Some investments you pay the tax up front on the money you invest. That is, you pay it at the rate you have when working.
Other investments can be "tax deferred", meaning you pay the tax when you take it out. Many people do this because their tax rate when they are retired is lower than while they're working.
And investment income is taxed as capital gains, not as income. In this case, at the long-term rate. From 2008 - 2012 for people who had a marginal tax rate of 10% or 15% this LTCG rate was 0%.
Capital Gains is designed to collect money from wealthy investors, not old people living off their retirement that have little or no other income.
My grandfather was also big in municipal bonds, which are free of Federal (and State) income tax. He didn't make a ton, but he was more interested in safe investing.
He lived frugally, despised debt, saved compulsively and worked hard. He was an auditor at a major bank. At a young age he would regale me with tales of horror starring people who didn't understand finance or investing, but insisting that the market is easy and they can beat it.
My grandmother and grandfather invested post-tax for decades. They did this so they could draw their investment income in retirement and not have to pay federal tax on it. In their retirement years they collected Social Security -- for which they paid into earlier, and drew from their retirement funds -- which had been taxed years before. They paid no income tax during their retirement years and rightfully so.
My daughter has a job that earned her only a couple of thousand dollars last year. She didn't pay income tax because she lived at home and went to school full time. She was claimed on MY return and her income was reported there.
However, under the method used by the WSJ she would be reported as paying no Federal tax as it was all returned.
Keep in mind, anyone working has Social Security and Medicare withholdings. Both are FEDERAL taxes they pay and aren't returned at tax time. They just aren't INCOME tax.
The amount of money would would collect from the lowest end of the spectrum is offset by what it would cost for you to collect. You'd actually LOSE money processing their returns and everything that goes with it.
Think of those pictures that occasionally make the news where a doctor frames the $0.01 check he received from Medicare and the $0.42 stamped envelope next to it. Are you honestly saying you want to see that?
For every complex problem there is an answer that is simple, elegant and wrong. Demanding that EVERYONE pay SOMETHING is an example.
He took a statistic from a WSJ article that said 47% of the population was getting a check from the gov't for one reason or another and assumed that meant they were all welfare queens, life-long Democrats and rabidly pro-Obama.
He didn't take into account the number of people getting Social Security. Nor Veteran's Benefits. Nor Military Pensions. Hell, nor active duty military drawing a paycheck. Nor many, many other categories of payments that go to people who aren't just in it for a handout.
Or are you trying to tell me that every military person, active duty or retiree; senior citizen or person drawing veteran's disability is a died-in-the-wool Democrat and Obama supporter?
He was talking to a bunch of fucking morons who can't think beyond simple sentences and telling them what they wanted to hear. He was being a money grubbing, lying politician.
Page 2, under the section titled Background (emphasis added, smart quotes dumbed down):
Defendants have entered into agreements with Google, Inc. ("Google"), that allow Google to create digital copies of works in the Universities' libraries in exchange for which Google provides digital copies to Defendants...
A) This is covered in most places I know of. There is either a designated smoking area or a rule about smoking within a certain number of feet of any doorway. Many cities have laws covering their buildings for the latter.
B) Pass the increased insurance premiums and other costs directly off to the individual.
C) Invalid argument. Drunk or high at work impairs your performance, possibly dangerously so. Having a smoke doesn't.
No quote. This one is wholly mine. There is really only some exaggeration in there for comic effect. The entire event pretty much went down like that, neighbors, police and all.
Grandma always had a loud voice, but she broke all records when I offhandedly dissed what turned out to be a major component in her universe. It was the angry tone that brought the neighbors over.
Oh, and my cousin isn't really a lesbian. She had a child (or three) out of wedlock, which to grandma was just as bad. But trying to wedge all that in there would've disrupted the flow.
While many of the things I've done over my life resulted in disapproval or derision from my grandmother, everything paled in comparison when I made the mistake of giving her an honest opinion of why I didn't pay much attention to sports. Specifically, the Chicago White Sox and Bears. Her being a lifelong, rabid fan of both.
All she asked was "Why didn't you watch the game last night?" and I answered honestly.
"Because I have better things to do. Honestly grandma, it is nothing more than grown men playing a children's game of advanced catch. Its not like they're curing cancer or doing anything useful with their lives. What's the point?"
