You should check out "Madoff: the Monster of Wall Street" on Netflix, which struggles to dramatize the actual operation of his scam because the reality of it was so incredibly simplistic.
the reality of it boiled down to “Madoff was too big and important for anyone to dare question”.
Yes, the fraud itself was extremely simple, but I also highly doubt that a random noname like SBF could have pulled that off at the time. You really had to be someone. Someone the SEC didn’t want to touch.
I was ready to reply with an “um actually it is an arbitrary number” but… no… it is literally a random number. How did someone commit that and sleep at night?
It’s amazing that some people still defend SBF. Among his sycophants is Michael Lewis, author of Moneyball, The Big Short, and now “Going Infinite” which somehow manages to gloss over the rampant fraud happening at FTX since inception.
He describes it as a "letter to the jury" (which I interpret as an statement of intention to reframe the popular understanding of what happened - presumably Lewis knows that jurors aren't supposed to read editorials about the case & is speaking figuratively) and casts SBF in a sympathetic light while casting aspersions on the executives executing the bankruptcy. Like GP mentioned, it glosses over the red flags and such to present a different narrative of Lewis' choosing. I think it's fair to characterize Lewis as carrying water. It's also a character study, sure, but there's no contradiction there.
"Many of the reviews that I have read of the book complain that Lewis does not sufficiently explain that Bankman-Fried is Guilty and Bad, Actually, but that is not the book that he wanted to write... If you want to read a moral condemnation of crypto theft, you can get that anywhere. You go to Michael Lewis for character and story.
Also, reading those reviews you would think that the book is a defense of Bankman-Fried, but it is actually quite damning."
I’d say it’s less random than the headline makes it seem. It’s a random value with mean of 7500 and standard deviation of 3000 pulled from a normal distribution. And, it’s multiplied by the daily volume. So, there may be some thought here. It’s adding about $7,500 per trading unit volume. Not saying it’s legal or anything.
Would you say that a function that always returned 0 or 1 would be more/less/equally random than a function that returned any int32 with equal probability?
I would normally say the latter is more random, because you're getting more entropy per call. In the same sense, a function drawing from a normal distribution is less random than one drawing from a uniform distribution.
(All of this depends on a computers view of the world, where values are in data types that have some number of bits. In a mathy view of the world where every value is effectively infinitely many bits you get just as much entropy sampling from a normal distribution as a uniform one.)
> a function drawing from a normal distribution is less random than one drawing from a uniform distribution
That's some mathematical nonsense.
A normal distribution is continuous from negative infinity to positive infinity, so even by your flawed judgement of what makes something "random", a sample from the normal distrubtion has far more possibilities.
The standard normal distribution is almost the definition of random.
Again, it depends on whether you are looking at this from a pure math perspective or a "math as implemented on computers" perspective. I'm only claiming that this use of more/less random makes sense in a computational context.
But in that context, there is more entropy in a float32 drawn from a uniform distribution than a float32 drawn from a normal distribution, no?
Note that continuous and discrete entropies mean different things, and their values can't be compared directly. That H_E and H_B are both 1 is not meaningful.
I think you've changed what you're meaning by entropy, it isn't really a meaningful measure of "randomness".
Afterall, how can U(0,1) be considered to be "less random" than U(0,1000) when U(0,1000) = 1000*U(0,1). A constant factor can't change how "random" something is.
If you look at this from a computers ("everything is discrete eventually") perspective, U(0,1) is less random than U(0,1000) because U(0,1000) != 1000U(0,1). For example, if you're using a fixed-point encoding that allocates values uniformly, it will have 1000x as many possible values for [0,1000] as [0,1], and so getting any specific value from U(0,1) is 1000x more likely than any specific value from U(0,1000). If you draw from U(0,1) and then multiply by 1000 you'll never produce most values that U(0,1000) could produce.
If you look at it from a math ("continuous is actually possible") perspective I have a much weaker handle on it, but I think the problem is that the entropy of 1000U(0,1) is not the same as the entropy of U(0,1)?
That’s a bit like saying that our bodies are random numbers because of quantum fluctuations. It may be true, but the distribution is the part that matters.
It’s still ridiculous to use a normal distribution to calculate how much money should go into an insurance fund that needs to cover sudden, severe losses.
