I spent alot of time in Fairbanks throughout 2006 and 2008, doing aerial surveys from plane. Fairbanks was a good airport to get stuck at, and you do meet some interesting non-traditional travelers. I've never met the guy in the article, but I've met a few bike/hike travelers there who were either moving horizontally or vertically across Alaska (no small feat at all), and I always thought it sounded like an adventure.
I’m not super familiar with the intricacies of fail2ban and don’t currently understand why op made that claim but would very much like to know more because he is talking about a topic he is highly regarded for and I respect that. I just don’t have the context.
Port-knocking mainly mitigates slow distributed-brute-force login attacks, and works best when ports are interleaved with several tripwire black-hole and knock-port-close firewall rules.
Use-cases:
1. helps auto-ban hosts doing port-scans or using online vulnerability scanners
2. helps reduce further ingress for a few minutes as the hostile sees the site is "down". Generally, try to waste as much of a problem users time as possible, as it changes the economics of breaking networked systems.
3. the firewall rule-trigger delay means hostiles have a harder time guessing which action triggered a IP ban. If every login attempt costs 3 days, folks would have to be pretty committed to breaking into a simple website.
4. keeps failed login log noise to a minimum, so spotting actual problems is easier
5. Easier to forensically analyze the remote packet stream when doing a packet dump tap, as only the key user traffic is present
6. buys time to patch vulnerable code when zero day exploits hits other hosts exposed services
7. most administrative ssh password-less key traffic should be tunneled over SSL web services, and thus attackers have a greater challenge figuring out if dynamic service-switching is even active
People that say it isn't a "security policy" are somewhat correct, but are also naive when it comes to the reality of dealing with nuisance web traffic.
Fail2ban is slightly different in that it is for setting up tripwires for failed email logins, and known web-vulnerability scanners etc. Then whispering that IP ban period to the firewall (must override the default config.)
Finally, if the IP address for some application login session changes more than 5 times an hour, one should also whisper a ban to the firewalls. These IP ban rules are often automatically shared between groups to reduce forum spam, VoIP attacks, and problem users. Popular cloud-based VPN/proxies/Tor-exit-nodes run out of unique IPs faster than most assume.
I recently wrote a deception / honeypot service that does some similar stuff so that all makes sense to me and I think the general strategy of impose costs on attackers by making them expose more of their infrastructure etc are actually a really good move especially in the context of developing an early warning signal.
I had some additional logic that gave me a really easy but unintuitive way to tell with an incredibly high degree of confidence the difference between a bot and a human on keyboard scenario and for what it’s worth I think that is the specific thing that makes it worth the effort.
If I have reasons to suspect it’s a bot I just drop the request and move on with my day. The signal to noise ratio isn’t worth it to me.
In general, bots/worms/clowns will first check if a host/router is already infected or vulnerable to a shim. Thus, tripwires on those checks or URI often auto-ban infected/hostile hosts before a scan fully escalates to a successful payload. Note, people don't want a VM delta-snapshot of their zero-day around for automated analysis.
99.98% of hostile traffic simply reuse already published testing tools, or services like Shodan to target hosts.
One shouldn't waste resources guessing the motives behind problem traffic. =3
You're just sort of loosely interweaving unrelated comments?
You're back on prevention instead of detection, but also no: an attacker with valid creds isn't going to run other checks first before using them.
And yes: by volume, most attacks on the internet are just spam reusing published tools and IP lists. And that traffic is zero percent risky unless your auth is already busted.
Depends on the use-case, IPsec is often not supported by many LANs. Also, network crossing is 1 badly configured client away from full infrastructure worming.
At some point, the idealism of white-listed pears and VPN will fail due to maintenance service costs. Two things may be true at the same time friend. =3
CVE-2024-26950 is also true, and while I respect your opinion... a VPN has a lot of additional links in the chain trivially broken by competent hostiles or incompetent client installations.
IPSec is simply a luxury unavailable on some LANs =3
I don't understand what you think CVE-2024-26950 has to do with this thread. Do you understand what that vulnerability actually is, or did you just go search "WireGuard CVE" to find ammunition?
The relatively benign legacy kernel level pointer-bug CVE chosen is hardly the worst thing from WireGuard or strongSwan over the years. However, it makes the point a priority reliable network side-channel administrative login is more robust under some use-cases.
