Real Estate

July 28, 2008 – 4:08 am

Since I’m a general know-it-all, and like unlike most people do not have problems managing finances, people ask me about real estate issues a lot.

If they have a decent attention span and live in Seattle, I point them to the Seattle Bubble Blog. It does a great job of debunking a lot of the fluff that many people with a vested interest in selling something commonly tell prospective clients.

Without talking about market conditions just yet, let me give you my brief outline of why buying real estate might be an ok idea.

First, you the reader, should know that if you live in a nice city, you are likely better off renting. This is a fact unless you live someplace crazy-rural or you make way more money than most. You are better off just saving and investing your money than getting tied up in the never ending cashfest that is home ownership. Here is a New York Times calculator to play with that basically proves this if you use it correctly. Give it a try knowing that historical appreciation rates for property is under 5% and for the last two years it has been in negative numbers.

If you’re one of the few single or combined incomes that could use a large enough deduction from your income taxes and get a little bit of investment from it, lucky you. If you’re not sure, think about the following:

  • The interest on your mortgage is deductible
  • The added property taxes are not
  • Neither are the costs for upkeep. (Note that repairs are not tax deductible, but improvements to a home are. This is why most people who can afford it add improvements instead of just remodeling.)

Basically the money you save by not paying rent needs to be greater than the total amount you pay out in closing costs, taxes, interest, and the amount “saved” by not giving it to the taxman. This is not most people. Most people are told that housing is a great investment, so they buy it anyway. This is part of why values of the housing market are falling like a stone right now.

So you’ve run the numbers. You understand the realities of taxes and financing. You’re considering that housing is not an investment, but a luxury that may possibly yield a profit in the end if you get lucky. How do you get the best deal? After having personally owned a couple of different residences and been involved in the transactions of several others, I have some suggestion that you may find useful.

1) Ditch your emotions and make the best deal you can.

Most buyers make impulse buys because a kitchen is pretty, the bathrooms have been remodeled, or there is a nice view. Don’t be that guy. Be critical and see it for what it is. It is a business decision. Make the best deal possible for you. This means buying the most value for the least of your money that you can. The only person with a vested interest in this is you.

Your real estate professional, if you are working with one, is motivated by the sale and the possibility of referral and repeat business. They have other commitments. They only have so much time to give you. Do not make the mistake of thinking that they will find you the best deal. They only want to find you a deal that you are happy with so that they can get paid. Romanticizing ideals past these simple motives does you no good.

Look at a lot of options yourself. Get a sense of what things are worth by yourself. Know how much you are willing to spend and your financial limitations.

2) Get the right tools for the job

If you don’t know what you’re doing, you’ll likely need to work through a full service professional to make sure you don’t get completely hosed. If you’re done this dance before, why pay for it? You will understand:

  1. The bidding process and what conditions can be put into an offer
  2. Inspection and conditions for sale
  3. Closing details and games people will play with you
  4. What can go wrong
  5. The idiosyncrasies of the area

If you can handle these things, think about using a low cost broker or a tool like Redfin. The buyer’s agent commission is usually something like 3% of the value of the property. It can be more of a builder offers incentives because of their greater profit margin they have available to make deals, or less if the seller has stipulated so in the MLS listing. Sellers of moderately priced homes usually offer 3% so that buyers agents will bring prospective buyers to see the property. If the seller was offering 2.5%, the thinking is that they will get less interest because the agent wants their cash. It is perfectly sensible and is one of the many details of the experience that can be misunderstood.

If you use a site like Redfin, they capture about 1% of the deal and issue you a 2% rebate.

So, tools and resources that should be examined include:

  • Brokerage sites such as Redfin
  • Appraisal sites such as Zillow, Eppraisal, and Cyberhomes
  • Foreclosure information sites if you want to take the added risks involved. These are usually funded by a monthly membership fee.

3) Spare no ones feelings

This is not a relationship. You are not dating or paling around with friends. This is a business transaction. Be brutal and fight for your best deal. Make low offers. What you do with your wallet is what a piece of property is worth. It is not your responsibility to fund someone’s retirement or otherwise give them a fat profit. You have enough to worry about without thinking about the goals on the other side of the table. Big money means that the details count for a lot.