Let’s do a lottery together. We each throw in some money. Since they’re both just as random, I’m sure you won’t mind if I use a normal distribution, and choose each of our positions on the number line. :)
If you order randomness by entropy, the uniform distribution is indeed, in some sense, "more random" than any other probability distribution with the same support.
It basically takes the daily volume, multiplies it by 0.00075% (on average) and adds that to the insurance fund. FTX charges a % fee on every trade, so this is the equivalent of taking a fraction of their fee revenue and putting that into an insurance fund, which seems pretty reasonable.
In another company, it wouldn't be impossible that some other function in some other code used that variable for an actual transaction into an actual fund.
If you look closely, you may notice that the code that "adds to the insurance fund" doesn't _take_ that money from anywhere. It's just retrieving a number from the database, adding a value to it out of thin air and writing it back. This number was then presented to users as representing the balance of the insurance fund protecting their assets.
There was an actual insurance fund and it had a tiny fraction (5% or less) of what this number in the database claimed. The random numbers generated by this code did not represent actual contributions to said insurance fund. They were not, in fact, taking a fraction of their fee revenue and putting it into an insurance fund.
They were not doing anything even remotely reasonable, this was a flat-out lie.
agreed- title vs what is written in twitter is a bit misleading than what the code actually does. at first glance it is far too easy to assume the random numbers will be around 7500 - but in reality folks may not understand stddev's, and that the random number produced in this method can still yield a negative (just with less likelihood)
> he did commit many of the moral breeches that are committed by existing governmental and financial institutions at scale without any legal repercussions
Example? Bankman-Fried committed outright fraud. He lied and stole money. This is simply incomparable to what anyone in finance is doing, much less being left unpunished for.
I disagree. Banks take my money and lend it out to others, like businesses who are losing money, not profitable, and want venture debt. They take MY money, and give it to unprofitable businesses, with the hope that they'll be some day profitable.
"But that's how banks work", you say. Only because you drunk the Kool-Aid. Only because banks are so damn good at managing risk that we haven't questioned the practice. But at the end of the day, it's my money, and they shouldn't have the right to lend it against my will.
"But you could store money under your mattress", you say. If taxpayer money can provide me with the necessary security guards for that, sure. If not, I don't consider it an option.
SBF was just worse than Bank of America at managing the risk, and got into deep shit. SVB got into deep shit but because the law allows them to legally commit the same fraud of lending out money they don't own, the law protected them with FDIC funds. Bank of America is equally in the wrong, though, it's a messed up system that we just accept because everyone around you accepts it.
Banks are forced to have some capabilities in risk management and controls because they are regulated and supervised to that effect.
You can buy short-dated treasury bills if you want direct tax payers support for your money, for example. Giving money to a bank is lending the money to the bank with your permission, but there are other debtors available.
> Giving money to a bank is lending the money to the bank with your permission
It shouldn't be that way. Banks should be forced to either (a) never lend your money out, or (b) offer an interest rate higher than the Treasury plus state taxes -- that's the only reason I'd ever want to lend to them.
Yeah why not? They can also lend my money out if they want, and give me 8% interest, if so I'm interested and I would agree. Any less than 6.5% and it's a hard no-consent-to-lending-my-money because the Treasury gives me more.
> They can also lend my money out if they want, and give me 8% interest, if so I'm interested and I would agree
But you're already agreeing at prevailing rates! You have other options, and you're not taking them. Why would they pay you more for shits and giggles?
> Any less than 6.5% and it's a hard no-consent-to-lending-my-money because the Treasury gives me more.
If you want taxpayer-funded protection of your savings, that comes in return for your money being used to fund economic activity that generates those taxes.
Thems the breaks. Take it up with your government if you don't like it.
> If you want taxpayer-funded protection of your savings, that comes in return for your money being used to fund economic activity that generates those taxes.
Sure, if you give me the interest rate, sure.
But if the feds are giving me 5.5%, you, as a private bank, better well give me 6.25% so that it's >5.5% after state taxes. If you give me ANY LESS than 6.25% you have no right to lend out my money.
> If you give me ANY LESS than 6.25% you have no right to lend out my money.
Where do you want this free return to come from? While also funding all the things people using a checking account properly (i.e. not to generate a return) want from it, e.g. transaction capabilities?
