|
Yeah that’s always the dilemma of using any system that isn’t standard best practice. Maybe your cute trick to support numeric entry accidentally weakens the security of the entire system. Oops.
|
#
?
Feb 26, 2024 14:16
|
|
|
|
| # ? Jun 6, 2024 05:06 |
|
|
Couldn't they just hash all the different possible combinations of uppercase and lowercase and make sure one matches what they have stored?
|
|
#
?
Feb 26, 2024 14:47
|
|
|
ranbo das posted:Couldn't they just hash all the different possible combinations of uppercase and lowercase and make sure one matches what they have stored? Two problems with this: 1 - This would make reverse engineering the passwords from the stored hashes so trivially easy for a hacker that you may as well just go back to storing the password in plaintext 2 - Storing all combinations of every password would absolutely explode the disk needed to store those passwords and make it that much more difficult to retrieve them
|
|
#
?
Feb 26, 2024 14:58
|
|
|
ranbo das posted:Couldn't they just hash all the different possible combinations of uppercase and lowercase and make sure one matches what they have stored? I'm not a math wizard but I think that there's a 2n number of such combinations, assuming your whole password is letters, and so your 12-character password has 212 = 4,096 combinations to make and store hashes of. Obviously this gets exponentially worse the longer your password. If you allow 16 character passwords you'd need 65,536 hashes.
|
|
#
?
Feb 26, 2024 18:24
|
|
|
the implementation of this is easy: 1. when you type in a new password, before they pass it into their hash function, they just make every letter uppercase. 2. when you type in the password to login, they just make every letter uppercase and check the hashed result with the value in the database. there is no need to generate multiple hashes for each combination of uppercase. also i don't know if i commented back then or if i just commented in my head and was satisfied with that but IMO its not a big issue as long as the actual security team and implementation is competent. i trust google, apple, and facebook to have competent security experts... not sure about fidelity TBH even though they are a bank. if they're implementing a proper hashing function, along with passing in a salt. upper or lowercase being acceptable for your password is not a big deal. the only hesitation is that the team itself is not competent: for example if they used md5 hashes with no salting to store these passwords i would be incredibly worried.
|
|
#
?
Feb 26, 2024 21:05
|
|
|
code:
|
|
#
?
Feb 26, 2024 21:50
|
|
|
Is Personal Capital still the thread's go-to financial management app after being bought up by Empower? A related question that probably belongs in a different thread: Does the thread have a go-to household budget Excel/Google sheet? I use the Pear Budget template, but there has to be something better out there.
|
|
#
?
Feb 26, 2024 22:39
|
|
|
Well you just store the right hash, not every single permutation, you generate those permutations when someone tries to log in. In my day job 65536 isn't a massive number but also I'm not a security guy. I can say that Fidelity won't log me in on the web site or mobile if I screw up on capitalization so I'm not sure how they would know if they just did toUppercase().
|
|
#
?
Feb 26, 2024 23:19
|
|
|
The Puppy Bowl posted:Is Personal Capital still the thread's go-to financial management app after being bought up by Empower? Yeah PersonalCapital is still a good, free way to see all my stuff on one screen and snag all my transactions.
|
|
#
?
Feb 26, 2024 23:52
|
|
|
I switched to Tiller for tracking balances/spending after Mint ate poo poo. It is basically a service that dumps your account/transactions data into Google Sheets or Excel so it requires a more DIY attitude and an unhealthy interest in tinkering with spreadsheets. Pretty sure I have a referral link somewhere if anyone wants to try it.
|
|
#
?
Feb 27, 2024 00:23
|
|
|
The Puppy Bowl posted:Is Personal Capital still the thread's go-to financial management app after being bought up by Empower? I think it's great. Supposedly, they are selling my data but the service is worth it especially if you have multiple accounts. It's a good dashboard UI.
|
|
#
?
Feb 27, 2024 00:55
|
|
|
I don’t like how it is so focused on them wanting to get all my assets under their management. Like every time I open the app, it takes me to the notifications tab with all these “new” notifications I can’t get rid of. All of them just want me to talk to an advisor. It’s just junk. 
|
|
#
?