Adding layers of complexity rarely improves security, and doesn't usually address the underlying issue of accountability. And I often ponder if a bastion host is even still meaningful in modern clouds. =3
The bug you cited is in Netlink. It's not exposed on the network. What's the "worse" thing you're referring to? I think you just searched "WireGuard CVE" and tried to play it off.
In general, doing a qualitative summary of the projects impact is less helpful, and never as verbose as some would prefer on platform specific issues. Additionally, wireguard is now more popular than strongswan these days...
>This reads like a long-winded way of saying you aren't bothering to read what the vulnerabilities actually are.
Almost, it is more that I don't care specifically why a IPSec option is often a liability, and would rather stick with something less silly.
Ad hominem attacks do not change the fact there are new issues in IPSec/VPN approaches found regularly. Pick any failure mode(s) on the list that applies to your specific use-case and platform.... or could find new ones if you are still bored.
"We had a secure VPN option set up, but then we had to replace our Ivanti VPN solution so we switched to Fortigate. Then there were some concerns so we jumped to Sonicwall. After that debacle we finally got the budget to go with Cisco and I'm sure everything will be fine now!"
These are what I call, corporate solutions. They're used to make CEOs feel good while deflecting blame, not to actually do the job. See also how nobody gets blamed if AWS goes down, but everyone who used a different host with higher uptime did get blamed when that went down.
Open source tools are good at actually doing the job, as long as it's a programmer type of job. We've known how to do unbreakable encryption for decades now. Even PGP still hasn't been broken. Wireguard is one of those solutions in the "so simple it has obviously no bugs" category - that's actually what differentiates it from protocols like OpenVPN.
Think about the recent satellite listening talk at DEFCON and how that massive data leak could have been prevented by even just running your traffic through AES with a fixed key of the CEO's cat's name on a Raspberry Pi, but that's a non-corporate solution and so not acceptable to a corporation, who will only ever consider enabling encryption if it comes with a six figure per year license fee which is what the satellite box makers charged for it. Corporations, as a rule, are only barely competent enough to make money and no more.
PGP has very much had breaks, both in its authenticator and a full-on confidentiality break for the mail plugins, both traceable to the structure of the system itself, and that's before we get into the fundamental DOS flaw that killed the keyservers, which themselves are an antifeature. I don't think you can find a practicing cryptography engineer to stick up for PGP.
I don't like or trust OpenVPN. I'd sooner expose OpenSSH itself, which has really a pretty stunning security track record.
The key concept is accountability, and if only 7 people have access to a host instance... the damage done by malicious or incompetent actors is kept small.
The biggest weakness in VPN is client-side cross-network leaks.
IPSec is simply a luxury if the LAN supports it, but also an administrative nightmare for >5k users. =3
Cisco spent years marketing every solution as a router or appliance box.
A lot of VPN installations are simply done wrong, and it only takes 1 badly configured client or cloud side-channel to make it pointless. IPSec is not supported on a lot of LANs, and 5k users would prove rather expensive to administer.
Also, GnuPG Kyber will not be supported by VPN software anytime soon, but it would be super cool if it happens. =3
They can't get in but they can still fill my logs up, so fail2ban cuts them off after a few failures.
Also by collecting data on the IP addresses that are triggering fail2ban I can identify networks and/or ASes that disproportionally host malicious traffic and block them at a global level.
Why bother logging them at all? What is this doing for you? You can't meaningfully characterize attacker traffic this way. They'll come from any AS they want to.
> Why bother logging them at all? What is this doing for you?
Logging both successful and failed requests is important for troubleshooting my systems, especially the client-facing ones (a subset of which are the only ones that are accessible to the open internet), and failed authentication attempts are just one sort of request failure. Sometimes those failures are legitimate client systems where someone misconfigured something, and the logs allow me to troubleshoot that after the fact. That it can also be fed to fail2ban to block attackers is just another benefit.
> You can't meaningfully characterize attacker traffic this way. They'll come from any AS they want to.
Obviously in a world full of botted computers, IoT devices, etc. it's true that an attacker can hypothetically come from anywhere, but in practice at least from the perspective of a small service provider I just don't see that happen. I'm aware that you are involved with much larger scale operations than I'm likely to ever touch so perhaps that's where our experiences differ. No one's targeting my services specifically, they're just scanning the internet for whatever's out there and occasionally happen to stumble upon one of my systems that needs to be accessible to wherever my clients happen to bring their devices.
