Hacker News new | comments | show | ask | jobs | submit | theli0nheart's comments login

Looks like your wish has finally been granted. Nginx released dynamic module support in nginx-1.9.11 today!

http://mailman.nginx.org/pipermail/nginx-announce/2016/00017...


I don't think this is true at all. If you consider "investment advice" to be as simple as "here is what your target allocation should be based on your risk tolerance, so let me just call up the trading desk and have them execute the orders to get you there", then sure.

When you pay for "investment advice" at the $50 million net worth price tier, you're paying for access to private equity deals, real estate investment opportunities, a tax advisor who can tell you how to be structure a deal abroad, etc. It's not as simple as plugging in your salary and age into a webpage and having a robot buy and sell stocks for you.


You're not getting much "access to PE deals" when your portfolio has only ~$5 million to allocate to "everything in the world which is not publicly traded stock or bond fund" but I'm sure someone will happily represent that they can arrange that for you if you want to pay $500k per year.

You'll get a pretty nice report of your portfolio and (market) returns. Spiral bound and everything.

If you want an accountant for international issues, I question the wisdom of doing that unless life/business naturally throws them your way, but $500k buys an awful lot of hours from someone who knows the transaction and localities involved, which your investment advisor does not. (Will every investment advisor in the Chicago phone book happily take a $50 million client who wants to spend $5 million on a modestly nice house in Tokyo? Yes. Do any add value to that transaction? Well, maybe one does. Could you find much better advice? Oh heck yes.)


Speaking as someone who has worked in this industry, you appear somewhat misinformed about how high net worth individual (HNWI) typically invest. Large multi-family office firms pool investments from multiple wealthy individuals (usually investable assets of at least $5M or more) and can access private equity, real-estate deals, commercial mortgages and more. These firms manage multiple billions of dollars, which doesn't make them huge by any measurement, but they are more than large enough to access investment opportunities like these as well as create sufficient liquidity for their clients.

Wealthy individuals have access to investment strategies that resemble far more the philosophy of large pension funds than that of robo-advisors. (You can also check out Tiger 21, a sort of investment club for Wealthy people, they post their recommended asset allocations on a regular basis.) They also tend to be more focused on capital preservation and minimizing volatility than strictly beating the market. Their portfolios are typically highly diversified outside of publicly traded assets to accomplish that.

Finally, the firms that work with them offer significantly more for their money. Detailed estate planning and legacy planning, tax planning, corporate tax planning, and advice on charitable foundations and more.

While I do agree with some of what you are saying about how "advice" is priced, particularly when it comes to the mass market, there is definitely a point in the wealth of an individual where there couldn't be more points of difference between what people get in terms of financial advice.

Source: I've worked at a wealth management firm that dealt with HNWI for quite some time.

Edit: Just to add a bit on the different this makes for HNWIs

At the firm I worked at their client's biggest losses throughout 2008 were no more than 6-7% (after fees were considered), while at the same time being invested in assets that yielded nearly that much in cash flow through dividends, interest, etc. that same year. Since a portion of the portfolio was also invested in public equities (around 30%) and because these client's could easily stomach the markets considering their personal performance they were able to ride it back up without fleeing to cash like so many others did.

One of the problem smaller investors face is that in major market crisis situations almost all publicly traded assets take a hit as the mass market migrates to cash. If you follow the herd (as most obviously do or they wouldn't be the herd) you regularly miss out on the benefits of these market movements.


> Wealthy individuals have access to investment strategies resemble far more the philosophy of large pension funds than robo-advisors.

I know these are naive questions, but here goes: do those pension funds differ greatly from large university endowments? How do those differ from what one can achieve using a combination of cheap index funds? Ramit Sethi famously recommended an allocation based on David Swensen's experience managing the Yale endowment. You can find index funds to match that reasonably well. How different will that be from what Yale or a pension fund actually does?


They have similar goals, capital preservation, consistent cash-flow so they don't deplete the principal. I'm in Canada so examples we often cite are the Canadian Pension Plan (CPP), Ontario Teacher Pension Plan (OTPP) and the Ontario Municipal Employees Retirement System (OMERS). All of these do a lot of private equity investing and OMERS in particular has invested in a number of Canadian tech companies and IPOs, incuding recently Shopify and Hootsuite. All of them have had quite impressive and consistent results as well.

