The Underground Economist
PayPal’s Two-Factor Auth is Bullshit

Let’s talk about how shitty PayPal’s security is for a moment. Primarily, let’s talk about how they pretend to support two-factor authentication but actually don’t.

You have two choices for two-factor: SMS to your phone or their security key, which you have to pay for and which only works on PayPal and Ebay. Most people, naturally, choose the SMS option. Except the SMS option doesn’t work at all for any mobile PayPal option, whether it’s their own app or paying with paypal on a web site using a mobile browser.

What’s worse is that their own app just gives “internal error” when you enter your correct password with SMS turned on, and the mobile web site just tells you your password is incorrect.

And if you want to break into someone’s account who has two-factor turned on, just do some social engineering to guess the answers to their two security questions, which you can always use to bypass two-factor. I’ve decided to just turn it off, since I don’t have a bank account linked to PayPal and if they don’t refund me any fraudulent purchases, I’ll just contest them with the credit card company, so why even bother jumping through hoops to protect PayPal and the merchants when PayPal doesn’t seem to give a shit anyway? And why should they give a shit when there is no way for PayPal to lose money from fraud?

In conclusion, PayPal’s fake two factor authentication is nothing but a pacifier to make their customers think they’re safer by creating a bit of security theater.

Arch Linux on ZFS

A few months back, I migrated my 6TB 4-disk RAID-Z fileserver from FreeBSD to Arch Linux. A few days ago, I installed Arch Linux on my new Intel NUC with a ZFS root. There is some documentation about how to do this, but it’s a bit vague and not entirely accurate, so I figured I’d write up my own experiences both to help out anyone who’s decided to experiment with ZFS on Arch and to encourage more people to experiment with ZFS and/or Arch Linux themselves.

Read More

Artificially Low Interest Encourages Hoarding of Land

I wanted to call this post “Coase Revisited,” but I didn’t want only econ geeks to read it, and the title I used is my real point anyway.

The so-called “Coase theorem” states that if transaction costs are zero, property will always end up in the hands of whoever can put it to the highest use, so that the initial allocation of property does not matter. Coase considered this obvious and trivial and thought it was somewhat silly that it became a theorem named after him. Coase’s actual point was that transaction costs are not zero and cannot be neglected, therefore the initial allocation of property actually does matter, at least somewhat.

The number of vacant lots and buildings and unused patents out there would tend to back up Coase’s point. Indeed, people have even proposed a taxation system explicitly designed to discourage unproductive hoarding of land. But it turns out that there is already a mechanism in place that discourages the holding of any non-productive asset: interest.

The only rational reason for someone to hold an asset that produces no income would be if that asset were worth more to them than the money they could get for it on the market after accounting for transaction costs. Either they have plans for the asset, for example constructing a shopping mall, or they expect the asset to rise in value by more than whatever interest they could make on the money they could get for it.

To accurately compute the cost of an asset, one must include the interest they would make on the money they could get for that asset along with any depreciation or appreciation. Corporate financial statements include the interest on all capital the company holds. This is not just an accounting trick; it’s a genuine cost. It doesn’t come out of the corporation’s pockets, but it’s money the corporation really would have had if it didn’t own those assets.

The same thing is true for everyone, not just corporations. If you could put the money from your house into CDs and make enough to cover the cost of your rent plus however much you expect your house to appreciate, you should by all means sell the house. Of course, in a world where houses always appreciate and you can’t make enough on a CD to even cover inflation, it makes very little sense to sell a house even if it’s vacant.

That makes interest rates being kept artificially low by loose monetary policy a double-whammy: whammy one because it makes the cost of holding real estate lower than it otherwise would be, and whammy two because it causes real estate to appreciate.

Which brings us to my original title of this article: interest offsets transaction costs in causing property to move toward its highest use. If you’re worried about the hoarding of assets, you should support tighter monetary policy. In fact, according to the Austrian school of economics, the phenomenon of holding onto unproductive assets during times of artificially low interest rates is exactly what causes the business cycle, and letting those rates rise is the cure. After all, what is “liquidation” other than transferring unproductive assets to those who can make productive use of them?

Stagflation is Already Happening

A conversation with Brittany Gardner has gotten me thinking about the detrimental effects of below-market interest rates, namely that they encourage holding onto unproductive assets like vacant land. That got me thinking about the causes of our below-market rates, and I think I may have the answer: China. And, to a lesser degree, Europe.