Sure, I see random domestic residential ISP addresses get banned from individual servers from time to time, but I never see the organized attacks I see which are usually coming from small hosting providers half way around the world from my clients. I have on multiple occasions seen fail2ban fire off rapidly sequential IP addresses like xxx.xxx.xxx.1 followed by xxx.xxx.xxx.2 then xxx.xxx.xxx.3, or in other cases a series of semi-random addresses all in the same subnet, which then triggers my network block and magically they're stopped instead of just moving on to another network. If I were to be packet sniffing on the outside of the relevant firewall I'm sure I'd see another address in the blocked network trying to do its thing but I've never looked.
> You can't meaningfully characterize attacker traffic this way. They'll come from any AS they want to
I'm not totally following what Fail2Ban has to do with Wireguard. Are we talking strictly about homelabs you don't expose to the internet?
Because I have a homelab I can connect to with Wireguard. That's great. But there are certain services I want to expose to everybody. So I have a VPS that can connect to my homelab via Wireguard and forward certain domain traffic to it.
That's a safe setup in that I don't expose my IP to the internet and don't have to open ports, but I could still be DDOS'd. Would it not make sense for me to use Fail2Ban (or some kind of rate limiting) even if I'm using Wireguard? I can still be DDOS'd.
> To balance monitoring and auditing requirements with other system needs, event logging requires identifying the subset of event types that are logged at a given point in time. For example, organizations may determine that systems need the capability to log every file access successful and unsuccessful, but not activate that capability except for specific circumstances due to the potential burden on system performance.
It's possible that some compliance regimes exist that mandate keeping logs of all unsuccessfully authentication attempts. There's surely a compliance regime out there that mandates every possible permutation of thing.
But the far more common permutation, like we see with NIST, is that the organization has to articulate which logs it keeps, why those logs are sufficient for conducting investigations into system activity, and how it supports those investigations.
> The need to limit unsuccessful logon attempts and take subsequent action when the maximum number of attempts is exceeded applies regardless of whether the logon occurs via a local or network connection. Due to the potential for denial of service, automatic lockouts initiated by systems are usually temporary and automatically release after a predetermined, organization-defined time period.
A centralized IDP that touches every service is not mandated by NIST though. So while you are right that an IDP can handle that, the organization may not have the IDP integrated with a given system and you will still need compensating controls or mitigations. Outright incredulity over logging failed access attempts is surprising.
Did I express outright incredulity about logging failed attempts?
If you’re a company trying to meet a compliance regime and you don’t already have a central IDP, that’s step zero. None of the NIST requirements say “you must have an IDP”, but a massive portion of them are trivial with an IDP and a massive pain in the ass (both to implement and evidence to auditors) without one.
IMHO Fial2ban, just like port knocking, isn't cargo cult security. They are a single tool that can be included in a general system security arsenal, not the only tool you should use but one of a suite of tools that can be used depending on what you want to achieve.
Personally I use fwknop for port knocking as it doesn't suffer from replay attacks as it's an encrypted packet. But still serves the same niche
The point being made is that unless "what you want to achieve" is "run a tool that isn't improving your security posture", port knocking isn't providing value to the security model.
I can't agree that it's "a tool that isn't improving your security posture", if it's a layer on top of other tools, you might argue it's effectiveness isn't great but to say it's effectively nothing is a reach.
So sure, I'm not saying 100% of people voted for this. The "you" in this context is 2nd person plural; the collective "you".
As you note, democracy is the will of the majority imposed on the minority. Personally I'm not convinced that's a great approach, but I'm also not a fan of minority rule either. Ultimately I guess, whenever there are choices to be made, someone's not going to like the outcomes.
I sympathize with your current plight. Welcome to the minority. My only approach at this point is to keep reminding people that they chose this, that their vote matters. Perhaps when people understand that causal link then they'll make better choices in their own interest. (Whom I kidding right?)
JG Wentworth...this guy is stuck in other people's brain's too!? I thought that was a locally aired commercial when I was younger, but apparently that earworm went nationwide!