The problem with using public index funds to mimic these managers asset allocations is the higher volatility of publicly traded assets. For example in 2008 widespread panic caused people to sell their mutual funds and flee to cash which widely hold a variety of assets, so all of them suffered. This included publicly traded Real Estate Investment Trusts (REITs). At one point they were selling for 80% of their on paper asset value, which was entirely irrational. Many money managers that typically invested privately in commercial real estate because of that volatility took that opportunity to buy public REITs at a discount.

That being said, you can definitely do a decent job of adding asset class diversification with modern ETFs (and the market for these keeps growing). There are now infrastructure ETFs, REITs (Vanguard's REIT is really well priced), covered call ETFs, etc. Just don't expect to get exactly the same results of these managers and expect to have to handle larger volatility.

That being said, if you can weather these market movements, and you are saving regularly, volatility can be a good thing, if you can take advantage of lower asset prices with ongoing contribution then that is great.


Taking advantage of big market crashes is difficult when your whole portfolio tanks. I've been wondering about keeping ~10% of my funds in reserver in safe cash-like assets in order to be able to move in when the whole market tanks.

That still counts as timing the market and is Known to be ineffective. What if the market doesn't tank and you sit in cash for a long time? If it does tank, how will you know when is the true bottom for you to invest your last 10% in? Etc.

Generally speaking, when stocks fall bond prices rise. In this regime. So if you have a mixed portfolio of assets and bonds, in your scenario you can sell treasury bonds for a profit, and use the proceeds to buy up stocks. If you automate this transaction when your portfolio deviates from a target mix, you will automate a 'sell high, buy low' strategy.

Thanks for the details!

30% of the overall portfolio was invested in equities in 2008, and losses were no more than 7% including fees when the market (S&P 500) lost 50% of its overall value? That's some extremely impressive diversification, especially considering how many asset classes in the world lost value in the 2007-2008 due to their correlation with the real estate/equity markets.

Or just buy into the investment companies that invest in that area. The Rothschild have a publicly traded mutual that anyone can invest in.

And you can get aces to property by inversing in REIT's


I have never worked as a financial advisor, but I did work for a while at a large buy-side firm. If I had $50 million, my biggest concern would be keeping that money safe and lowering volatility.

In the case of $50m, you can fully invest it in the stock market, but you need to be ready for wild fluctuations in your wealth. You also need to make sure the brokerage you gave the money to is reputable, or multiple brokerages. (SIPC only covers up to $500,000). You also may accidently buy overly correlated products without knowing it or may think you are buying low risk (bond funds) only to find out that they had super high duration (risk from insurance rates changing).

You can always put it in banks, but even that can be risky in times of extreme turmoil. During the last crisis, there were about 6 months when people were genuinely unsure whether all major banks would stay solvent. You are only insured to FDIC limits which will not come close to $50m.

You could go with real estate, 100% cash purchase, where you have no debt. (no leverage). As long as you pick a liquid asset class, that is likely safe, but you still need to insure the property and make sure your management team is running it properly which requires a lot of hands on work. You could still lose a lot of money if rates go up etc.

Having $50m is really a mo money mo problems scenario. A robo advisor can't fix it if you don't want 100% stock market exposure. I also don't think expensive advisors fix it either.


For me, the opposite. $50m is about 100x more than I could ever need, so I'd just stick it in $SPY until I die. Volatility is irrelevant as there is no actual risk to life or limb, only the "risk" of numbers going up or down.

Agreed, it's super weird to see that keep getting mentioned, that you need to minimize the volatility of your extreme fortune. Why? Are you planning to liquidate the extreme fortune in the next 1-5 years? ...

I think the argument is really about passing it on to your kids. That's the desire to keep the extreme fortune together.

Yes but minimizing volatility and doing the right tax/inheritance things are orthogonal...

Definitely agree. IIRC, the biggest yearly loss for the Dow was 52% in 1931. While I would HATE to lose 50% of my wealth, the point is that with $50m I can EASILY ride that loss out and give it time to recover in a few years. Now, if I only had $50k in the market and was planning on using all of it on a big purchase that particular year (e.g. home down payment, child's college tuition), a 50% loss could be devastating.

