Author Archives: zsalem

The Balancing Act of Online Presence

For my last post, I wanted to write an opinion piece about a person’s online presence. For the semester we’ve been writing posts about news that relates to the economy. This brought out a wide range of topics. We got to divulge our opinions and tried to argue for one case or interpretation over another. Assuming that there’s enough people out there who actually care(this is a VERY important assumption for the rest of this article), it’s tough to decide how opinionated you want to be. You might come off as a tyrant or a fool with poor writing.

Online search results can be a deeper look into someone’s life or even be first impression, and first impressions are sometimes the most important. I’d assume that all of us want different impressions for our family, friends, and professional life. So give it a try: Google your name. Do you like what you find? What would you’re parents think? Friends, boss, dare I say personal adversaries? This makes me want to compartmentalize, Facebook for friends, LinkedIn for professional life, etc. But your employer could find your Facebook, your friends can find your LinkedIn (and tease you!!). The issue with your public Internet presence (i.e. these blog posts) is that it’s hard to tailor this type of first impression since you can’t use privacy settings. Compartmentalizing your life cannot be done if it’s on the public domain.

Solution 1: Remain invisible

  • They say in this day in age that if its not online, it doesn’t exist (or its not important). The same applies for people. If you don’t like the Internet spotlight or attention for strangers, this is a good option.

Solution 2: Be adventurous!!

  • You’re always bound to upset someone if your sample size is large enough. This post really motivates this argument. The wall between acting professional and acting human is crumbling down. Think about it, people love other people who balance both these qualities over a goofball or a emotionless automaton. The fear of doing something poor written, uninteresting, or unprofessional is simply just a fear of failure. By letting go of this fear, you might be able to do some wonderful things.

As you might be able to tell, I’ve had trouble decided how loud/daring I want to be. I never wanted to tackle controversial issues like politics/religion (well I did write about Obamacare once but it was rather objective and mostly just reporting). But then I might come off as an appeaser with no spine. I’ve decided to be a little more adventurous in the future. Not mindlessly posting offensive material, but instead blogging about my experiences and showing a little personality online. This is not an overnight process by any means, but this class (and Miles Kimball) has motivated me to get out there a little more.

In addition to my closing remarks, I wanted to say that I hope to continue to improve my writing, be it through the blogosphere or anywhere else, letting go of any reservations I have of looking foolish. I surprised how well everyone else and I improved over the semester. Seriously I’ve noticed. Congrats to all of us on a job well done!

Home, (not so) Sweet Home

Today I came across an article about a drop in sales of new single family homes over March, which in turn brought down people’s expectations for the future and stocks. This was sad news as stocks were on quite a large win-streak. The WSJ reports:

Sales of new single-family homes dropped 14.5% from February to a seasonally adjusted annual rate of 384,000, the Commerce Department said Wednesday. The sales pace for January and February was revised higher. From a year earlier, new-homes sales were down 13.3%.

“New-home” implies houses that have been recently constructed. Some try to blame our harsher normal winter for slowing down construction projects, but I disagree.  “It is disappointing that new-home sales have shown little improvement since mid-2013, when mortgage rates moved above 4%,” said Omair Sharif, an economist at RBS Securities. I believe Sharif has a case for this problem persisting before winter.

This sounds awfully familiar. People have this supernatural expectation for housing prices to recover (indefinitely improve). Perhaps we are overlooking the reasons behind the housing market. Housing seems to be going through a price discovery currently. A lower number of people are finding a need to ‘settle down’ into a home. This comes from a variety of reasons.

Jobs flux

  • Jobs now require more relocation, are much less stable than they use to be. Buying a home is like stapling yourself to one area of the country. If you lose your job, finding a new one (especially one you’d like) can be very difficult.

Cultural change, notably marriage rates

  • Buying a home is expensive and most of the time someone buys a home is to raise a family. But with the marriage culture evolving in the states and home prices going up, less and less people can actually afford/desire to purchase a home.

International awareness and exploration

  • Buying a home in suburbia sounds like a cop out to exploring the world. Personally, I haven’t met anyone in my age group who didn’t like to travel. I conclude that people like to move around more than the use to. Maybe it’s gotten easier to travel or we’ve gotten a little more adventurous and open-minded. Maybe the Internet has brought us out of our local bubble and onto the world stage.

