alex.moskalyuk

I always wanted to learn more about the bond market. While the stocks are pretty straightforward, bonds always have this air of mystique around them. Yields, treasury rates, bid and ask spread, ability to avoid taxation - it seems like there’s a special little market of its own. The Naked Guide to Bonds by Michael V. Brandes provides a pretty good and straightforward explanation of how the bond market operates.

US bond market lacks the degree of transparency that US stock market has, and since there’s no New York Bond Exchange, there are certain peculiarities a bond investor should consider. Some of the bond offerings are hard to sell, as they’re generally targeted towards the buy-and-hold crowd that wants fixed income, not opportunities for trading. Nevertheless, the bonds are traded, with prices determined by interest rates and market demand. Since most of the institutions in the market operate with the budget of $1 million and above, there’s actually a separate submarket for anyone trading in the lots of fewer than 1,000 bonds (pretty much all of them are priced at $1,000 to make at least one factor comparable). Effectively you might have two separate markets with two different prices quotes for the bond - a market for institutional (above one mil) and small investor (below one mil) trading. Bad news is that smaller investors get penalized, as prices for buying and selling bonds favor large institutions.

One of the reasons you might be looking into the bond market is tax-free municipal bonds, which are exempt from federal income taxes, and exempt from the state income taxes, if the bonds you buy belong to the same state you’re in. Municipal bonds, typically with lower yields than corporate or agency bonds, typically include the buyer’s income tax bracket in calculating the total rate. The bad news is, as mentioned above, most of the municipal bonds are issued for the period of 20 years, and if you need to sell them before the deadline arrives, you might be stuck with an offer, on which you’re losing the money, since the market is not that saturated. It’s also important not to make a mistake of getting municipal bonds for an IRA account - you’re giving up high yields for no income taxes, but since IRA income is already not taxed, tax-free municipal bonds generally do not belong in retirement accounts.

The book is easy reading. Not light, but definitely straightforward if you’re paying attention to what has been described in the previous chapters. The author then discusses some strategies that might be applicable to the reader, and talks about the common pitfalls, such as chasing the yield, or having no sense of direction in the bond market. Among online resources worth checking out, InvestingInBonds is perhaps the most well-known official resource. Yahoo! Finance also runs a bonds center with basic market data and some tutorials on bond trading. Bloomberg bonds center offers some news feeds for the market. MunicipalBonds is also a great site for researching one particular subset of the bond market, providing both research and news on new offerings.

Greg Linden posted another short excerpt on working on Findory - a personalized news search engine that he designed and built. Personalization pretty frequently defies your caching strategies, as delivering a new page for each user is very likely to deliver a pretty low cache hit rate. However, generating the page on the fly has to be fast, especially if it’s the first page the user sees. How does Findory deal with that? By offloading front page generation to offline batch process that pre-computes the data to be shown to the user, which is then fed into a MySQL table:

The way Findory does this is that it pre-computes as much of the expensive personalization as it can. Much of the task of matching interests to content is moved to an offline batch process. The online task of personalization, the part while the user is waiting, is reduced to a few thousand data lookups. Even a few thousand database accesses could be prohibitive given the time constraints. However, much of the content and pre-computed data is effectively read-only data. Findory replicates the read-only data out to its webservers, making these thousands of lookups lightning fast local accesses. Read-write data, such as each reader’s history on Findory, is in MySQL. MyISAM works well for this task since the data is not critical and speed is more important than transaction support.

Alexander Andonov wrote an article for a Web site called WebAppSec, which understandably deals with Web application security. He talks about the ways of circumventing standard data validation routines in PHP via tricks like Unicode representations of characters, and gives general hints on better application security, which seems to boil down to using mysql_real_escape_string() over anything else, but there are some caveats there as well. Here’s the summary:

1. Write properly quoted SQL:
   1. Single quotes around values (string literals and numbers)
   2. Backtick quotes around identifiers (databases, tables, columns, aliases)
2. Properly escape the strings and numbers:
   1. mysql_real_escape_string() for all values (string literals and numbers)
   2. intval() for all number values and the numeric parameters of LIMIT
   3. Escape wildcard/regexp metacharacters (addcslashes(’%_’) for LIKE, and you better avoid REGEXP/RLIKE)
   4. If identifiers (columns, tables or databases) or keywords (such as ASC and DESC) are referenced in the script parameters, make sure (and force) their values are chosen only as one of an explicit set of options
   5. No matter what validation steps you take when processing the user input in your scripts, always do the escaping steps before issuing the query. Validation is not a substitute for escaping!

Pretty frequently in PHP you would see addslashes() used to supposedly clean the user’s input. It’s helpful to know the difference between addslashes() and mysql_real_escape_string(), and Chris Shiflett has written an article to explain exactly that. There’s also a table describing the main differences between the two. Shiflett is the author of O’Reilly’s Essential PHP Security, and has two free chapters from the book available on the site.

It’s a rare event nowadays, but nevertheless FDIC shut down an Internet-only bank NetBank, with ING Direct assuming the deposits. The online bank has been a good source for some sweet deals on online deposits, and charged no fees for incoming wire transfers - a rare deal nowadays (but the one that’s still supported by EverBank).

