The DOW 10K priced as opportunity cost

Economists love the concept of opportunity cost because it gives you a the real long-term value of an investment or purchase in relative terms – which is really the only way to calculate value. On Wednesday the DOW hit 10,000 again. The US financial press did their part to ring the bell while the banking community celebrated the boost in perceived value and the increased likelihood that the public would buy their wares.

Fox News, like clockwork, has given former asshole president Bush credit for the recovery. (Skip to 3:00 in the video) “He took the bold moves and look where we are today..”.

John Authers in the Finanial Times is almost embarrassed on Thursday as he delivers the news of what a DOW 10K means in real, opportunity cost terms. If you invested in the DOW in 1999:

  • Relative to emerging markets you’ve lost 80% of your money.
  • Relative to gold you’ve lost 75% of your money.
  • And even in dollar terms corrected for inflation (using the CPI) you’ve lost around 23% of your money.


Using and understanding the world-wide city database data

One of the most popular pages on this blog is a post I wrote two years ago titled “World wide cities database and other free geospatial data“. There are still few people out there who realize that not only can you get a free world-wide cities database from the national geospatial ingelligence agency in the US, but they have around 4 million other points around the world that even include things like undersea features, palm groves, vineyards and a lot more.

I got an email from Jamil today asking about how to interpret the data in the NGIA’s database. You can find the data he’s referring to at the NGIA’s site. Each record has a feature classification and a feature designation code. You can see the schema (but without what the codes are) here. For some reason I couldn’t find the actual classifications and designations on the site.

I did find them posted here. The information may be included in the NGIA’s download files – I haven’t checked.

SSL Timeouts and layer 3 infrastructure

I’ve spent the last 5 days agonizing over a very hard problem on my network. Using curl, LWP::UserAgent, openssl, wget or any other SSL client, I’d see connections either timeout or hang halfway through the transfer. Everything else works fine including secure protocols like SSH and TLS. In fact inbound SSL connections work great too. It’s just when I connect to an external SSL host that it hiccups.

If you remember your OSI model, SSL is well above layer 3 (IP addresses and routers) and layer 2 (LAN traffic routed via MAC addresses). So the last place I planned to look was the network infrastructure.

I eliminated specific clients by trying others and I eliminated the OS by spinning up virtual machines running other versions of Linux. I elminated my physical hardware by reproducing it on a non Dell server and having one of the ops guys repro it on his OS X macbook.

And just to prove it was the network, which is all that was left, I set up a VPN from one of my machines that tunnelled all traffic over the VPN to a machine on an external network that acted as the router, thereby encapsulating the layer 2 and 3 traffic in a layer 4 and 5 VPN. And the problem went away. So I knew it was the network.

Tonight a few minutes ago my colo provider took down my local router and I gracefully failed over to the redundant router, and lo and behold the problem has gone away.

I still don’t know what it is, but what I do know is that a big chunk of layer 3 infrastructure has been changed and it’s fixed a layer 5 problem. What’s weird is that TCP connections (which is what SSL rides on top of) have delivery confirmation. So if the problem was packet loss, TCP would just request the packet again. So it’s something else and something that only affects SSL – and only connections bound from my servers out to the Internet.

The reason I’m posting this is because during the hours I spent Googling this issue this week (and finding nothing) I saw a lot of complaints about SSL timeouts and no solutions. So if you’re getting timeouts like this, check your underlying infrastructure and you might just be surprised. To verify that it’s a network problem, set up a VLAN using PPTP. Set up NAT on the external linux machine that is your VLAN server. Then disable the default gateway on the machine having the issue (the VLAN client) and verify that all traffic is routing via your VLAN. Then try and reproduce the SSL timeout and if it doesn’t occur, it’s probably your layer 2 or 3 infrastructure.

How to mirror someone elses web server with iptables

It took me a while to find this – I needed it for testing purposes, nothing malicious. If you’d like your web server somewhere on the web to pretend to be any other web server, even a secure one, you can do the following. x.x.x.x is your own server and y.y.y.y is the ip of the server you’re trying to mirror. I’m also assuming you only have one network card in the machine and it’s called eth0. The following will mirror a secure web server. If you’d like to mirror a regular web server, replace 443 with port 80.

iptables -t nat -A PREROUTING -p tcp -i eth0 -d x.x.x.x --dport 443 -j DNAT --to y.y.y.y
iptables -t nat -A POSTROUTING -p tcp -o eth0 -d y.y.y.y --dport 443 -j MASQUERADE

If this doesn’t work you probably have to enable packet forwarding like this:

echo 1 > /proc/sys/net/ipv4/ip_forward

Super fast & easy virtual server setup on Ubuntu (Jaunty)

While I upgrade to Karmic, here’s a quick setup to get a virtual ubuntu server running on a real ubuntu server:

As root:

ubuntu-vm-builder kvm jaunty --hostname dev2 --addpkg  openssh-server vim  -d /usr/local/vms/dev2 --mem 256 --libvirt qemu:///system

This will create a jaunty jackalope ubuntu virtual server using the KVM hypervisor. The hostname will be dev2. It will add the openssh-server package as well as vim. It will put it in the /usr/local/vms/dev2 directory. It’ll allocate 256 Megs of memory for the machine. The libvirt options automatically adds your new machine to the qemu:///system domain.