For whatever the reason, I believe buying a home isn’t registering the way it use to for Americans. While the reasons I came up with are just from my observations around me, I think I’m more or less close to the heart of the problem: lack of demand (obviously). Times have changed from post WWII, its not entirely plausible for every American to buy a home. The nuclear family is no longer a definite norm and work and non-work life alike are keeping people for staying put.

(Revised) An Alternative to SSL

In my last post I discuss the recent publicly revealed exploit in the heartbeat protocol for OpenSSL. I went over the basics of the attack and explained how using the latest and greatest technology has its pitfalls by not being heavily tested/discovered. However, I didn’t get to discuss the underlying problem: the reasons the exploit existed and affected upwards of 17 million servers on the web. I’d like to argue that it’s an overuse of the protocol in applications that don’t necessarily require it.

Some have pointed out that only 12 people worked on the latest version of the protocol, 11 of which are volunteers, four of which were inexperienced. Open source projects will usually fall behind in resource/capital when compared to proprietary projects. But proprietary projects have bugs too. Going down this blame-game road is not productive.

simple is good

SSL’s goal is to create a secure channel between a client and server and does so by keeping a private key within the online domain space (need fast connections with your users!). An implementation flaw can lead to something like the Heartbleed exploit that can steal the private information/key. In fact, many other kinds of implementation flaws could lead to a total cryptographic break under this system. So why pursue the risk when you don’t even need to? Applications such as chat rooms or dynamic online games don’t really have a choice. Michigan’s very own SPQR have proposed an alternative cryptographic algorithm. But what about applications that simply append content to an existing infrastructure? Sounds complicated, but this is exactly what happens when you post a facebook status, tweet, etc.

Notice that there is a subtle difference between securing a channel vs content. Content can be secured with an offline private key while a channel requires the online network accessible key. We’ve seen exploits that one can trick a server into revealing private information. But a Heartbleed equivalent for this alternative cryptographic protocol couldn’t be done through sockets and ports. This would require breaking and entering. A few locked doors and maybe a laser system might be enough (unless its National Treasure). An attacker would be affected by geo-location and sheer strength versus strategic bit flipping.

It’s not fair to blame open source or resource allocations because metrics show little to no difference in performance. Despite various claims regarding the efficacy of particular open or close-source development methods, we can see from the table that there is no clear winner (or loser). It’s also not far to blame individual programmers because we’re human and bound to make subtle implementation flaws every blue moon at least. The goal here is to not rely on a “one size fits all” cryptographic system, but rather use the necessary system tailored for your application.

Fed’s Stress Test Under Fire

This is my third post on the Fed’s annual stress test under Dodd-Frank. In previous posts, I’ve questioned the meaning of its announced calculation mistake and its validity/correctness of assessing banks (hey its hard to design a good test!). Today I found an article “Citigroup Received Mixed Signals On ‘Stress Test’: The Bank Thought It Had More Time to Fix Problems, but Fed Failed It Anywayin the WSJ. The New York Fed rejected a capital plan to give back more dividends to shareholders.
“The surprise move sent Citigroup stock reeling, and the bank will likely miss a key profitability goal for next year because of the rejection.” (note: rational expectations at work here)
The reason behind the rejection was that Citigroup failed a portion of the Fed stress test and didn’t make improvements soon enough. A misunderstanding between the two can be seen in this humorous metaphor: Imagine Citigroup as yourself in grade school and the Fed as your most memorable teacher then. For some personal reason/shortcoming you got a bad test grade but the teacher said you could make it up before the end of the term. But you get slighted! Your teacher doesn’t approve request (capital plan) and your parents (err.. shareholders) ground you and you can’t go to Lil’ Bob Table’s birthday party! You haven’t made enough process on that test. But I had until the end of the term, you cry!

Now back to reality. This specific misunderstanding in its detail isn’t what I’m concerned about (which I why I tried to make light of it). Rather, some are questioning the Fed stress test legitimacy. In my earlier, I found next to nothing on the opinions of the Fed Stress Test. What I did find was its “testing methodology” after digging around the site. The PDF is obscure, cryptic, and boring and all I could wonder while scrolling through was: how many people have actually read this thing?

Now we have people raising questions, maybe more people who are smart will invest the time to read it (and poke holes)!

“Do you always need to have somebody fail to make the test look strong and rigorous?” asked banking analyst Gerard Cassidy of RBC Capital Markets.

Tom Brown at Second Curve Capital, which owns Citigroup shares, said the stress-test results had damped his faith in the Fed, but not in Citigroup.

