Author Topic: Mustachian People Problems (just for fun)  (Read 961246 times)

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7092
  • Registered member
Re: Mustachian People Problems (just for fun)
« Reply #2300 on: December 08, 2015, 03:30:55 PM »
I usually make up security question answers since the real data is easy to find.
Works very well until you have to answer them over the phone.

Your mothers maiden name?
Satan

Your first school?
The playboy mansion

How can I help you .....?

haha 100% that first part.
I once had to answer security questions and had no idea what I entered. It wasnt something important and I found the PW later on.
The problem was answered sec quests for resending the PW. Never thought anybody would do this, esp for the sort of account (forum? that ballpark).

Really, mothers name, birthday, pets name, favorite band - everything you can find out with 5 minutes googling and facebook for 50% of people?

result: for every name I write a (the same) name I have no connection with and for dates its also something unrelated. Problem solved.

My solution is I create an answer algorithmically based on the question itself along with a special keyword that never changes. So if anyone figured out my algorithm they'd also need my completely unrelated keyword. The bonus of this method is that I don't have to remember my answers, I just read the question and derive the answer.

Me too -- although once someone has my keyword they could reverse engineer the algorithm.  You could add a salt to the domain and the question text and then take the first 5 digits of a hash (MD5?  Not sure what's most secure these days) and get a pretty good result but that requires having a computer with you.

I don't sweat it too much since it's way more secure than any question about my favorite book could be.

Beaker

  • Bristles
  • ***
  • Posts: 332
Re: Mustachian People Problems (just for fun)
« Reply #2301 on: December 08, 2015, 03:52:28 PM »
Me too -- although once someone has my keyword they could reverse engineer the algorithm.  You could add a salt to the domain and the question text and then take the first 5 digits of a hash (MD5?  Not sure what's most secure these days) and get a pretty good result but that requires having a computer with you.

If you're taking the first 5 digits it probably doesn't matter much what algorithm you use, because you're throwing away most of the keyspace & entropy anyway. But MD5 is dangerously weak, and has been for years. Even SHA1, the replacement for MD5, isn't considered good enough for new development anymore. But hey, bonus points for salting it!
</nerd>

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7092
  • Registered member
Re: Mustachian People Problems (just for fun)
« Reply #2302 on: December 08, 2015, 03:59:39 PM »
Me too -- although once someone has my keyword they could reverse engineer the algorithm.  You could add a salt to the domain and the question text and then take the first 5 digits of a hash (MD5?  Not sure what's most secure these days) and get a pretty good result but that requires having a computer with you.

If you're taking the first 5 digits it probably doesn't matter much what algorithm you use, because you're throwing away most of the keyspace & entropy anyway. But MD5 is dangerously weak, and has been for years. Even SHA1, the replacement for MD5, isn't considered good enough for new development anymore. But hey, bonus points for salting it!
</nerd>

Well there's an inherent limit to entropy in the allowed answer field.  But we're not trying to keep the NSA from cracking our security question, just some packet sniffing hobo living in your crawlspace.

Cathy

  • Handlebar Stache
  • *****
  • Posts: 1043
Re: Mustachian People Problems (just for fun)
« Reply #2303 on: December 08, 2015, 05:50:33 PM »
MD5 has weaknesses, but they are commonly misunderstood. They are also irrelevant to dragoncar's proposed use of MD5. dragoncar is just using MD5 to generate an opaque token. If you wanted to bruteforce a token generated through that method, the only algorithm you could use is exhaustion over the entire 5-hex-character search space. Knowing that the token was generated by MD5 (as opposed to another hashing algorithm that generates a hex string) would not narrow down the search space unless MD5 has a vulnerability such that certain characters were more likely to appear in the first 5 hex digits than other characters. MD5 has no such vulnerability so the use of MD5 is not relevant to the analysis of the security of dragoncar's proposal. See Bruno Rohée's reply to this Stack Overflow question.

