2023-12-27

Notes On 'Visual Basic For Applications' (VBA) In Excel

Purpose And Scope

I want to record some basics and pitfalls of using VBA in Excel, partially just for me, and mostly for Excel users with no prior programming experience.
 
Official overview doc for Excel VBA in particular and VBA in general.  There are also VB.NET docs, which are good for covering some of the gaps in the VBA docs, but sometimes VB.NET is different that VBA (ex: VB.NET has a Return statement but VBA does not).

Adding Rust And WebAssembly To A Web App Hosted On GitHub Pages

Scope And Purpose Of This Post

These are some after-the-fact notes for my journey of adding WebAssembly (aka "wasm") to my ktcalc web app hosted on GitHub (source, app).

The ktcalc web app uses React and is written in TypeScript and now some Rust too.  The Rust is compiled to wasm.
 

2023-02-20

Talon Voice And Cursorless Usage Notes

Purpose And Scope

This post is intended to be a reference for myself and others I am trying to help get the most value out of Talon Voice (with community config) and Cursorless. I will try to cover things that other places do not mention or emphasize.

For instance, my experience is that the semiofficial community documentation does not properly emphasize that adding stuff to additional_words.csv and words_to_replace.csv in the "settings" folder is extremely useful and one of the first customizations you should do.  There are nice commands like "customize additional words" and "customize words to replace" to launch a text editor on those files (currently does not work on Windows 11).  It is also my experience that they do not even mention that you should change the gitignore file to source control all of the settings/*.csv files except for system_paths.csv.  I wish I had known these things earlier, so I'm mentioning here to help others and also to record them for myself.

This post is intended for people who are computer savvy and I will probably not go into depth about git stuff unless it is specifically requested.

2023-01-27

Tacticus Beginner Tips

Purpose And Scope

This post captures some advice that I find myself giving repeatedly to new free-to-play players of Tacticus, especially the stuff that I don't see other people saying.  Lots of very knowledgeable players giving advice are also older players that have forgotten what it's like to be a new player without Yarrick, so there's a niche for me to say useful stuff.  I will also try to say some stuff these guides don't.  Those guides say a lot of very useful stuff, so I don't have to say those things.

This advice will mostly assume you are fairly new, completely f2p, and have not been lucky getting characters from requisitions.  On occasion, I will try to cover the possibility you have Yarrick.

2022-06-27

Git Notes

This will be a continual work in progress and a testament that I should have made this post over a decade ago.

Dedicated fast-forward merge post of mine.

Reminders: the “index” is what holds staged changes. Useful site for undoing/recovering stuff: https://dangitgit.com .

This post and a lot advice and help for git on the internet assumes the command line.  That is because the git command line is same for everyone and easy to give precise instructions.  But really you should try to do as much as possible inside a nice git gui, possibly your IDE or SourceTree.  A nice git gui makes it easy to go from "I want to ..." to "I did it" by exploring menus and possibly right clicking items instead of looking up weird commands and syntax that you will soon forget.  A nice git gui also makes it much easier to see and understand your current repo state and its history.

2022-05-24

Git Fast-Forward

Fast-forward merges have properties that are tightly tied together (basically they are equivalent)...

  • A fast-forward merge is exactly the sort of merge that doesn't create a merge commit (assuming that you aren't doing destructive operations on commit history).
  • A fast-forward merge is exactly the sort of merge that just updates the branch pointer. (Remember that `git pull` first does a `fetch` to get the remote commits before the merge happens, so a merge "just updating the branch pointer" can involve commits that didn't exist locally until the fetch.)
  • A merge is fast-forwardable exactly when the source commit history is a superset of the destination branch commit history.
  • A merge is fast-forwardable exactly when the destination commit is an ancestor of the source commit.

2021-11-03

WH40K Kill Team Shooting Damage Is Complicated

Purpose And Scope

The 2021 edition of "Warhammer 40,000: Kill Team" (KT21 for short) is a skirmish-sized wargame played with miniatures and dice.  In KT21, it's a bit complicated to calculate average/expected damage for a shooting attack.  Also, it's a bit surprising that improving the accuracy of a weapon by some proportional amount increases the expected damage by an even higher proportion.  This post explores the quirks and nonlinearities of expected damage from shooting attacks.

Perhaps the most important thing to realize: number of attack dice, ballistic skill, and save characteristic all nonlinearly impact average damage (even if we ignore crit stuff).  Attacking stuff super-linearly affects damage (increasing returns).  Save characteristic sub-linearly affects damage (decreasing returns).  Damage is hard to reason about.