The end goal of these tests is “to convince investors that the largest banks could withstand a severe recession without government bailouts.” We don’t want to see the nation’s “to big to fail” banks fail once more. The ideas of the Fed’s annual test are good ones, but perfecting them requires time/effort from a larger community.

An Alternative to SSL

In my last post I discuss the recent publicly revealed exploit in the heartbeat protocol for OpenSSL. I went over the basics of the attack and explained how using the latest and greatest technology has its pitfalls by not being heavily tested/discovered. However, I didn’t get to discuss the underlying problem: the reasons the exploit existed and affected upwards of 17 million servers on the web. I’d like to argue that it’s an overuse of the protocol in applications that don’t necessarily require it.

Some have pointed out that only 12 people worked on the latest version of the protocol, 11 of which are volunteers, four of which were inexperienced. Open source projects will usually fall behind in resource/capital when compared to proprietary projects. But proprietary projects have bugs too. Going down this blame-game road is not productive.

SSL’s goal is to create a secure channel between a client and server and does so by keeping a private key within the online domain space (need fast connections with your users!). An implementation flaw can lead to something like the Heartbleed exploit that can steal the private information/key. In fact, many other kinds of implementation flaws could lead to a total cryptographic break under this system. So why pursue the risk when you don’t even need to? Applications such as chat rooms or dynamic online games don’t really have a choice. Michigan’s very own SPQR have proposed an alternative cryptographic algorithm. But what about applications that simply append content to an existing infrastructure? Sounds complicated, but this is exactly what happens when you post a facebook status, tweet, etc.

Notice that there is a subtle difference between securing a channel vs content. Content can be secured with an offline private key while a channel requires the online network accessible key. We’ve seen exploits that one can trick a server into revealing private information. But a Heartbleed equivalent for this alternative cryptographic protocol couldn’t be done through sockets and ports. This would require breaking and entering. A few locked doors and maybe a laser system might be enough (unless its National Treasure). An attacker would be affected by geo-location and sheer strength versus strategic bit flipping.

It’s not fair to blame open source or resource allocations because metrics show little to no difference in performance. Despite various claims regarding the efficacy of particular open or close-source development methods, we can see from the table that there is no clear winner (or loser). It’s also not far to blame individual programmers because we’re human and bound to make subtle implementation flaws every blue moon at least. The goal here is to not rely on a “one size fits all” cryptographic system, but rather use the necessary system tailored for your application.

HeartBleed

Just yesterday, a severe memory handling bug was found in all versions of OpenSSL in 1.0.1 series, dubbed heartbleed. OpenSSL is a open-source implementation of the SSL and TLS layered protocols using cryptographic algorithms with the goal to maintain confidentiality, authentication, and integrity. It is believed that half a million (or 17%) all of the Internet’s CA trusted webs servers are vulnerable to the attack.

Problem:

The OpenSSL advisory states: “A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.”

The basics of the attack can be explained rather simply. The heartbeat extensions requires the client to send a (1) buffer and (2) a size of the buffer to the server who sends back the buffer with client “heartbeat data”. However, the server doesn’t verify the size but rather just took it for granted. That means a client can trick the server into copy its data raw data into the buffer. The limit of 64k is because the size parameter is a 16 bit integer(with 2^16 = 64k).

Solution:

A patch has been released (1.0.1g) and the bug will be fixed in upcoming versions of OpenSSL.

Its important to note that Codenomicon says many large consumer sites should be safe, but sites that will likely feel the strongest impact are “smaller and more progressive services or those who have upgraded to latest and best encryption.”

Lesson Learned:

So those who were conservative and kept running older non-vulnerable versions of OpenSSL lucked out. So there is a subtle lesson here. Upgrading to the latest and greatest has its risks. Sometimes its better to bite the bullet and use a reliable version of software.

However, using obsolete software is dangerous as well. Microsoft has recently stated its ended support for Windows XP. This means that, for XP, the arms race between the code makers and code breakers is heavily one-sided. Code breakers will not be stopped by annual security patches and, as history has showed us, the OS will proven to be rather breakable.

So the its a balancing act to not be too obsolete but not too cutting edge if security and reliability are your primary concerns. Some people are fun and crazy thrill seekers and like to be on the bleeding edge of the web. All the while, others are lazy and passive enough to run passé software. Just the other day, I talked to someone at my brokerage who told me their site didn’t support Google’s Chrome browser!

Is the stock market rigged?