Feb 27, 2024 01:48
|
|
|
I've got a pretty good % in AGG, Fidelity's bond spread since redistributing in 2022. While my other investments have seen a decent return since 2022's numbers, my bond % continues to post a cumulative loss. I don't expect AGI this year to be any less than prior years, but given I've got a good time horizon, aside from my personal risk exposure would there be any downside to redistributing from a 10% bond of a 3 part fund to 0 for the time being? I just feel like that my bond returns are not living up to other investments given how good the market is doing.
|
|
#
?
Feb 27, 2024 02:01
|
|
|
withak posted:I switched to Tiller for tracking balances/spending after Mint ate poo poo. It is basically a service that dumps your account/transactions data into Google Sheets or Excel so it requires a more DIY attitude and an unhealthy interest in tinkering with spreadsheets. Pretty sure I have a referral link somewhere if anyone wants to try it. Can tiller work if I want to manually dump in my csvs or does it """need""" to go through plaid or whatever?
|
|
#
?
Feb 27, 2024 02:43
|
|
|
Boris Galerkin posted:Can tiller work if I want to manually dump in my csvs or does it """need""" to go through plaid or whatever? It is literally just a spreadsheet, you can paste whatever you want in there.
|
|
#
?
Feb 27, 2024 02:46
|
|
|
adnam posted:I've got a pretty good % in AGG, Fidelity's bond spread since redistributing in 2022. While my other investments have seen a decent return since 2022's numbers, my bond % continues to post a cumulative loss. I don't expect AGI this year to be any less than prior years, but given I've got a good time horizon, aside from my personal risk exposure would there be any downside to redistributing from a 10% bond of a 3 part fund to 0 for the time being? I just feel like that my bond returns are not living up to other investments given how good the market is doing. You shouldn't evaluate any long term investment on a short term time frame. Bond funds in particular trip a lot of people up, because they are expecting a safe investment where prices dont move much. But, with bond funds, the price goes down when the yield goes up. The longer duration the bond fund, the stronger this effect is. AGG is a 6 year duration fund, so a 1% change in rates will move the price of the fund by 6%. And rates have gone up a lot more than 1%. For a investor who is holding a fund of appropriate duration, higher interest rates are good. If you sell now, you are selling when expected future returns are higher that they were a couple years ago. As the fund replaces older, lower yielding bonds, with newer higher yielding ones, the income distributed by the fund increases: 
|
|
#
?
Feb 27, 2024 02:53
|
|
|
smackfu posted:I don’t like how it is so focused on them wanting to get all my assets under their management. I swear they auto send an email saying my net worth has decreased every time the market takes a big dump.
|
|
#
?
Feb 27, 2024 02:54
|
|
|
smackfu posted:I don’t like how it is so focused on them wanting to get all my assets under their management. I didn't even know they had an app. This makes me glad I only use their website on a PC. They called me once to try and get to talk to an advisor, clearly with the goal of getting my assets under their management. I politely told them I was a DIY index fund investor and they haven't call me again since. I've never gotten an email from them though.
|
|
#
?
Feb 27, 2024 15:20
|
|
|
drk posted:You shouldn't evaluate any long term investment on a short term time frame. Wow, thanks. That really explains a lot. I knew that I needed to have an age-related investment in bond funds but the way you explained it was incredibly clear and also reassures me.
|
|
#
?
Feb 27, 2024 17:34
|
|
|
adnam posted:I've got a pretty good % in AGG, Fidelity's bond spread since redistributing in 2022. While my other investments have seen a decent return since 2022's numbers, my bond % continues to post a cumulative loss. I don't expect AGI this year to be any less than prior years, but given I've got a good time horizon, aside from my personal risk exposure would there be any downside to redistributing from a 10% bond of a 3 part fund to 0 for the time being? I just feel like that my bond returns are not living up to other investments given how good the market is doing. You're really kind of asking two different questions here. One is "is now a good time to sell bonds" and the answer is no, you are buying high selling low, and also timing the market, and both are not good ideas. The other is "what should my bond allocation be, is zero OK" and the answer there is more complicated. The older-school, Bernstein argument that even just 10% in bonds has a significant smoothing effect over volatility for not a whole lot of drag on earnings is still true, but for investors with 20-40 year timelines having lower volatility may not be important at all, vs. maximizing returns. If you feel you should have been in 100% stocks all along, then it's never too early to rebalance into stocks. But purely from a timing perspective drk is 100% correct: we know rates rose and we know that pushes down medium to long term bond fund prices, we know rates have now flattened and if our current thoughts about the near to intermediate future of the market hold true (and that's the dreaded market timing so no we do not know this will happen, but it's what "the market" seems to be guessing right now) then we should expect much higher returns for such a bond fund over the next few years as the older low-interest bonds sell off and newer high-interest bonds get locked into that fund and start paying out. That fund would then outperform if rates fell significantly, and again I caution you that we do not "know" that rates are headed back to sub 3% in the near future, medium future, or ever again. But if they did we'd see this as a nice feed of performance into our diversified long-term portfolios during that period. So IMO, consider your asset allocation choices separately from your thoughts about this particular bond fund and when it's good to sell it. If you reallocate into stocks, you should not do so "because stocks are doing great" because that is a present-tense statement that is actually about the past, albeit just about yesterday perhaps. Stocks can stop doing great tomorrow. That's market timing. But stocks outperform bonds in terms of returns over the course of decades so if you should be 100% stocks (or 95% or whatever) then don't worry about the timing of your reallocation, just do it. If you do want to have some bonds in your portfolio, AGG is fine and don't focus on how bad its returns have been during this historic period of rising interest rates.