This is large but not a black swan by any means. If you trade NQ for several years or more these movements should not be surprising. Even at after the drop, it is (in my opinion) absurdly overvalued, and has been for 5+years. That said… the advice about the market remaining irrational longer than you can remain solvent applies.
The market has been overvalued for decades. Even the biggest corrections only take it down to a reasonable valuation. There is never a rational buying opportunity... except that people have lived their entire working lives without seeing a reasonable price. (Maybe... 1987?)
It's very likely that Tuesday the market will see a buying opportunity and send it right back towards record territory. Which is insane.
I think there is a genuinely new factor at work: so much money flows into the market that it has bought up all of the possible future earnings.
That was all following reasonable advice, but that advice assumed that the market could absorb all of that money. If too much flowed in new capital opportunities would arise. But even before the AI bubble, that had ceased to hold.
If it’s been “overvalued” for decades, wouldn’t there be a point where we can concede that it is actually valued properly, and it’s your valuation model that needs to adjust, not the market?
Surely there is some time horizon at which we can admit that the market is effectively correct. After 100 years of being “overvalued”, can we call that the real value? 1000 years?
This seems like that meme where the guy is looking in the mirror and telling himself, “you’re not wrong, the market is wrong”[1]
We could concede that, but it would require defining "proper value" in a way that has little relationship to proper or value. We could define it to mean "market price", perhaps, and then we could asset the market price matched the proper value. But then it would only be a meaningless tautology.
The real value is in earnings. Pricing in future revenue requires a crystal ball but it is clear that the market capitalization has grown faster than revenue.
Earnings do not justify the price, for the market as whole. There is only so much earnings to be had. It is overvalued by the metric of dividends or property (retainer earnings).
I agree with you that price is some kind of signal about earnings. However:
> Earnings do not justify the price
… maybe? I’m not sure I believe you conclusively, so you would have to prove this before I accept it.
PE ratios are higher than historical averages (according to Perplexity, S&P PE is 27, which is higher than the median of 18. The top 10 holdings hover between 12 and 80, excluding TSLA which is over 200).
However, I could see reasonable rationalizations for these PEs that could tell me that they’re expensive compared to historical trends, but not “overvalued.”
Maybe investors are assuming technological change will drive accelerating earnings growth (especially true for the top tech stocks) more than we’ve experienced historically. Top tech stocks are more efficient cash generating machines than they’ve ever been before, and the S&P has shifted to high multiple sectors like tech and away from lower multiple sectors like energy and financial services. So it’s possible our understanding of “expensive” stocks is miscalibrated if we just look at historical PE ratios.
I can’t say for sure that equities are priced “reasonably,” but I can say you haven’t convinced me they’re overvalued.
18 is exactly what he number I mean by overvalued. It corresponds to an interest rate of about 4%. You can do better in zero risk bonds. And that's for 18; 27 is just not reasonable.
And the S&P.has been going up much faster than 4%. If there was ever a point where it was properly valued it must be overvalued now.
The S&P index isn't the whole story, especially in an expanding tech economy. But still, I'm looking at it as an absolute, rather than a relative number, and it strongly suggests that earnings cannot justify these pricings, even when we're not at the top of a bubble.
The only “yes, but…” I would add is that it seems to my retail, unsophisticated eye that:
1) while you could do better nominally in bonds, it seems like investors are pricing in a lot of earnings growth, not just static earnings in PE.
2) the market expects inflation, and blue chips can typically raise prices during inflation which protects shareholders, whereas bonds don’t offer this protection, other than TIPS etc
3) it also seems like (for now…) US equities are still a safe haven for international capital, so demand is still there (i.e. there is no alternative)
> wouldn’t there be a point where we can concede that it is actually valued properly, and it’s your valuation model that needs to adjust, not the market?
Requires an alternate proposal about how to value stocks, and in aggregate, the stock market at large.
The only reasonable way to value stocks is in their potential, upon purchase, for the purchase price to be returned via dividends issued on future profits (even stock buybacks ultimately justify their price increase on dividends being divided among fewer shareholders).
> After 100 years of being “overvalued”, can we call that the real value? 1000 years?
Stocks are being priced at levels that will require longer than a full human lifetime to return their share price via dividends. "Overvalue" is subjective; some people will be fine with the idea that only their children (or, someday, only their grandchildren, and so on ad infinitum) will see a profit. People will also pay a premium for the liquidity of the stock market compared to less-liquid investments (e.g. real estate).