Yes, I know the proximate cause is the Fed’s money printing. But they’re printing money because they’re trying to produce CPI inflation, and that’s failing to happen. Core CPI, which excludes food and energy costs, is showing even lower inflation. On the other hand, health care costs have been skyrocketing, and food costs have been going up as well, but energy prices haven’t.

Let’s talk about each of these different classes.

Most manufactured goods and many services in the core CPI are produced in China, and many of those that aren’t are made in Europe. Any that are made in the US have to compete with goods made in China and Europe. This has kept inflation in manufactured goods and mobile service nearly nonexistent.

Energy is a worldwide market, but it has been benefiting from the gas boom, i.e. fracking. Wanna know why fracking has seemed impossible to stop? That’s why. This has kept energy inflation relatively low but not nonexistent.

The food we eat is mostly been made in the US. However, farming has enjoyed massive productivity increases in recent years, and a large part of its costs are energy, in particular natural gas for fertilizer.

Our health care prices are the most purely American cost that doesn’t benefit from the fracking boom. Worse, there is zero unemployment among doctors, and their wages have to compete with what they can make from stocks and real estate. And, not coincidentally, it’s health care that’s showing by far the most inflation. The health care industry is probably the best picture of what’s “really” happening in the US economy. Massive inflation, drastically reducing the standards of living of those whose incomes mostly correlate with the CPI.

What’s the solution? Well, if we’re going to be using inflation to determine monetary policy, we need to start measuring inflation correctly. If anything, that means we need something that’s the *opposite* of core CPI, which cuts out things we import. Yes, those things are part of people’s cost of living, but the problem with including them is that their cost is not driven by American wages.

In fact, we should probably just get rid of the CPI entirely, especially the core CPI. It’s lying to us, telling us the Fed is doing a good job when in fact the Fed is screwing all of us. Then we need to recognize health care costs for what they are: inflation. This would likely result in a very different monetary policy than what we currently have. It would probably also result in the discussion of policies that will and should make any libertarian nervous: the partial reversal of globalization. But I’m not sure what else to do at a time when we’re essentially importing deflation from other countries. I’m open to suggestions, including the suggestion that the status quo is the best we can do, as long as those suggestions come with evidence.

The alternative is to continue running our two-tiered economy, where those who have to compete with Chinese workers rapidly find themselves with Chinese standards of living, while those who don’t have to compete get to enjoy the benefits of virtual slave labor, both Chinese and American.

Single System Image to Zero System Image

Almost nobody who’s used a unixy OS for a while hasn’t thought “Why does my environment only encompass this machine? Why do I need to prefix a command with SSH and a hostname to run stuff on other machines?” And then maybe they discovered Single System Image (SSI) distributed operating systems like Mosix and thought, “Why hasn’t this gone anywhere?”

I’ll tell you why. SSI makes an entire cluster look like one computer. It can provide transparent access to remote resources and enable processes to migrate between machines completely transparently. That sounds like a good thing, but for most applications you’d care to run, it’s actually terrible. Aside from the fact that you’re now hiding things from the programmer that the programmer frequently needs to know about, like locality, these features now make it necessary to take down the entire cluster to perform an upgrade. Maybe fine for an HPC cluster running one application, but not good for an evolving, heterogeneous network.

Plan 9 got this much more correct by taking a more “unixy” approach and creating a protocol (9P) that allows easy exporting of a filesystem interface, dumping hard-to-support features like transparent migration. But unlike MOSIX it requires you to change your underlying OS, port your code, and learn a bunch of new stuff. It was a research operating system anyway, so I certainly wouldn’t call this a failure. 9P, on the other hand, survives to this day, enjoying native support in Linux and various BSDs. If you find yourself considering FUSE for a project, I urge you to consider 9P instead, since it works over the network and lets any program easily export a filesystem interface.

With protocols like 9P and services like Zookeeper, the Internet already provides two of the big features of an operating system: IPC, namespacing, locking, and sharing of data. The normal layering is that we run an OS directly on top of hardware, then create another layer of abstractions on top of those the OS provides and run our applications on top of those abstractions.

It’s pretty common these days for a single host to be running multiple applications whose processes have no reason to care about one another. Yet the OS provides lots of facilities for these mutually uncaring processes to communicate and share data. We can virtualize the host with Xen and install OSes on top of that, but that just makes things more complex by adding yet another layer and creating more instances of a single-host operating system.