It was like a small thermonuclear device was set off in the living room. Two different neighbors came over to survey the wreckage -- one from a couple houses down. Someone had even called the police. One said that after 50 years of living next door, she couldn't remember anything like it. She wanted to know if grandma finally snapped and killed grandpa.
Nothing so trivial. I had blasphemed not only the beloved Sox, but called into question the very game of baseball itself.
It was three months before she'd speak to me again. Hell, when my cousin came out of the closet not only as a lesbian but also a registered Democrat, she only got two months of the silent treatment.
At least I didn't tell her I was a Cubs fan. I probably wouldn't be here today if I did that.
Sort of. They were saying this isn't enough, claiming an "offensive" component is also needed.
Keep in mind, it was penned by an ex-military guy who just joined a cyber security consulting firm. He's saying we need to change the laws to allow something like a digital version of Blackwater.
It is like he read his first cyberpunk novels and thinks Shadowrun was a good idea for real life.
This is a good example of why the gov't is worried about cyber security for critical infrastructure. Just like there are minimum standards for building and fire safety there needs to be minimum standards for IT infrastructure security.
To ensure that the module itself hasn't been tampered with once it has been validated.
Verifying correctness of the algorithms and their implementation was the purpose of the lengthy NIST validation process.
After that, before each use, they're checking to make sure someone hasn't pulled a fast one and modified the code.
Ken Thompson's ACM classic Reflections on Trust back in 1984 really laid this issue to bare. He was discussing compilers, and considering OpenSSL's validation is for source code and you can compile it yourself, it is very pertinent.
Slackware Yggsdrasil Red Hat SuSE Mandrake Red Hat Debian Testing Linux From Scratch Blue-White Fedora Rolled My Own Slackware Slax Kubuntu Fedora Kubuntu Debian Stable (in progress of migrating to this now)
I'm not sure I understand. By constraining algorithm choice to good algorithms it guarantees a good algorithm will be used. Are you saying that the SHA-2 suite and AES are not good algorithms?
The recent validation of OpenSSL FIPS Object Module 2.0 should address fear of patches. If it doesn't, then they are either dicking with the code themselves and are rightfully fearful, or don't understand the process.
As for self-testing requirements, wow. That explains the issue. That mentality right there is why security frequently fails.
Obviously you don't consider the crypto really that important. And that may be rightfully so, depending on the corresponding risk analysis. But we're not talking about your online purchases from Amazon where your liability is limited to $50 in credit card fraud, we're talking about critical infrastructure. In these cases it matters. Getting it wrong can have consequences that could potentially be catastrophic.
In places that crypto is important to get right there is no such thing as "trust me, this is good". NO, YOU ARE NOT TO BE TRUSTED. WE MUST VERIFY. Yes, every time.
THE GOV'T DOES THIS. NIST 800-137 is all about "Continuous Monitoring" which means "set baseline configs, make sure they're followed". USGCB is used for Windows 7 and RHEL Desktops, and CIS commonly used for most everything else. (USGCB and CIS for Win7 are almost identical.)
Let me repeat that. CIS is frequently used as the config gold standard for Windows, Linux & Solaris servers as well as Cisco equipment. For the things CIS doesn't have, they use DISA STIGs, which are just as good but more geared towards the military viewpoint.
The EO that is being bandied around is about telling critical infrastructure to use these standards, too!
Use NIST 800-53, 800-137, FIPS 140-2, USGCB and CIS. They are very good best practices and flexible enough to not straight-jacket implementers (unlike some of the DISA STIGs).
The *PROBLEM* is this isn't good enough. You CANNOT follow these configs to the letter for strict compliance and have usable systems. At some point you have to provide complex services and those can be vulnerable to problems REGARDLESS of how well you secure the OS.
Even after that there are major issues with application security that can't be dealt with by configuration security.
Slashdot Mirror
Whee! Slasdot escaping is FUN!
<Fundamentalist group du millenaires>
In the example given it is more like
Actually, he pretty much kept rolling everything over and lived off his savings and social security.
He got a huge kick out of the capital gains going to be somebody else's problem after he died. :-)
That is the Slashdot I know and love! A dupe while the original article is still on the front page!
I feel like having a bowl of hot grits and watching a movie with Natalie Portman in it.
Some investments you pay the tax up front on the money you invest. That is, you pay it at the rate you have when working.
Other investments can be "tax deferred", meaning you pay the tax when you take it out. Many people do this because their tax rate when they are retired is lower than while they're working.