For instance, doubling the number of attack dice will more than double the post-save damage.  How much the post-save damage increases depends on everything else (BS, SV, special rules, auto-successes from cover, etc).

Update: I made my own KT21 Calculator.

2021-04-05

Kill Doctor Lucky Game Tactics And Strategy

Purpose And Scope Of This Post


This post goes over some tactics and strategy for the Kill Doctor Lucky game (19.5th anniversary edition, rules here) that are not obvious at first glance.  I think Kill Doctor Lucky has a lot of strategic/tactical depth that is easy to not realize.

A lot of this post is applicable to games with any number of players, but there is special attention paid to two-player games with strangers. A lot of this post is applicable to any board, but we will also analyze particular boards in order to come up with general things to keep in mind when analyzing any board.

This post is a work in progress.  I made a video of a lot of these concepts, and some sample games: game1, game2, game3.  I made a deterministic Kill Doctor Lucky game where you can play and see what the AI thinks is a good move (sorry, it's command line).

2020-12-24

Xamarin Pipeline Demo

Table Of Contents

Introduction

I'm making this demo repo and writeup because it was surprisingly and frustratingly difficult to get Xamarin.UITest tests for Android to run on a Microsoft-hosted agent in an Azure DevOps pipeline. NO App Center. NO self-hosted agents. I just wanted to do everything in Azure DevOps.

So, this demo shows how to accomplish that, and some other common goals for an Azure Devops continuous integration pipeline for the Android portion of a Xamarin app...

  • Each build gets its own versionCode and versionName.
  • Build the APK.
  • Sign the APK.
  • Publish the APK as a pipeline artifact.
  • Do unit tests (NUnit).
  • Do UI tests (Xamarin.UITest), which involves several Android emulator steps.
  • Publish test results.

This demo is not about getting started on unit testing or UI testing; the demo is about getting these things to work in an Azure DevOps pipeline.

You can see a successful run, a successful job overview, published artifacts, and unit+UI test results (also alernate view for unit test run and UI test run).

This repo is available as a visualstudio.com repo and a github repo. As of 2020-Dec-24, Azure DevOps offers a free tier with 30 build hours per month and 2 GiB of artifact storage. The free tier was more than enough for all the pipeline needs of this demo.

This writeup is available as a github readme, visualstudio.com readme, and blog post. The repo readmes will be kept up to date, but the blog post may not receive many updates after 2020-12-24. Readme section links are oriented for GitHub.

2020-11-20

Suggestions For Creating Passwords

Scope And Purpose Of This Post


Even after someone makes the very wise decision to start using a password manager so they can start having strong, unique passwords, they still have to decide what password generator settings to use.  They have to decide stuff like whether to use digits and punctuation in their passwords, how long their passwords should be, and whether they should use passphrases.

The password generator settings you use should depend on how you're going to use the password.  Passphrases are great for passwords you need to remember, but maybe not for your work password that you manually type >20 times a day.  My recommendations depend on the "password use case":

  • Remembered and typed <8 times a day.
    • This would be your master password for your password manager.
    • Use a passphrase.  Six words for your master password.  Five words are okay for passwords that are far less important than your master password.
    • If your password manager doesn't generate passphrases for you, make it generate a bunch of digits and use the diceware word list or an EFF word list.
  • Not remembered and rarely/never typed.
    • Your most common password use case, for stuff like Facebook.
    • I recommend a "1D+1U+15L" password: 1 digit, 1 upper case letter, 15 lower case letters, for a total length of 17.
    • If your password generator doesn't support that, go for 14 alphanum characters (uses lower case letters, upper case letters, digits)
  • Remembered and typed many times a day.
    • This is possibly the use case for your work password, which you have to type to unlock your computer and log in to many services.
    • Because you are typing this so frequently, you might not need the memorability of a passphrase, and you probably don't want the typing hassle.
    • I recommend something like a "1D+1U+12L" password, even if you have to manually modify a password generated by your password manager.
Note: for this blog post, we'll be assuming we never use an ambiguous letter or digit ("IOlo10"), except in passphrases.  It is tempting to think that if you know that a non-passphrase password only contains lower case letters, then "l" and "o" are unambiguous, but when you're looking at the computer-generated password two years after you generated it, you won't be confident.  For passphrases, you can disambiguate based on the words ("shallow" is a word, and "shaII0w" isn't), so "l" and "o" are okay.

2020-11-13

Password Strength In Dollars

Purpose And Scope Of This Post


When discussing password strength, money-to-crack calculations are far better than time-to-crack calculations. I propose a money-to-crack model that applies to dedicated password cracking rigs as well as cloud computing, and I make some calculations using recent (2020-Nov) data.

This blog post is focused on:

  • Offline attacks (explained in Gentle Introduction)
  • Computer-generated passwords, not human-generated passwords (more info in Background: Guesses-To-Crack)

The cracking costs tables are towards the bottom, feel free to check those out first if you want to see results, not methodology and commentary.

Gentle Introduction

When someone creates a password, sometimes they are concerned about how resistant the password is to being guessed by an attacker.  For instance, a one-letter password for your bank account is probably unacceptably weak and a computer-generated 40-letter password is probably more than acceptably strong.  These two example passwords are so extreme in weakness/strength, that we can make these judgments intuitively, but we will have to be more careful and systematic if we want to determine what sorts of passwords are acceptably strong and not excessively painful to type.

This blog post will focus on password strength in the context of offline attacks, which is where an attacker has hacked some service, obtained hashes of passwords, and can very quickly check password guesses on their own machines.  Offline attacks are a worst-case scenario for password strength, and it makes sense to have the worst-case decide what we consider acceptable password strength.

There are a few ways to think about how strong a password is: guesses-to-crack (GTC, basically entropy), time-to-crack (TTC), and money-to-crack (MTC).  "Crack" simply means "correctly guess".  Each way builds on the previous way.  Discussions of password strength usually focus on GTC and TTC, and only rarely go into MTC.  I think that MTC is far superior to TTC for most discussions about passwords, and I propose my own way of calculating MTC and plug in numbers for hardware available in 2020-Nov.

Interestingly, there's only a 15x-38x difference in costs between realistic upper bounds (AWS cloud computing) and unrealistic lower bounds (arbitrary number of GPUs with no overhead).

2020-11-06

Pareto Principle Gives Extreme Results

 Intro And Thesis

The Pareto Principle ("80/20 rule") is the observation "for many outcomes roughly 80% of consequences come from 20% of the causes", such as 20% of Italian landowners own 80% of Italian land, and has been extended to things like 20% of development time/effort can be use to write 80% of desired software functionality.  This can be written as a {0.2, 0.8} scenario.

Sometimes the principle can be applied recursively at multiple scales.  Perhaps 20% of 20% of landowners (4%) own 80% of 80% of land (64%).  In other words: {0.2, 0.8} at all scales implies {0.04, 0.64}.  Perhaps for some matters (land ownership, wealth), things can be that skewed at many scales.  For stuff like time to develop software functionality, I suspect the Pareto Principle can only be applied at a few carefully chosen scales.

Let's look at the following table to appreciate how recursive application yields some extreme scenarios.

input proportion
output proportion
3.8e-150.01
4.1e-100.05
6.1e-080.1
9.1e-060.2
1.7e-040.3
0.0010.4
0.0070.5
0.0250.6
0.0760.7
0.2000.8
0.4680.9
0.6910.95
0.9300.99
0.9640.995
1.0001

We see the famous {0.2, 0.8}, but we also see {0.007, 0.5} which would imply that you can get 50% of desired software functionality with less than 1% of the effort required to get 100% functionality.  There's even more extreme results like {0.001, 0.4}; one-thousandth the effort to get 40% of the benefit.  Putting these two scenarios together: you work some amount (0.001) to get to 40% functionality and you have to work an additional six times that amount to get to 50% functionality...and then you have to work and additional 9,000 times that amount to get to 100% functionality.

My thesis is that the Pareto Principle leads to proportions that are surprisingly extreme, and thus we should be very hesitant to apply the principle beyond a single well-chosen scale.  There might be lots of naturally-sized tasks where ~20% of the effort gets you ~80% of the benefit, like how carefully you hang a curtain and how good it looks.  But I doubt that {0.2, 0.8} and {0.007, 0.5} both apply to hanging a curtain.