Again, you can literally get this by buying Treasuries. But you don't want that--you also want the other things. For free. I, too, want free things. But it's obviously not a serious suggestion.
> Where do you want this free return to come from?
I dunno, the Treasury gives me the 5.5% which is the same as a private bank giving me 6.25% and getting robbed by the state of California which leaves me with 5.5%.
Banks want my money? They need to beat that bar.
I dunno, lend it out to someone at 10% to buy a car and then give me 6.25%. Be creative. But I'm not taking Chase Bank's laughable 0.01% or even WealthFront's stupid 4.8%. It's not 6.25%, they didn't beat the bar, plain and simple.
If you're only giving me 1% you might as well give me 0% and I forbid you to lend out my money.
I don't think so. If people buy things only with money they actually have, prices will be forced to come down.
Prices are high because the whole damn country has a habit of buying things they can't afford. It's not actually normal to do that in a lot of the world.
> not actually normal to do that in a lot of the world.
The U.S. is number 15 in the world by household debt to GDP [1]. The winners in your low household debt basket are Pakistan, Algeria, Ukraine, Tajikistan and Bangladesh.
> SBF was just worse than Bank of America at managing the risk
He lied about it. Also, he wasn't lending money to anyone. He was lending it to himself. If Bank of America was lending most of its balance sheet to its CEO, that would be a problem!
> SVB got into deep shit but because the law allows them to legally commit the same fraud of lending out money they don't own
They do own it. You lent it to them. Depositing money at a bank is not putting your cash in custody. There are cash custodian services, though it's more traditional to custody Treasuries. You didn't go to them. And again, at no point were you mislead.
We get these frauds every generation because money and banking is complicated. But instead of addressing that deficit with understanding, enough people deal with it by pretending it doesn't exist, thereby making themselves vulnerable to those who take advantage of that willful ignorance.
That's just moral defeatism. Fraud exists in many businesses and institutions. A healthier outlook on this is that we need to stop it whenever we can, not that we should give up because "everyone does it".
I read it to mean let's hold our governmental and financial institutions to a higher standard. The Fed has allow_negative too, are they truly held accountable?
> Fed has allow_negative too, are they truly held accountable?
To an inefficient degree, yes. Congressional oversight of the Fed is massive because it's popular with many voters. That unfortunately crowds out oversight over the many other financial organs of the United States, e.g. the FHLB.
SBF did what he did outside the system because that's the only way he could have committed fraud like this.
He ran a literal ponzi scheme, something the SEC was created to combat and that Bernie madoff ramped protects against up to 11. He could not have pulled of this scheme without unregulated securities, that was the point.
Say what you will about finance, but the fact is you get a ton of information and protection when you go through the system. Bypass it at your own peril.
Semi-related: AIUI, in most places where you legitimately want a “random number”, what you actually want is a number that is knowably, causally unrelated to the other figures so you know you’re screening off accidental correlations. In practice, random numbers accomplish this, but randomness isn’t quite the same thing as what you’re striving for.
So, for example, the problem with “randomly” picking 4 every time (a la xkcd) is that it introduces a spurious correlation between the places where it’s used.
4 doesn't originate from XKCD, it originates from Playstation 3's firmware. Ultimately, 4 is a random number, so the developer in question could argue he was technically correct, it's the specification that's wrong.
The xkcd reference was a joke used in the fail0verflow CCC PS3 presentation in 2010. I don't know what the reused nonce was but it probably wasn't 4, and the xkcd comic is from 2007.
I have many of his books on my shelf. Each and every one was a great read. However, his defiant defense of SBF makes me question every thing I learned from them. They are still great reads but now I'm more inclined to just treat everything by Michael Lewis as frivolous fiction only loosely based on reality. It's a shame, he lost a lot of credibility with his latest publication. Even more after his 60 minutes interview.
The function doesn't calculate the insurance fund amount directly, it only applies a change to the insurance fund (line 28), based on last day's trading volume. Presumably this function gets run every day, so the size of the insurance fund would be the sum of this process repeated multiple times. The chances of that going to negative would be astronomically low.
np.random itself with that configuration can go negative with a probability of 0.62% as can be derived with scipy.stats.norm(loc = 7500, scale = 3000).cdf(0) or by looping a million times and counting the negative numbers.