Volatility doesn't seem to have as much power when the potential losses are not great enough to cripple you.


Just remember that by doing that, you're betting on the US economy's perpetual growth, as diluted by outside influences (like China...) If increased globalization stands to average global wealth (which it seems to be, except for the 1%) then I'm not sure growth is a good bet, over the long term.

SPY, QQQ, etc only go up as the economy goes up...


> $50m is about 100x more than I could ever need

That's precisely why wealthy investors want to minimize volatility. They don't need their wealth to grow (they already have more than they need), but they definitely don't want it to disappear.

Also, I must say that $500k really isn't that much money—it's not even enough to retire.


If you really don't care about the money, you could donate it and let it be someone else's concern.

You have the money so you don't have to care about the money; if you gave it away, you'd be stuck caring about money again.

I made a mistake in this post. I wrote: "risk from insurance rates changing"

Which should have been "risk from interest rates changing."


Access to that tier is why a lot of (ex: sports, inherited wealth, lottery, etc) people who earn a millions, but are not savvy investors end up broke. The financial industry is very good at separating people from their money and unless that's your background it's best to stay the @$%^ away.

    > people who earn a millions, but are not savvy
    > investors end up broke
One suspects that's more to do with outgoings than with returns

You can't live on negative returns.

Restaurants are a classic example of money pit 'investments', but so are a lot of real estate deals etc.


You want a lawyer and an accountant (both with fiduciary duties) not a salesman.

Most accountants will steer clear of producing any advice, their m.o. is more of "here're scenarios A, B, and C, portfolios D, E and F, and 9 projected behaviors of those portfolios in aforementioned scenarios. Let us know what you would like to execute." and a five-digit bill 30 days later.

I think what you're paying for is someone to blame for losses who is not you.

You are right that you should be, but in practice, a lot of advice at that level is still standardized. Where I agree with you is the wrapper fee on a 50m account ($250-500k/year) is not enough to build a personal advisory staff as diverse and specialized as a good firm should be providing you for that sum, and your personal staff wouldn't have enough to do all year anyway.

I'm sure that is what an expensive advisor would tell you, I'm not so sure that it is true.

Cool to see this featured. If anyone's interested in actually playing around with ngx_pagespeed, I wrote a pretty straightforward tutorial on my blog to get up and running (granted, I last updated it in 2013, so some things may be outdated).

https://dlo.me/archives/2013/05/14/nginx-pagespeed-cloudfron...


Compiling nginx is actually pretty easy. With the defaults, it's just a three-liner (./configure, make, sudo make install).

I actually did it live on prod boxes in last job and then used the in-place binary upgrade signal to seamlessly restart nginx. A dev who'd never touched prod and I wrote an ansible playbook for it.

You had development tools on production machines notably a compiler?

Interesting, lots of places I've worked that would have been a no go (security risk).


This is something I noticed at my previous job (removing user access to gcc, make, ld etc so only root can run it[1]) and never understood.

It reminds me of blocking ping to improve security or worse blocking all ICMP.

Compiler, and especially make are harmless by themselves. They aren't setuid all it's used for is translate file from one format (source code) to another (machine code). One might as well block sed, because it could be used to modify /etc/passwd or /etc/shadow.

A someone who would want to compromise hosts if they need binaries, they would precompile them statically, that way is a single file, no need for libraries and no need extra development packages with header files and more likely to work across wide range of systems.

[1] because, there were chef recipes that were compiling things :> Also, it decreases security, because now you need to run compiler as root, so you could be compromised through things like this: http://securitytracker.com/id/1004374


Imagine an attacker is able to inject small files onto the system via a channel that would not let them transmit arbitrary binary data, and that the system is otherwise sufficiently firewalled to prevent them from just downloading their own tools without first further compromising the system. Having a compiler available can make it substantially easier to bootstrap a toolchain to compromise the system fully.