Another question that arises is that if you can get 80% of desired software functionality with 20% of the effort required to get 100% functionality, do we really believe that multiplying the amount of desired software functionality by 1.25 multiplies the required effort by 5 (coming from 1/0.8 and 1/0.2)?  Or imagine someone bloating the desired software functionality to 1.25x so that the actually desired 1x software functionality will supposedly only require 20% of the time of their original 2x-functionality schedule.  I think these scenarios illustrate that the Pareto Principle is very unlikely to be applicable when you are considering different amounts of output to ask for.  Usually when you ask for more output, those outputs will contain easy parts and hard parts.  The only way for the Pareto Principle to hold as you increase desired functionality is whether you are always adding the easiest parts of the easiest features; but humans never do that; humans ask to add complete-enough-to-be-useful features, not the easiest 20% of a feature.

2020-02-15

Royal Road To Async/Await


Scope and Purpose

This post will focus on C#'s async/await/Task stuff, as opposed to async/await for F#/JavaScript/Rust.

First, I will try to explain what the await operator does so that readers learn what is actually going on when you await something, and hopefully a bunch of async/await/Task stuff will start to make sense.  A lot of async/await resources don't tell you what is actually going on, so async/await still seems mysterious and full of obscure pitfalls/guidelines.  I want to help my readers take the "royal road" to async/await, getting that major epiphany as soon as possible.

Second, I will present an async/await/Task reading list that is selected and ordered for the benefit of a beginner, with some notes of my own.  The reading list doubles as my own reference of resources that were helpful for me, and as a place to review best practices and pitfalls.  This reading list is another "royal road" to fleshing out readers' understanding.

Note: I'm having trouble with this blog platform display less-than and greater-than symbols correctly, so please tell me if you suspect a formatting error.

2019-11-24

Unsigned Integers Are Dangerous

Unsigned integers are dangerous for at least two reasons:
  • Danger1: "unsigned integers are highly infectious and possibly lethal to desired arithmetic."  Unsigned integers can transform your nice signed integer math into unexpected and unwanted unsigned integer math.  Ex: the unsignedness of 1u infects the C/C++ expression -1/1u so that it yields a large unsigned integer which may go on to infect more arithmetic.
  • Danger2: "unsigned integers almost always teeter on the cliff-edge of underflow, sometimes falling and killing desired behavior."  Underflow and overflow of integers often lead to unwanted behavior, and unsigned integers often hold small values that could easily underflow after common operations like i-- or i-1.  Signed integers often hold small values that are very far away from both underflow and overflow.
Danger1 depends on how your language treats operations with mixed signedness.  C and C++ (and probably many more languages) do have the dangerous behavior of preferring to generate unsigned integers.  Danger2 is for basically all languages.

Due to the severity and generality of these dangers, I recommend the mindset of "use signed integers unless you must use an unsigned integer for a specific reason".  Some acceptable situations to use unsigned integer variables...
  • If you have some variable/constant that will only by touched by bit-wise operations and not arithmetic.
  • If you really need to be stingy with your variable sizes and need the extra positive range of unsigned integers.

2019-10-05

There Are Surprising Restrictions to Pluses and Dots In Gmail Addresses

The internet has many resources (one, two, three) that mention that for receiving emails to your gmail address...
  • Everything after plus sign (+) is ignored.
  • Dots/periods (.) are ignored
  • Example: e.x.a.m.p.l.e+asdf_1234@gmail.com will deliver to example@gmail.com
Note: many websites do not accept email addresses that include a plus sign (+), and I think basically all websites accept dots before the @.

There seems to be some restrictions on dots that are not discussed very much...
  • Dots can not be consecutive; "e..xample@gmail.com" is not usable.
  • Dot can not be the first character; ".example@gmail.com" is not usable.
  • Dot can not be the last character; "example.@gmail.com" is not usable.
  • The above dot restrictions apply even after a plus sign; "example+a..b@gmail.com" is not usable.

2019-08-16

Dollar Cost Averaging Is Ill Founded And Overrated

Scope And Purpose Of This Post

Visual metaphor for DCA's inconsistency

Dollar cost averaging (DCA) is a strategy deliberately delaying investing money.  I will argue that DCA is an ill-founded and logically inconsistent way to manage risk.  The superior way to manage risk is a well-chosen asset allocation.

I'm going to take some time to define my terms, because people use the term DCA in different ways.  I'm not arguing against all of the different flavors of DCA, just a particular flavor.

I'll point to some existing great work on how DCA has been disappointing historically, but the heart of the post is explaining on a conceptual basis why DCA is disappointing and not a coherent approach to investing.  Proper asset allocation is the superior and coherent way to manage risk.


