The Shœstring Foundation Weblog

The Shœstring Foundation Weblog, Miscellaneous Byproducts

Matthias Bauer
bauerm (at) shoestringfoundation · org
reop pubkey

Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.

Blosxom Logo

Tue, 20 Dec 2016

Why I like .onions

TOR's hidden services are an extremely cool feature.

Not because people can hide their illicit websites (the Warez community managed to do that decades before), but for other reasons:

Firstly, .onion addresses name services, not host interfaces. Tying interface addresses of hosts to names and re-using them in URLs to point at services is a misdesign which leads to such kludges as the Server header in HTTP/1.1 where the application transmits which name it was using when initally connecting to the service. So URLs map services to hostnames which map to IP addresses which have interfaces which have bound services which get the unresolved names again on the application layer to find out which service was actually addressed. This makes it very complicated to move a service without fiddeling with DNS. An .onion name does not have to ultimately resolve to a globally visible interface address. Instead it identifies the tunnel-entry for a service which can be moved from machine to machine as long as the hidden_service configuration is carried along.

Secondly, .onion addresses deliver what https URLs failed to, namely mapping public keys to services uniquely. There are no multi-rooted hierachies of CAs behind the name-to-key bindings, no obscure ASN.1 based certificate schemes. An .onion address uniquely and automatically identifies the service with the public/secret key pair involved in the key exchange. There has been at least one attempt to build something similiar into IPv6 addresses (RFC 3972), but implementations are either missing or hidden in the darknet.
And because connections inside the tor network are always encrypted, one could even safely run a telnet daemon inside a hidden service.

As a result of Secondly, Thirdly, .onion addresses are a barrier-free global namespace, without absurd fees charged for bits in config-files, trademark disputes and the like.

I run at least one hidden service on each relevant machine to provide a MITM-safe entry point to services.

[/unsorted] permanent link

Sat, 03 Sep 2016

Postscript Fibonacci Squares and Logarithmic Spiral

This relatively small piece of PostScript code draws Fibonacci Squares and a Logarithmic Spiral.

[/unsorted] permanent link

Fri, 06 May 2016

Blue eyed naïvité in leading economist

The Bank for International Settlements (BIS) hosts an annual conference that brings together central bank governors, leading academics and former public officials to exchange views. At the 13 Annual Conference a research paper was presented by Bengt Holmstrom of the MIT titled Understanding the role of debt in the financial system on the mechanisms of the financial market in connection with the 2007-now crash. The paper includes the following fascinating statements:
[..] But it is hard to believe that investment bankers would be colluding to defraud investors [by issuing opaque securities].
Probably as hard to believe as that investment bankers would be colluding to defraud investors by manipulating the London interbank offered rate (they did). Or by manipulating foreign exchange rates (they did). Or by manipulating the ISDAfix Interest Rate Derivative Index (they did).
Or that a publicly held, international corporation would massively invest in the expansion of the Auschwitz concentration camp (they did) .
An economic reality is that white-collar crime has a higher Return on Investment than most legal activities, so the imperative of increasing profits enforces criminal behaviour, specially when the the rate of detection+prosecution+conviction is near zero. And shortly after:
[..] But it equally hard to believe that hard-nosed profit-hungry investment bankers and traders would be ignorant out of ignorance.
The crash did not harm the profits of aforementioned bankers and traders at all. So there is no incentive to smarten up (Holmstrom is supposed to be an expert on incentives). Later we read:
Invoking the empirical sucess of the EMH [Efficient Market Hypothesis] (in a variant they call relative EMH), Gilson and Kraakman (2014) among others have advocated [...]
What the crash of 2007 very empirically proved was the failure of the Efficient Market Hypothesis. If prices reflect all available information, and still fluctuate by more than 50 percent in a single day, then that reflecting property is worthless. That leading academics show such naïvité at the motivations of criminals and cling to unrealistic assumptions is just depressing.

The paper goes on to show that collateral-backed debt is an extremely stable investment, and information-insensitive (because 1. it is backed and 2. the debtor might recover before the debt contract ends). Having more transparent collateralisation, Holstrom argues, would affect the traders' belief system as to the value of the lending bank, thereby endangering the stability of banks, which is posited as a common good. In other words:

  1. market participants are not rational, they have “belief systems”
  2. market efficiency is bad for market participants
  3. market efficiency is not a necessity, it can easily be avoided by publishing less information
This reasoning could be called anti-circular, and I'd suspect that there is no other field of academics where conclusions negate the premises used to draw the conclusions.

Ernst-Ludwig von Thadden's attached commentary at the end of the paper shows some hope, as he points out the aspect of time (mostly ignored by economists, because differential equations are just too hard) in the handling of debt, i.e., debt based vehicles rely on a rollover of short-term debt over time. So they're not so risk-free over a longer term.

[/unsorted] permanent link

Fri, 20 Dec 2013

Advanced German for Pirates!

Study this to improve your piratical German.

[/unsorted] permanent link

Fri, 08 Feb 2013

The Garamond

Everybody has seen various travesties of Claude Garamond's typeface because it is one of the favourite fonts for books. Georg Duffner (with the help of many) has created an OpenType Font from an scan of a 1592 cut of Garamond's roman font. A notable difference to modern cuts is the height of the stems of lowercase letters. This seems to be a trend, even new typefaces like the original Times Roman look flattend in newer cuts.

[/unsorted] permanent link

Tue, 04 Oct 2011

Deutsch für extrem weit Fortgeschrittene

Bewurstlosigkeit :
Like unconsciousness, but without the sausages.

[/unsorted] permanent link