The problem here stems from thinking of the abstraction provided by Xen in the same way we think about the hardware itself: it’s just a virtualized version of the hardware. But it turns out Xen actually implements that virtualization on top of exactly the set of abstractions provided by a microkernel, and in fact Xen guests don’t need to use any of Xen’s virtualization features at all: no HVM and no QEMU, just use Xen’s IPC mechanism to talk to a frontend driver in Dom0 or a driver domain in order to access the hardware. The guest doesn’t even need to be an operating system: any application can run directly on top of Xen’s hypercall interface. It will need its own TCP/IP stack and possibly a filesystem implementation if it wishes to use block devices through Xen’s Blocktap interface, but it could also use 9P to access files.

Once your “unit of deployment” is an image launched by Xen, what used to be your operating system is now more like a set of libraries and your real operating system is now a cluster of Xen microkernels, your deployment/scheduling agent, and whatever other base abstractions you supply on your network. I call this “Zero System Image” to distinguish it from Shared System Image and because it’s the bare minimum of non-network resources you can expose to your unit of deployment.

Xen gives you the transparent migration of MOSIX while making upgrade far easier, because theoretically nothing should care exactly what’s running in Dom0 and Xen will hopefully provide some backwards compatibility between releases.

Someone could theoretically implement ZSI on top of Linux containers with process migration patches (or just leave out migration) if all their apps needed Linux and they didn’t depend on specific features of different kernels. This would take a lot more work than implementing it on top of Xen, however: one could problem implement a ZSI stack using Xen in less than 5k lines of code.

Tumblr just emailed me to let me know I was three years old. I can’t believe it’s been that long. Next thing you know it’ll be emailing me to tell me it’s been three years since I last posted.
The Underground Economist turned 3 today!

Tumblr just emailed me to let me know I was three years old. I can’t believe it’s been that long. Next thing you know it’ll be emailing me to tell me it’s been three years since I last posted.

The Underground Economist turned 3 today!

Addicted to Debt

As we shift away from being a labor-driven society, a larger fraction of each family’s income will need to come from capital. But our society has gone in precisely the opposite direction, with many families having a negative net worth.

I believe a large fraction of the blame for this situation falls squarely on the shoulders of John Maynard Keynes and his modern clone, Paul Krugman. They preach(ed) that all that matters is consumption, not debt. Our society focuses on driving consumption without thinking about the position that consumption leaves families in.

There is precisely one kind of debt that’s good: debt that goes to investments that increase income by more than the interest paid on the debt. A first car to get to that first job probably qualifies. The second and subsequent cars do not unless it’s an emergency, and it almost never is.

Houses probably qualify most of the time. The problem is that, because the government subsidizes homeownership, we end up taking on too much debt for our homes, buying too much house with too long a debt term. 30 year mortgages should be MUCH rarer than they are in the US.

Homeownership is good if and only if the owner can survive a market downturn. An underwater homeowner cannot move, which means they can’t go to where the jobs are if there is a shift in the labor market. A large down payment coupled with a loan that pays down the principle at a reasonable rate is the best way to avoid having homeowners end up underwater, which means they are far less likely to default on their homes and wind up destitute or at the very least back to living from paycheck to paycheck, with no savings whatsoever.

Next we have credit cards. Credit card debt is basically always bad; they should not exist at all. I’ll go further, even, and say that credit cards exist for the sole purpose of draining wealth from people who don’t know how to manage their money.

So we have a bunch of things that should be rare or not exist at all:

  • Car loans
  • 30 year home loans
  • <20% down payments on homes
  • Credit cards

These things not only aren’t rare, but they’re the norm in our society. Until that changes, we will be totally dependent on excessively low interest rates, and we will repeat the ever-worsening boom-bust cycle of the last 30 years until stagflation finally forces the Fed to increase interest rates and induce the final deleveraging of all our parasitic debts.

I’m all for personal responsibility. But the fact is that we’ve created a society where most people are primarily educated by the government, and the government has chosen to teach nothing about financial management. The extent of my financial education in school consisted of how to properly write a check, presumably to make sure I could at least pay on all that credit card debt I was sure to rack up. Meanwhile, the rest of society is built around teaching people to consume. Until this combination is fixed, attempts to push personal responsibility only after people get into debt are harmful to society.

There is a very simple way to educate people against going into unnecessary debt: high interest rates. High interest rates also have the benefit that the risk-free rate of return will be higher, meaning even people who don’t know anything about picking stocks will be able to make money off their savings. I’d even go so far as to say that high interest rates are a right.