Terminology

S/B notation: for this post, "75s/25b" is shorthand for "75% stocks, 25% bonds".  It can be shortened to "100s" for "100% stocks" and it can be extended to "70s/20b/10c" to indicate 10% cash as well.

Asset Allocation: the proportions of stocks, bonds, real estate, cash, gold, etc, that you own.  For instance, you might have a desired asset allocation of 75s/25b, or a more aggressive 100s/0b.  Your desired asset allocation should reflect the risk-and-return profile that is appropriate for you.

Cash: in investing/savings contexts, this isn't just physical dollar bills, but also very short-term interest-bearing assets, like money in a savings account, money market fund, or even 1-month treasury bills.  These are very "safe" assets in being very unlikely to lose nominal value.

Lump Sum Investing (LSI): if you receive a sum of money, you immediately invest it in accordance with your desired asset allocation.  For instance, you inherit $100K dollars and you immediately invest it in stocks and bonds in accordance with your desired asset allocation of 75s/25b.  The core goal of LSI is to invest earlier rather than later to get more growth out of your money and to keep your asset allocation in line with your desired risk-and-return profile.

When people say "dollar cost averaging" (DCA), they usually mean one of two things:
  • DCA1: If you receive a large sum of money, you don't do Lump Sum Investing (LSI) where you invest it all at once.  Instead, you initially keep the money as cash and invest it gradually over time, perhaps over a period of years.  The core goal of DCA1 is to invest across time to buy in at different price levels (thus the name) and to avoid investing all of your money at an unfortunate time (like a stock market peak). This is "DCA as opposed to LSI".
  • DCA2: Continuously saving and investing (like every time you get a paycheck) over the course of years.  Just keep investing, don't try to time the market and pull out of equities before a predicted stock market crash.  The core goal of DCA2 is to invest your money as you earn it and to stick with your plan even when things looks scary.  This is "DCA as opposed to market timing".
As an example of how DCA is used in different ways.  Here's two articles from Nick Maggiulli's Of Dollars And Data site:
  • How To Invest a Lump Sum, where he argues for LSI and against DCA1: "What if the market crashes right after you invest?  Wouldn’t it be better to average-in over time (i.e. dollar-cost averaging/DCA) to smooth out any unlucky timing on your part? Statistically, the answer is no."
  •  Even God Couldn’t Beat Dollar-Cost Averaging, where he argues for DCA2 and against market timing: "You have 2 investment strategies to choose from ... Dollar-cost averaging ... Buy the Dip".
So, same guy, same blog, arguing against DCA1 and for DCA2, using the same term for both.  He's a smart guy that knows what he's talking about, but readers might confuse themselves if they mentally use the same label ("DCA") when thinking about both articles.

DCA1 is what I will argue against.  I approve of DCA2, which is really just the buy-and-hold (BAH) part of the Boglehead passive investing approach.  The next section will spend some more time distinguishing DCA1 vs DCA2 so that we don't think about "dollar cost averaging" in a confused manner.

2019-08-02

Account Recovery: Insecure And Uncertain

Summary

Account recovery procedures (ex: when someone says they lost your password and/or phone) are often the easiest way for attackers to gain access to your account, and unfortunately there is very little advice on how to deal with it, other than "turn your username, email, and security answers into unique, hard-to-guess things", in other words: make everything a password.  But account recovery procedures often make that tactic useless.

Also, I am doubtful that adding extra account recovery options (recovery phone numbers, alternate emails) is a good idea for people who are using a password manager to create and store strong, unique passwords, and have taken steps to make sure they won't lose access to their password database.  Extra account recovery options are extra ways for bad guys to get into your account and are often easier than guessing your password.

Motivation And Background

The computer security field has some things about account security pretty well settled, like use a password manager to generate and store strong, unique passwords for your accounts.  I think one of the big remaining questions is: how should users manage the risk from account recovery procedures (when someone claims to have lost your phone and/or password).

To illustrate how bad account recovery procedures from popular account providers can be, Betfair only required a username and date of birth to change someone's password, and here's the tragic story of Mat Honan from 2012:
At 4:33 p.m., according to Apple’s tech support records, someone called AppleCare claiming to be me. Apple says the caller reported that he couldn't get into his Me.com e-mail – which, of course was my Me.com e-mail.

In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover....It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account.
It also used to be that to take over an Amazon account, you only had to know was a person's name and their shipping address, and to make three calls to customer service.  You could use the name and address to find out the registered email address, then use those three things to add a phony credit card number, then use those four things to change the associated email and then trigger a password reset using the new email address..