Note that dragoncar's idea is insecure for other reasons. In this post, I comment only on the use of MD5 as opposed to another hashing algorithm.
« Last Edit: December 08, 2015, 06:07:20 PM by Cathy »
This post contains only general information on the issues raised by this topic. This post does not provide help tailored to your specific situation. There are many facts that could be relevant to your specific situation and I am not in possession of those facts. If you need help tailored to your specific situation, you should retain an appropriate professional and not rely on this post.

Taran Wanderer

  • Bristles
  • ***
  • Posts: 464
Re: Mustachian People Problems (just for fun)
« Reply #2304 on: December 08, 2015, 10:47:34 PM »
Nerd watching!  Where's my popcorn?

(I speak nerd, too, just a different dialect...)

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7092
  • Registered member
Re: Mustachian People Problems (just for fun)
« Reply #2305 on: December 08, 2015, 11:42:14 PM »
MD5 has weaknesses, but they are commonly misunderstood. They are also irrelevant to dragoncar's proposed use of MD5. dragoncar is just using MD5 to generate an opaque token. If you wanted to bruteforce a token generated through that method, the only algorithm you could use is exhaustion over the entire 5-hex-character search space. Knowing that the token was generated by MD5 (as opposed to another hashing algorithm that generates a hex string) would not narrow down the search space unless MD5 has a vulnerability such that certain characters were more likely to appear in the first 5 hex digits than other characters. MD5 has no such vulnerability so the use of MD5 is not relevant to the analysis of the security of dragoncar's proposal. See Bruno Rohée's reply to this Stack Overflow question.

Note that dragoncar's idea is insecure for other reasons. In this post, I comment only on the use of MD5 as opposed to another hashing algorithm.

I know little about cryptography, but why is it more insecure (at least more so than reasonable alternatives?)  What we really want to guard against is the situation where your security answers for one site are compromised for whatever reason, and you don't want the attacker to be able to use your security answers on another site.  Assuming they don't know your exact algorithm (security through obscurity) I find it highly unlikely they would ever be able to determine it from the answers on one site alone.  If they have your algorithm, they could brute-force your salt with enough computing power but isn't that true of any approach?  If they don't have your algorithm, but have your answers from two sites, it might be possible to reverse engineer your algorithm, but all of the above seems to be an extraordinary use of resources just for access to one person's brokerage account (and they would still need to find a way to get your money out and untraceably to their account).  I have to find comfort in assuming someone with those resources has bigger fish to fry than little old me, and would consider my brokerage pocket change.

But I am interested in what you would choose instead.

Cathy

  • Handlebar Stache
  • *****
  • Posts: 1043
Re: Mustachian People Problems (just for fun)
« Reply #2306 on: December 09, 2015, 12:00:45 AM »
...I know little about cryptography, but why is it more insecure (at least more so than reasonable alternatives?)...

So to clarify my claim, what I meant was that there are other reasonable alternatives available that are strictly more secure but not any harder to implement. That's the sense in which your proposal could be said to be insecure. For starters, truncating the MD5 hash to 5 hex characters artificially limits the character set. Instead of doing that, you could take enough bits from the start of the hash to get 5 characters from the entire ASCII alphabet. That would maintain the same properties as your proposal -- short length of secrets, easy to derive from known data, etc. -- but be strictly better. However, this still isn't what I personally do (see below).


But I am interested in what you would choose instead.

I simply generate unique random strings of the maximum permissible length for every requested security answer or password. Every website gets its own unique strings and they are not derived from any human-memorable or deterministic values. I currently have over 500 unique tokens from using this system for many years, but it's very convenient -- when I need to log into a website, I just look up the corresponding secrets in my homegrown token management system.
This post contains only general information on the issues raised by this topic. This post does not provide help tailored to your specific situation. There are many facts that could be relevant to your specific situation and I am not in possession of those facts. If you need help tailored to your specific situation, you should retain an appropriate professional and not rely on this post.