Another issue is that it presents a privilege escalation concern. If you compile stuff in a user account on the production machines that will be run with root privileges, if someone compromises that user account they can now put in place a compiler wrapper to embed their own code. Even if you don't do anything else in that account (e.g. sudo) that'd let them e.g. capture passwords the compilation presents another risk. (As an extension to this: Your dev and build environments are security critical; but in your production environment is often far more vulnerable - not least because it's far more visible)

I don't think these are very high on the list of things you should worry about as your system needs to be very locked down before an attacker that is able to make use of them won't have other just as good opportunities, but the more stuff you run in your production environment, the more opportunities you give an attacker.


>Imagine an attacker is able to inject small files onto the system via a channel that would not let them transmit arbitrary binary data, and that the system is otherwise sufficiently firewalled to prevent them from just downloading their own tools without first further compromising the system.

I'd just send the binaries base64 encoded. Decoding is trivial, with any number of tools commonly installed in the system.

Limiting access to compilers, alone, is 100% useless. You either go a lot farther down that road, or there is no point in starting.


> Limiting access to compilers, alone, is 100% useless. You either go a lot farther down that road, or there is no point in starting.

Hence the last paragraph of my comment above, which makes exactly that point.


Never said it made sense, just that at lots of places that was the rule.

For your what its worth I agree with you, if you are at the point where an attacker is executive a compiler you are already hosed.


My view is that if people on my box can run a compiler, they surely can run Ruby, or Python, or PHP or one of the many many other dynamic languages that I have which will let them do whatever it is they want.

What's the security risk?

You can compile local exploits instead of having to download them. If the machine is fully stripped enough it can be a good thing. Most of the time it's just an annoyance.

Eg. Windows boxes rarely have a compiler and get hacked all the time.


If an attacker that can't deal with that manages to get on your box, you've already been hacked by several other people.

Hell yes, we even deployed code written by developers onto them!

People of all socioeconomic statuses somehow find a way to get married. Ultimately, finding someone to spend the rest of your life with doesn't come down to the simple question of "being better"—the qualifications for a good mate are very specific to every person.

-----


> the qualifications for a good mate are very specific to every person

The set of qualifications is specific to every person, sure, but whatever is in that set for a given woman, you need to be better than the competition at those qualifications.

Unless you're fine with marrying just anyone, the thesis of the blog post doesn't hold for dating; it's not enough to be 'decent' or even 'good'.

-----


http://www.nytimes.com/2015/02/08/fashion/weddings/falling-m...

-----


You must have had faulty devices. My wife and I both have one as well and the battery lasts about 5-6 days before needing a recharge.

-----


I'm inclining towards this option, too. I didn't think it was likely because both watches (can you call them that?) had the same issues. This reminds me of my experience with Razer: out of 5 mice bought (4 abyssus, 1 orochi), two were faulty.

-----


I completely disagree. This service targets people who peg a higher value to their time than $100 / hour and/or are too busy to take on other tasks. This is valuable for anyone that runs their own business or who has an actual dollar amount pegged to their time (a large portion of HN readership), not just members of the 1%.

E.g., cancelling a doctor's appointment takes 10 minutes. Even if you bill your time out at $50 / hour, you've now saved yourself the trouble of making a random phone call for 16 bucks and remain focused on what you're actually good at.

-----


I think, while I make a reasonable salary, I must be a bit more frugal than the large portion of HN readership in that I can always find 10 minutes of my day to cancel a doctor's appointment as opposed to paying $16 (the cost of lunch and a drink) for someone else to do it.

Perhaps I'm just not as busy as others on HN.

-----


Someone who values their time at $100/hour, working 40 hours/week, is making over $200,000 a year. I'm not sure if that technically qualifies as the 1%, but I think it's close enough to the GP's point.

-----


I don't know if you've ever been self-employed, but billing out 40 hours per week is very hard. $100 / hour can afford you a middle-class lifestyle (assuming 25-30 hours per week AND fully employed, more realistically you can fill 70-80% of your time).

$100 * 26 * 40 ⇒ $104k ⇒ and then slice off the employer portion for FICA and SS and you're looking at a pretty modest figure.

-----


$200,000 isn't even 5% in SF. The fact is that there are a lot of rich people and I am sure this service provides an amazing utility for them. No need to be jealous. I am sure they don't need to advertise on HN, it's more of a look this too exists.

-----


Unfortunately, such a draconian rule would hurt the owners of the cars more than VW. It would essentially force every car buyer to buy a new car.