Just a week ago, Michael Lewis published his book Flash Boys: A Wall Street Revolt. At its core, the book argues that high frequency trading (HFT) rigs the stock market by front running ordinary orders. In addition to all the press its been getting, New York Attorney General Eric Schneiderman (who I’ve already written about twice I believe) has commented on this book as bringing light to the HFT predicament and the FBI announced their investigation into the wrongdoings of HFT.

Flash Boys does offer hope to this “rigged game”. An alternative trading model created named the “Investor’s Exchange” (IEX) offers a slowed down version of trading, so ordinary investors and high frequency traders have more or less a similar perspective on the current market condition and prices. NPR has had an interview with its creator Brad Katsuyama on more information and also a humorous explanation for the IEX abbreviation.

CNBC pitted Brad Katsuyama and Michael Lewis against Willaim O’Brien, BATS Global Markets exchange president, in a heated debate. Watching the twenty minute video, you can observe a record number of six floating heads, O’Brien playing very defensively and interrupting on multiple occasions, and the hosts promoting the book. But what really interested me outside the back and forth attacks and interrogation on Lewis’s “tour of BATS” by O’Brien, is how everyone agreed about market restructuring.

It turns out that more people than just the Slowskys(ordinary traders) support IEX. Even some high frequency trading firms such as Goldman Sachs and JPMorgan Chase have actually endorsed this exchange. (NOTE: As pointed out in the “epic debate” O’Brien points on the hypocrisy of labeling an HFT endorse good for IEX but bad for BATS).

I’m really interested to see how this plays out. Clearly, HFT as a topic has grown from skepticism to more of an uproar. A lot of trading businesses (prop shops, etc) rely on speed in their orders. If this model of an exchange grows to become a more substantial part of the market place, we’ll see a very different trading landscape.

But, what I REALLY like about this idea was also pointed out in CNBC’s debate. This isn’t regulation against HFT as some against the practice have proposed. This is the free market operation of coming up with an alternative and allowing free agents (all of us) to decide if we like it or not. If demand increases, more IEX modeled exchanges will open up and evolve the way big fish or small do trading.

Who made Bitcoin?

In class, we’ve discussed the Fed and its position as the central bank of the US. Central banks can regulate currency and its value by simply producing more of it. To introduce this newly created money to the public, this central authority bank ends up purchasing financial assets or offers the money as a loan to financial institutions. This is coined as fiat money or money that has its value derived by a governing entity.

But there is a new type of currency system (that I’m sure we’ve all heard about by now) called cryptocurrencies. The first and most notable cryptocurrency is Bitcoin. “Bitcoin is designed to bring us back to a decentralized currency of the people,” said Gavin Andresen, chief scientist at the Bitcoin Foundation, “this is like better gold than gold.”

But Andresen isn’t responsible for this marvelous “better gold. Someone who goes by Satoshi Nakamoto created Bitcoin. Yes, this is to say that Nakamoto true identity is unknown. Many have gone through hurdles trying to pin point Satoshi Nakamoto’s identity. Many interesting facts have been uncovered and plenty of theories exist out there. A handful of people have been accused of being Nakamoto (see my tongue-in-cheek tweet). I particularly like the idea that he is a team of people for reasons that the code is ‘too good’.

Dan Kaminsky, a security researcher who read the Bitcoin code,said that Nakamoto could either be a “team of people” or a “genius”; Laszlo Hanyecz, a former Bitcoin core developer who had emailed Nakamoto, had the feeling the code was too well designed for one person.

I’m more interested in the underlying reasons on (1) why we (or at least a large number of people/media) care and (2) why does Nakamoto decide to remain anonymous. I see one reason behind both these questions: unwanted attention from being a celebrity type figure. I’ll quickly tackle this point.

People are fascinated by geniuses. While I don’t believe there is anyone who is a ‘perfect genius’, the people behind Bitcoin are clearly a group of very intelligent forward thinkers. Perhaps too forward for their own good. World governments aren’t pleased with competing untraceable currencies that can be used for illegal transactions. People also believe Nakamoto has in his/her/its/their possession roughly one million bitcoins. To put that in perspective, in December 2013 when Bitcoin valuation peaked that was worth over $1,000,000,000 USD! It’s unclear whether Nakamoto’s identity will became public news, but it is clear that Bitcoin and its offspring cryptocurrencies has brought us to a new age for currency that the next “The Ascent of Money” will include in their history of financial systems.