This is extremely scary.  To continue the old Amazon example, for a long time your Amazon password (and probably 2FA if they even offered it at the time) offered no protection against someone who knew your name and physical address.  I don't really know what someone could do to guard against that.

A big part of why account recovery is insecure and will probably continue to be so for a long time is incentives faced by the account providers.  The number of legitimate customers that have lost their phones and passwords outnumber bad guys on any given day.  Businesses want to please their customers and convenience-security trade-offs are being made that are probably close to what most customers want.  The average Amazon/Apple customer does NOT wanted to be locked out of their account just because they forgot their password.

2019-02-09

ETF vs Mutual Fund (ITOT vs FZROX)

Scope And Purpose Of This Post

This post will try to help inform people about the "ETF vs mutual fund" decision, and we're going to go through some examples, most notably ITOT (ETF) vs FZROX (mutual fund).

Terminology notes:
  • Percentage points are abbreviated "pp". Percentage points are for describing absolute amounts, not relative amounts (which we use percentages for).  A tax rate increasing from 5% to 15% is an increase of 200% (relative) and is also an increase of 10pp (absolute).
  • basis points (hundredths of a percentage point) are abbreviated ‘bp’.  So 3 bp is the same as 0.03% and 0.0003



End Result For Jacob

Rule of thumb: assuming my choices are competitive, ETF (or certain Vanguard mutual funds) in taxable accounts and mutual funds in tax-advantaged accounts.

For investing in the US equity asset class, I currently purchase ITOT in my taxable account and FZROX in my Roth IRA.  I think ITOT will probably be notably better than FZROX in taxable accounts and is pretty much the same as FZROX in tax-advantaged accounts.   In tax-advantaged accounts, I go with FZROX mostly for the extra ease/convenience and making sure I don't trigger wash sales (Wiki, Fairmark, tax code).

2018-10-22

Greasemonkey Journey Notes

Scope And Purpose Of This Post

Holds my notes as I learn Greasemonkey/Javascript/XPath/CSS/HTML/FirefoxWebDevTools.

2018-10-21

Notes On How Modern Financial Markets Work

Scope And Purpose Of This Post

This post has snippets/paraphrasings of articles that get into stuff like exchanges, wholesalers, market makers, dark pools, high frequency traders, and so on.  Bullet points in quotes are article quotes.   Bullet points not in quotes are paraphrases of the article, unless I say something like "I think"/"I believe"/"I guess", which will be my own analysis.

My post The Mechanics Of How Stock Prices Change has stuff explaining basic workings of exchanges, and has an appendix about how price improvement works.

2018-09-25

Reasonable Prioritizations Of Accounts

Scope And Purpose Of This Post

This post talks about reasonable prioritizations for putting your money into various accounts (401k, IRA, HSA, tax-normal brokerage, etc).  I will try to add on to what the Bogleheads wiki and /r/PersonalFinance wiki have already said on the matter.

Sections:

A Baseline Ordering

Vanilla: exotic spice but default flavor.
To give you something notable right away, here is a reasonable ordering for putting money into various accounts if you are mostly looking to save for retirement or other long-term goals:
  • Pay down high-interest debt.
  • Build up an emergency fund (savings/checking account, able to cover 3-6 months of expenses).
  • Max out ESPP contributions and sell shares immediately.
  • Contribute to your Traditional 401k enough to get the full match from your employer.
  • Max out HSA contributions.
  • Max out Traditional 401k contributions.
  • Max out Roth IRA contributions (and Mega Backdoor Roth contributions to your 401k if your 401k supports it).
  • Contribute to a taxable (normal) account.
Note: this ordering also assumes that your 401k doesn't have ridiculously high fees and that you have too much income to be eligible for making tax-deductible contributions to a Traditional IRA.  Even if your income is too high to be eligible for contributing to a Roth IRA, you can make non-tax-deductible contributions to a Traditional IRA and then Roth-convert that money so that you end up with Roth IRA money.

I will explain the terms/accounts and reasoning in the sections below.