Plus, there are plenty of cars on the road built before 2000 that have even worse emissions than these VWs. Would you propose taking those cars off the road as well?

-----


Well, the potential EPA fine per-car is $37,500.

An amazing move would be for the EPA to force the cars off the road, and force VW to pay for the affected customers' new cars.

-----


Or the EPA could force VW to release an update for the affected cars' ECU, and avoid sending a million perfectly serviceable cars to the landfill.

Which, I believe, is what is supposed to happen.

-----


That only works if the issue can be resolved via ECU. The problem isn't just that the cars are reporting wrong data when being tested, but that the cars are producing more gasses than they are supposed to. If the update only fixes the software to report correctly, then the car will fail the emissions test. I rather doubt it's only a software fix that will solve the problem. Chances are there will need to be a hardware alteration to resolve the underlying issue. In that case, an update to the ECU wouldn't resolve the problem. You will need to bring your car to a dealer (Likely a VW-certified dealer) to have the solution applied as well as the software patch to make sure it is reporting correct data while undergoing emissions testing.

-----


I believe the issue lies in the cars' ability to fallback to a lower-performance mode when the system recognizes that it's being tested. The low-performance mode passes the tests. The ECU update would require that the "emissions-passing low-performance mode" be engaged permanently. It's not that the cars can't pass emissions, it's that they choose not to.

> The problem isn't just that the cars are reporting wrong data when being tested, but that the cars are producing more gasses than they are supposed to.

Perhaps my understanding of testing processes is incorrect, but I was under the impression that testing relies on an external testing device, not the car's internal reporting. The cars passed not because they all told the same lie, but because they all behaved properly when they knew they were being watched.

-----


If they did that, VW would be sued by customers for not delivering the product they paid for. It has been shown that VW can't eat the charge that would result of even small numbers of customers doing that, and it has been shown that the German state is not willing to destroy VW.

So suddenly the fix is "intensive dialog with the authorities" instead of fixing the problem.

-----


Then you have a separate problem: All the people who already forked money over to Volvo will suddenly have their possession downgraded/crippled without compensation.

-----


True, though Volvo != Volkswagen.

We're left with three options, each of which is unappealing to some group.

1) Leave affected VWs as-is. Fine VW as necessary. Cars will continue to pollute above the permitted amount.

2) Neuter affected VWs. Fine VW as necessary. Owners will suffer performance loss.

3) Neuter/recall affected VWs. Require VW to compensate owners the price of a replacement. Not sure how VW would fare with such a steep fine.

-----


Any such update will be effectively optional, though, won't it? (I don't know, I don't own a car anymore and the last one I had used an ECU probably dumber than today's toasters.)

-----


In Norway there has been talk from the DMV equivalent [1] that people who don't have their cars updated in the recall will have their registrations cancelled. So if you keep driving, the police will stop you. Automated license plate scanners and all that, I don't think many will skip it.

What's more likely is that if many people feel their cars are sluggish after the update, aftermarket diesel tuning will become (even more) popular.

[1] Source (in Norwegian): http://www.vg.no/forbruker/bil-baat-og-motor/dieselskandalen...

-----


States with state inspection could plausibly require proof of some form that the update has been applied. States which use OBD-II diagnostics should generally already be capable of doing this by reading the CALID supplied by the ECU (it's part of the standard), so they could work off of that.

-----


Hell, if we're lucky maybe the testing center can flash the update themselves right there on the test rig over OBD-II if the car doesn't have it. Would save everyone- the State, the consumer, even VW, a lot of heartache in handling a mandatory update.

-----


Or a nice market for VW diesels might develop in non-inspecting states.

-----


They already effectively are. Aftermarket ECUs that completely ignore emission standards are (and have been) widely available.

-----


It could be quite easy to enforce through registration data and refusing to renew until proof of a fix is provided.

-----


Music to my ears! I literally just installed 1.9rc2 thirty minutes ago. Congrats to everyone involved in the release.

-----


Do you actually mean spyware, as in low-grade virus, or just preinstalled software? I'd be highly surprised if they bundled actual spyware with their machines.

-----

More

Applications are open for YC Summer 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: