture and security topics.