Raising interest rates now would induce a recession as the economy restructures itself around the new rate. There would be unemployment for a while. Home prices would fall. But after a period of restructuring, the savings rate would increase drastically and a much larger fraction of families would have savings they could live on if they lose their main source of income. Our society would become far more resilient to external shocks.

The blow from rising rates can be cushioned by simply announcing the schedule far in advance, and then raising the rates slowly. It will hurt no matter what, but the alternative is for rates to be forced up unpredictably by bond investors when they finally decide that America isn’t going to be capable of paying back its debt. That will cause FAR more pain and will probably even result in substantial civil unrest.

I realize that the gentle path is politically untenable with people like Krugman shouting the exact opposite of economic reality at the top of their lungs. My only consolation is that, if Krugman is still alive, I will get to watch him be burned at the stake when people realize what he’s done to us. (Yes, I realize that’s fantasy and people will just blame “the free market” again. But a guy can dream.)

Why Fiscal Stimulus Won’t Work

This started as a Facebook comment, and I figured it was good enough to be massaged into a blog post.

Many people claim that if the government reduces spending, it will harm the economy and stall the “recovery.” I think this belief comes from the idea that the government is “soaking up” labor and capital supply that the free market would not clear, and that savings is actually harmful to the economy. It’s pure Keynes. The fact that Krugman has been claiming that debt is free hasn’t been helping.

I tell people who make this claim the following:

1. The debt that is financing the stimulus is short-term. Interest payments are projected to rise to a level equal to all government discretionary spending by 2020 even under modest interest rate assumptions.

2. Even though much of the debt is held by the Federal Reserve, remittances (refunds on interest payments) from the Federal Reserve to the Treasury are projected to stop because the money will need to go to compensate for all the losses on the Fed’s books, meaning the government will really need to pay all that interest.

3. Once the economy starts to recover, which is exactly what people claim the stimulus is for, the Fed will have to choose between starting to sell or redeem all that government debt or allowing rampant inflation.

4. Monetary policy counteracts fiscal stimulus anyway, because both are targeting the same thing: inflation. To the extent that the government borrows and spends more, the private sector borrows and spends less. So instead we’re just shifting spending from entrepreneurship (i.e. starting small businesses and inventing things) that creates permanent growth to temporary projects that produce temporary jobs.

And on top of all that, we’re blowing a stock bubble and a new real-estate bubble at the same time. When these pop, and they will, the crisis will just start all over again, only with way more government debt and a bunch of workers who still haven’t been retrained because the government kept them employed in their unneeded jobs.

Pornonet

Not sure why I thought of this this morning, but back in 2001, there was a flap about terrorists possibly using steganography to communicate with one another. Bruce Schneier initially wrote that it was an ideal form of electronic dead drop, though he reversed himself in 2005 when it turned out they were all false alarms.

While steganography of any practical information density is fairly easy to detect without needing the original file by comparing the statistics of the suspect file with the statistics of “normal” files, this doesn’t matter that much, because the purpose of steganography is not to hide the message from your enemies. Cryptography does a fine job of keeping the message content secret. In a dead drop context, the purpose of steganography is to get a bunch of innocent people to download the file that contains the message, and to provide plausible deniability to the target of the message. And this is what makes pornography an ideal medium for steganography.

Let’s say you want to send a message to a sleeper agent in the field. You post a picture of an attractive naked person to imgur or usenet through Tor, I2P, or a chain of open proxies. The sleeper agent downloads the image along with dozens or hundreds of “innocent” images, while hundreds or thousands of innocent people download the image as well. Even better, some of those innocent people will probably repost the image elsewhere, making an adversary’s job that much harder. Ideally, the originator of the message posts lots of steganographized images, making it much harder both to find the intended recipient through statistical correlations and to block or accidentally lose the message.

Here’s what makes porn so great for this purpose: the sleeper agent doesn’t need to use any anonymization technique. All they need to do is download lots of porn all the time, and that’ll make them look like much of the rest of the Internet and give a plausible reason why they happen to occasionally download images containing your messages.

This dead drop technique is analogous to taking out a classified ad in a newspaper; the sleeper agent can hide among the thousands or millions of subscribers to the paper.

Is Fractional Reserve Banking Immoral?

TL;DR: in theory, no. As implemented in most of the world with taxpayers bearing the risk instead of savers, yes.

I occasionally hear someone repeat the myth that fractional reserve banking is bad because it lets banks “create money out of thin air” and that it creates debt that can never be repaid, because the banks are charging interest on the money they create and therefore there isn’t enough money in the world to pay it back. This belief rests on the mistaken assumptions that money creation by banks is the same as money creation by the Fed and that charging interest reduces the money supply. Neither is true.

