Finally, the banks are getting it...

Amongst the headlines of various financial publications this morning I found an article
talking about Citibank offering to refinance home loans. That they need to
is perhaps part of their own doing.

In the USA, the interest paid on a loan is indexed against your credit score. An example of this can be seen in this table http://www.myfico.com/myfico/creditcentral/LoanRates.asp where a low credit score results in twice the interest to be paid.
This represents the risk to the bank - a low credit score means you're not very good
at paying all of your bills (credit cards, utilities, etc.) So a person with a high
risk has to pay more because the chance of them defaulting is considered to be greater.

While this model can make it very profitable to be a bank, it can all come unstuck
if there are too many people defaulting because they cannot afford the interest
repayments. And that's where we are now. Too many empty homes for people that cannot
afford the loans sitting on bank balance sheets, losing value and the bank money.

One wonders if banks should have been doing this 12 months ago, but perhaps they
thought there were enough people with good credit that could soak up the excess
property that has come onto the market. Although it can be hard to believe that the
banks didn't know this was coming, maybe they had a different view of reality.
I would really like to have seen what internal spreadsheets were predicting for
loans in the sub-prime category.

While I haven't read any details about what Citigroup and Wells Fargo are doing
with respect to refinancing, one hopes that they realise that a home with people
giving them some money every month is better than an empty, foreclosed, home that
they can't sell.

What I'd like to see is a complete abandonment of the credit-score linked to
interest rate model. It disadvantages those who would benefit from low interest
the most. In essence, the credit score penalises the poor for being poor and making
bad money decisions and benefits the wealthy. What we should be doing is preventing
the poor from being able to make mistakes with money by restricting the amount of
credit they can have or reducing the amount they can obtain via a loan. Index the
maxmimum amount of debt they're allowed to have via the credit score rather than
how much that debt costs them.

If Solaris dies, will Linux stagnate?

In a story posted on the New York Times titled "Is Sun Solaris on its deathbed?",
a rather one sided view of Linux vs Solaris is presented. The casual reader might be
inclined to agree that Solaris is in trouble, but if it is, what does that mean for
Linux?

By and large, most open source projects exist to provide a free alternative to some
commercial product that you must pay for. Linux started out as a free Unix-like operating system when you had to buy Solaris, never mind whether or not it ran on a PC.
If you look at the length and bredth of open source software, it is incredibly hard to
find something that was done first there or where open source innovation led commercial
space.

Lets analyse this for a bit. In the commercial sector, you need to come up with new ideas and new features to woo the customer into paying for something new or to convince the customer that your product is better than the other one.
In the open source space, many of the contributors work on something that they first
see in a commercial product - i.e. the Linux equivalent of Solaris' DTrace.
If Solaris hadn't of brought the world DTrace, would Linux?

If I stop and think about the flow of ideas between Linux and Solaris, it is hard to
see anything new that Linux is doing that OpenSolaris wants to follow.
The best that seems to happen is someone in Linux comes up with a better way of doing
X. If I expanded the set of operating systems to include AIX and HP-UX, there may
indeed be very very little innovation in Linux. And that should scare Linux.

And that leads me to the title of this blog entry: if Solaris and the other Unix-like operating systems die, who will Linux be left to copy? If Linux is thereafter left to innovate on its own (something that it hasn't seemed able to do
in 15 years of existence, so far), will it happen? Or will it simply flounder and stagnate because the real innovation that it has relied on to copy has disappeared?

SNMP trap sending added to IPFilter

Late last night, or early this morning, or was it yesterday morning, I finished adding sending of SNMP traps, in response to logging events, to ipmon. ipmon is the daemon that performs logging for IP Filter.

This feature is only present in IPFilter 5.0 and won't be back ported to the 4.1 series. The configuration allows for matching on the same data to send both v1 and v2 traps - if that's what is desired. The configuration options for enabling sending of traps looks like this:

match { logtag = 10000 }
do { send-trap v1 community public 192.168.1.239 };
#
match { logtag = 10000 }
do { send-trap v2 community read 192.168.1.239 };
#

Of course it goes without saying that to enable this to work you will need to allow SNMP traps to be sent out of the firewall. There are a couple of issues that need to be discussed and resolved:

• what address (given a firewall can have many) should be included in the trap message and how should it be configured - or just left as 0?


• what should "uptime" be reported as? The time since IPFilter was last enabled, the current time or something else?


• There's a request_id in SNMPv2 and some error numbers in both v1 and v2. Does it make sense for these to all be 0 or something else - and if so what?

So the hard work (creating the trap messages!) is done, now there's just some gaps to fill in.

A disaster waiting to happen...

To follow up on my earlier post, not only have logins been centralised between blogs.sun.com and other parts of Sun's Internet facing web pages but the login names are derived from publicly available data and the passwords ... I'm not sure if I should mention what our passwords are, suffice to say that if someone managed to hack any of the sun.com web pages used for logins and captured passwords then a lot of Sun employees might need to change their password. (And that's the rosy side of a successful attack. The dark side is everyone inside sun.com will need to.)

A couple of decades ago, we would have had those concerns for mail software (and perhaps we still should) but whatever problems there are with email now is dwarfed by those with web pages. Maybe in a couple of decades using sensitive passwords on outer web pages will be considered "ok" or "safe" by many but for now, such designs leave me aghast.

New single signon at sun.com

By day I have a normal job, doing programming at Sun Microsystems, for Solaris, where we are encourraged to blog, from time to time, about what's on our mind or what we're doing at work. It's a relatively big company and has lots of infrastructure run by different people. Some things start out small, on their own, only to get rolled up into the corporate mess later. One such example of this is the blog website they have for employees, past as well as present.

From time to time I used to scribble there about what was on my mind, more often about current affairs than about work. But of late there seems to have been an infrastructure change and now blogs.sun.com wants you to login via identity.sun.com. Well, that doesn't work for me. I've had a different blog account name to username for downloading from sun.com and both of those are different to my internal Sun logins - and for very good reason: I update and edit my blog from wherever I might be, using a different username and password to everything else, thereby not exposing internal login details to the whims of the Internet. For downloading, I've been using a username/password that predates my blog account and is just a random email addres/password/username - they don't need to know who I am when I'm downloading the latest CD/DVD images from the Internet.

Now they want me to use just one username/password for everything.

Sounds great, sounds simple, sounds amazing.

But it now requires cookies to be exchangedbetween parts of sun.com's website that I'd previously not allowed. Sorry Sun, my privacy policy does not agree with your new expanded use of cookies and logins.

So it would seem that any further blogging by me on blogs.sun.com will have to be from work - I'm not even sure if that will work yet. I don't know if they'll get what they wanted from that.