|
|
#
?
Feb 27, 2024 17:36
|
|
|
I learned about their different dashboard once I got 100k net worth. That was a trip. Then I suddenly mattered.
|
|
#
?
Feb 27, 2024 18:48
|
|
|
E: ugh how did this get here
Boris Galerkin fucked around with this message at 22:03 on Feb 27, 2024 |
|
#
?
Feb 27, 2024 20:50
|
|
|
Corporate thread is thataway ————>
|
|
#
?
Feb 27, 2024 21:37
|
|
|
Bonds are for old people. If you can use the internet then you're too young for bonds.
|
|
#
?
Feb 28, 2024 15:00
|
|
|
davey4283 posted:Bonds are for old people. If you can use the internet then you're too young for bonds. Hey speaking of which: I have a bunch of treasury bonds coming due in the next month. Four total tranches, three still to go. I'm going to wait for them all to come due and then do a yearly ladder. Is there any point in parking them somewhere while I wait for each to come due? It's about $70k in total. I find SGOV and SNSXX a little confusing, it's not clear to me how they work. (It's my house fund but I live in southern california so lol)
|
|
#
?
Mar 1, 2024 17:07
|
|
|
SGOV holds almost entirely short duration treasuries and distributes the income from these treasuries as a monthly dividend.
|
|
#
?
Mar 1, 2024 17:18
|
|
|
davey4283 posted:Bonds are for old people. If you can use the internet then you're too young for bonds. bonds are dope for known duration low risk poo poo eg my house downpayment money
|
|
#
?
Mar 1, 2024 17:19
|
|
|
KYOON GRIFFEY JR posted:SGOV holds almost entirely short duration treasuries and distributes the income from these treasuries as a monthly dividend. Okay that makes sense. So, rough calculation it seems like it would be less than $250 total. But also, it'll take me less than five minutes total so hey that's not bad.
|
|
#
?
Mar 1, 2024 17:25
|
|
|
KYOON GRIFFEY JR posted:bonds are dope for known duration low risk poo poo i reached a similar conclusion when -- to my enormous surprise -- i inherited a few ten thousand dollars from my dad's estate. i wanted to keep it safe while i figured out what to do with it (giving myself 2 or 3 years to think about possibilities and get some other poo poo in order). because i hadn't decided what to do with it, i certainly didn't want to put it in any tax-advantaged accounts. and i wanted to keep it liquid, but growing at least a bit. that's a pretty self-contradictory wishlist. but after some faffing about with short-term CDs because interest rates were stupid high, i put it in VTEB, vanguard's municipal bond ETF. now it's sitting there making reasonable monthly gains that are exempt from federal taxes. i dig it.
|
|
#
?
Mar 2, 2024 09:52
|
|
|
mdxi posted:but after some faffing about with short-term CDs because interest rates were stupid high, i put it in VTEB, vanguard's municipal bond ETF. now it's sitting there making reasonable monthly gains that are exempt from federal taxes. i dig it. You should probably do the math on the tax equivalent yield. Municipal bonds are federally tax free, but they also yield much less than equivalent duration treasuries (which are not federally tax exempt, but are state tax exempt).
|
|
#
?