And investment income is taxed as capital gains, not as income. In this case, at the long-term rate. From 2008 - 2012 for people who had a marginal tax rate of 10% or 15% this LTCG rate was 0%.
Capital Gains is designed to collect money from wealthy investors, not old people living off their retirement that have little or no other income.
My grandfather was also big in municipal bonds, which are free of Federal (and State) income tax. He didn't make a ton, but he was more interested in safe investing.
He lived frugally, despised debt, saved compulsively and worked hard. He was an auditor at a major bank. At a young age he would regale me with tales of horror starring people who didn't understand finance or investing, but insisting that the market is easy and they can beat it.
Yeah, I know. But it gave me the opportunity to get it off my chest and in writing.
Cathartic.
My next project is to nominate the day after elections as a Federal Holiday.
My grandmother and grandfather invested post-tax for decades. They did this so they could draw their investment income in retirement and not have to pay federal tax on it. In their retirement years they collected Social Security -- for which they paid into earlier, and drew from their retirement funds -- which had been taxed years before. They paid no income tax during their retirement years and rightfully so.
My daughter has a job that earned her only a couple of thousand dollars last year. She didn't pay income tax because she lived at home and went to school full time. She was claimed on MY return and her income was reported there.
However, under the method used by the WSJ she would be reported as paying no Federal tax as it was all returned.
Keep in mind, anyone working has Social Security and Medicare withholdings. Both are FEDERAL taxes they pay and aren't returned at tax time. They just aren't INCOME tax.
The amount of money would would collect from the lowest end of the spectrum is offset by what it would cost for you to collect. You'd actually LOSE money processing their returns and everything that goes with it.
Think of those pictures that occasionally make the news where a doctor frames the $0.01 check he received from Medicare and the $0.42 stamped envelope next to it. Are you honestly saying you want to see that?
For every complex problem there is an answer that is simple, elegant and wrong. Demanding that EVERYONE pay SOMETHING is an example.
No, he didn't.
He took a statistic from a WSJ article that said 47% of the population was getting a check from the gov't for one reason or another and assumed that meant they were all welfare queens, life-long Democrats and rabidly pro-Obama.
He didn't take into account the number of people getting Social Security. Nor Veteran's Benefits. Nor Military Pensions. Hell, nor active duty military drawing a paycheck. Nor many, many other categories of payments that go to people who aren't just in it for a handout.
Or are you trying to tell me that every military person, active duty or retiree; senior citizen or person drawing veteran's disability is a died-in-the-wool Democrat and Obama supporter?
He was talking to a bunch of fucking morons who can't think beyond simple sentences and telling them what they wanted to hear. He was being a money grubbing, lying politician.
Are you saying they saw "If you Liked Al Gore, check out Mitt Romney" messages and just clicked?
Page 2, under the section titled Background (emphasis added, smart quotes dumbed down):
Defendants have entered into agreements with Google, Inc. ("Google"), that allow Google to create digital copies of works in the Universities' libraries in exchange for which Google provides digital copies to Defendants...
That reminds me. I haven't seen Blazing Saddles in a while. I need to queue that up for a viewing.
Except he is running unopposed. He really doesn't have to say jack shit and he'll get re-elected.
A) This is covered in most places I know of. There is either a designated smoking area or a rule about smoking within a certain number of feet of any doorway. Many cities have laws covering their buildings for the latter.
B) Pass the increased insurance premiums and other costs directly off to the individual.
C) Invalid argument. Drunk or high at work impairs your performance, possibly dangerously so. Having a smoke doesn't.
Thanks.
No quote. This one is wholly mine. There is really only some exaggeration in there for comic effect. The entire event pretty much went down like that, neighbors, police and all.
Grandma always had a loud voice, but she broke all records when I offhandedly dissed what turned out to be a major component in her universe. It was the angry tone that brought the neighbors over.
Oh, and my cousin isn't really a lesbian. She had a child (or three) out of wedlock, which to grandma was just as bad. But trying to wedge all that in there would've disrupted the flow.
Agreed. The says is "Don't sweat the small stuff, and remember it's ALL small stuff."
OCD and a publicist.
While many of the things I've done over my life resulted in disapproval or derision from my grandmother, everything paled in comparison when I made the mistake of giving her an honest opinion of why I didn't pay much attention to sports. Specifically, the Chicago White Sox and Bears. Her being a lifelong, rabid fan of both.
