The Shœstring Foundation Weblog

Onionized Qemu

Requirements: a host with a running tor node, qemu, some diskspace for the emulated system, install media for an OS on the emulated system
Result: a host with an .onion address, connectivity restricted to TCP and no traceable IP address.

Start qemu with the following options
-net nic \ -net 'user,hostfwd=tcp::5555-:22,restrict=on'
The emulated machine will have a network interface unconnected to anything, autoconfigured to 10.0.2.15/24. Qemu will forward connections to localhost:5555 to sshd on the emulated machine.

Create a user on the emulated system and install wlog dsocks-torify or some other socksifier that forwards DNS requests.

On the machine hosting the qemu forward the local tor port to the emulated system:
ssh -nN -R9050:localhost:9050 -l user -p 5555 localhost &
The emulated system can now reach TCP services through socksified programs, e.g.
dsocks-torify.sh sh wget http://example.com/a_file scp a_file bob@example.org:

On the machine hosting the qemu create a hidden service by adding the following lines to torrc
HiddenServiceDir /some/place/hidden_qemu HiddenServicePort 22 127.0.0.1:5555
and restarting tor. Seconds later /some/place/hidden_qemu/ will contain a file hostname with the .onion address tied to the SSH port of the emulated system.
The emulated system is now reachable by SSH only.
Connections to the system will be shown to originate at 10.0.2.2.

Assuming that qemu makes no errors (ahem), accounts on the emulated system can not easily find out where the hosting machine is (for small values of "not easily").

[/projects] permanent link

Blue eyed naïvité in leading economist

The Bank for International Settlements (BIS) hosts an annual conference that brings together central bank governors, leading academics and former public officials to exchange views. At the 13th Annual Conference a research paper was presented by Bengt Holmstrom of the MIT titled Understanding the role of debt in the financial system on the mechanisms of the financial market in connection with the 2007-now crash. The paper includes the following fascinating statements:
[..] But it is hard to believe that investment bankers would be colluding to defraud investors [by issuing opaque securities].
Probably as hard to believe as that investment bankers would be colluding to defraud investors by manipulating the London interbank offered rate (they did). Or by manipulating foreign exchange rates (they did). Or by manipulating the ISDAfix Interest Rate Derivative Index (they did).
Or that a publicly held, international corporation would massively invest in the expansion of the Auschwitz concentration camp (they did) .
An economic reality is that white-collar crime has a higher Return on Investment than most legal activities, so the imperative of increasing profits enforces criminal behaviour, specially when the the rate of detection+prosecution+conviction is near zero. And shortly after:
[..] But it equally hard to believe that hard-nosed profit-hungry investment bankers and traders would be ignorant out of ignorance.
The crash did not harm the profits of aforementioned bankers and traders at all. So there is no incentive to smarten up (Holmstrom is supposed to be an expert on incentives). Later we read:
Invoking the empirical sucess of the EMH [Efficient Market Hypothesis] (in a variant they call relative EMH), Gilson and Kraakman (2014) among others have advocated [...]
What the crash of 2007 very empirically proved was the failure of the Efficient Market Hypothesis. If prices reflect all available information, and still fluctuate by more than 50 percent in a single day, then that reflecting property is worthless. That leading academics show such naïvité at the motivations of criminals and cling to unrealistic assumptions is just depressing.
The paper goes on to show that collateral-backed debt is an extremely stable investment, and information-insensitive (because 1. it is backed and 2. the debtor might recover before the debt contract ends). Having more transparent collateralisation, Holstrom argues, would affect the traders' belief system as to the value of the lending bank, thereby endangering the stability of banks, which is posited as a common good. In other words:

market participants are not rational, they have “belief systems”

market efficiency is bad for market participants

market efficiency is not a necessity, it can easily be avoided by publishing less information

This reasoning could be called anti-circular, and I'd suspect that there is no other field of academics where conclusions negate the premises used to draw the conclusions.

Ernst-Ludwig von Thadden's attached commentary at the end of the paper shows some hope, as he points out the aspect of time (mostly ignored by economists, because differential equations are just too hard) in the handling of debt, i.e., debt based vehicles rely on a rollover of short-term debt over time. So they're not so risk-free over a longer term.