Maybe the f2d function filters negative values but it sounds like a simple float-to-double conversion.
I'm not sure whether it was intentional, but, contrary to the headline, this random value was used to update the fund size daily as shown in the rest of the code. So, a single day for which the fund actually decreases wouldn't matter much. It might even be beneficial to make it look more real.
f2d does seem like float-to-decimal (edit, typo). My brain is off for the evening but might that part have a misplaced parenthesis? They f2d() the random number but then multiply it by the higher-precision expression (previous day's volume / 1 billion), which will give 8 numbers after the decimal in USD as in the tweet they posted. Still, it's fewer digits than without the call I suppose.
Since it's a normal distribution with a mean of 7500, and a standard deviation of 3000 multiplied by daily volume—it would only cause a negative change less than 1% of the time. This "PublicInsuranceFund" truly embodies their culture of "number go up".
This is obviously just speculation, but there probably wasn't a whole lot of thought put into it by the coder. The goal was "produce a fluctuating number based on daily trading volume so that it looks like we have a real insurance fund". The randomness is simply there to help make the fraudulent representation less obvious. The fact that the number can (very rarely) go negative is just another example of the fly-by-the-seat-of-your-pants thinking pervasive at FTX.
Isn’t the bigger issue that the fund itself was fake? If they made the decision to set aside some amount of money to be untouchable based on a random number, that is, uh, unconventional to say the least, but they very purposefully chose not to have an insurance fund despite advertising that they did which makes this all the more sinister.
Yes. This should be an instrumental price of evidence in proving that FTX leadership was not “tragically incompetent” but rather willfully and knowingly defrauded its customers.
i think when you are trying to prove a company is lying about having a zillion dollars of insurance, it helps if you can kind of pull the curtain down and show everyone the number 'zillion' was made up by someone throwing a pair of dice, not by someone counting a pile of zillions of dollar bills.
Well, yes, the issue is it was fake. But they compounded their fraud by publicly asserting a value of the fund, and the fact they implemented it as a random number shows malicious intent. Sometimes you can wave around incompetence etc as a mitigating factor, but this is clearly intentional deception and this proves it clearly and beyond a doubt.
On the contrary, you want your fund to cover unlucky situations. By linking the size of the insurance to a random number, you cancel out unlucky external events with a lucky internal event, thereby ensuring proper coverage.
So long as the random value is truly random. Were there lava lamps in the FTX server room?
When you tell your customers that a particular number corresponds to something real (e.g. the amount of money in the insurance fund that protects their assets) but you know the number was actually chosen randomly with no connection to that allegedly real thing, that's called "lying", or in the business world "fraud", and you can go to jail for it.
If that's the level the fund should be at than that's how they should have written it (as a constant multiple). This implementation makes it possible for the "insurance" fund to be reduced by an unbounded amount on a day of record high trading volume (indeed, the higher the trading volume, the more likely it is you'll withdraw a large sum from the fund).
Creating the possibility that some rotten luck could wreck you when you're most vulnerable is bad risk management. It's thumbing your nose in the face of Murphy's Law.
If you were doing that, don't you think it'd be handy to have a record of the amount to deposit? The random amount that's generated isn't even stored anywhere, it's just added directly to the total and written back to the database. What are you going to do, have another daily task that tops off the actual insurance fund to whatever the website says the total should be? Why would you treat a display value meant for the website as the source of truth about the correct value of an actual account?
The only reason to do it this way is if there's no intent for the number to correspond to reality at all.
To be fair I do think they do that on line 27. They have a table of deltas which they then materialize manually in a different table (which presumably only has one row?). And amusingly link them with foreign keys. ORMs make for some weird schemas, this looks like how I might do it MongoDB.
But to your point; if this code is written honestly, it's pretty weird that we don't see any code to post a transaction to the blockchain, or to verify that the funds are available to be allocated to the insurance funds. You would think that would happen before you wrote the new total to the database.
Strictly speaking the problem isn’t that it’s random, the problem is that it’s a lie. The fact it’s random proves that the number isn’t real.
The RNG is used to give some variance to the number without accidentally making a pattern (which humans making up numbers tend to do). Literally using a RNG in code that’s meant to produce a value based on real world data is blatant and hard to defend if true.