4) The details are gold

Always get an inspection by inspectors that work for you. It is worth the money. Look at the tax records when constructing your deal. Try to know as much as possible as information is your friend.

5) Good luck

When you have done all of your homework and come up with a sound strategy for buying in a particular area, get your pre approval from for financier and start making offers. Finding the best deal on financing is also no simple matter and be aware of how referrals and business relationships may have vested interests.

If I’ve pointed you to this write-up after you’ve asked me about “so what’s the deal with buying a house,” let me know if it helped you.

By Ian Gorrie | Posted in Business, Economics | Comments (1)

Just what I didn’t know I needed

July 25, 2008 – 3:41 am

Because I hate going to a gym in the mornings, I decided I would give Wi Fit a try so that I can supplement my normal training schedule with some extra effective morning mild exercise. I’ve been checking intermittently to see if Amazon had them, because I really don’t care enough to go and hunt a copy down, but would rather it just magically appear in the mail.

Well this time, I saw this:

textbuyit.jpg

I can reply to a text to buy it? Yes please.

Now I can be a Nintendo fanboy without any effort at all. Sweet.

By Ian Gorrie | Posted in Business, Gaming | Comments (0)

Twitter, Defcon, Geotaging

July 23, 2008 – 5:25 pm

So I caved and succumbed to the lameness of Twitter mostly for the purposes of attending and coordinating things at large events. It’ll be hard to flow of people and places at events like Defcon without it.

Mostly I view twitter as a noise application. It posts “microblogging,” a term which people with near zero attention spans seem to say a lot, updates everywhere, it uses the @username to respond to things. I view it as the ALL CAPS communication medium.

So I’m not in love, but I will use it via Twibble on my Nokia n95 to geotag myself and figure out where people I know are having fun when there are a few thousand people milling around.

There will also be flashmob like behavior coordinated by a con twitter id during the event itself.

By Ian Gorrie | Posted in Internet | Comments (0)

Downtown for Linux

July 23, 2008 – 3:05 pm

I had the pleasure of attending one of the GSLUG [Greater Seattle Linux Users Group] on the 12th.

I was really surprised at the quality of the event. Allow me to explain.

I’m used to these type of occasions being hosted in a filthy classroom or basement of a university or community college and attended by unwashed beasts that are fueled entirely by high fructose corn syrup and not really talking about anything of note besides arguing about what distro is better. This has been my past experience.

Thankfully, this was not one of those events.

This gathering was in a great facility provided by Speakeasy. They even threw down for pizza, salad, fruit and drinks. I’m in training and had none of it, but I appreciated the gesture.

A couple of the talks were particularly interesting as I haven’t been a day to day sysadmin for several years. It’s nice to be able to drop in on things and see some of the recurring problems solved in interesting ways.

First was a talk by Bryan McLellan about how he runs his infrastructure at Widemile.

The second that I found of interest was a demo of git, an alternative to code management systems such as subversion, by John Locke which showed how the compare, a demonstration of how it functions in routine situations, and a Q&A that focused mainly on what git does well and what subversion does not.

I’ll make sure to do my best to attend future meetings of this group. They’re a cool bunch.

By Ian Gorrie | Posted in Linux | Comments (0)

The DNS Drama

July 23, 2008 – 1:03 am

Dan’s Seattle Toorcon 0day keeps going and going and going and going.

If you’re looking for details, the details that were leaked, confirmed, retracted, and denied, here’s a description and a mirror.

So if you run your own DNS, upgrade already as you should have some time ago when you were first told to do so.

Perhaps I will switch to OpenDNS after all. In fact, I should have done this a while ago on most of the nets I deal with routinely.

The commentary in this posting is rather interesting as well. If you don’t trust OpenDNS, and I can’t say that I blame you, a comment poses a worthy option:

  1. I run a local dns server that randomizes source ports whose network facing NAT does not derandomize source ports.
  2. My local server resolves through the root servers. The queries are sent to a random root.
  3. I limit my dns server to strictly use TCP queries and not to use UDP for queries.

Update:

Metasploit code now jupes entire domains.

By Ian Gorrie | Posted in Information Security, Internet | Comments (0)

Playstation update: Your ps3 is now a brick

July 7, 2008 – 2:23 am

I had a gamer friend ask me why I didn’t have any trophies yet for Super Stardust HD, one of my favorite PS3 games.

