alex chiang: web 6.0

Interesting interview today in the Jem Report, where you hear some whining about not getting money for developing OpenSSH. Now don’t get me wrong — I think that the OpenBSD/SSH folks have done some fine work, and I enjoy using ssh on a daily basis. However, this article struck me as a bit naive.

Some of the OpenSSH freeloaders, like Apple Computer and The SCO Group, are notorious for reaping financial rewards from selling open source software bundled with their proprietary products. It’s no surprise that both of these corporations include OpenSSH in their operating systems without giving back to the programmers who make it all happen, but what about companies that are vocal in their support of open source software?

“Giving back”? If you think that some corporation is just going to give you something because they just appreciate your work so darn much, well, maybe you ought to think again. A corporation isn’t going to give you anything unless you make them, such as making them sign a contract, or enforcing your license. And when you choose to release your code under the BSD license, well, be prepared to expect a whole lot of nothin’ in return.

If it were me, I would release OpenSSH under a dual-license: BSD for the free (gratis) distributions, and some sort of monetized scheme if you sell it as part of your OS. But that’s just me.

While shooting the shit with my good friend “Touchdown” Brown, he alerted me to the existence of a beautiful way to take advantage of all the free credit card offers floating around out there. Or rather, how to take advantage of one specific credit card offer, that being the “0% APR for life on balance transfers” offered by Discover.

The executive summary goes like this: Discover Card offers 0% interest rates for LIFE on balance transfers. So the basic idea is, you somehow acquire a large balance on one of your existing credit cards, transfer it to Discover Card, and then pay it off slowly. What this really means is that you are basically getting an (almost) interest free loan (for a while). Of course, there are a few things you must take into account.

The catch is that you must make a minimum of two new transactions each billing period on your Discover Card for the 0% rate to stay in effect. If you do not make two new transactions during a billing period, then you IMMEDIATELY start getting charged the usurious 12% (and probably more) rates on your large balance. Bad idea. But it’s relatively easy to remember to make those transactions, and so we won’t consider forgetting them as a possibility. Additionally, the new transactions get the regular interest rate of 12%!

Related to this is that there is usually a minimum transaction amount, let’s say $0.50. So in effect, this means you must spend an additional $1 a month using your Discover card to keep the 0% interest rate. And this is where Discover Card is going to make their money, so pay attention.

Keep in mind that there is still a minimum monthly payment of 2%. This payment gets applied to the balance with the lowest interest rate first!. So if you have a balance of $7000 at 0% and a balance of $1 at 12%, your monthly payment of $140 gets applied to the $7000 balance, leaving you with a balance of $6860 at 0% and $1.01 at 12%.

Ha! One cent, you say? What a pitiful amount of interest. I can swing that easily! Not so fast, young grasshopper. Due to the magic of compounding interest, and the fact that you are also increasing the principal (by making two new transactions a month), the amount of money you could spend paying back Discover may be quite significant! That, of course, is no good, as the whole point of the exercise is to beat the Man, and not make it easier for the Man to keep beating you. So what to do?

Before we get into that, a quick side trip to discuss the optimal way to use this interest free loan. Ok, remember that this magic 0% interest rate only applies to balance transfers, which means you have to build up a large balance on some other credit card. This implies buying stuff. A LOT of stuff. Or perhaps there’s something wiser we could do with our money?

One option is to get a cash advance from the other credit card. That option gives you a bunch of flexibility in what you do with your money without having to buy a bunch of crap. The downside is that typically fees are associated with cash advances, but in practice, the fees might not be so bad (more on this later).

Ok, so you have all this cash, now what? One option is to invest it in a secure, interest-bearing vehicle, like a CD or somesuch. Problem is, short-term and secure are antithetical to high-returns. Your best bet is to pay off an existing high-interest loan, which is exactly what I chose to do.

I had a Home Equity Line of Credit (HELOC) where I was getting charged 8.5%. Yuck! Fortuitously, it happened to be just about the amount of credit that Discover extended to me, so it was a no-brainer to simply trade my high 8.5% HELOC debt for a low low 0% Discover Card debt. Observe the following spreadsheet:

You’ll see in Column C, “Payment”, I have opted to pay substantially more than the minimum amount required by Discover Card. In Column E, “Interest Accruing Balance”, you’ll see that I actually have a grace period, and don’t have to start making my new purchases until December 2006. Calculating Column G, “Finance Charge” is a bit trickier. The genius of “Touchdown” Brown’s method is that he figured out how to get that $1 per month back, so you can actually recoup some of those costs.

Note that Column G does increase, although not that fast. If you’re not careful, it could easily grow to hundreds of dollars, and that’s where Discover expects to make its money back.

The upshot here is that by opting to pay $200 a month rather than the $140 a month, I basically pay off the entire loan in 3 years, all for a one time “refinancing charge” of $47.19 on a $7000 loan. Considering that I was originally paying between $60 and $70 per month in interest on my HELOC means that I’m going to save several thousand dollars over the life of the loan. Not too shabby, and certainly better than the $600 ($450 after taxes) that the guy below plans on making.

For further reading, check out these “my money blog” posts:

• 0% APR For Life from Discover
• How-To Play the 0% APR Game, Part 1
• Part 2
• Part 3

In particular, if you’re interested in participating in this program, I suggest first trying the route of a negative balance transfer and then a refund check for overpayment.

Update: Thanks to my buddy Joe, who corrected my interest calculation. It turns out I can pay less per month, stretch out the loan longer, and still not pay as much interest as I originally thought. Thanks, Joe! Guess that MBA actually did do you some good, eh? ;)

I got an alarming email in my work inbox this morning regarding the fact that Fidelity allowed my personal information, such as social security number, address, and salary, to be stolen. Schneier has a few things to say on this issue… First, from Public Disclosure of Personal Data Loss:

This data loss has set a new bar for reporters. Data thefts affecting 50,000 individuals will no longer be news. They won’t be reported.

How prescient. I could find nothing in Google news today regarding this theft that probably only affected US-based HP employees, which is probably on the order of 50,000 or so. (Update: turns out the real number was closer to 200,000. Nice.) Next, in Most Stolen Identities Never Used, I suppose I can find a bit of advice:

But remember, the main security value of notification requirements is the cost. By increasing the cost to companies of data thefts, the goal is for them to increase their security. (The main security value used to be the public shaming, but these breaches are now so common that the press no longer writes about them.)

Consider this my attempt at publicly shaming Fidelity (more on this later). Finally, we have Risks of Losing Portable Devices. I don’t know whether to laugh or cry, but perhaps someone at Fidelity should start reading Schneier’s blog.

Now when I joined HP, I promised not to reveal any company secrets, so I won’t post the mail that landed in my inbox today. However, I never signed any such agreement with Fidelity, which is why I don’t feel bad about posting this letter I saw when I logged onto the Fidelity site this morning.

March, 21, 2006

Dear Participants in Hewlett-Packard sponsored Retirement Plans:

Please Read This Important Notice re: Security Alert

We are writing to let you know that a laptop computer containing personally identifiable information used for a business meeting was recently stolen. We believe that identifying information about you was contained in the laptop.

Law enforcement was notified after we learned of the theft and is conducting an investigation.

At this time, we are not aware that the information contained in the laptop has been misused. Even so, we want to inform you of the situation and to suggest some steps you can take to protect yourself from identity theft now and in the future.

We deeply regret this situation and are keenly aware of how important your personal information is to you. This letter is to provide you with information you need to understand the situation and to protect yourself from misuse of your information, including identity theft.

What happened?

A laptop belonging to Fidelity Investments, which provides services to the Participants in Hewlett-Packard sponsored Retirement Plans (including current and former Hewlett-Packard employees, as well as former employees of acquired companies) (“HP Participants”), was stolen on the evening of March 15th.

The laptop contained personal data of HP Participants, including names, Social Security numbers, addresses, dates of birth, compensation and other employee retirement plan information. It is important for you to know that the license to the software which contained the data has expired. As a result, the scrambled data is difficult to interpret. We have no evidence that the information has been misused. Further, it is in a form that is generally unusable.

Allow me to interject here. What the hell was all of our data doing on a laptop? And how on earth did you then allow it to get stolen? This speaks of seriously bad computing practice to me. I’m going to sound like a naive outsider here, but it simply doesn’t make sense that important information like this is not locked down on a centrally located server, with both electronic and physical security. That you even allow a copy of the data to be made and toted about on a laptop just screams of amateur hour.

Also, this letter is dated March 21, while your laptop was stolen on March 15. Why did it take you so long to notify us?

What steps has Fidelity taken?

We have alerted our Fidelity representatives to this situation and implemented extra security processes requiring additional authentication for access to your account as well as other measures to prevent unauthorized use. Accordingly, we encourage you to be prepared to provide additional personal and/or account information to verify your identity.

We also have employed additional security controls above and beyond our already significant
monitoring activity to identify if there is any unusual activity in your Fidelity accounts.

We are contacting the three principal credit reporting bureaus, Equifax, Experian and Trans Union, to advise them of the situation.

Fidelity has also arranged for you to enroll, at your option, in a credit monitoring service at no cost to you. This service will allow you to monitor your credit as well as any unusual activity that may affect your personal financial situation, although we have no knowledge of any misuse of this information. The service is provided by Equifax, one of the major credit reporting companies that monitors activity. For details on how to enroll in this service, log on to Fidelity
NetBenefits® at https://netbenefits.fidelity.com. From the NetBenefits home page, click on the link in the News section on the right hand side of the home page. Once you have enrolled, you will be provided with several valuable services including credit monitoring, a copy of your credit report, notification of activity, additional access to your credit report, and some level of identity theft insurance for expenses. In addition, you will have access 24 hours a day, 7 days a week to Equifax’s customer service representatives.

What additional actions can you take to protect yourself?

It is always a good practice to regularly review activity on your accounts and to obtain your credit report from one or more of the national credit reporting companies. We recommend that you remain vigilant for at least the next 12 to 24 months, and to promptly report any incidents of suspected identity theft to us and to the proper authorities.

The enclosed Reference Guide will provide you more information on identify theft, how to report it and how to protect yourself.

Please know that Fidelity is treating this matter extremely seriously. We value your business and the trust you have placed in Fidelity and we deeply regret any inconvenience or concerns this may cause you.

If you have any questions or need additional information, our representatives are prepared to help you. Please call 1-800-414-4015.

Sincerely,

William G. Duserick
Vice President, Chief Privacy Officer
Fidelity Investments

Thanks William. So nice to hear that you deeply regret any inconvenience such as my identity getting stolen. Fidelity, you suck.

Update: well it finally made the news: http://biz.yahoo.com/ap/060323/fidelity_laptop_stolen.html?.v=2

Other than recovering, of course, are there certain job-related activities that you could do while home on a sick day? Sure, the key is to find medium to high visibility, but low to medium brain power tasks. This will maximize your efforts to continually project a “star employee” image to your manager.

Examples:

• reading old manager email
• reading old marketing email
• taking required courses (web-based)
• updating web pages for which you’re responsible
• closing old defects as “no change/unreproducible”
• updating work breakdown schedules

Fun (but low-value) alternatives:

• your normal web/blog reading
• catching up on usenet
• reading irc scrollback
• posting on your personal blog

Note that I do not feel that performing the first set of activities is in any way Machiavellian or unethical. They are all legitimate “to do” items. You’re just optimizing the timing of when you perform said items.

Feel free to suggest your own ideas in the comments section.

So Matt and I are in California on a business trip. Because we’re such nice guys, we decide to share a hotel room and save the company some money. The Courtyard Mariott has free internet in the room. Cool!

Upon further inspection, maybe not.

First off, they have this weirdo modem type thingy that has three ports on it: ethernet, USB, and RJ11. Ethernet is the obvious choice here because I’m not about to install el crappo driver to get internet over USB. Windows is already unstable enough, thanks.

Second, the ethernet cable they supply you with is about 2 feet long, so you are stuck working at the unergonomic desk and chair combination. Hello? I want to lay on your luxurious 600 thread count sheets and compute from the comfort of my own bed! What gives?

The solution to get around both these limitations (only one person can use the internet at once while sitting at their carpal tunnel inducing desk) is to use the network bridging feature built into Windows.

In this example, we let Matt plug into the shorty network cable. He then sets his wireless card into ad hoc mode, and creates a new network. Finally, he opens the network connections, selects the LAN and wireless, and bridges them together.

Alex then configures his wireless card to connect to the ad hoc network created by Matt. Windows thinks about it for a bit, and then Alex can sit back and read the entire internet from the comfort of his bed. Nice!

So take that, Mariott. Har har.

ps, yes, we do have Windows enabled laptops so that we can read our lovely Microsoft Office documents without waiting 5 minutes for OpenOffice to launch.

If I had to live in a city, San Francisco would be one of my top two choices (the other being Las Vegas). It’s been a while since I’ve been back, and Jenny and I walked around a bit today just playing tourons.

As is always the case, multiple city-life scenes tickled my funny bone. You can see some pics here:

http://flickr.com/photos/chizang/sets/72057594081819421/

Another year, another fantastic ski trip by the 10% crew. We spent four days in Lake Tahoe and had glorious powder every day. We spent one day at Squaw and the remaining three at Heavenly shredding the slopes (or crashing down them as the case may be). In-between time was spent gambling, hot-tubbing, and rescuing the Difference from the ER (but were you really surprised?). A good time had by all, and we’re already looking forward to next year.

I only took three shots which you can see here: http://flickr.com/photos/chizang/sets/72057594081810329/.

Update: You can see all of our pics on flickr using the “10percentskitrip2006″ tag: http://www.flickr.com/photos/tags/10percentskitrip2006/

I’m trying to get ready for a big trip, so logically instead of packing, I decided to transition from Movable Type to Word Press (thanks to Chiang’s LOOP).

The actual export/import procedure was pretty easy. Unfortunately, I lost all my MT permalinks, so there are going to be a bunch of broken pages in Google’s search for a while. It would have been relatively easy to use .htaccess and Apache’s mod_rewrite, but somewhere along the way, MT got really confused and there is a big gap in the entry IDs. In other words, somewhere after entry 206, MT decided that the next entry should be numbered 300. This means that there is absolutely no logical way to map my old MT entries to my new WordPress entries. Another reason to move away from MT I suppose.

It took a while to find a WordPress theme that I liked. Currently, I’m using the Zen Minimalist theme, along with a bunch of modifications to make it look more like my old site, especially increasing the font size. Why do designers love small fonts so much? They look pretty, but I find them to be pretty unreadable.

In any case, what’s done is done, and I look forward to a spam-free blog from now on.

(ps, if MT hadn’t been screwed up, what I would have done to preserve the old permalinks would have been a combination of preserving the old permalinks with .htaccess and mod_rewrite along with this permalink redirect plugin)

eclectic: Selecting or employing individual elements from a variety of sources, systems, or styles: an eclectic taste in music; an eclectic approach to managing the economy.

Low content, but high utility post today, since I’m busy on multiple fronts (upcoming root canal, Lake Tahoe ski trip, California business trip, my country’s 500th anniversary to plan for, and a wife to murder). But that’s neither here nor there. Onto the non-content…

If you’re like most Americans, you probably have no idea what the difference is between Sunni and Shia Islam. You’re also probably enviously looking at those sweet flat screen TVs every time you walk into a Best Buy (or browse Amazon), but are a bit intimidated by all the jargon, like LCD, plasma, HDTV, EDTV, HDMI, etc. etc. Fear no more, because here are two excellent articles explaining both:

First off, we have Sunnis and Shias: Does it have to be war? in the Economist. Money quote for the truly lazy (ie, a summary paragraph of a summary article):

The word shia derives from the Arabic shi’at Ali or the partisans of Ali, and referred at first to the political faction that believed leadership of the Muslim community should remain in the hands of the Prophet’s family. When the caliphate passed instead to a rival branch of Muhammad’s tribe, other disgruntled groups, including many non-Arabs recently converted to Islam, joined the Shia cause, which drew further emotive strength following the martyrdom of Hussein at the hands of a Sunni army.

Over time this political division deepened into doctrinal splits, with each branch elaborating its own interpretations of sharia, or religious law. Sunni Muslims preserved their unity by coming to accept four rival, but equally valid legal schools of varying rigour. Shia Islam followed a different course. It continued to split into subsects over questions of whom to recognise as the imam, a leader whose blood links to the Prophet were held to render him an infallible interpreter of God’s will.

And as for the LCD vs plasma debate, we have this nice intro from Wired: TV’s Flat New World. Again, a summary quote from a summary article for the truly lazy:

The differences between LCD and plasma, particularly where performance is concerned, are getting smaller all the time. A few years back, LCD screens suffered from severe refresh issues, often producing hideous digital artifacts whenever the on-screen action intensified. Meanwhile, plasma displays were notorious for their short life spans because of the radioactive half-life of the gases they use. Fortunately for both sides, those problems are pretty much a thing of the past. LCD artifacting is now a relatively rare occurrence and plasmas now live twice as long as their forebears.

So there you go. Consider yourself more educated than 98% of all Americans.

As someone who happens to be somewhat knowledgeable about the computer industry (and technology in general), I am often asked for advice by my friends and family as to which of the shiny new whizbang doodads they are considering purchasing is the best choice. I ask the only important question, that being, “how do you plan on using it?”, and then pore a bit over the different spec sheets, and make a recommendation.

Usually, that’s the end of it, and everyone’s happy. But occasionally, the person responds back with, “Oh, well, I heard that Whizbang Doodad is going to get the sweet new Frobazz feature in the next version, like 6 months from now! Do you think I should wait or buy it now?”

It’s a very valid and very annoying question, and one that I usually have trouble giving a nice, concise, nutshell answer to. Non-geeks aren’t stupid. They may not know Moore’s law by name, or its technical definition, but they have certainly figured out that whatever they’re getting, it’ll be better, cheaper, and smaller in the future. And if they’re going to be spending a large sum of money, it only makes sense to get the best possible value for their cash, even if it means waiting a few extra months.

On the other hand, if they wait the six months for sweet new Frobazz feature, well, by that time, Beezneez feature will be announced for the next product rev. And explaining that there’s always going to be something better in a little while gets to be annoying (mostly because of the look of disappointment on their faces, since they were expecting a nice unambiguous “yes” or “no” and not some stupid lecture on Gordon Moore and the relentless pace of technological innovation). What to do?

The best answer I’ve come up with is entitled the “Vonnegut philosophy of IT procurement”. Vonnegut’s protagonist in Slaughterhouse 5, Billy Pilgrim, adopts the Tralfamadorian phrase, “so it goes” every time he hears about a death. Wayne D. McGinnis says:

‘the most important function of “so it goes” [a phrase that recurs at each death in the book] . . . , is its imparting a cyclical quality to the novel, both in form and content. Paradoxically, the expression of fatalism serves as a source of renewal, a situation typical of Vonnegut’s works,for it enables the novel to go on despite — even because of — the proliferation of deaths.”’

And our good friend the wikipedia says:

The novel uses certain phrases repetitively, such as “so it goes”, which, used whenever death or dying is mentioned (be it a man, an animal, or the bubbles in champagne), serves to downplay mortality, making it routine and even humorous

In my opinion, this is a useful attitude to maintain when purchasing any sort of technology (iPods, computers, digital cameras, etc.), and my philosophy in a nutshell goes something like this:

When you are ready to make a technology purchase, figure out what features you want, and how much you are willing to spend to get them. Buy it when you need it — no sooner, and no later. After purchase, ignore that market for the next three months, because you will invariably be annoyed that the thing you just bought is now obsolete. So it goes.

That said, there are certain times where it may be useful to wait for the next technology rev because of two reasons:

1. The “certain times” are well known dates (more on this later) and thus, you are not actually waiting indefinitely.

2. Since the “certain times” are such well known dates, many electronics manufacturers are actively trying to deliver Frobazz and Beezneez features to hit those dates.

The major and obvious date would be the Christmas selling season. To a lesser degree, some time in early to mid-August is another good buying time (back to school). (There’s probably a tertiary corollary in there somewhere about Apple products and waiting for Macworld or Expo, but that’s beyond the limits of human sanity.) The electronics manufacturers are trying to get their products to the market with the hot new features that everyone wants, so if it’s September or October and you’re thinking about getting that new computer, it would be worth it to just hold out until early December (or early January if you don’t really think that the 25th of December is all that special of a date) to make that purchase since you’ll probably get the most bang for your buck.

However, in the general case, I will advocate that you buy when you need it, and stop worrying about the fact that 6 months from now, your widget will be cooler. Yes, just ignore it and be happy with what you have. It’s the only way to stay sane.