The AMD bear raid from Viceroy + CTS-Labs + NineWells, volume II

“It looks like the IT security world has hit a new low.”
-Linus Torvalds, creator of Linux (via Google+)

Linus Torvalds has basically summarized the whole situation: clickbait media sites (e.g. CNET, Tom’s Hardware, Gizmodo, Vice, The Hacker News) breathlessly report on security vulnerabilities without critical thinking or fact checking.  The security industry takes advantage of that by making exaggerated claims and being attention whores.  On CTS’ report, Linus states: “I refuse to link to that garbage. But yes, it looks more like stock manipulation than a security advisory to me.”

Thankfully there are some journalists trying to do real journalism.  (I know the industry is dying but I’d like to thank the journalists out there who are upholding their journalistic integrity.)  In comments to these journalists, charlatans like Fraser John Perring and Yaron Luk-Zilberman have been quite disingenuous.  The short and distort campaign has been getting more bizarre.

Continue reading →

The bear raid from Viceroy Research + CTS-Labs, and the NineWells Capital Management connection

CTS-Labs has come out with a “research” piece on AMD processors.  The reader might be misled into thinking that the “white paper” reveals previously undisclosed security vulnerabilities.  However, the CTS-Labs disclaimer (archive.org) states that the CTS report “summarizes security vulnerabilities, but purposefully does not provide a complete description of such vulnerabilities […]”.  So from my reading of the so-called “white paper”, CTS isn’t actually revealing previously unknown security flaws.

This isn’t like Muddy Waters’ work on St. Jude, where Muddy Waters alleged security flaws with St. Jude’s pacemakers; St. Jude has since recalled pacemakers to fix security vulnerabilities (Zdnet, FDA).  The difference between Muddy Waters and CTS is that Muddy Waters did actual research to find previously unknown problems with the company’s products.  Now if CTS actually did find a novel security vulnerability, then I would apologize.  However, the CTS report does not clearly articulate what’s a rehash of previously known security issues and what isn’t.

EDIT (3/21/2018):  Correction: the bugs are real.  Their severity has been overstated as they only work on systems that have already been compromised.  AMD says that fixes will be available within weeks while CTS Labs is still claiming that it will take months.  Status of fixes for the Promontory chipset are less clear at the moment.

Continue reading →

Please don’t fall for the Viceroy Research / CTS Labs bear raid on AMD

Viceroy has come out with a “research” report on AMD based on the work of CTS Labs.  Just read CTS Lab’s disclaimer in its white paper PDF or on its website (archive.org).

1. CTS Labs doesn’t provide a complete description of security vulnerabilities.  So… I don’t see any original research here.
2. CTS Labs advises visitors that they have “an economic interest in the performance of the securities of the companies whose products are the subject of our reports”.  This is unusual for a IT security company.

Despite being short AMD (see my posts tagged AMD), I disagree with the ethics of what Viceroy is doing.

Uh… Pretium’s reported numbers should be impossible according to the metallurgical testing and the CEO

According to Pretium’s filings, an average of 63.28% of the gold produced was recovered in the doré (with the rest being recovered in the flotation concentrate).  However, the company’s metallurgical testing indicated that only around 45% (rather than 63.28%) of the gold produced should be found in the doré.  There is a big difference between the feasibility study expectations and reported results (in red):

Something is very wrong here.  Here are two possibilities:

1. The metallurgical testwork is wrong.  Pretium’s CEO is blissfully unaware that the mill’s economics are better than he thinks.  The Brucejack deposit is more suitable for gravity concentration at lower grades, completely opposite to what the feasibility study and bulk sampling results found.
2. The metallurgical testwork is correct.  Somebody may be introducing non-Brucejack doré to the Brucejack output to boost Brucejack numbers.  Ounces produced and ore grades may have been fraudulently overstated.

Additionally, the CEO’s comment about the composition of Brucejack doré bars (60-65% gold, 30% silver) implies that Pretium’s silver sales in Q3 were impossibly low (or that gold sales were impossibly high).

Continue reading →

Pretium Q4: good job on the clever accounting

Whoever did Pretium’s accounting did something subtle: they decided to re-classify the current portion of the offtake obligation from “accounts payable and accrued liabilities” (the Q3 classification) to “Current portion of long-term debt” (the Q4 classification).

Why this matters: In Q3, Pretium included the offtake in its working capital calculation (“working capital surplus of $7.2 million“).  For Q4, Pretium is suggesting to investors that they should omit it from their working capital calculation.

Continue reading →

A look ahead at Pretium’s Q4 earnings

I’m interested to see what Pretium’s cash flow looked like in Q4.  What I’m expecting is that the mine didn’t generate positive cash flow at the Q4 head grades (8.24g/t).  Using Q3’s spending numbers, Pretium needs head grades of at least 9.5g/t to pay off all of its Brucejack opex and capex (before servicing its debt, offtake, and streaming commitments).  Capex should eventually decline so the breakeven point will drop in the future.