There is simply too much cash sloshing around compared to the opportunities for return available.
Complete nonsense. Your understanding of investment is entirely flawed. Dividends are one element of the value of a stock, but there are many, many others. Chiefly, the expectation that the stock will rise in value such that you can later sell it for more than you purchased it for.
A parallel to draw very easily is an investment in commodities. Those will never pay a dividend, so therefore they're worthless? Obviously not, you invest in them because you expect their value to rise. Same with a stock.
An asset is worth what someone is willing to pay for it. That is its value. Intrinsic value is an element, but not the most important one.
You also display either a very basic misunderstanding or willful ignorance. There's no gambling involved - investing is not dumb chance. There are real companies behind these purchases with real expectations of future growth and thus increase in value. Or vice versa.
Everyone loves the "you can't beat the S&P" trope, but that's also just ignorance. There's a reason that proprietary trading firms generate more profit per employee than any other business in the world.
I do personally know people who do invest and it is 100% gambling for a lot of small "investors". The only ignorance is to pretend it is not a thing. This point becomes super clear once you start looking at trading apps targeting this market.
> There's no gambling involved - investing is not dumb chance
First a gambling does not have to be a theoretically pure dumb chance in order to be gambling. Second, in practice it basically the same thing as betting on horses used to be.
There is a reason why small investors loose money on their investments on average despite markets going up. Because what they do is not investing.
> There are real companies behind these purchases with real expectations of future growth and thus increase in value.
Oh common, this relationship is quite broken for exactly the most known companies.
> Everyone loves the "you can't beat the S&P" trope, but that's also just ignorance.
This seems like a willful misinterpretation.
They say “you won’t beat the S&P” because maybe some HFT firm with highly secretive and advanced technology and MIT PhD quants might… but you, Mr. Retail McDumbMoney, don’t stand a chance.
And it’s still nonsense. Many people beat the S&P and this meme needs to die. It’s considerably easier to beat the S&P when you’re not working at the scale of a hedge fund.
> the expectation that the stock will rise in value such that you can later sell it for more than you purchased it for.
If the person who holds the share can never expect to be paid for holding the share, then you're describing a Ponzi scheme. Eventually you cannot find another sucker willing to pay in even more.
> commodities
Are used as manufacturing inputs and thus a commodity investment injects liquidity in exchange for a return, should manufacturing demand (for those inputs) rise. Their intrinsic value derives from their consummability.
Stocks/corporations do not have intrinsic value beyond the sum of the fair market prices of the assets belonging to the corporation, should they be liquidated and dispersed among shareholders... which would be a dividend. At the end of the day the only reasonable means to price a stock is a calculation of expected dividends.
The quote should be updated from "Markets can remain irrational longer than you can remain solvent" to "Markets can remain irrational longer than you can remain alive".
At some point, inevitably, bonds have to appear more attractive. Until those, too, get bid up until their coupon rates become effectively worthless compared to bank deposits or worse, inflation.
At some point, all financial instruments look bad, but non-financial markets remain: it's possible to go out and buy goods and services, and it's possible this leads to a better end result than holding financial instruments as long as possible.
Even when the market isn't bad, it's still a good idea to consider your balance between financial and non-financial assets. The whole point of holding financial assets is to eventually maximize your non-financial assets, after all.
Gold's price is only half the story here. The other half of the story is the value of US debt and US currency(USD). When they move in opposite directions - historically - /one/ of those instruments crashes. Choosing a side and putting your money behind it is dangerous, but also lucrative.
Four things are happening (and one of them is gold) that make a terrifying situation.
Facts:
- Gold has reached all time highs
- US debt (ie T-bills) selling at all time lows
- US equities are at all time highs
- USD falling day over day, month over month, year over year
All 4 of those facts cannot remain true indefinitely. The all time high equity prices are because it requires more USD(which is decreasing in value) to purchase them. Gold is at all time highs because USD is decreasing in value, and the flight to safety leads people to gold. US debt is falling in value because no one wants to buy it. At some point, equities will give up and crash, or gold will have to crash....and I don't think it's going to be gold crashing.
The thought seems to be that prices of everything are high, because the dollar itself has lost value. Makes sense. The conclusion then being a crash. But why? If the dollar is worth less and stops devaluing so badly, we'd just expect a stop in growth rather than a crash. Or are you projecting a strengthening of the dollar rather than just stabilization?