If you claim it's a fund to mitigate risk you probably should actually put money into said fund and not just pull some number out of your code.
So technically it's not the randomness that's the issue, and a constant or manually updated fake amount would be as bad, but to me as a layman but it seems like they use a random number to imply a sophisticated risk management system.
The problem is that the reason it is random is to mislead. If it were a static number then it would be obvious it was faked. The value is designed to look like it is pulled from a fund whose balance is determined by market conditions. But viewing the code, there is no fund to get the balance from, only a call out to random().
It’s like putting pillows under your blanket so someone thinks you’re in bed. Once they find the pillows you aren’t going to get away with “oh I thought I was allowed to be out all night.”
When a software engineer writes code because the code makes sense or solves the problem, without interrogating the problem or how it applies to the real world, there can be real and significant consequences. We trust far too much of our lives to tech to ignore these issues when we're on the side of writing the code.
> without interrogating the problem or how it applies to the real world, there can be real and significant consequences. We trust far too much of our lives to tech to ignore these issues
Seriously, that part is a humanities problem, and many engineers have little education in or understanding of humanitities (to the point of disdaining it).
I think you've hit the nail on the head with the disdain. I have no real humanities education, did exclusively STEM/languages after the age of 16, but I learnt quickly at university and in my first job that STEM is nothing special, that all disciplines have something to contribute, and that ignoring them is just going to lead to ignorance on my part.
If you study to do software engineering from the earliest age you can, do CS at university, don't join any clubs with others from non-STEM backgrounds, or even go to a STEM only university, then join a tech company big enough that you don't have to talk to non software engineers, you've just spent your life in a bubble. Sadly I think this is too easy to do.
Agreed — isn’t the problem that nothing was actually being set aside for the insurance fund, not that the amount being set aside was based on a random number?
But it poses a larger question: OSS can be used for war and pedophilia.
It is very refreshing and surprising compared to cloud platforms being adamant that they ought to deplatform people who hold even slightly wrong views.
Is it the same programmers holding very different philosophical views?
So the main architect goes to prison. At one point, he put the system on production, so it doesn’t matter who was the original programmer, he had to check.
Most people are convinced to take plea bargains based on primarily circumstantial evidence. The idea that unsigned commits are questionable is really only a cypherpunk fantasy.
If you get as far as a federal criminal trial, you're almost certainly getting convicted regardless of what cryptographic signatures do or do not exist.
I guess the dude who wrote that function thought, maybe I shouldn't add a docstring or any comments to that function. What is he/she even supposed to write "function to commit corporate insurance fraud."?
Protip. If you are committing fraud in the future - use a compiled language, do not use offsite version control and UPLOAD ONLY THE BINARY.
Seriously, the real pro tip is, "Don't commit fraud, even unethical businesses don't need to do that." If your workplace is encouraging outright criminality, document everything, and either become a whistleblower or run like hell.
I remember an old slashdot thread about a pedophile who took pictures of his victims and then tried to obscure it by swirl-distorting the faces. Police were able to sufficiently unswirl the faces and identify the victims and get a conviction.
The comments were all like, “well, duh you have to use a randomized Gaussian blur to make it irreversible”. “Yeah or black out the faces entirely.”
Finally someone said, “right. Or, you know, you could just not molest children.”
Edit: this might have been it but I remember a more involved thread:
Notice that now prosecutors not only understand code, but feel comfortable showing to judges and juries. Not that long ago, everyone's eyes glazed over at the mention of it.
No they don't. The defense attorneys likely know it better actually (I know one). But if the guy who wrote it actually walks a prosecutor through it, it isn't that complicated
Not defending FTX here, but I think everyone is jumping to a conclusion that this function is used for display purposes only and not to persist the amount that another process then uses to to transfer the insurance amount.
Using some randomization on the daily trading volume makes some sense for what to actually move each day during an end of day process.
Look, the issue is that there is no insurance amount. When asked to show it publicly, they used a random function.
Ofc many websites do that. I did one in my previous company, it's a common social gimmick. But, once a journalist asked us how it was calculated, we removed it... we knew it was wrong from the CEO to the code monkey.
The rule I believe is: don't lie to your customers, yes even if that can extract more money from them.
183 comments
[ 2.4 ms ] story [ 238 ms ] threadthe reality of it boiled down to “Madoff was too big and important for anyone to dare question”.
Yes, the fraud itself was extremely simple, but I also highly doubt that a random noname like SBF could have pulled that off at the time. You really had to be someone. Someone the SEC didn’t want to touch.
It’s amazing that some people still defend SBF. Among his sycophants is Michael Lewis, author of Moneyball, The Big Short, and now “Going Infinite” which somehow manages to gloss over the rampant fraud happening at FTX since inception.
"Many of the reviews that I have read of the book complain that Lewis does not sufficiently explain that Bankman-Fried is Guilty and Bad, Actually, but that is not the book that he wanted to write... If you want to read a moral condemnation of crypto theft, you can get that anywhere. You go to Michael Lewis for character and story.
Also, reading those reviews you would think that the book is a defense of Bankman-Fried, but it is actually quite damning."
The interviewer maybe edits for effect, but Lewis seems very biased towards SBF.
I would normally say the latter is more random, because you're getting more entropy per call. In the same sense, a function drawing from a normal distribution is less random than one drawing from a uniform distribution.
(All of this depends on a computers view of the world, where values are in data types that have some number of bits. In a mathy view of the world where every value is effectively infinitely many bits you get just as much entropy sampling from a normal distribution as a uniform one.)
That's some mathematical nonsense.
A normal distribution is continuous from negative infinity to positive infinity, so even by your flawed judgement of what makes something "random", a sample from the normal distrubtion has far more possibilities.
The standard normal distribution is almost the definition of random.
But in that context, there is more entropy in a float32 drawn from a uniform distribution than a float32 drawn from a normal distribution, no?
It's not just the number of possibilities, it's how likely they are. For example, consider two functions:
The entropy of a distribution, in bits, is: So for A it is: And for B it is: So you can see that A has lower entropy than B, because it's more concentrated.For continuous distributions this is defined with an integral instead of a sum, but it's the same idea:
Whether there's more entropy in a sample drawn from a uniform or normal distribution, then, depends on how wide your distributions are. Consider: We then have: Note that continuous and discrete entropies mean different things, and their values can't be compared directly. That H_E and H_B are both 1 is not meaningful.Afterall, how can U(0,1) be considered to be "less random" than U(0,1000) when U(0,1000) = 1000*U(0,1). A constant factor can't change how "random" something is.
If you look at it from a math ("continuous is actually possible") perspective I have a much weaker handle on it, but I think the problem is that the entropy of 1000U(0,1) is not the same as the entropy of U(0,1)?
It’s still ridiculous to use a normal distribution to calculate how much money should go into an insurance fund that needs to cover sudden, severe losses.
Let’s do a lottery together. We each throw in some money. Since they’re both just as random, I’m sure you won’t mind if I use a normal distribution, and choose each of our positions on the number line. :)
Your assertion is missing some needed qualifiers.
If given only mean and standard deviation, the normal distribution is the maximum entropy distribution i.e. maximally random distribution.
How does volume correlate to the value of the insurance fund? Isnt value equal to number of tokens * price per token?
It basically takes the daily volume, multiplies it by 0.00075% (on average) and adds that to the insurance fund. FTX charges a % fee on every trade, so this is the equivalent of taking a fraction of their fee revenue and putting that into an insurance fund, which seems pretty reasonable.
There was an actual insurance fund and it had a tiny fraction (5% or less) of what this number in the database claimed. The random numbers generated by this code did not represent actual contributions to said insurance fund. They were not, in fact, taking a fraction of their fee revenue and putting it into an insurance fund.
They were not doing anything even remotely reasonable, this was a flat-out lie.
The non-zero mean and relatively small standard deviation (0.4 sigma) make all the difference here.
I'd say the ethics and legality are entirely determined by how this distribution was determined and if it's consistent with promises to customers.
What _possible_ justification could there be for using that as an accounting practice for a fund other than fraud?
Also Flash Boys, which was basically a book-length advertisement for the IEX exchange.
https://www.wsj.com/livecoverage/fed-meeting-interest-rate-d...
Example? Bankman-Fried committed outright fraud. He lied and stole money. This is simply incomparable to what anyone in finance is doing, much less being left unpunished for.
"But that's how banks work", you say. Only because you drunk the Kool-Aid. Only because banks are so damn good at managing risk that we haven't questioned the practice. But at the end of the day, it's my money, and they shouldn't have the right to lend it against my will.
"But you could store money under your mattress", you say. If taxpayer money can provide me with the necessary security guards for that, sure. If not, I don't consider it an option.
SBF was just worse than Bank of America at managing the risk, and got into deep shit. SVB got into deep shit but because the law allows them to legally commit the same fraud of lending out money they don't own, the law protected them with FDIC funds. Bank of America is equally in the wrong, though, it's a messed up system that we just accept because everyone around you accepts it.
You can buy short-dated treasury bills if you want direct tax payers support for your money, for example. Giving money to a bank is lending the money to the bank with your permission, but there are other debtors available.
It shouldn't be that way. Banks should be forced to either (a) never lend your money out, or (b) offer an interest rate higher than the Treasury plus state taxes -- that's the only reason I'd ever want to lend to them.
But you're already agreeing at prevailing rates! You have other options, and you're not taking them. Why would they pay you more for shits and giggles?
> Any less than 6.5% and it's a hard no-consent-to-lending-my-money because the Treasury gives me more.
So buy Treasuries!
I am taking them!
> So buy Treasuries!
I do! But everyone seems to fall for the same bank(man-fried) trap.
Use a custodian account. Put your money in a safe deposit box. Nobody is forcing you to use a standard bank account.
Thems the breaks. Take it up with your government if you don't like it.
Sure, if you give me the interest rate, sure.
But if the feds are giving me 5.5%, you, as a private bank, better well give me 6.25% so that it's >5.5% after state taxes. If you give me ANY LESS than 6.25% you have no right to lend out my money.
Where do you want this free return to come from? While also funding all the things people using a checking account properly (i.e. not to generate a return) want from it, e.g. transaction capabilities?
Again, you can literally get this by buying Treasuries. But you don't want that--you also want the other things. For free. I, too, want free things. But it's obviously not a serious suggestion.
I dunno, the Treasury gives me the 5.5% which is the same as a private bank giving me 6.25% and getting robbed by the state of California which leaves me with 5.5%.
Banks want my money? They need to beat that bar.
I dunno, lend it out to someone at 10% to buy a car and then give me 6.25%. Be creative. But I'm not taking Chase Bank's laughable 0.01% or even WealthFront's stupid 4.8%. It's not 6.25%, they didn't beat the bar, plain and simple.
If you're only giving me 1% you might as well give me 0% and I forbid you to lend out my money.
Do you have a bank account?
> If you're only giving me 1% you might as well give me 0% and I forbid you to lend out my money
Then do this! You're railing against a scarecrow.
All that'd do is make credit hilariously more expensive for everyone, which will push up the price of everything. I'm not sure that's a good idea.
Prices are high because the whole damn country has a habit of buying things they can't afford. It's not actually normal to do that in a lot of the world.
The U.S. is number 15 in the world by household debt to GDP [1]. The winners in your low household debt basket are Pakistan, Algeria, Ukraine, Tajikistan and Bangladesh.
[1] https://en.wikipedia.org/wiki/List_of_countries_by_household...
They' don't lie about it.
> SBF was just worse than Bank of America at managing the risk
He lied about it. Also, he wasn't lending money to anyone. He was lending it to himself. If Bank of America was lending most of its balance sheet to its CEO, that would be a problem!
> SVB got into deep shit but because the law allows them to legally commit the same fraud of lending out money they don't own
They do own it. You lent it to them. Depositing money at a bank is not putting your cash in custody. There are cash custodian services, though it's more traditional to custody Treasuries. You didn't go to them. And again, at no point were you mislead.
We get these frauds every generation because money and banking is complicated. But instead of addressing that deficit with understanding, enough people deal with it by pretending it doesn't exist, thereby making themselves vulnerable to those who take advantage of that willful ignorance.
To an inefficient degree, yes. Congressional oversight of the Fed is massive because it's popular with many voters. That unfortunately crowds out oversight over the many other financial organs of the United States, e.g. the FHLB.
He ran a literal ponzi scheme, something the SEC was created to combat and that Bernie madoff ramped protects against up to 11. He could not have pulled of this scheme without unregulated securities, that was the point.
Say what you will about finance, but the fact is you get a ton of information and protection when you go through the system. Bypass it at your own peril.
To be fully pedantic: it's both things! It's a random number chosen from an arbitrarily sized range around an arbitrary number :)
So, for example, the problem with “randomly” picking 4 every time (a la xkcd) is that it introduces a spurious correlation between the places where it’s used.
# TODO: stub for now until we have an actual insurance fund
Maybe the f2d function filters negative values but it sounds like a simple float-to-double conversion.
I'm not sure whether it was intentional, but, contrary to the headline, this random value was used to update the fund size daily as shown in the rest of the code. So, a single day for which the fund actually decreases wouldn't matter much. It might even be beneficial to make it look more real.
So long as the random value is truly random. Were there lava lamps in the FTX server room?
Insurance companies have very detailed models on how much risk their customers provide, how much they're likely to cost, and charge accordingly.
They don't just go "yolo random(1,100)'l" and hope they're in business in 5 years.
The fund size was 7500 * the trading volume since the fund was set up.
This would be bad risk management. The random number makes it clear that not creating the fund wasn't an oversight, it was a willful deception.
Creating the possibility that some rotten luck could wreck you when you're most vulnerable is bad risk management. It's thumbing your nose in the face of Murphy's Law.
The only reason to do it this way is if there's no intent for the number to correspond to reality at all.
But to your point; if this code is written honestly, it's pretty weird that we don't see any code to post a transaction to the blockchain, or to verify that the funds are available to be allocated to the insurance funds. You would think that would happen before you wrote the new total to the database.
The RNG is used to give some variance to the number without accidentally making a pattern (which humans making up numbers tend to do). Literally using a RNG in code that’s meant to produce a value based on real world data is blatant and hard to defend if true.
...and if you are stealing, repeat a few digits occasionally: lack of repetition has caught several-a-tea leaf.
So technically it's not the randomness that's the issue, and a constant or manually updated fake amount would be as bad, but to me as a layman but it seems like they use a random number to imply a sophisticated risk management system.
It’s like putting pillows under your blanket so someone thinks you’re in bed. Once they find the pillows you aren’t going to get away with “oh I thought I was allowed to be out all night.”
When a software engineer writes code because the code makes sense or solves the problem, without interrogating the problem or how it applies to the real world, there can be real and significant consequences. We trust far too much of our lives to tech to ignore these issues when we're on the side of writing the code.
Seriously, that part is a humanities problem, and many engineers have little education in or understanding of humanitities (to the point of disdaining it).
If you study to do software engineering from the earliest age you can, do CS at university, don't join any clubs with others from non-STEM backgrounds, or even go to a STEM only university, then join a tech company big enough that you don't have to talk to non software engineers, you've just spent your life in a bubble. Sadly I think this is too easy to do.
https://web.archive.org/web/20130203112329/http://dev.hasenj...
But it poses a larger question: OSS can be used for war and pedophilia.
It is very refreshing and surprising compared to cloud platforms being adamant that they ought to deplatform people who hold even slightly wrong views.
Is it the same programmers holding very different philosophical views?
If you get as far as a federal criminal trial, you're almost certainly getting convicted regardless of what cryptographic signatures do or do not exist.
Protip. If you are committing fraud in the future - use a compiled language, do not use offsite version control and UPLOAD ONLY THE BINARY.
Until you get prosecuted and legally required to turn over the source code, as it happened here.
The comments were all like, “well, duh you have to use a randomized Gaussian blur to make it irreversible”. “Yeah or black out the faces entirely.”
Finally someone said, “right. Or, you know, you could just not molest children.”
Edit: this might have been it but I remember a more involved thread:
https://slashdot.org/comments.pl?sid=321921&cid=20908895
[1] https://devblogs.microsoft.com/oldnewthing/20171114-00/?p=97...
For me it looks like this value is used only when there was no data?
Basically else part of monad
Plus it makes me feel good about signing my commits!
No “import numpy as np” !?
Using some randomization on the daily trading volume makes some sense for what to actually move each day during an end of day process.
Ofc many websites do that. I did one in my previous company, it's a common social gimmick. But, once a journalist asked us how it was calculated, we removed it... we knew it was wrong from the CEO to the code monkey.
The rule I believe is: don't lie to your customers, yes even if that can extract more money from them.