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7092
  • Registered member
Re: Mustachian People Problems (just for fun)
« Reply #2307 on: December 09, 2015, 12:15:58 AM »
...I know little about cryptography, but why is it more insecure (at least more so than reasonable alternatives?)...

So to clarify my claim, what I meant was that there are other reasonable alternatives available that are strictly more secure but not any harder to implement. That's the sense in which your proposal could be said to be insecure. For starters, truncating the MD5 hash to 5 hex characters artificially limits the character set. Instead of doing that, you could take enough bits from the start of the hash to get 5 characters from the entire ASCII alphabet. That would maintain the same properties as your proposal -- short length of secrets, easy to derive from known data, etc. -- but be strictly better. However, this still isn't what I personally do (see below).


But I am interested in what you would choose instead.

I simply generate unique random strings of the maximum permissible length for every requested security answer or password. Every website gets its own unique strings and they are not derived from any human-memorable or deterministic values. I currently have over 500 unique tokens from using this system for many years, but it's very convenient -- when I need to log into a website, I just look up the corresponding secrets in my homegrown token management system.

I like this approach, but of course the downside is that there is a single point of failure (also with any system where you need a program to generate your tokens like my MD5 example above).  I try not to get too paranoid about this stuff since if someone has a keylogger on my computer they can probably access everything I have regardless of my security (this is where multi factor authentication helps a lot).  I do have the token generator for my Interactive Brokers account.

Perhaps your token management system is a standalone device, which would be much safer than, say, an encrypted text file on your phone or computer.

BTW, when you say "not derived from ... deterministic values" do you really use something like random.org to generate "true" random bits?

Cathy

  • Handlebar Stache
  • *****
  • Posts: 1043
Re: Mustachian People Problems (just for fun)
« Reply #2308 on: December 09, 2015, 12:36:38 AM »
My experience with operations security ("opsec") is that everybody thinks they aren't a target. And they're right ... until they become a target, at which point they are woefully unprepared and are owned. (The term "owned" is a technical term in the field. ;-)) It's difficult to shore up opsec retroactively, so I advocate doing it correctly from the start. Note that I express no view on whether anybody in this thread, including dragoncar, is practicing inadequate opsec.


BTW, when you say "not derived from ... deterministic values" do you really use something like random.org to generate "true" random bits?

Using random.org for anything other than entertainment or educational purposes is a questionable idea. Among many other reasons, you have no idea how it is generating the numbers or what information it is logging. They claim to be generating the numbers in a certain way, but you have no way of verifying the truth of that claim, and no way of knowing whether the random.org website has been compromised.

The normal everyday operation of a computer involves enough stochastic and unpredictable processes to create a pool of entropy that can be used to generate truly random numbers locally. This includes, for example, measurements of photoelectric interactions in the hardware (which are basically treated as random in quantum mechanics). The interface for accessing this pool of entropy will depend on the operating system. On Linux, this entropy is available through the special file /dev/random. Windows offers a substantially similar facility through the CryptGenRandom function.
This post contains only general information on the issues raised by this topic. This post does not provide help tailored to your specific situation. There are many facts that could be relevant to your specific situation and I am not in possession of those facts. If you need help tailored to your specific situation, you should retain an appropriate professional and not rely on this post.

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7092
  • Registered member
Re: Mustachian People Problems (just for fun)
« Reply #2309 on: December 09, 2015, 12:56:03 AM »
My experience with operations security ("opsec") is that everybody thinks they aren't a target. And they're right ... until they become a target, at which point they are woefully unprepared and are owned. (The term "owned" is a technical term in the field. ;-)) It's difficult to shore up opsec retroactively, so I advocate doing it correctly from the start. Note that I express no view on whether anybody in this thread, including dragoncar, is practicing inadequate opsec.


