Personal Finance

Determining Optimal Asset Location

A diversified portfolio will contain many different types of investments, including:

  • US Stocks
  • International Stocks
  • Bonds
  • REITs (Real Estate Investment Trusts)

These investments are taxed differently, and it turns out this is really important. If you put tax efficient investments into your taxable accounts and you put your tax inefficient investments into a tax-sheltered account, you will enjoy much greater returns over time. Figuring out which investments belong in which accounts is known as the asset location problem. read more »

Personal Finance

The Benefits of the Roth IRA

There’s a lot of hype about the Roth IRA. With a Roth IRA, you pay taxes on the money you invest but you don’t have to pay taxes when you withdraw the money. The traditional IRA and 401(k) is the exact opposite: you invest pre-tax income, but you have to pay taxes when you withdraw the money at retirement. So if your current tax rate is lower now than it will be in retirement, the Roth IRA is a better place to place your money than a traditional IRA/401(k). If you mathematically model the post-tax values of both investment accounts, you can clearly see that this is true: read more »


Vikings Lead NFL in Arrests since 2000

It turns out the Minnesota Vikings, recent recipients of nearly $500 million in taxpayer subsidies (which was a terrible idea for reasons outlined here), lead the league in arrests since 2000.

My source is the USA Today NFL Player Arrest Database. I basically copied and pasted all the records into a text file, then ran a little bash one-liner to count the number of arrests by team:

read more »

Personal Finance

Why Buying a House is Often a Bad Idea

A couple of months ago a friend of mine asked me why I thought buying a house was such a bad idea, and I responded with an email outlining my thoughts. Now whenever someone asks me what I think about buying a house, I just forward them that email. This blog post is basically a cleaned up version of that email with advice that is slightly more generalized.

read more »


Why is Card Counting a Terrible Idea?

For the uninitiated, blackjack is a card game commonly played at casinos. Most blackjack players try to employ basic strategy in order to minimize their losses, which are typically anywhere between .3-2% of each bet. Typically you can play 50 hands/hour and you need to bet at least $5/hand, so that means that if you were to play without any deviations from basic strategy, in the long run you would lose between $1.50/hr and $10/hr.

Basic strategy only takes the cards on the table into account. There are advanced strategies that take every card that has been played into account. For example, if a lot of small cards have been played, but very few large cards have been played, it follows that a lot of large cards and only a few small cards remain. Card counting is a technique that looks at the cards that have been played in order to predict the cards that haven’t been played yet, and this information can give the player an advantage.

read more »


Profiling I/O-Bound Applications

The other day at work I wanted to run a quick performance test, but I didn’t want I/O to be a bottleneck. The typical solution here is to use a ramdisk, but in my case, I was dealing with very large files, so a ramdisk wouldn’t be big enough. In fact, I didn’t care about the output at all, so ideally I’d be able to write all output to /dev/null, but that wasn’t possible in this test (for example, the system will automatically append a file extension to your filename).

If I wanted to, I could have made a few code changes to get my test to work properly, but a little googling revealed nullfs, a FUSE file system which is supposed to be a big black hole, and it seemed like the perfect solution to my problem. I quickly found out it wasn’t:

read more »


PSA: Maintain Good Backups

The other day I did an apt-get upgrade on my server, and it totally hosed my WordPress installation. Whoops. Apparently it is common knowledge in WordPress circles not to use the Debian WordPress package. My bad.

Luckily I had good backups and I was able to easily restore the site. This along with CryptoLocker, has given me a renewed appreciation for good backups, and I should probably work to improve what I currently have in place.

Computer Security

Thoughts on WordPress Security

It is well known that WordPress installations are a favorite target of hackers. As such, I have taken a number of precautions to protect my site. One of these precautions was installing the Better WordPress Security plugin. Among other things, it blocks known malicious hosts, and I also have it configured to block anyone who has too many failed login attempts. I forgot my login credentials today, so I had to unblacklist myself. Not that this is surprising, but I now have proof that my site is being actively attacked:

mysql> select * from bwps_lockouts;
| id | type | active | starttime | exptime | host | user |
| 1 | 2 | 1 | 1356337473 | 1356338373 | | 0 |
| 2 | 2 | 1 | 1364942214 | 1364943114 | | 0 |
| 3 | 1 | 1 | 1365134867 | 1365135767 | | 0 |
| 4 | 2 | 1 | 1365258589 | 1365259489 | | 0 |
| 5 | 1 | 1 | 1365812798 | 1365813698 | | 0 |
| 6 | 2 | 1 | 1366029050 | 1366029950 | | 0 |
6 rows in set (0.00 sec)

Sometimes I wonder whether or not I’d be better off writing my own website since there’s a very real chance I could be brought down by a WordPress 0-day. With that said, writing secure web applications can be hard, and I’m probably better off from a security perspective using a hardened WordPress installation.


Cloning a hard drive to a smaller SSD

I woke up Saturday morning, walked into my office, and was greeted by the sound of a grinding hard disk. Upon further investigation, the hard drive in question was an old 320GB Seagate hard drive that I use to store all of my OS files. The remainder of my files are stored on a RAID5. Normally I’d be upset about a hard drive that was about to fail, but this gave me an opportunity to replace my primary OS hard drive with a solid state drive. It worked out just fine, of course, but migrating the data from my old hard drive to my new hard drive was not as straightforward as you would expect it to be. My goal here is to document all of the steps you need to follow in order to migrate from a traditional hard drive to a smaller solid state drive.

read more »

Computer Security Networking

Fun with Wireshark and IE Java Exploits: Part 2

In my previous post, I analyzed a packet capture in which a user is infected with a virus after clicking on a malicious link. In this post, I’d like to take a closer look at how this attack worked. Clicking on a malicious link should not automatically download and execute a virus. What happened here?

read more »