“It looks like the IT security world has hit a new low.”
-Linus Torvalds, creator of Linux (via Google+)
Linus Torvalds has basically summarized the whole situation: clickbait media sites (e.g.
CNET, Tom’s Hardware, Gizmodo, Vice, The Hacker News) breathlessly report on security vulnerabilities without critical thinking or fact checking. The security industry takes advantage of that by making exaggerated claims and being attention whores. On CTS’ report, Linus states: “I refuse to link to that garbage. But yes, it looks more like stock manipulation than a security advisory to me.”
Thankfully there are some journalists trying to do real journalism. (I know the industry is dying but I’d like to thank the journalists out there who are upholding their journalistic integrity.) In comments to these journalists, charlatans like Fraser John Perring and Yaron Luk-Zilberman have been quite disingenuous. The short and distort campaign has been getting more bizarre.
CTS-Labs has come out with a “research” piece on AMD processors. The reader might be misled into thinking that the “white paper” reveals previously undisclosed security vulnerabilities. However, the CTS-Labs disclaimer (archive.org) states that the CTS report “summarizes security vulnerabilities, but purposefully does not provide a complete description of such vulnerabilities […]”. So from my reading of the so-called “white paper”, CTS isn’t actually revealing previously unknown security flaws.
This isn’t like Muddy Waters’ work on St. Jude, where Muddy Waters alleged security flaws with St. Jude’s pacemakers; St. Jude has since recalled pacemakers to fix security vulnerabilities (Zdnet, FDA). The difference between Muddy Waters and CTS is that Muddy Waters did actual research to find previously unknown problems with the company’s products. Now if CTS actually did find a novel security vulnerability, then I would apologize. However, the CTS report does not clearly articulate what’s a rehash of previously known security issues and what isn’t.
EDIT (3/21/2018): Correction: the bugs are real. Their severity has been overstated as they only work on systems that have already been compromised. AMD says that fixes will be available within weeks while CTS Labs is still claiming that it will take months. Status of fixes for the Promontory chipset are less clear at the moment.
Like Paypal and Visa, Bitcoin is a system that can send money digitally. The innovation that sets Bitcoin apart is that it isn’t controlled or operated by a single company. Instead of having a company like Visa run the system, anybody can join the Bitcoin network and participate in the record keeping that keeps Bitcoin running. Nobody owns the Bitcoin software or the Bitcoin network. If an oppressive government wants to shut down Bitcoin, it can’t simply go after a single company. An oppressive government would (in theory) have to go after everybody running Bitcoin server software on their computer to shut it down.
In practice, the decentralization doesn’t actually work. Most people buy Bitcoins through exchanges run by private companies, which are subject to government-imposed laws and regulations. While Bitcoin’s innovation is interesting, it doesn’t actually do anything useful in the real world. However, very few people actually understand Bitcoin. So, journalists and cryptocurrency fanatics can make up fancy stories about how Bitcoin or other cryptocurrencies will change the world.
A defective jar caused this sauce to start rotting. I contacted this company on Feb 19 (2 weeks ago) and they have yet to explain what went wrong or how they will make sure that it doesn’t happen again. If you dislike diarrhea and trips to the emergency room, stay away from KFI / Kataria Foods Inc!
Some key lessons on mining companies:
- They regularly withhold key information from investors.
- Technical reports should not be relied upon because many of them are disconnected with reality.
Without key information on a mine’s economics, these companies cannot be accurately valued. So… mining stocks aren’t a great place to look for longs. You might spent a lot of effort trying to value a mine and still fall short of being able to find reliable information on that mine.
On the short side, there are some opportunities.
3 years ago, I wrote about Chinese companies with poorly executed websites. Specifically, I pointed out that YONG and CXDC didn’t have great websites. (For your information: CXDC has a market cap of $235M and the borrow is about 7%.) Let’s revisit these companies.
- YONG: Back then, I took a large position in YONG put options, betting on the Yongye takeover bid failing. Unfortunately, the takeover bid did go through and I lost money. Fast forward 3 years, their websites have disappeared. Yongyeintl.com was the website aimed at investors. It went dark on or before September 14, 2014 according to archive.org, shortly after the going-private transaction. China-yongye.com was the Chinese language website. It went dark on or before February 28, 2017 – the website is currently an error page (in Chinese). So now you understand my irritation with losing money betting against YONG. While I don’t know what happened to this company, I think it’s safe to say that their website execution got worse.
- CXDC: Back then, they did not seem to have paid for their stock photography. Now, they have rectified that. However, the copy on this website is pretty awful. The copy on the top of the website (archive.org) reads: “Welcome to China XD Chinese website”. Those are the exact words… in English. The copy on the bottom reads: “In case of information discrepancy between the Chinese website and English website of the company, the English website shall prevail”. That’s quite the paradox- we’re welcomed to the Chinese website but apparently it is the website that will prevail in case of [sic] “information discrepancy”. On top of that, a lot of the links on the website do not work (e.g. I could not figure out how to watch their corporate video). But hey, at least they paid for their stock photography.
(Pretium has a US$1.8B market cap and the borrow is in the low single digits. I have written about this stock previously.)
Back in 2013, Strathcona resigned from the Brucejack gold project due to disagreements over what Pretium was telling investors. Graham Farquharson (Strathcona’s head honcho) was being a gentleman and allowed Pretium to disclose on their own terms (with their own PR spin). Unfortunately, Pretium instead tried to discredit Strathcona.
So, Farquharson did an interview with The Northern Miner, a trade publication. You can read the interview on the website (no paywall):
Yes, and we told them that it has an excellent chance of being a small-tonnage, high-grade mine in the Cleopatra vein, and a couple of other similar occurrences that they found in the last drilling program. If they lined all those up, there’s an excellent chance that they could have a small-tonnage, high-grade gold mine. But they will not have a mine producing 425,000 oz. a year for the next 20 years, as they have been advertising so far.
Here’s the crazy part. This is 2017 and Pretium is almost finished building that mine.