2018-07-02

Dividends Vs Share Buybacks

Scope And Purpose Of This Post

This post is a work-in-progress and right now is mostly a collection of pertinent snippets/summaries of articles on the matter of dividends vs share buybacks vs other.  Some basic points:
  • Many arguments in favor of dividends are fatally flawed.
  • Many arguments made in favor of dividends are actually arguments in favor of dividends and share buybacks.
  • For individual investors, with their tax-normal investments, share buybacks are superior to dividends due to how they're taxed differently.
  • For corporate investors, dividends can be superior to share buybacks due to taxation differences.
  • For tax-advantaged accounts (401k, IRA), "share buyback vs dividend" doesn't matter.
  • The more a company is undervalued, the better share buybacks are, and the more a company is overvalued, the worse share buyback are, but it is foolish to think you know better than the market about the proper value of a company.
  • Even if a company is undervalued, a share buyback may be inappropriate if there are good investment/growth opportunities available to the company.
Some more points:
  •  A share buyback financed by debt can be thought of as a shift from equity-based financing to debt-based financing.  Interest rates are currently low and interest payments are tax-deductible (while dividends and share buyback payments are not), so this shift to debt-based financing can make a lot of sense.

2018-07-01

Thoughts And Articles On REITs

Scope And Purpose Of This Post

This post will be a perpetual work in progress, where I will share article, snippets, and my own thoughts about REITs, with a focus on "how much of my portfolio should be REITs?".  Currently my answer is "about what you already get with a total stock market index fund".

Article 1: The Role of REITs in a Diversified Portfolio

https://www.advisorperspectives.com/articles/2017/08/21/the-role-of-reits-in-a-diversified-portfolio

author: Larry Swedroe

Sam Soundar Biweekly Newsletter #8, Use Scrollwheel To Zoom Edition

Treasured Subscribers:

Sam Soundar has just published his ninth romantic comedy novel, Nception: The Unplagiarized Story Of Dream Crime.  Take a look at the following reviews.

"I was absolutely floored by the foreword, pleased with the preface, idolized the introduction, and prized the prologue.  But what about the colophon?  Oh, hoho, the colophon was only bested by the epigraph!" ~ Reginald Rolokoaster

"Nception clearly has the best table of contents and index I've seen in the last century of romantic fiction.  The glossary has no parallel in all of dramatic literature, and has convinced me to reconcile with my estranged children." ~ Gertrude Grinner

"Nception is an engrossing tale of love and human connection.  I simple could not put the book down as I read appendices C through J and their associated errata." ~ Hazel Ahaviel

"On a scale from zero to ten, I'd say it was decent." ~ Mortimer Quickpunch

Word of the biweek: putrid
Definition: decaying or rotting and emitting a fetid smell.

Example sentence: Steve and Larry, strained and strained as they tried to lift the putrid cow corpse over the chain-link fence; no one must know about their failures as pet sitters.

Your nonsensical newsletterer,
Jacob

2018-06-30

Some Ways To Think About Work, Savings, And Expenses

Scope And Purpose Of This Post

This post covers some new formulas that I came up with on my own that deal with a quantity (like the monetary value of your retirement portfolio) that experiences both exponential growth and regular contributions.  It is very unlikely I am the first to come up with these formulas, but it has been hard for me to find these formulas on the internet.  This post also covers some implications of these formulas, and some ways to think about the opportunity costs of savings and expenses, especially in terms of work until retirement.

Most notably, Example 5 tries to answer whether using a toll road increases or decreases the amount of time spent working/commuting until retirement.  The math/logic in the example can be used more generally to think about whether any expense is worth the extra work you must do to pay the expense.

You do not have to do any of the math yourself; you can make a copy of my Money Formula Demo Google Sheet and change some of the inputs.  To make a copy, go to the "File" menu at the top of the spreadsheet and select "Make a copy".

2018-06-17

Misc Math

Scope And Purpose Of This Post

This post is a grab-bag of various math things that have been useful more than once in my life, and thus publishing them on my blog might help me and others in the future.

Pretty math pictures generated by Roger's Online Equation Editor.

Sections:
  • Value Over Time With Growth And Contributions
  • ESPP Returns
  • Simple Regression Stuff
  • Mental Squaring
  • Chi Squared Distribution Test
  • Distribution Approximations
  • J-Family of Means

2018-05-25

The Mechanics Of How Stock Prices Change

Scope And Purpose Of This Post

I've had a few people ask me, "how do stock prices change?".  They do not mean how to look at a company and try to figure out what the stock price should be; they are wondering what are the little actions going on during a price change that result in a price change.  Unfortunately, if you google "how do stock prices change", you will get a bunch of pages that answer slightly different questions, or pages that stay at the vague level of supply and demand.