As I anticipate Pretium’s Brucejack mine being cash flow negative, small nuances in the mine’s economics really matter.  If Pretium were to run out of cash in the coming months, such a cash flow situation would greatly increase the value of put options.  (I own put options expiring in March ’18, June ’18, and January ’19.)  So I will be paying a lot of attention to Pretium’s operating and capex costs.  One factor that may raise Q4 opex over Q3 opex are the lower margins on concentrate sales versus doré sales.  Q3 had very low concentrate sales, presumably because much of it is in transit.  By my calculations, each ounce of gold in concentrate will incur around $301/ounce in transportation costs plus treatment and refinery charges.

My expectation is that the shift towards normalized concentrate sales will decrease margins by $10M in Q4.  Because Pretium reports on March 8 after the market closes, we’ll see if I’m right about the added costs on concentrate sales.  There’s a small chance that Pretium surprises investors with a miss on margins (Pretium reports “all-in sustaining costs”).

Continue reading →

Bitcoin explained in plain English

Like Paypal and Visa, Bitcoin is a system that can send money digitally.  The innovation that sets Bitcoin apart is that it isn’t controlled or operated by a single company.  Instead of having a company like Visa run the system, anybody can join the Bitcoin network and participate in the record keeping that keeps Bitcoin running.  Nobody owns the Bitcoin software or the Bitcoin network.  If an oppressive government wants to shut down Bitcoin, it can’t simply go after a single company.  An oppressive government would (in theory) have to go after everybody running Bitcoin server software on their computer to shut it down.

In practice, the decentralization doesn’t actually work.  Most people buy Bitcoins through exchanges run by private companies, which are subject to government-imposed laws and regulations.  While Bitcoin’s innovation is interesting, it doesn’t actually do anything useful in the real world.  However, very few people actually understand Bitcoin.  So, journalists and cryptocurrency fanatics can make up fancy stories about how Bitcoin or other cryptocurrencies will change the world.

Continue reading →

Canadians: KFI sauces (Kataria Foods Inc.) makes unsafe food

Picture below:

A defective jar caused this sauce to start rotting.  I contacted this company on Feb 19 (2 weeks ago) and they have yet to explain what went wrong or how they will make sure that it doesn’t happen again.  If you dislike diarrhea and trips to the emergency room, stay away from KFI / Kataria Foods Inc!

Coinbase is a hot mess (plus MongoDB, Bank of Nova Scotia, MCB, and others)

The r/Coinbase subreddit has been flooded with customers complaining about Coinbase:

1. Taking money out of their bank accounts via debit (see comments here).  Adding insult to injury, users are furious at overdraft fees charged by their bank and not being able to pay rent.
2. Not crediting funds deposited via wire transfer (example)
3. Not being able to transfer assets out of Coinbase (search this thread for “wallet” or “withdrawal”; or see Twitter)

The problem I see is that draining bank accounts is not a viable business model.  Those transactions will be reversed.  Eventually, Coinbase will be cut off from accepting credit cards and debit cards because nobody will want to pay for the customer service and fraud investigation costs that erroneous transactions generate.  It is clearly unsustainable.  To be fair, this might simply be a case of buggy software causing the erroneous transactions.  Anti-fraud practices and growing pains might explain some of Coinbase’s other issues.  However, the inappropriate transactions don’t look like the work of shoddy IT.  So here’s my crazy theory: one of the world’s most popular and reputable exchanges is borrowing money from consumers (without their permission) to stave off a liquidity crisis.  I can’t definitively prove this so you’re going to have to look at the evidence and make up your own mind.

Continue reading →

Blockchain is a useless technology

Blockchain, a way of implementing a distributed ledger (distributed record-keeping), is a novel technology with little real-world practicality.  The original Bitcoin white paper published back in October 31, 2008 spurred little interest in distributed ledgers.  The distributed ledger was ignored for years until Bitcoin started receiving mainstream attention and a few years had passed.

I simply couldn’t find much evidence that distributed ledgers are useful for any real-world applications (other than speculative asset bubbles).  Once you understand that blockchains are bad at solving real-world problems, then you will understand why Bitcoin will fail.  The blockchain imposes limitations that makes Bitcoin a bad version of something that has been tried in the past: e-gold (description here and Wired profile here).

A company’s stance on blockchain can also serve as a test of a company’s management.  In my view, companies pushing blockchain technology (e.g. IBM, Microsoft, Intel, Oracle) are disconnected from customers’ actual needs and have mediocre management.  Companies that don’t talk about blockchain (e.g. Facebook, Amazon, Google, Apple) are more likely to produce sensible technology that will work in the real world.

Continue reading →