"I have a mind like a steel... uh... thingy." Patrick Logan's weblog.

Search This Blog

Thursday, August 23, 2007

US News and World Report

A good essay by Mort Zuckerman...

No one knows the true value of all that residential real estate at the base of the pyramid in which mortgages back up the collateral debt obligations that in turn back up the short-term loans that many banks and hedge funds have made to finance these CDOs. A recent review of would-be homeowners is hardly encouraging. Almost all exaggerated their incomes to win approval, and almost 60 percent inflated their incomes by more than 50 percent. Too many home loans did not require any down payment, principal repayment, or documentation...

With home prices falling rather than rising, refinancing is impossible for borrowers who fall behind. Defaults have accelerated. As one pioneer in the bundling of mortgages into marketable securities put it, "We're not really sure what the guy's income is, and...we're not sure what the house is worth."...

Many pension funds, insurance companies, hedge funds, and banks hold swaps and subprime derivatives but have not yet reported their losses, or at least not all of their losses, making it difficult to understand how big their exposure is. They are having difficulties determining the value of assets, making them impossible to sell, i.e., illiquid. The danger is that a liquidity crisis will drive financial institutions into insolvency, which could have a major impact on the economy.

The central banks have seen the threat. The European Central Bank has put up $212 billion "to assure orderly conditions in the euro money market." It's an amount so staggering that it perversely led the markets to fear that the ECB knows something that would indicate the situation is worse than it seems. The Federal Reserve similarly stated that it would provide "reserves as necessary." The concern is that the market has such anxiety about all debts, up and down the food chain, that no one will wish to buy them. Put it the other way: Fewer and fewer lenders are ready to lend. Many were going to sell high-yield bonds to finance their growth; they have had to withdraw them. In July, the issuance of these bonds dropped about 90 percent from June to a mere $2.4 billion. Even high-quality investment-grade bond offerings from companies with excellent credit fell from $109 billion in June to only $30 billion in July.

Wednesday, August 22, 2007

JSON Security

Interesting posts and comments on json and security in browsers: robubu and resig. Boils down to: "browser security pretty much sucks no matter what" and "if your json parser relies on eval(), you are a fool, no matter how fast it is".

As Patrick Mueller commented...

Approach 2 and 3 should, simply, NEVER, EVER, EVER be used. There are plenty of libraries available today to parse JSON data structures, and none of them will EVER, EVER be able to read the whacked out Approach 2 and 3 styles. EVER.

Data, baby, data!

JSON is data. There is no way any bit of it should ever be treated as code. Some day browsers will become real platforms for applications and we will laugh at all this.

That seems a long way off.

What a difference a day makes

On August 16...

William Poole, president of the St. Louis Federal Reserve Bank, told Bloomberg News in an interview that the subprime mortgage rout doesn't threaten U.S. economic growth, and only a "calamity" would justify an interest-rate cut now.
And the next day...
The Fed just issued a strange press release and a special announcement lowering the discount window borrowing rate by 50bp, to 5.75%. The more widely followed Federal Funds rate is unchanged at 5.25%...

This would be a reversal of policy from just 10 days ago.

The special announcement is the bigger news. Not only did they cut the rate, but they've increased the borrowing time to 30 days and have increased what they will accept as collateral. All importantly, they are accepting home mortgages and related assets.

Nothing to see over here. Just go on about your day. Move along.

This is fascinating stuff. Poor Ben Bernanke following in Greenspan's shoes. This from Greenspan back a few years...

Alan Greenspan was a study in contradiction. On Monday, he extolled the virtues of the levered-up homeowner to a credit union conference. The next day, in a speech to the Senate Banking Committee, he was singing a different tune altogether. Fannie Mae and Freddie Mac, the giant providers of mortgage capital, he warned, "are expanding at a pace beyond that consistent with systemic safety," and that "preventative actions are required sooner, rather than later."

For a Federal Reserve chairman who has demonstrated that he couldn't identify reckless behavior if it ran him over, it was rather surprising to hear him chide Fannie and Freddie for their recklessness.

Greenspan's latest comments reminded me of a speech he gave on March 6, 2000, which I have dubbed "An Ode to Technology." In the speech, he waxed on about the wonders of technology and how it had brought us a new era and all that other stuff. Folks may not remember that date, but it was four days before the Nasdaq Composite hit its all-time high of 5,048.62. Despite the recovery over the past year ago, the composite is still down nearly 60% from the March 2000 peak.


Via Steve Dekorte, mortgage lenders in August so far are failing at an average of one per day...

Again the question is raised, who will be refinancing the trillion dollars of mortgage resets over the next year?
...approximately $500 billion of adjustable rate mortgages are scheduled to reset skyward in 2007 by an average of over 200 basis points. 2008 holds even more surprises with nearly $700 billion ARMS subject to reset, nearly 3/4 of which are subprimes.
Ah, it'll blow over. ;-/

Pushy And Stuff

Dan Creswell has a nicely done discussion on that whole push/pull thing.

Rather than focus solely on either approach in isolation, I think the best solution is to use a combination. This has a couple of advantages:

  1. Clients can potentially use whichever method is more appropriate for them.
  2. It provides significant opportunity for fine tuning.
  3. It provides a nice simple recovery model.
  4. Responsibility is balanced throughout the system keeping complexity down.
For some kinds of information, just providing "pull" could be sufficient. For others, "push" may be preferred, but as Dan (and Bill, previously) explained, having that available to be pulled as well pays off.

Tuesday, August 21, 2007

Polling and/or Pushing

Dan Creswell writes in his bookmark notes (so what do I link to?)...

Polling is indeed nice and simple but it also has it's problems - how often to poll, resource consumption etc all of which the average enterprise finds offensive - probably why they'd rather do push even though it adds complexity.
Which is why I'm glad all those smart people worked on http and atom (links to the usual suspects omitted). For most cases, maybe it comes down to starting like this (related posts: Bill, Mike)...
  • Follow those specs (http, atom format, atompub) as far as they take you, i.e. when the customer can afford to obey the rules of polling, aggregating, etc.
  • When the customer has a need to know more immediately, or has a need to know many intermittent things without always knowing whom to poll, then use atom entries over xmpp.
Straying from that only under exeptional conditions.

The "Ease" Argument Again?

Dan Diephouse argues...

Making an RPC application is much easier. This is one of the killer features of SOAP/WSDL. I can take my business service and build a web service out of it with very little effort (I assert that there are non-evil ways to do this, but thats another story). I can then be interoperating with a .NET application in just a minute or two. Or I can take a WSDL, generate a set of objects, and just write some glue code between my internal objects and the web service objects.
Sigh. Again with the "ease" argument. There're enough counterarguments to the false sense of security provided by "easy tooling". Heck, I don't even see the dotnet people making that case any longer. (Admittedly, since I work with zero dotnet programmers these days, I don't have to watch those lists.)

Designing with HTTP and related standards is something everyone should be studying right now, even if they're not taking it into production. This will get easier, even with Java, and the results will pay dividends way beyond what the current IDE "tooling" provides for "easy RPC".

If not, I still may have that Word document an SAP consultant sent me, telling me how to hand-edit a WSDL to get SAP's SOAP to interoperate with other SOAPs in Java and dotnet. That may make things *easier* for you.

...and I'm done.

Monday, August 20, 2007

Our Viking Blogger

For some reason he thought he could quietly blog away in some other corner of the internets, but fuzzy found him. Our co-worker Erik has a blog. He's been working with some folks on using Flex and Rails.

Blog Archive

About Me

Portland, Oregon, United States
I'm usually writing from my favorite location on the planet, the pacific northwest of the u.s. I write for myself only and unless otherwise specified my posts here should not be taken as representing an official position of my employer. Contact me at my gee mail account, username patrickdlogan.