Fractional reserve banking is lending out part of your deposits. That’s it. To say that it “creates money out of thin air” is to confuse abstract macroeconomic terms (the “money supply,” of which there are several measures) with a concrete good (“money”). The interest banks charge doesn’t reduce any measure of the money supply because that’s income to the bank. It goes to cover the bank’s costs or it gets paid to shareholders as dividends or goes into the bank’s reserves.

The Fed and other central banks, on the other hand, do create money out of thin air. They are able to add to the balance of the reserve accounts member banks are required to hold there without requiring a balancing transaction on the other side of the balance sheet. The measure of the money supply that central banks can directly increase is called the monetary base (MB) and is what people traditionally think of as “money”: cash and bank reserves, while banks can only increase the more abstract measures of the money supply: M1 through M4 and MZM.

While it is not strictly necessary for central banks to keep their balance sheets balanced, most are required to, because otherwise they’re just giving money away and it can become difficult to reduce the money supply later should inflation get out of hand. Most of the assets central banks buy with the money they create are debt, usually government debt, though in the US the Fed is buying up mortgages like crazy. Obviously they get paid interest on this debt, but that interest is still not taken out of circulation. It goes to pay the central bank’s bills, with the rest (in the US at least) going back to the treasury. These payments are called remittances. You may have heard recently that if interest rates go up in the US, there’s a good likelihood these remittances will stop. That’s because the Fed’s balance sheet isn’t actually balanced at the moment due to all the worthless instruments they’ve purchased in propping up the financial system.

And so we come to the real problem with fractional reserve banking: banks sometimes fail. In a free banking system, the risk of failure is borne by the bank’s creditors, with depositors usually coming first in line, followed by bondholders, with shareholders being dead last. Depending on the bank’s capitalization, this can mean depositors are made whole, but this is by no means guaranteed.

You’ll note that I used the word “capitalization” there instead of “reserves.” Reserves are the liquid assets the bank keeps on hand to meet demands for withdrawals, while a bank’s capitalization (or capital ratio) is the difference between the market value of its assets and the paper value of its liabilities. A bank can run out of reserves and still be solvent provided the value of its assets still exceeds its liabilities, but in a free banking system if a bank can’t meet its obligations by selling assets, selling stock, or borrowing money, that’s a default, and the bank either goes into bankruptcy or is liquidated.

In a free banking system, solvent banks never fail. That’s because of the definition of solvency that I gave above: the value of the bank’s assets exceed its liabilities. The value of the bank’s assets can only be determined by the market, and if the market thinks the bank is solvent, then the bank will be able to raise capital. If the bank can’t raise capital, it’s insolvent by definition. This points out one of the major flaws in a regulated banking system: the market’s valuation of a bank is distorted by the market’s expectation of government bailouts for that bank. Which leaves regulators with no way to determine if a bank is solvent by the new definition of solvency. By the “real” definition of solvency, every bank that needs to ask the government for money is insolvent. Which probably means most of the world’s banking system is insolvent.

What we’ve actually done by regulating banks is to merge them into one giant leviathan. Insured bank failures are like centrally-managed apoptosis, attempts to protect the system from contagion. The entire system, in fact the entire world financial system now, sinks or swims as a single organism. Only with depositors’ having no incentive to care about the solvency of their bank and regulators who never get fired for failing to prevent bailouts, this is an organism without a brain and without homeostatic mechanisms to keep it alive. Which means we’re in for some pretty spectacular fireworks someday, perhaps soon.

In a world of taxpayer-insured savings accounts and the expectation of bailouts, most financial innovation ends up being devoted to diverting taxpayer-insured funds into riskier and riskier investments. This is the exact origin of the financial crisis: banks convinced regulators and creditors that they didn’t have risk by getting ratings agencies (who are employed by the banks) to rate mortgage-backed securities AAA, then got other risky assets insured by AIG so that the regulators wouldn’t require them to meet capitalization requirements (this is called “capital at risk” and gives the banks the power to have whatever capital ratio they want).

Higher capital ratios without regard to risk (which can only be determined by the market) would go a long way toward limiting the sort of shenanigans that led to the global financial crisis. However, high enough capital ratios will never happen because they would make banking no more profitable than any other industry, and in fact they would probably mean banks would no longer pay interest on savings. But if interest on savings requires moving risk onto the taxpayer, then either we shouldn’t have it or we should force savers to take on some risk.