This post tries to explain how price changes actually happen, mostly through examples that take place on an exchange.  The most famous exchange-traded-things are stocks, ETFs, and financial derivatives (options, futures, etc), but the underlying concepts apply to more than just things on exchanges.

A related post is Notes On How Modern Financial Markets Work, which has article snippets/paraphrasings that cover exchanges and other workings of modern financial markets.

Following Sections:
  • 2 Background Info sections: will help explain a lot of concepts that I use in my examples (bids, asks, limit orders, market orders).  People familiar with such concepts might want to skip ahead to the example sections.
  • Examples {1, 2a, 2b, 3}: the heart of the post, painting detailed pictures of prices changing, with some general observations as well. 
  • Brief Recap: briefly summarizes of the ways that prices change, restating the lessons learned in the examples.  The section might be too abstractly worded if you haven't gone through the examples, but once you have, I hope the section will help quickly refresh you on how prices change.
  • Appendix A on Price Improvement: a sidenote explaining the mechanics of "price improvement" that your brokerage may boast about after a trade.  This section may be moved in the future if I ever have a post that goes into more detail about how exchanges work.

2018-05-13

Stock Market Index Reference

Purpose And Scope Of This Post

There's a lot of indices out there, and they will mislead you. The  S&P 500 is intuitive because it's basically the 500 biggest US companies, but the S&P 600 is unintuitively the 600 smallest of the 1500 biggest US companies.  The S&P 600 is also called the "S&P SmallCap 600", but by more popular definitions, it is the smallest 15% of  mid-cap stocks.  The Wilshire 5000 has 3485 companies in it.

This post tries to be a useful reference (mostly for myself) for what the heck a particular index is, how indices relate to each other, and to answer some common questions like, "what percent of the US stock market is represented by this index?".  You should think of it as a work in progress.

2018-05-11

Steps to Buy an ETF at Fidelity

Purpose And Scope Of This Post

I want to help answer the question, "How, exactly, do I buy an ETF?  What buttons do I click?  What options do I choose?   What numbers do I enter, especially for things like quantity and limit price?".  There seems to be lots of written material about how to choose an ETF and the different types of buy orders, but very little written material that tries to answer the questions in quotes above.  The best I can find is stuff like the "ETF Best Trading Practices" section of this pdf from Vanguard, which still leaves things at the abstract level of "use a limit order that is likely to be executed instantly".

This post will go, click-by-click, through the process of transferring money into a Fidelity account and submitting a buy order for an ETF.  Hopefully, this click-by-click will help make people's first time easier and less scary (especially due to clear statements of which clicks have real-world consequences).  Also, this post will give the exact logic/calculations I use for coming up with the quantities and limit prices for my buy limit orders.  The logic/calculations for quantity and limit price are applicable at all brokerages, not just Fidelity.

If you are wondering what ETF to buy, see this long post or this short post.

2022-Jan update: Fidelity now has a quantity calculator, which helps with a lot of the calculations mentioned below.  Also, Fidelity now lets you buy fractional amounts of ETFs where you specify how many dollars you want to spend.  The "Explanation Of How We Calculate Desired Quantity And Limit Price" could use some updating..

2018-05-02

Oversimplified Conversations About Portfolios

Scope Of This Post

Hubert Featherbottom
This post is not financial advice, and I refuse to take any responsibility for any financial ruin or prison time you experience.  Please do your own research and make your own conclusions.

This post is mostly a series of hypothetical conversations between fictional characters.  Fictional people ask the fictional Hubert Featherbottom about what sort of portfolio might make sense for them, and they want the simplest responses possible, disregarding all nuance, caveats, and even sanity.  By "portfolio", I mean "collection of financial assets (stocks, bonds, bank deposits, etc) someone owns in order to save up for particular needs and goals".

If you see a fictional person who asks questions similar to things you're wondering, you might find their conversation useful.  If you just want to save for the long-term in the simplest way, please look at the 401k section and Conversation 1.  If you're interested in mutual funds instead of ETFs, see Appendix B.

If you want a huge walls of text about saving/investing, see Starting Point For Saving And Investing.  If you want a click-by-click of how to buy an ETF, see Steps To Buy An ETF At Fidelity.  If you want a slightly more in-depth article about simple portfolios, see Boglehead Wiki article on Three-Fund Portfolio.

If you'd like the tables updated to include a particular broker or line of ETFs, tell me, and I'll see what I can do.