What’s amusing is that the bank has not even had that much exposure to subprime market, it was just a mess as far as execution and business model were concerned. There’s a post-mortem by Wall Street Journal:

But its Achilles’ heel was sloppy underwriting of loans, according to federal regulators. The Office of Thrift Supervision said weak underwriting standards, failed business strategies and a lack of proper controls forced NetBank to suffer significant losses - including more than $200 million for 2006.

Their customer service wasn’t that great either, but I guess that’s expectable when the management is trying to cut losses. Same article also points out how infrequent bank failures have become:

Of 8,600 banks insured by the FDIC, only one other has failed this year - Metropolitan Savings Bank of Pittsburgh. NetBank is the biggest failure since the June 1993 failure of Western FSB, Marina del Rey, Calif., which held $3.8 billion in assets.

I like how FDIC is managing the transition - NetBank site is down for right now, but will be back on Sunday evening in its original shape, although managed by ING Direct. There’s no migration process, no calls to the customer support to verify your identity - the site will just come back as it is, allowing old usernames and passwords.

Looks like Gadi Evron, security researcher from Israel CERT, a well-known botnet expert, and frequent presenter at DefCon, is quite pissed at GNR, the company behind .name top-level domain. Not sure what the story is, since their whois seems to work fine for me (that is, there’s no data available for most of the searches), but according to Wired, GNR is now charging $2 for 24-hour access to its whois database:

That’s $2 too much for security researcher Gadi Evron, one of the leading authorities on zombie computer networks. “What they have done is made sure the .name TLD is free haven for bad guys to lurk on,” Evron said. “If I need to report 1,000 domains, I’m not going pay $2,000.”

Not sure how it’s different from private registration of .com and .net domains, offered by many registrars. They won’t divulge the data either, unless subpoenaed, and theoretically a phishing site could just hide behind a more generic TLD with private registration.

High Scalability Blog and Rich Skrenta both point to the 0.1 release of KFS - a file system optimized for applications working with large amounts of data.

The data is divided into chunks which are stored on chunk servers. KFS takes care of replicating those chunks and balancing them among the available servers. Adding new machines supposedly re-balances your storage architecture. According to the official Kosmix blog, KFS can be used as a storage system for Hadoop and zVents’ HyperTable. Ethan Stock of zVents talks about the importance of the release.

For anyone considering replacing an HDTV set with a projector and a blank wall at some point, there’s good news - Panasonic is coming up with a high-definition (that is 1920 x 1200) projector.

The PT-AE2000U projector reproduces Hollywood movies, independent films and other entertainment with exceptional color accuracy. Its enhanced unique Pure Color Filter Pro uses optical adjustment to achieve a higher purity level of the three primary colors; it also helps displays deeper, purer blacks. The color space has been extended even more to match the approximate level specified in the digital cinema industry. The new projector also incorporates Panasonic’s well-known Smooth Screen technology that reduces the black lines between pixels that mar picture quality. The technology has been tuned together with the new full-HD optical unit, allowing consumers to enjoy vibrant, smooth images found in commercial movie theaters. In addition, Panasonic’s original Dynamic Iris has also been improved for further stability and response by controlling the iris speed at finer increments to help reproduce darker blacks and brighter whites. The image processing system has been improved dramatically, with a maximum of 16 bit digital signal processing making it possible to reproduce subtle hues and brightness variations faithfully with greater smoothness.

With frequent changing of apartments it’s always a crap shot on whether the next bedroom/office will have a cable outlet or not. I was briefly considering purchasing a wireless bridge for my desktop machines, but then figured out since 802.11 b/g USB drives were so cheap nowadays, I might just as well go with those.

TRENDnet TEW-424UB was the first choice, since pretty frequently on CompUSA Web site the adapter will sell for $15 with a $10 rebate. Rebates for TrendNet are pretty reliable and come in the mail, but the adapter itself seems to be a total opposite. Its coverage seems to be quite spotty, and on my wife’s HP laptop with the drivers pre-installed it kept being recognized as some RealTEK networking product. Who knows, could be a Windows XP issue.

D-Link DWL-G120 (AirPlus Xtreme G Wireless USB Adapter 802.11g, 54Mbps) is also quite frequently on sale from Buy.com, which in combination with Google Checkout’s $10 off for new customers would sometimes yield you a free product. The driver for this guy has not been certified for Windows, of which you’re warned on installation, but little you can do at that point. Lack of certification seems to be appropriate considering the occasional blue screens of death the driver causes. Windows Error Reporting then redirects you to a page with generic “driver failure” message, which doesn’t help much. There’s not an updated version of a driver, nor a Windows-certified one.

What seemed to work for me flawlessly (so far) is ZyXEL ZyAIR G-220 - USB 2.0 802.11G Wireless Adapter & Soft-AP, which I generally got on Buy.com. The driver installation goes through pretty well, there’s an additional utility for wireless network management you can install, if you opt to use another one outside of Windows’ default. Right now they sell it for $27 with a $17 rebate (which is trackable online, and which I got). However, on Buy.com checkout screen there’s also an option to get a free magazine subscription. Opt out of that, and you’re eligible to receive a $10 rebate, bringing the price of the wireless adapter effectively to $0 (except for sales tax in California). I have not received that rebate yet, and it does seem kinda shady without online tracking. Nevertheless, so far this adapter seems to perform the best.