I had no idea what she was talking about, so naturally I searched for “stardust trophies” and found that the Playstation network has finally added achievements, much like the xbox people have had for years.

So why hadn’t I noticed? I had been playing Metal Gear Solid 4 a few times this last week so I should have seen an update. What was going on here?

As it happens, the system update (v2.40) enables trophies and the related update to Super Stardust HD had been pulled because of widespread reports of it bricking Playstation 3 consoles.

Amazing.

It is said that v2.41 will be out midweek, but I find it seriously amazing that Sony would release an update that wasn’t tested enough to know that they would brick tons of consoles. Additionally, issues have been reported across all released hardware profiles, so it’s a comprehensive bricking update.

Nice work, guys.

By Ian Gorrie | Posted in Gaming | Comments (0)

Amazon downtime

June 10, 2008 – 1:11 pm

There was recent news about how Amazon was down for two hours. Speculation runs rampant on cnet about the cause:

“It doesn’t seem to be the result of a network-initiated attack, at least from my preliminary analysis from our probes,” Ranjan said.

Human error may not sound as gripping a tale as a network attack, but there’s plenty of drama for the people responsible. And it’s the career-limiting variety of drama, said Illuminata analyst Gordon Haff, who hazarded a guess that Amazon’s problem involved its front-end Web servers.

The security group of WebSense, a Web site and communications protection company, also saw no evidence Amazon’s problem was security related.

Having talked to a lot of Amazon people here after my arrival in Seattle, I’m surprised that they don’t have more downtime. Amazon is run like a huge basement operation.

Let me explain.

Amazon doesn’t have a real operational staff. They have developers that code up releases by day and then have handle first-line response to outages and incidents by night.

As far as I can tell, they have no industry standard monitoring software, configuration management platform, or even any centralized policy framework. They leave everything up to business units to develop all of their own infrastructure and systems management strategy. Best yet, it’s all run by developers.

I think everyone reading this who has been a pro in running operational systems just recoiled in horror after that last sentence.

I understand that entrepreneurial environments want to be as nonconforming and iconoclastic as possible as to “think outside the box” or whatever in-your-face-status-quo stance to encourage innovation, but don’t take that kool-aid to the harsh realm of uptime.

Stability in operational systems by standardizing their build process, quality assurance of code deployments, and operational staffing that doesn’t tax your architectural staff not only leads to better performance, but it also takes your staff out from under the Sword of Damocles of downtime. Having to choose between stability and innovation is a poor choice to make when you can have both, and a cost savings, with a bit of operational sanity.

By Ian Gorrie | Posted in Management, Technology | Comments (0)

The encrypted traveler

April 27, 2008 – 5:05 pm

As border enforcement as using increasingly invasive tactics, a traveler that has any privacy concerns for the data that they are carrying (especially if visiting the United States) will very likely take steps to protect themselves.

Examples:

FindLaw:

The Ninth Circuit, in a decision announced this summer, has approved forensic searches of laptop computers at the border, even when the laptop’s owner spent no time outside the airport in the foreign country and was under no suspicion of possessing foreign contraband.

Washington Post:

Nabila Mango, a therapist and a U.S. citizen who has lived in the country since 1965, had just flown in from Jordan last December when, she said, she was detained at customs and her cellphone was taken from her purse. Her daughter, waiting outside San Francisco International Airport, tried repeatedly to call her during the hour and a half she was questioned. But after her phone was returned, Mango saw that records of her daughter’s calls had been erased.

A few months earlier in the same airport, a tech engineer returning from a business trip to London objected when a federal agent asked him to type his password into his laptop computer. “This laptop doesn’t belong to me,” he remembers protesting. “It belongs to my company.” Eventually, he agreed to log on and stood by as the officer copied the Web sites he had visited, said the engineer, a U.S. citizen who spoke on the condition of anonymity for fear of calling attention to himself.

Police Blotter:

What: A business traveler protests the warrantless search and seizure of his laptop by Homeland Security at the U.S.-Canada border.

When: 9th Circuit Court of Appeals rules on July 24.

Outcome: Three-judge panel unanimously says that border police may conduct random searches of laptops without search warrants or probable cause. These searches can include seizing the laptop and subjecting it to extensive forensic analysis.