I'm still not sure why anyone is surprised by a devaluing of the dollar -- that's literally what the monetary kooks in the current US administration are on record as wanting to cause.*
Thought process goes: (1) devalue dollar, (2a) make basic US industry more globally competitive, (2b) devalue US debt to "solve" it without having to implement
austerity, (3) stronger US industry
Given that equity nominal values (read: future profits) will grow (to balance out the decreasing fiat value), purchasing power / wealth holds something close to constant and market numbers go up (which keeps voters from becoming unruly).
The only people who really get fucked are (a) people who aren't invested in the stock market (read: poor), (b) fixed income folks (read: retirees who will be dead before it fully plays out), and (maybe c) labor (if wage growth doesn't keep pace with purchasing power loss).
It's not the worst economic-political plan, other than the fact that no one is being honest with the public about it and some idiot ALSO picked the same time to drastically decrease the domestic labor supply (by sharply decreasing immigration and mildly increasing deportations) and increase tariffs. Both of which make completely offshoring labor more attractive.
* See also why Trump has such a bug up his ass about the Fed, as this becomes a lot harder if they don't play ball. Say, by following their mandate to fight inflation...
this is not true unless you’re doing some kind of adjustment. For t bills, us03m yields were much higher 30-40 years ago.
> US equities are at all time highs
this is true
> USD falling day over day, month over month, year over year
if falling means inflation, yes in banal way. If falling means relative to other currencies, that’s the last 9 months or so. Previously the USD was quite strong
> US debt is falling in value because no one wants to buy it
this appears to be the hinge of the argument? It is not true. 10y yields have been down / flat since beginning of 2025 (i.e., price up). also tsy auctions remain well-subscribed / within historical range
A buddy of mine is retired and managing his own investments, and he's a reasonably savvy investor. He has some guys he follows and like 2.5 years ago they were all predicting the market would crash in the next 3-6 months. We have lunch every 2-3 weeks, and we've been holding their feet to the fire, "Still hasn't crashed". (Not saying it won't, it "feels" over-hot).
I just moved my son's "kid retirement plan" (giving him matching and compounding interest, he can access it at 18) into a custodial account, and put his money into a few stocks and ETFs (including PHYS, a gold ETF). So far in the last week it has gained $140 on $940 investment. I've warned him: This is fun to see these gains, but we can't expect it to always happen, we just need to protect our gains by using stops.
I also had him pick a stock that is something he likes and thinks will go somewhere. He picked Roblox. My FIL had given me the advice to take a little bit of your money, "pocket change", and invest in something you like, to keep it fun. My first investment following that advice went from $7K to $200K, so I was a big fan of that. ;-)
If you're worried about risk and being able to sleep at night, you can dial back from 100% equities (S&P 500, Russell 3000), and do some bonds. Vanguard (e.g.) has funds that are fixed 80/20, 60/40:
> Cash in the bank so you can buy equities at the bottom.
JFC, this is the dumbest possible advice given this thread.
If someone thinks equities are overpriced and one thinks the value of USD is decreasing, then 'cash in the bank' is an equally bad answer to 'buy equities now'.
The correct answer, given those beliefs, is 'buy commodities' (or scarce assets).
Or a mixture of cash and gold or another hard asset / inflation hedge considering the US dollar already eroded 10% this year and Trump openly wants the dollar to devalue further.
You should add the introduction/print of trillions of usd into the global economy during the pandemic crisis into your equation. That itself means that prices will increase as the total supply of available USD is greater and can lead to newer standards that don't make sense when not taken into consideration.
> All 4 of those facts cannot remain true indefinitely.
Why? Is it some law of nature that the USD can't itself crash. It would then be sensible investment to buy both Gold and Equities. I sometimes wonder if we are seeing the USD unfolds on the equities and commodities market before it does for food and transport.
Watching that video with a couple year's hindsight and cracks are starting to show. The rest of the world is slowly getting rid of their dollars and his points about the international stock market are no longer as valid. International indexes are beating the US market right now.
I think they have to, but I agree completely. I don't think it follows from this particular argument.
Instead I think the only argument that matters is that P/E ratios are really high even though interest rates are high and you can see that it's hard to justify the equity prices using present value of dividends and that sort of thing.