Once you’re done you can run:


In the virsh shell type:

list --all

You should see your new machine listed.

To set up networking type ‘edit dev2′.

Change (or add) the following:

<interface type=’bridge’>
<source bridge=’br0’/>
<target dev=’vnet0’/>

Leave out anything about a MAC address because virsh will automatically add that for you.

Now the hard part. You want to create a linux bridge.

If you have only one network interface on the box you’re going to need physical access. I’m going to assume that’s the case. [If you have a second, just leave it up and make sure you’re ssh’ing in via that port]

ifconfig eth0 down
ifconfig eth0
brctl addbr br0
brctl addif br0 eth0
ifconfig br0 up

At this point your bridge is up and your virtual machine can use it, but the guest OS doesn’t have an IP of it’s own. So:

ifconfig br0 netmask

Now add a default gateway to your host:

route add default gw

Now comes another tricky part. If you’re running all this on a machine with a GUI, life is easy. I’m going to assume you, like me, run ubuntu server. You need to launch your new virtual machine and you need to connect to it using VNC. Lets say you have a MacBook and want to run the VNC client on that. Here’s what you do:

On the macbook launch a terminal. Go to root with: sudo su –


ssh -f -N -L 5900: root@your_host_machines_ip

On the host machine run:

ssh -f -N -L 88:localhost:5900 root@your_host_machines_ip

Now go and download Chicken of the VNC for your Mac.

Now on the host operating system run:

virsh start dev2

Then launch Chicken of the VNC and just connect to localhost. Bang you should have a console!

Now edit your network settings:

vim /etc/network/interfaces

Just configure your network as per normal as if the machine was on your physical network. Something like:

auto eth0
iface eth0 inet static

Then do

/etc/init.d/network restart

And … unless I’ve forgotten a step which is quite likely … you should be up and running. Make sure the ssh server is running on your new server and try and ssh to your virtual server’s IP from the host machine.

If you can’t ping the default gateway make sure your firewall software (if you have any) isn’t interfering. If you run shorewall you want to change the following:

Edit the /etc/shorewall/interfaces file and change ‘eth0’ to ‘br0’

Also add routeback,bridge to br0 so it looks something like this:

net     br0  detect  routeback,bridge,tcpflags,norfc1918,routefilter,nosmurfs,logmartians

Restart shorewall and give it a try.

Now if you want to upgrade your new virtual Jaunty machine to karmic, simply do a:

apt-get install update-manager-core
do-release-upgrade -d

I’ll try to include the settings in the host /etc/network/interfaces for br0 soon.

If you’re still stuck, here are some great links:

Introduction to Linux bridging.

Info on libvirt.

Setting up a bridge.

ubuntu-vm-builder short guide.

The profitable business of taking money from startups

Under the guise of fostering innovation, guys like The Life Sciences and Healthcare Venture Summit, who spammed me today are happily taking money from entrepreneurs and offering a tax deductible day out of the office in return. Perhaps I’m inspired by Jason Calcanis’s recent jihad against investors that charge you to pitch, but these high cost ‘for-the-startup-community’ events are a waste of time and money and something that’s been grating me for some time now.

The event above charges you $595 for early registration. It’s a one day event. If they net 5000 suckers, that’s $2,975,000 in revenue. Host an event every 2 months and you’re into a more than $17 million dollar business.

Have you ever tried to elevator pitch an investor at a startup ‘networking’ event? Don’t!

Have you ever learned anything new at a startup event? Sure you have, but you’re surrounded by your competitors and the instant it hits everyone else’s ears it’s useless to you as a potential differentiator. And it’ll be all over Techmeme tomorrow anyway.

Real networking is done one on one. It’s not about handing out business cards and expecting a few ‘hits’. It’s about investing your time and talent in people and their businesses. One day they may have an opportunity to return the favor, but there’s never any expectation. Relationships are built through shared experiences, not by breathing the air someone else recently finished with.

Real innovation is done by doing it. You don’t create something new by getting a history lesson in a crowded room.

The really useful data is found where everyone else isn’t looking. Have you ever looked at the wealth of excellent government data out there? Did you know there are huge cults of quilting and scrap-booking blogging communities out there?