Mar 3, 2024 05:09
|
|
|
SlapActionJackson posted:Muni bonds almost never make sense unless you're in or near the top marginal tax bracket. The tax savings are factored into their price already, driving yield down.
|
|
#
?
Mar 3, 2024 15:38
|
|
|
Having something that won’t owe taxes on gains can be useful if you want to segregate some funds entirely from your other holdings. Like if you are holding onto money for someone in your family. But that’s not really a financial benefit.
|
|
#
?
Mar 3, 2024 16:02
|
|
|
Municipal interest while not direct federally taxed also sometimes is counted against you in strange ways. For example if you get you health insurance on the marketplace tax exempt interest from munis does count towards MAGI for determining your healthcare tax credits/the amount you owe on premiums.
|
|
#
?
Mar 3, 2024 22:31
|
|
|
Say you are in the top marginal bracket. Would it be better to: 1. Use tax advantaged accounts only for stocks that go up. 2. Keep municipal bonds in a taxable account, since they generally go up less and may be tax exempt Versus keeping a total bond fund in a tax advantaged account?
|
|
#
?
Mar 3, 2024 23:50
|
|
|
Residency Evil posted:Say you are in the top marginal bracket. Would it be better to: Here's the "Asset Location" deep dive and tool - https://earlyretirementnow.com/2020/02/05/asset-location-do-bonds-belong-in-retirement-accounts-swr-series-35/ (spoiler: "It depends")
|
|
#
?
Mar 4, 2024 01:06
|
|
|
Residency Evil posted:Say you are in the top marginal bracket. Would it be better to: It depends? I think the only clear answer here is that I wouldnt put "only stocks" into a traditional IRA/401k/etc. Withdrawals, even by heirs, are taxed at normal tax rates, whereas in a taxable account they would only be taxed at capital gains rates if you sell during your lifetime, and heirs get a stepped up tax basis. Caveat of course being that future tax rates and tax policies are unknowable and will certainly be different than they are today. drk fucked around with this message at 04:50 on Mar 4, 2024 |
|
#
?
Mar 4, 2024 01:08
|
|
|
I agree with 'it depends'. I don't hold bonds in my portfolio for reasons, but if it did I think I'd be inclined to put regular bonds in a tax-advantaged space over munis in a taxable account. My reasoning comes down more to control than necessarily the best mathematical tax benefit. LTCG on ETFs in taxable accounts give you both preferable tax rates and control on the timing of recognizing the income. Munis can do the former, but not the latter, so I think I'd generally prefer to have my bonds somewhere there's no running tax drag.
|
|
#
?
Mar 4, 2024 04:01
|
|
|
There is a reasonable chance that congress will do nothing regarding the expiration of the Trump era tax cuts in 2026. If that holds true and tax rates rise in 2026 then new muni bonds issued from that time on will have lower yield than older muni bonds due to that tax break being a bigger deal. In theory this would make older muni bonds rise in value. Similar to how regular bonds rise in value when rates go down. You could extend this to a more general theory that whenever federal tax rates go up the value of existing munis should go up and vise versa. This is of course totally impossible to predict since the future is unknowable but I see it as a diversification argument for holding some small amount of munis. You can make a similar argument for holding TIPS. If inflation is below market expectations then regular bonds win, if inflation is higher than market expectations then TIPS win. So, not knowing the future, you hold some of both. Antillie fucked around with this message at 05:41 on Mar 4, 2024 |
|
#
?
Mar 4, 2024 05:25
|
|
|
Does anyone have experience with setting up a SIMPLE IRA for work done under sole proprietor or single-member LLC work? It looks like a tax-deferred 401k-like thing that I could set up for work I pay myself for through a single-member LLC (side-gig work) and increase my tax advantaged savings, since I am already maxing-out my 401k for my W2 job. Any landmines? I'm curious if having a SIMPLE plan would affect my ability to do backdoor Roth contributions? Or any other headaches I'm not thinking of? Serious_Cyclone fucked around with this message at 21:58 on Mar 6, 2024 |
|
#
?
Mar 6, 2024 20:53
|
|
|
|
| # ? Jun 6, 2024 05:06 |
|
|
Serious_Cyclone posted:I'm curious if having a SIMPLE plan would affect my ability to do backdoor Roth contributions? It would.
|
|
#
?
Mar 7, 2024 02:11
|
|