BTW, when you say "not derived from ... deterministic values" do you really use something like random.org to generate "true" random bits?

Using random.org for anything other than entertainment or educational purposes is a questionable idea. Among many other reasons, you have no idea how it is generating the numbers or what information it is logging. They claim to be generating the numbers in a certain way, but you have no way of verifying the truth of that claim, and no way of knowing whether the random.org website has been compromised.

The normal everyday operation of a computer involves enough stochastic and unpredictable processes to create a pool of entropy that can be used to generate truly random numbers locally. This includes, for example, measurements of photoelectric interactions in the hardware (which are basically treated as random in quantum mechanics). The interface for accessing this pool of entropy will depend on the operating system. On Linux, this entropy is available through the special file /dev/random. Windows offers a substantially similar facility through the CryptGenRandom function.

Well that's why I said something "like" random.org.  I'm sure you are aware of the possibility that whatever generally-available OS you are using could be compromised and logging or manipulating the output of any call to random number generation functions. (see https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf). 

Such OS and compiler issues can likely be avoided if you write your own OS in machine code using magnets and string.

But can you trust the firmware?  Hope you are Tony Stark and can build your own processor out of spare parts in a cave.

I prefer to flip a penny and write down the results, but everybody knows the NSA has installed a backdoor into the penny weighting.

Can't trust anybody these days!


Cathy

  • Handlebar Stache
  • *****
  • Posts: 1043
Re: Mustachian People Problems (just for fun)
« Reply #2310 on: December 09, 2015, 12:59:51 AM »
I won't describe all of the personal security measures I take here, but you can assume I've considered every threat and have appropriate mechanisms in place to deal with them. Some people have never been the target of a skilled adversary, but I personally do not have that luxury, as I have been the attempted target of personalised attacks from time to time. (There are some interesting stories there.) It certainly does lead to a heightened, but justified, paranoia that some people cannot relate to.
This post contains only general information on the issues raised by this topic. This post does not provide help tailored to your specific situation. There are many facts that could be relevant to your specific situation and I am not in possession of those facts. If you need help tailored to your specific situation, you should retain an appropriate professional and not rely on this post.

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7092
  • Registered member
Re: Mustachian People Problems (just for fun)
« Reply #2311 on: December 09, 2015, 01:07:00 AM »
I won't describe all of the personal security measures I take here, but you can assume I've considered every threat and have appropriate mechanisms in place to deal with them. Some people have never been the target of a skilled adversary, but I personally do not have that luxury, as I have been the attempted target of personalised attacks from time to time. (There are some interesting stories there.) It certainly does lead to a heightened, but justified, paranoia that some people cannot relate to.

If you wrote a book "Security by Cathy," I'd totally read it.

PARedbeard

  • Stubble
  • **
  • Posts: 155
  • Location: Pennsylvania
Re: Mustachian People Problems (just for fun)
« Reply #2312 on: December 10, 2015, 10:23:28 AM »
Working with a nonprofit, we get a ton of money from the United Way for some of our kids' programs. Since they support us so much, we do a yearly drive to help raise money through employee donations out of our weekly pay. This morning, HR called to ask me if I wanted my contribution taken out all at once or a little bit every month. I told her to take it all at once. She paused and seemed confused.

"All at once?" she replied. "But you know that will make your first paycheck next year X." I told her that I did and that that would be okay. "Are you sure?" She said, "we can take it out a little at a time so it doesn't affect your income so much." Again, I told her it was fine, and that I was comfortable with having X in January."

That kept going on for a few more rounds... I was so tempted to say that I'm not living paycheck-to-paycheck (I think most of my coworkers are), but I didn't want to sound snobbish to her.

HappyMargo

  • Stubble
  • **
  • Posts: 121
  • Location: Colorado
Re: Mustachian People Problems (just for fun)
« Reply #2313 on: December 10, 2015, 03:28:31 PM »
Because I grocery shop at Costco and Aldi we have a dire shortage of plastic shopping bags to line the trash cans around here.

Outside our grocery store they keep giant bins for people to bring back all their used plastic grocery bags (perhaps to recycle?)  There's mountains of them in there!
On rare occasions, I have been known to grab a few for cleaning out the cat's litter box.
Enjoying the journey (& bike ride!) to FIRE.

Jack

  • Magnum Stache
  • ******
  • Posts: 4745
  • Location: Atlanta, GA
Re: Mustachian People Problems (just for fun)
« Reply #2314 on: December 10, 2015, 04:20:50 PM »
(The term "owned" is a technical term in the field. ;-))

Wow, Cathy made a mistake!

(She misspelled "owned" -- it starts with a "p.")

; )

you can assume I've considered every threat

That can't possibly be true; there are unknown threats that (by definition) you could not have considered.

TrMama

  • Handlebar Stache
  • *****
  • Posts: 1654
Re: Mustachian People Problems (just for fun)
« Reply #2315 on: December 10, 2015, 04:23:34 PM »
Your employer increases their retirement matching and improves the fund selection. After the meeting where these change are presented to the employees, you get so excited you can barely sleep that night.  You tell your school age children all about the changes and how great they are over dinner.

Dollar Slice

  • Handlebar Stache
  • *****
  • Posts: 2025
  • Age: 40
  • Location: New York City
Re: Mustachian People Problems (just for fun)
« Reply #2316 on: December 10, 2015, 05:09:38 PM »
Your employer increases their retirement matching and improves the fund selection. After the meeting where these change are presented to the employees, you get so excited you can barely sleep that night.  You tell your school age children all about the changes and how great they are over dinner.

I know the feeling. My boss (company owner) mentioned in passing that she might resurrect  the now-defunct 401k fund again (we used to have one when the company had another owner, he didn't hand over the keys to the 401k when he left and... well it's a long story, but we haven't had one for a while). I'm torn between "yay!" and advising her that it is a terrible idea for the company, because we've only got 3 FT employees right now and it's possible that I'm the only one that would sign up for it, and we'd be paying a ton of fees because it's not a very good plan. Must. Not. Waste. Money. But... pre-tax savings...
...it's not at all alarming that people have started quoting me in their siggy lines.

RelaxedGal

  • Stubble
  • **
  • Posts: 232
  • Age: 39
  • Location: 495 corridor, Massachusetts, USA
Re: Mustachian People Problems (just for fun)
« Reply #2317 on: December 11, 2015, 11:30:38 AM »
An all employee e-mail went out yesterday reminding us that the 27th paycheck of the year will hit our bank accounts on December 31st.

I was so pissed at myself when I realized that I'd set things up to max my 401k in 26 paychecks, so nothing is going in on that 27th paycheck.  My employer only puts in a match on paychecks where I am contributing, and does not true-up at year end, so I screwed myself out of $70.88 by not looking more closely at the list of pay dates when it was posted back in January.

AlwaysLearningToSave

  • Bristles
  • ***
  • Posts: 437
Re: Mustachian People Problems (just for fun)
« Reply #2318 on: December 11, 2015, 12:16:49 PM »
An all employee e-mail went out yesterday reminding us that the 27th paycheck of the year will hit our bank accounts on December 31st.

I was so pissed at myself when I realized that I'd set things up to max my 401k in 26 paychecks, so nothing is going in on that 27th paycheck.  My employer only puts in a match on paychecks where I am contributing, and does not true-up at year end, so I screwed myself out of $70.88 by not looking more closely at the list of pay dates when it was posted back in January.

That is hilarious and definitely a MPP.  I bet many people don't max the 401(k) and they never have occasion to even think of this problem.  Even among people who max the 401(k), I bet very few would even realize they left money on the table. 

Pooperman

  • Magnum Stache
  • ******
  • Posts: 2542
  • Age: 27
  • Location: North Carolina
Re: Mustachian People Problems (just for fun)
« Reply #2319 on: December 11, 2015, 12:32:10 PM »
An all employee e-mail went out yesterday reminding us that the 27th paycheck of the year will hit our bank accounts on December 31st.

I was so pissed at myself when I realized that I'd set things up to max my 401k in 26 paychecks, so nothing is going in on that 27th paycheck.  My employer only puts in a match on paychecks where I am contributing, and does not true-up at year end, so I screwed myself out of $70.88 by not looking more closely at the list of pay dates when it was posted back in January.

That is hilarious and definitely a MPP.  I bet many people don't max the 401(k) and they never have occasion to even think of this problem.  Even among people who max the 401(k), I bet very few would even realize they left money on the table.

In the same theme, I'm missing out on $50 company match because they were too slow to put in my paperwork when I started. I'm making up the contribution, but they're still not matching it. That's like $400 future dollars I'll never have :'(.

Lski'stash

  • Bristles
  • ***
  • Posts: 466
  • Age: 30
  • Location: West Michigan
    • A Teacher's Journey to FI in the Mitten State
Re: Mustachian People Problems (just for fun)
« Reply #2320 on: December 11, 2015, 06:28:20 PM »
I finally thought of something for this thread!

My husband and I are planning on downsizing this spring from a way-too-large house bought from our pre-mustachian days. We are hoping to be in a house around 1,500 sq. ft. and closer to where each of us works.

 The problem? It's actually really hard to find SMALLER houses where we are looking!

riverffashion

  • Pencil Stache
  • ****
  • Posts: 888
  • Age: 33
Re: Mustachian People Problems (just for fun)
« Reply #2321 on: December 11, 2015, 07:01:15 PM »
An all employee e-mail went out yesterday reminding us that the 27th paycheck of the year will hit our bank accounts on December 31st.

I was so pissed at myself when I realized that I'd set things up to max my 401k in 26 paychecks, so nothing is going in on that 27th paycheck.  My employer only puts in a match on paychecks where I am contributing, and does not true-up at year end, so I screwed myself out of $70.88 by not looking more closely at the list of pay dates when it was posted back in January.

That is hilarious and definitely a MPP.  I bet many people don't max the 401(k) and they never have occasion to even think of this problem.  Even among people who max the 401(k), I bet very few would even realize they left money on the table.

Absolutely a MPP!

gaja

  • Pencil Stache
  • ****
  • Posts: 706
Re: Mustachian People Problems (just for fun)
« Reply #2322 on: December 12, 2015, 01:21:58 PM »
One of the aunts tried to get my youngest daughter (7, soon 8) to tell what she wanted for christmas, but DD is happy with what she has and has a hard time thinking of anything she wants. In the end we settled on a pencil case, since she is drawing so much that she runs out of pencils and wears out cases.
Travelling southern Norway, Iceland and the Faroes in an electric car: http://travelelectric.blogspot.no/

riverffashion

  • Pencil Stache
  • ****
  • Posts: 888
  • Age: 33
Re: Mustachian People Problems (just for fun)
« Reply #2323 on: December 12, 2015, 01:41:57 PM »
One of the aunts tried to get my youngest daughter (7, soon 8) to tell what she wanted for christmas, but DD is happy with what she has and has a hard time thinking of anything she wants. In the end we settled on a pencil case, since she is drawing so much that she runs out of pencils and wears out cases.


I love that!
(And pencil cases are pretty cool ;) )
Had a red one with hello kitty as a girl, then later replaced with a pink one with some other sanrio fuzzy animal, don't remember which. Came with sharpener, scissors, erasor, scotch tape and idk what in Little drawers inside . Was super stoked!

TomTX

  • Handlebar Stache
  • *****
  • Posts: 2413
  • Location: Texas
Re: Mustachian People Problems (just for fun)
« Reply #2324 on: December 12, 2015, 03:28:09 PM »
MD5 has weaknesses, but they are commonly misunderstood. They are also irrelevant to dragoncar's proposed use of MD5. dragoncar is just using MD5 to generate an opaque token. If you wanted to bruteforce a token generated through that method, the only algorithm you could use is exhaustion over the entire 5-hex-character search space. Knowing that the token was generated by MD5 (as opposed to another hashing algorithm that generates a hex string) would not narrow down the search space unless MD5 has a vulnerability such that certain characters were more likely to appear in the first 5 hex digits than other characters. MD5 has no such vulnerability so the use of MD5 is not relevant to the analysis of the security of dragoncar's proposal. See Bruno Rohée's reply to this Stack Overflow question.

Note that dragoncar's idea is insecure for other reasons. In this post, I comment only on the use of MD5 as opposed to another hashing algorithm.

This is just so hot.
Credit card signup bonuses:

$150 bonus on $500 spend for Chase Freedom:
https://www.referyourchasecard.com/2/MU4TDQ1N3K

$50 bonus (no min spend, just use it once) plus double all cash back at the end of 1 year for Discover, including the initial $50:
https://refer.discover.com/s/37e3u

$500 bonus on $4,000 spend for Chase Sapphire Preferred:
https://www.referyourchasecard.com/6/Z8JIP66H7G

Cape Town Girl

  • 5 O'Clock Shadow
  • *
  • Posts: 4
Re: Mustachian People Problems (just for fun)
« Reply #2325 on: December 12, 2015, 06:26:53 PM »
The fact that I cant find awesome thinking people like you guys in South Africa. Our parents (husband and I) dont know the journey we are on because we want to keep our finances/goals private and also because they will think we are nuts. The other problem is constantly being compared to siblings because they are "so successful with their fancy cars and houses" and why are we "struggling". My husband and I also prefer giving the impression that we have no money because family here get themselves in debt etc and expect help from anyone and everyone that has money.

With This Herring

  • Pencil Stache
  • ****
  • Posts: 944
  • Location: New York STATE, not city
  • TANSTAAFL!
Re: Mustachian People Problems (just for fun)
« Reply #2326 on: December 14, 2015, 11:26:29 AM »

I was talking to a neighbor on our doorstep, when his three year old son sneezed violently and the dad asked me for a tissue. I never buy Kleenex - only have old fashioned handkerchiefs , so I handed him a wad of toilet paper. I felt slightly embarrassed when the dad noticed what it was, not sure why.
+1
Hey, I used to think I was the only person in this country using handkerchiefs... but there are 2 of us! :) I always get the "what the hell is that?!?" when I pull one out in public.

+1 I am a Cdn. user of handkerchiefs.  I started using them rather than Kleenex a few decades ago when I developed some allergies.  My mom gave me a bunch of my grandma's handkerchiefs and said using these will easier on my nose.  She told me that the wood fibre in the Kleenex would just cause more irritation.  So been using handkerchiefs ever since even though the allergies left. 

My mom has a stockpile of handkerchiefs from the 'old country' and we've been in Canada for 50+ years.  I guess my MMM people problem is that it is next to impossible find new women's handkerchiefs these days.  Sometimes I buy them at flea markets where older people are downsizing.

+1 I use handkerchiefs!  I started with them at age 20 or so, right before I finished college.  My first one was a garage sale find.  Subsequent ones have been packs from the men's underwear section of Walmart (the only place nearby I have been able to find them).  Once they are out of the packaging and washed, you can't tell they are "for men."  And my nose runs a lot less since I started using them instead of paper tissues.

Chai tea that husband bought me as a surprise was a total disappointment ... my homemade chai is way, way better. I didn't tell him that, though .. didn't want to hurt his feelings :-/

You are telling us this and you didn't include a recipe for yours?  SHAME!