Bleet: Big VC’s aren’t always the best choice

What’s a Bleet? A blog entry that really should be a tweet.

Naval and Nivi (venturehacks) posted an interesting tweet today:

Chris Dixon on the problem with taking seed money from big VCs: Some solutions:

I agree. I think there’s cachet value in having a large VC invest and based on Chris’s (IMO correct) views you need to decide if that value is worth the extra equity you’re giving up. The only scenario I can think of where cachet adds tangible value for founders is if you’re grooming the business for IPO or exit.

An immaginary conversation about immigration with Glenn Beck

Update: I wrote this blog entry and then predictably, I unposted it after my more diplomatic side took over. But it got out via my RSS feed anyway and a friend enjoyed it. So here it is in all it’s left wing liberal glory. I’m switching the published date to today. Enjoy.

I’m an immigrant.glennBeckXenophobe

“Oooh nasty! Are you here to send your dirty kids to our schools?”


“Are you going to leech of our social security?”


“Are you going to steal jobs from my family and my kids?”


“Are you going to rip off our great health care system and then scuttle back to the dirty little hole you came from?”

Um, no. Hey I didn’t accidentally cross the Canadian border did I?

“So what are you doing in this here land of the free and home of the brave boy?”

I’m here to create jobs for your kids. I moved here in 2003. Since then I’ve created four technology startups with the goal of building a profitable business, bringing foreign currency to the United States and creating jobs for Americans. I created one of the worlds largest job search engines to help Americans find jobs. I currently run a software business who’s products are used by over 300,000 websites world-wide and that brings foreign currency to the USA.

“Oh come now. You’re just taking money away from American investors.”

Actually most of my investors are self-made and are also immigrants. Some of them helped create Google, that great company co-founded by Sergei Brin, also an immigrant.

“So what’s your point?”

Well my point is that I’m surprised I have to have this conversation with you at all my little xenophobic marshmallow-faced friend. You may not realize it but you are costing this country billions in future earnings with your crappy attitude. Immigrant entrepreneurs are feeling pretty damn unappreciated thanks to you.

“OK so what are you going to do? Move to Russia or something?”

Actually Chile is sounding pretty good right now and is probably going to steal a truckload of talent that would have created millions of jobs and billions in future taxable dollars for the USA. If you invest $500,000 over 5 years, they’ll give you permanent residency, $30,000 to visit and explore Chile for due diligence, another $30,000 to launch your company in Chile, give you up to $1 Million for rent if you’re in one of their tech centers, up to $25,000 per year for training expenses for each of the locals you hire from one of their excellent engineering schools. You can even bring your own talented people to the country from anywhere in the world and Chile will pay for their training too. They’ll pay 40% of your costs if you want to build your own office up to $2 Million. And if your talented friends want to move to Chile they automatically get a working visa if they get a legitimate job.

“So go! American’s are a tough breed. We know how to take care of ourselves!”

Actually, you’ve been relying on us immigrant types for some time now. Albert Einstein immigrated to the United States and brought with him the physics you needed to create the first atomic bomb. Wernher Von Braun and 1,600 other scientists and engineers were brought to the United States post World War 2 as part of operation paperclip and Von Braun and his men were the creators of the Saturn V rocket that took the US to the moon. The space race gave birth to Silicon Valley, much of which continues to be powered by immigrant intellects today. Over half of all Valley Startups and one quarter of all American tech companies are started by immigrants.

“So what the hell do you want me to do?”

I want you to stop promoting a culture of xenophobia in this country. I want you to start thinking about what an opportunity this country has right now because, for all the America haters out there, there are still boatloads of PhD’s and business creators who want to come to this country. All we have to do is open our front doors to them and make them feel welcome. We don’t even have to throw tax dollars at them. They are self sufficient and through fulfilling their own dreams they’ll help fulfill the dreams you have for your children.



I’m in Colorado in a semi-rural area in Elbert County in the town of Elizabeth. I get a lot of work done here because there’s not much going on. This is taken from my macbook’s webcam pointed out the window.


Great interview with Columbia’s Bruce Greenwald on value investing

There’s a spectacular interview on today with my favorite FT journalist John Authers with Bruce Greenwald who teaches Ben Graham’s value investing course at Columbia.

Bruce talks about behavioural finance and the irrationality of investors, the often ignored mathematical realities of the market, the brutality and danger of short selling (all short sales are treated as short term capital gains), the power and value of franchise and much more!

I love his constant reminder of what value actually means: First look at the balance sheet, then current earnings ignoring growth.

He does a great fast analysis of why even value investors got caught with Fannie and Freddie because they misanalysed the balance sheet.