Ars Technica:

Stuart Romm boarded a plane in Las Vegas on February 1, 2004. When he got off the plane in British Columbia, Canada’s Border Services Agency stopped Romm for questioning. After learning that Romm had a criminal background, Agent Keith Brown searched his laptop and discovered child porn sites in Romm’s Internet history list. Canada then bundled Romm back onto a plane to Seattle, where US Customs agents had a chance to question him further.

They also conducted a forensic scan of his hard drive and turned up images of child pornography in Romm’s browser cache. The images had been deleted (intentionally, it appears), but were recovered by an agent using software called “EnCase.” Romm then admitted to investigators that he used Google to search for child pornography, and that his “therapy” had failed to help him quit.

Why is it always the pedophile that is used as an example of why invasive measures are justified? Perhaps all civil liberties should be put to the pedotest.

Pedobear_13.png

Because of the perceived need for such methods in several countries, many people, including business travelers with trade secrets, choose not to travel with any data on their person at all and access their data online when they have reached their destination.

Toward this end, I would like to call to mention this excellent document produced by the ninjas who make TrueCrypt. The concept of the hidden service via tor or the hidden volume via TrueCrypt will become more and more popular as long as searches and information harvesting becomes increasingly aggressive.

By Ian Gorrie | Posted in Information Security, Privacy, Travel | Comments (1)

Why I hate BlackBerries

April 27, 2008 – 1:16 pm

I have been working hard to avoid Blackberries of all kinds having seen sales people (who if you ask anyone who works with technology, they will tell you that people in sales push for the worst solutions available almost all the time) fiddle with them for years.

  • They never quite worked right.
  • Their voice quality sucked.
  • They’re a closed platform.
  • The integrate with Exchange as some kind of parasitic add-on module (as if running a Windows mail server wasn’t enough of a threat exposure)

Clearly, theirs is like the ultimate recipe for suck.

So I avoided them. I would say things like “You have a business case for me to have mobile email? No problem. I’ll take care of it.” I would then have some kind of mail solution of my own that would work well, integrate with everything else I was doing, and not drive me insane.

Before I complain any more, I will give it up for one thing that Blackberry does do. They push a mobile security policy to their devices that can involve remotely wiping the handheld

They really can’t take credit for all of this as everyone else supports it as well, but it’s a good thing from a governance/management angle. It is obvious that they would need it first because of their sales-centric user base, but necessity is the mother of invention. It’s also the mother of horrible duct-tape-style nasty rigging of solutions.

After dorking around with one of these consumer-level Blackberries and noting how it would ring occasionally and just vibrate at other times. It would perform randomly when I expected things to work all of the time. Additionally, their touch-typing is primitive when compared to other phones. It did not please me.

Enough of this. Can I use my old Nokia e61? It has blackberry software. Shouldn’t it work?

Apparently not. I gave it a good try, but there would be some version incompatibility or hidden password (likely inserted by carriers) that would prevent me from using the software successfully.

This really isn’t surprising why this might be if you look at the Nokia BlackBerry Connect page and look at the completely different dependencies for each of the carriers. If you’ve upgraded your firmware, as I’ve mentioned before is always a good idea, then you can’t use BlackBerry software with it. If it’s supported at all. If you look at BlackBerry’s own site, you get a huge list of carrier sites where you might be able to download a specific supported out of date build.

So let us consider this a moment and ignore some of the exceptional cases. This, usually, is a service that pushes email from a service that a business owns to a handset that a business owns transported over a cellular network.

So why all the dependency and pitfalls for using software? Is it the case that cellular providers believe that handsets should never be touched by end users or even corporate customers and if you do, to fix a vulnerability for instance, they just shouldn’t work anymore.

Having to choose between functionality and security is not fair.

I suppose it makes some sense that they don’t want to support their software on other smartphones as they would prefer you purchased their handset platform as well, but what about supporting people who purchased their enterprise products? Is the message “Too bad, buy more of our stuff”?

Backward, trouble to manage, and poorly performing. I guess I’ll continue to be surprised that people continue to use them. It really shouldn’t be a surprise to anyone that Android and iPhone are going to dominate the market in the next couple of years.

It is a question of usability.

Does this industry really intend that users need to continue to decide between functionality and secure operation? Why isn’t this seen as completely ridiculous? There isn’t any value in requiring a middleman between enterprise software and the platform where the client software runs.

By Ian Gorrie | Posted in Electronics, Phones | Comments (1)

AT&T hates their customers

April 26, 2008 – 3:10 am

Every time I have an interaction with AT&T wireless, it is an agonizing and drawn out horror of an experience. Because I know this, I only call then when absolutely necessary. Basically this is when they break things and I need to figure out why my stuff is busted.

I spent about four hours on the phone with AT&T after my wireless data was mysteriously half-broken. When someone decided that they were pissed off or didn’t want to be helpful, I just hung up and called back in again. There really isn’t any point in taking up any more of my time in

After one of their higher-level techs spilled the beans that AT&T has implemented some new program of removing functionality that customers are paying for based on the IMEI of the phone assigned in the customer account.

Why should you care? I thought that it was interesting that I was no longer getting the service I was paying extra to make sure I received. I spoke to another rep in business sales (another good trick to get decent service is to go through business services as normal customer service is always pissed off, semi-literate, don’t care, or a combination thereof) and he said that he had lost data service on his blackberry about a week ago and that he was likely having the same problem.

Through the course of my research of trying to figure out what they screwed up so that I could tell them how to fix it (this is the only way to handle any telco, by the way), I found several other interesting tidbits.

I took a bit of a longer view of how AT&T manages their customers and their service agreements in order to be prepared for my encounter. Ever since data plans have been offered, consumers have been using the abilities that were built into the phones for this purpose to attach tablets, laptops, and other peripherals to the data service on their phones. This hasn’t been a very big deal until recently and, much like SMS was before it became popular, it was largely free as it was not commonly used by the average consumer.

Now that it has, it is worthwhile to take note of some of the strange language in the agreements for their “unlimited data” plans, which aren’t so unlimited:

DATACONNECT PLANS
DataConnect plans may ONLY be used with AT&T-certified LaptopConnect (PC Data) Cards and eligible AT&T-certified customer owned and maintained (COAM) devices for the following purposes: (i) Internet browsing; (ii) email; and (iii) intranet access (including access to corporate intranets, email, and individual productivity applications like customer relationship management, sales force, and field service automation). The parties agree that AT&T has the right to impose additional charges if you use more than 5 gigabytes in a month. Prior to the imposition of any additional charges, AT&T shall provide you with notice and you shall have the right to terminate your service.

PDA/BLACKBERRY PLANS WITH TETHERING
PDA/BlackBerry plans with Tethering may ONLY be used with AT&T-certified RIM BlackBerry devices and PDAs for the following purposes: (i) Internet browsing; (ii) email; and (iii) intranet access (including access to corporate intranets, email, and individual productivity applications like customer relationship management, sales force, and field service automation). PDA/BlackBerry plans with Tethering may be used to tether such PDA and BlackBerry devices to a Personal Computer. The parties agree that AT&T has the right to impose additional charges if you use more than 5 GB in a month. Prior to the imposition of any additional charges, AT&T shall provide you with notice and you shall have the right to terminate your service.

Source from the AT&T Wireless Terms of Service.

The bold is theirs.

Apparently this is enforced rarely and only as a hammer to punish customers that piss them off.

As you might expect, this has been found and reported a couple of times and usually at Howard’s Forums and reported here by dslreports.

‘Unlimited’ AT&T Wireless Data Plans About To Be Capped?
Rumblings among insiders about implementing 5GB quiet cap, like Verizon…
09:33AM Friday Jan 11 2008 by Karl
tags: prices · business · wireless · bandwidth · Cingular Wireless
An anonymous AT&T insider yesterday hinted to us that the company’s wireless division would soon be implementing a 5GB monthly usage cap on some unlimited data plans. We contacted AT&T for official comment and were told that there’s no changes in store that they’re aware of, but they’d nudge us if anything official came along. Today we’re seeing some discussion over at Howard’s forums that would seemingly confirm there’s some changes coming:

Click for full size

I just heard that the pda plans will no longer be unlimited but will be capped at 5 gigs. Users will not be billed overages but people with constant overages will be contacted to try to reassess the users needs. The new plans are nationwide so I’m not going to disclose my market but they are getting rid of the media bundles and M2M messaging. Text and data is now separate. PDA plans will be lowered to 30 bucks to match blackberry personal and media net unlimited is lowered to $15 bucks.According to the poster, the plans will be live in a few weeks. Assuming these looming changes are true, AT&T may want to start removing the word unlimited from their advertising material. Verizon, who similarly advertised an unlimited service that actually had a 5GB monthly data cap, was busted last October by the NY Attorney General for false advertising. When we hear more on these rate changes we’ll let you know.