All she asked was "Why didn't you watch the game last night?" and I answered honestly.
"Because I have better things to do. Honestly grandma, it is nothing more than grown men playing a children's game of advanced catch. Its not like they're curing cancer or doing anything useful with their lives. What's the point?"
It was like a small thermonuclear device was set off in the living room. Two different neighbors came over to survey the wreckage -- one from a couple houses down. Someone had even called the police. One said that after 50 years of living next door, she couldn't remember anything like it. She wanted to know if grandma finally snapped and killed grandpa.
Nothing so trivial. I had blasphemed not only the beloved Sox, but called into question the very game of baseball itself.
It was three months before she'd speak to me again. Hell, when my cousin came out of the closet not only as a lesbian but also a registered Democrat, she only got two months of the silent treatment.
At least I didn't tell her I was a Cubs fan. I probably wouldn't be here today if I did that.
Hmmm...Funny or Insightful? Funny or... oh, shit. I posted. Never mind.
Damned choices!
Sort of. They were saying this isn't enough, claiming an "offensive" component is also needed.
Keep in mind, it was penned by an ex-military guy who just joined a cyber security consulting firm. He's saying we need to change the laws to allow something like a digital version of Blackwater.
It is like he read his first cyberpunk novels and thinks Shadowrun was a good idea for real life.
Dan Brown, is that you?
This is a good example of why the gov't is worried about cyber security for critical infrastructure. Just like there are minimum standards for building and fire safety there needs to be minimum standards for IT infrastructure security.
To ensure that the module itself hasn't been tampered with once it has been validated.
Verifying correctness of the algorithms and their implementation was the purpose of the lengthy NIST validation process.
After that, before each use, they're checking to make sure someone hasn't pulled a fast one and modified the code.
Ken Thompson's ACM classic Reflections on Trust back in 1984 really laid this issue to bare. He was discussing compilers, and considering OpenSSL's validation is for source code and you can compile it yourself, it is very pertinent.
Meh. Forgot a brief run with Gentoo right before LFS.
Slackware
Yggsdrasil
Red Hat
SuSE
Mandrake
Red Hat
Debian Testing
Linux From Scratch
Blue-White
Fedora
Rolled My Own
Slackware
Slax
Kubuntu
Fedora
Kubuntu
Debian Stable (in progress of migrating to this now)
Also use BackTrack on a regular basis.
I'm not sure I understand. By constraining algorithm choice to good algorithms it guarantees a good algorithm will be used. Are you saying that the SHA-2 suite and AES are not good algorithms?
The recent validation of OpenSSL FIPS Object Module 2.0 should address fear of patches. If it doesn't, then they are either dicking with the code themselves and are rightfully fearful, or don't understand the process.
As for self-testing requirements, wow. That explains the issue. That mentality right there is why security frequently fails.
Obviously you don't consider the crypto really that important. And that may be rightfully so, depending on the corresponding risk analysis. But we're not talking about your online purchases from Amazon where your liability is limited to $50 in credit card fraud, we're talking about critical infrastructure. In these cases it matters. Getting it wrong can have consequences that could potentially be catastrophic.
In places that crypto is important to get right there is no such thing as "trust me, this is good". NO, YOU ARE NOT TO BE TRUSTED. WE MUST VERIFY. Yes, every time.
I'll be brief.
THE GOV'T DOES THIS. NIST 800-137 is all about "Continuous Monitoring" which means "set baseline configs, make sure they're followed". USGCB is used for Windows 7 and RHEL Desktops, and CIS commonly used for most everything else. (USGCB and CIS for Win7 are almost identical.)
Let me repeat that. CIS is frequently used as the config gold standard for Windows, Linux & Solaris servers as well as Cisco equipment. For the things CIS doesn't have, they use DISA STIGs, which are just as good but more geared towards the military viewpoint.
The EO that is being bandied around is about telling critical infrastructure to use these standards, too!
Use NIST 800-53, 800-137, FIPS 140-2, USGCB and CIS. They are very good best practices and flexible enough to not straight-jacket implementers (unlike some of the DISA STIGs).
The *PROBLEM* is this isn't good enough. You CANNOT follow these configs to the letter for strict compliance and have usable systems. At some point you have to provide complex services and those can be vulnerable to problems REGARDLESS of how well you secure the OS.
Even after that there are major issues with application security that can't be dealt with by configuration security.