[/unsorted] permanent link

The Shœstring Foundation Weblog

	About The Shœstring Foundation Weblog, Miscellaneous Byproducts Matthias Bauer `bauerm (at) shoestringfoundation · org` reop pubkey Vignettes by George Herriman and a small program Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.	Wed, 17 Feb 2016 Onionized Qemu Requirements: a host with a running `tor` node, qemu, some diskspace for the emulated system, install media for an OS on the emulated system Result: a host with an `.onion` address, connectivity restricted to TCP and no traceable IP address. Start `qemu` with the following options `-net nic \ -net 'user,hostfwd=tcp::5555-:22,restrict=on'` The emulated machine will have a network interface unconnected to anything, autoconfigured to `10.0.2.15/24`. `Qemu` will forward connections to `localhost:5555` to `sshd` on the emulated machine. Create a `user` on the emulated system and install wlog `dsocks-torify` or some other socksifier that forwards DNS requests. On the machine hosting the `qemu` forward the local `tor` port to the emulated system: `ssh -nN -R9050:localhost:9050 -l user -p 5555 localhost &` The emulated system can now reach TCP services through socksified programs, e.g. `dsocks-torify.sh sh wget http://example.com/a_file scp a_file bob@example.org:` On the machine hosting the `qemu` create a hidden service by adding the following lines to `torrc` `HiddenServiceDir /some/place/hidden_qemu HiddenServicePort 22 127.0.0.1:5555` and restarting `tor`. Seconds later `/some/place/hidden_qemu/` will contain a file `hostname` with the `.onion` address tied to the SSH port of the emulated system. The emulated system is now reachable by SSH only. Connections to the system will be shown to originate at `10.0.2.2`. Assuming that `qemu` makes no errors (ahem), accounts on the emulated system can not easily find out where the hosting machine is (for small values of "not easily"). [/projects] permanent link Blue eyed naïvité in leading economist The Bank for International Settlements (BIS) hosts an annual conference that brings together central bank governors, leading academics and former public officials to exchange views. At the 13th Annual Conference a research paper was presented by Bengt Holmstrom of the MIT titled Understanding the role of debt in the financial system on the mechanisms of the financial market in connection with the 2007-now crash. The paper includes the following fascinating statements: [..] But it is hard to believe that investment bankers would be colluding to defraud investors [by issuing opaque securities]. Probably as hard to believe as that investment bankers would be colluding to defraud investors by manipulating the London interbank offered rate (they did). Or by manipulating foreign exchange rates (they did). Or by manipulating the ISDAfix Interest Rate Derivative Index (they did). Or that a publicly held, international corporation would massively invest in the expansion of the Auschwitz concentration camp (they did) . An economic reality is that white-collar crime has a higher Return on Investment than most legal activities, so the imperative of increasing profits enforces criminal behaviour, specially when the the rate of detection+prosecution+conviction is near zero. And shortly after: [..] But it equally hard to believe that hard-nosed profit-hungry investment bankers and traders would be ignorant out of ignorance. The crash did not harm the profits of aforementioned bankers and traders at all. So there is no incentive to smarten up (Holmstrom is supposed to be an expert on incentives). Later we read: Invoking the empirical sucess of the EMH [Efficient Market Hypothesis] (in a variant they call relative EMH), Gilson and Kraakman (2014) among others have advocated [...] What the crash of 2007 very empirically proved was the failure of the Efficient Market Hypothesis. If prices reflect all available information, and still fluctuate by more than 50 percent in a single day, then that reflecting property is worthless. That leading academics show such naïvité at the motivations of criminals and cling to unrealistic assumptions is just depressing. The paper goes on to show that collateral-backed debt is an extremely stable investment, and information-insensitive (because 1. it is backed and 2. the debtor might recover before the debt contract ends). Having more transparent collateralisation, Holstrom argues, would affect the traders' belief system as to the value of the lending bank, thereby endangering the stability of banks, which is posited as a common good. In other words: market participants are not rational, they have “belief systems” market efficiency is bad for market participants market efficiency is not a necessity, it can easily be avoided by publishing less information This reasoning could be called anti-circular, and I'd suspect that there is no other field of academics where conclusions negate the premises used to draw the conclusions. Ernst-Ludwig von Thadden's attached commentary at the end of the paper shows some hope, as he points out the aspect of time (mostly ignored by economists, because differential equations are just too hard) in the handling of debt, i.e., debt based vehicles rely on a rollover of short-term debt over time. So they're not so risk-free over a longer term. [/unsorted] permanent link