..and reported again a couple of months later:

AT&T’s 5GB Wireless Broadband Mystery Cap
Heavy users can prepare to pay a fortune…
03:13PM Tuesday Mar 18 2008 by Karl
tags: business · wireless · bandwidth · Cingular Wireless
For years, Verizon Wireless was trying to have their cake and eat it too, by advertising their EVDO service as unlimited, but quietly imposing a 5GB monthly cap. That advertising charade ended courtesy of NY’s attorney general (no, not client-9) last fall. Back in January, AT&T insiders insisted that the company was preparing to apply a 5GB monthly cap of their own to their unlimited HSDPA service. The company’s terms of service already states as much:The parties agree that AT&T has the right to limit throughput or amount of data transferred and/or deny, disconnect, modify and/or terminate Service if you use more than 5 gigabytes in a month. If you require more than 5 gigabytes per month, ask us about our DataConnect 5GB Overage plan.That plan doesn’t appear anywhere on AT&T’s website. Gearlog called in to ask about the plan, and found that actually using AT&T’s wireless broadband network in any volume can be a very pricey proposition:if you call in, you’ll find it’s $350/month for 5GB, plus $0.50 per megabyte (really, $.0005 per kb, but my megabyte formula is more readable.) Since you’re probably a heavy downloader, let’s think of that as $500 per gigabyte. Yes. They want to charge you $350 for exactly what you’re paying $60 for. Want 10GB instead of 5GB? That’ll cost you $2,850 for that month. Now, to be fair, an AT&T rep told me that they’ll probably give you a pass for a month or two if you accidentally go over 5GB. Then they’ll give you a call and try to convince you to move to the Punitively Expensive Plan.AT&T’s website still advertises “unlimited” data for Blackberry and PDAs provided you don’t tether, but we’d be interested to see if any users have tested the boundaries with smart phone consumption alone.

Note that life as a bandwidth hog on Verizon’s network is no easier. Buried amidst all the fawning adoration of Verizon Wireless for their recently announced unlimited yammering plan was the fact that they implemented some very pricey data overage charges of their own.

I had thought that perhaps it was possible they were mad at me for actually using the service I was paying for, but there was no way I was even using a significant fraction of 5G down a month.

So I looked on Howard Forums and saw that a whole bunch of people were having the same problem. I contributed a bit to these threads with the information I gathered from my hours of talking to AT&T representatives, and then focused on fixing my problem.

After this, and several other misadventures, I don’t suggest anyone even talk to customer care. Just don’t bother. It is a waste of time. If you want to do it at all, do it to make AT&T lose money. It costs money to staff call centers though, as it turns out, AT&T will soon be charging you to speak to a human. It really is amazing how minimum requirements of business are becoming features that one gets billed for using.

So after all this, I had a surprisingly simple solution to my problem.

I went to an AT&T storefront. I told them that business customer care told me that I needed a new SIM. I asked them to delete my data plan and the phone that was currently in my account. They scanned my IMEI number from the back panel of my phone, added a data service to my account, scanned in the new SIM card and gave it to me.

All was fixed and operational again after a few minutes.

The point of this is that cable and telco companies, who have re-established their monopolies, are increasingly using business practices that lock in customers instead of satisfying them. Since the consumers have no choice, the are billed a regulated amount as set by the government.

This is the case because much of this infrastructure was built with your tax dollars. Many of these companies have benefited from this but conveniently forget about this when they ask for less regulation because “they built the network and now it is theirs to do what they want” as is the argument for many companies net neutrality defiant behavior.

So do what needs to be done to defeat the problems generated by companies that don’t really care if they break services that you have come to rely on to do your business. Take the path of least resistance and remember that you owe them no consumer loyalty, because they do not appreciate or respect your patronage.

By Ian Gorrie | Posted in Business, Phones | Comments (0)