Equities can melt up in real terms for a very long period of time, there doesn’t have to be a return to normalcy within in our lifetimes, though I do predict there will be an economic calamity within my lifetime.
The main issue is how will asset prices be maintained when civil unrest makes securing physical assets so expensive that they can no longer yield positive returns. Until then the system is stable as the people with power are able to retain power, the increasing inequality helps intrench the power further.
People see a wealth tax as a way out, but if that happens the state is entirely dependent on the growing the wealth of the mega rich and will act in their interest in effect cementing their power even further.
> but if that happens the state is entirely dependent on the growing the wealth of the mega rich and will act in their interest in effect cementing their power even further.
This is a laughable premise.
A huge amount of government revenue has always come from the wealthy, yet there is consistent pressure to reduce their taxes in the US government. Why? Because the IRS doesn't run the US government, politicians do. Why would a wealth tax based government be any less likely to try and reduce their tax burden?
A rich person's power comes from being rich: From controlling significant resources, things like communication channels, important industry, bribes/kickbacks/whatever you call them
I didn’t suggest that the wealthy would want their taxes increased, but that it would increase inequality that would benefit the wealthy.
That said there are many billionaires who advocate for greater taxes, Patriotic Millionaires and Proud to Pay more. Including but not limited to Warren Buffet, Bill Gates, George Soros, and Abigale Disney. Bill Gates, as an example, goes to incredible lengths and uses shady Caribbean methods to minimize the tax he pays.
It’s important to make a distinction of weighting the wealthy by numbers vs wealthy by wealth, the higher the inequality the bigger the difference. The wealth is dominated by an increasingly small minority.
I’m making a prediction of what I strongly believe will happen, not what has happened. There are examples in history where there were unexpected emergent behaviors created out of perverse incentives. One of my favorite is the selling of indulgences by the Catholic Church to pay for St Paul’s cathedral, meant the Catholic Church made more money if people sinned more, which created some problems.
If it doesn't crash due to these factors, IMO Boomers aging and dying will crash the economy due to the outsized share of wealth they have locked up. They're going to cash it out as they incur more and more health/assisted living costs. Whatever is left will be sold immediately by their heirs to pay off debts or other forms of spending. I also have a theory that Boomer spending right now is the only thing keeping a lot of business in the black, especially higher end services, food, and tourism.
Their "powerful and normally very vocal unions" are saying /nothing/, because the union's overall goal (by their messaging and their members messaging) is to increase and sustain additional hourly pay and increase the wages for said pay.
There is no effective system of checks and balances, or this entire discussion would be moot. Civilian solutions(like ICEBlock and friends) are a whimper of a response compared to the lethal and aggressive actions of these LEOs. Typically entrenched groups(like LEOs) can not be talked or reasoned with into changing their position. Those changes in position come from leverage (ie, your supervisor is replaced or leveraged with the threat of replacement), or direct aggression.
As an example, certain villains took issue with these systems and mounted their own lethal response. We are /still/ talking about these individuals because of how riotously effective their actions were at illuminating and mitigating the perceived problems. Whether your talking about Ted K, or Timmy M....they are examples of people who took action to correct a perceived problem. Right or wrong, every reader of this post knows who they are, what they did, and why they did it. Until something of equal magnitude opposes the authoritarian problem of the day(ie ICE), the status quo will continue.
Us Americans have approximately zero to do with your rules or society. The idea of thinking Apple (or Microsoft, or Google) represents "Americans" is absurd. We don't vote for them to exist, we have no mechanism to stop their existence or oppose them in any way. We're as happy about EU forcing them to change as anyone else - our own attempts all failed. Jail break providers(for instance) were persecuted with legal process, gag orders, and seizure of their assets. Repairing iPhones as a side business? They put a stop to us doing that also.
I'm all in agreement with your emotional sentiment, but please understand "Americans" do /not/ like the same things you do not like. Our country just takes away our ability to do anything about it. Land of the free and whatnot...
> I'm all in agreement with your emotional sentiment, but please understand "Americans" do /not/ like the same things you do not like. Our country just takes away our ability to do anything about it.
I appreciate that this might be true for a large portion of US-americans, but the country isn't doing anything, the people continually voted into power takes that ability away, which can be adjusted bi-annually.
reply