IRAs: Roth vs Traditional

In class we’ve talked about the Individual retirement accounts (or IRA) that are used for retirement with the goal of gaining a tax advantage. A traditional IRA allows the user to forgo taxes in the present and pay them off in the future upon withdraw. A Roth IRA is the opposite. Instead of paying taxes on withdraw, we include those earnings in our current year’s taxes and forgo paying taxes upon withdraw. The cool thing about these IRA is that they don’t have to be used solely for retirement. For Roth IRA, I discovered it could be used to finance your first home, up to ($10,000). That makes the decision between the two even harder. I will try to discover what is the better option given a particular situation.

Whether someone should use one over the other depends on his or her current situation and future expectations. There is only one factor that should affect your preferences: taxes. However the amount someone is taxed depends on the current set of tax laws in place and an individual’s earnings.

Lets go through my first example with varying income. Lets say that I have a lower annual income than I expect to have later. Translated into tax situation, that means I would be in a lower tax bracket now than later. Thus I would rather taxes on a piece of income now as opposed to later.

What about the second income with varying tax laws? Lets say I assume taxes will increase down the road.  I would rather by today’s lower relative taxes than in the future. Thus Roth IRA is a good choice for this situation, too.

If you couldn’t tell already, I think opening Roth IRA is a good idea for college students with meager part time work incomes (lowest tax bracket). But this sounds too good to be true. What are the shortcomings for a Roth IRA? Well one, often-overlooked one, is the blind trust that we put into the promise of “no taxes later”.

Lets say the US government comes into a tight spot right around the age of my retirement. Looking for more avenues for revenue they decide to tax Roth IRAs upon withdraw. Now I got taxed twice! I should I bet on avoiding taxes in the past then expecting them to delivery a promise in the future. Though I believe this situation is unlikely, as it would wreck the credibility of the US to its citizen saving for retirement, it’s a possibility that cannot be entirely ruled out.

So in conclusion, Roth IRA is a bet that your taxes in the future will be higher while the traditional IRA is a bet that your taxes will be fewer. But what’s important to remember is discounting the future earnings. Depending on which side of the equality you fall (I’m sorry I don’t have an equation, maybe in a future post!) should determine what account is right for you.

A Robert Shiller Interview

The WSJ interviewed Robert Shiller to discuss the psychology of investing and stock picking.  A lot of what Shiller says seems to go against the grain of the efficient markets hypothesis and “A Random Walk Down Wall Street”, which is why I found it interesting. Before getting into the details of the interview and my thoughts, I believe an introduction is necessary.

Robert Shiller is a professor of economics at Yale and a Nobel laureate who works at the intersection of economics and psychology. He is well regarded by some because he predicted the housing bubble in the US before its public revelation after the burst. Clearly this is someone whose opinions deserve attention. What I found to be the most interesting fact he bears responsibility for the “irrational exuberance” ordeal.

Shiller claims that people act irrationally in the stock market, which makes sense. The very idea that every agent acts optimally and consistently recalculates/revaluates is an unachievable one. Many people have a better use for the majority of their time then playing the investment game. But the irrationality doesn’t end there. Shiller discusses how people can seek out profits because of emotional turmoil. It can be uneasy watching your friends churn out profits flipping houses while you sit idly by. Here’s what he had to say.

Ultimately, people are motivated by human-interest stories about somebody who did something amazing because those stories are more resonant, they create a sense of envy and competitiveness. If I’ve heard stories about someone who bought condos or houses and flipped them and made a huge amount of money, and I think to myself I could have done that, it generates emotional turmoil that drives you to do it. So I’m thinking that’s kind of what was happening in the housing market in the early 2000s and in the stock market in the 1990s.

Shiller also has claims that I found disappointing. He recommended those who are not experts to “get an investment adviser”. I seriously hope Shiller didn’t mean one that will charge you for their services. My previous post, I talk about WiseBayan, a startup online investment advisor that offers free service to anyone, regardless of how much they have to invest. There are literally no fees for their basic service (yet!). So maybe that would be a good idea for someone who has no clue about investing his or her funds. But paying for an someone else to manage your funds is hardly worth it overhead. There are index funds and retirement accounts designed for people who want an easy out. Putting a little time into learning about these things is worth it.

Still, Shiller did have some interesting insights into behavioral economics, a topic I worry I won’t get exposure to in undergraduate academia. Shiller finishes up by saying economics is not an exact science since at the end of the day, its controlled by us, the people, not robots. And this understanding problem comes down to the problem of understanding the brain. So once we understand the brain, we’ll have a better understanding economics, human behavior, and much more. But for now, we are getting by with what we can observe.