My MPP:  I quit my job effective one week ago.  As this timing lines up with when I usually take a couple weeks off of work, no one outside my office or DBF knows yet.  I'm not quite at my FIRE goal yet, but I am close enough that I'm happy working part-time (maybe 30 hours per week, and only work I enjoy) until I hit it.  I'm trying to figure out how to tell my parents that I have quit and have little interest in working full-time again when I'm only in my late-twenties.
Because your toaster got hacked because you tried to watch porn on your blender.

6-year CPA currently on hiatus.  Botched this.  Working again. 
Go soak your beans.  You know you keep forgetting.

HappierAtHome

  • Walrus Stache
  • *******
  • Posts: 6053
  • Location: Australia
Re: Mustachian People Problems (just for fun)
« Reply #2327 on: December 14, 2015, 06:38:25 PM »
You refer to outsourcing a service as "buying a short-term servant" without thinking twice, and your workmates accuse you of being a snob with 'an upper-class attitude'.

Venturing

  • 5 O'Clock Shadow
  • *
  • Posts: 65
Re: Mustachian People Problems (just for fun)
« Reply #2328 on: December 14, 2015, 08:04:55 PM »
I've had the same problem. Thankfully I can log into my internet banking while talking to them Nd check it there


Here's a Mustachian problem for you....

My credit card was stolen today and used to buy $1500 of electronics.
Luckily the fraud department caught it and froze the card.
I wound up calling the fraud department and they asked a series of questions to try to make sure it was me and not an imposter.

One of the first questions was "what is the credit limit on the card?"

I told her I had no idea and that I thought it was somewhere in the ballpark of  XX dollars, but that since I always pay it off completely at the end of every month I've never once thought to look at what the credit limit might be.  She seemed suspicious from that point forward and ultimately told me that I would have to the bank in person with my ID to clear it up.

Venturing

  • 5 O'Clock Shadow
  • *
  • Posts: 65
Re: Mustachian People Problems (just for fun)
« Reply #2329 on: December 14, 2015, 08:10:04 PM »
Because I grocery shop at Costco and Aldi we have a dire shortage of plastic shopping bags to line the trash cans around here.

I have the same problem. Thankfully my husband was given a gift voucher to a 'fancy' supermarket. I chose some things and then went through the self serve line so that I could put each item in its own bag.

When the power company puts you on to the higher 'Holiday home' rates because your usage is so low that they don't believe it can be a permanent home.

Or when you literally can't think of a single thing to give your young daughter for Christmas. But we are spending it with family so it wouldn't be acceptable to have nothing at all under the tree for her. I'm going to wrap up a couple of her existing items that still look new. Hopefully my husband doesn't recognise them. He is quite proud of my frugal ways and would cheerfully announce to everyone what I'd done.
« Last Edit: December 14, 2015, 08:38:28 PM by Venturing »

johnny847

  • Magnum Stache
  • ******
  • Posts: 3190
    • My Blog
Re: Mustachian People Problems (just for fun)
« Reply #2330 on: December 14, 2015, 08:14:41 PM »
When the power company puts you on to the higher 'Holiday home' rates because you're usage is so low that they don't believe it can be a permanent home.

Haha how'd you convince them otherwise?

Venturing

  • 5 O'Clock Shadow
  • *
  • Posts: 65
Re: Mustachian People Problems (just for fun)
« Reply #2331 on: December 14, 2015, 08:42:38 PM »
When the power company puts you on to the higher 'Holiday home' rates because you're usage is so low that they don't believe it can be a permanent home.

Haha how'd you convince them otherwise?

By going into long and boring detail about why it was so low :) it probably helped that, coincidently, I was the one who had written the policy that they were trying to enforce

Threshkin

  • Pencil Stache
  • ****
  • Posts: 756
  • Location: Colorado
    • My Journal
Re: Mustachian People Problems (just for fun)
« Reply #2332 on: December 15, 2015, 09:35:48 AM »
When the power company puts you on to the higher 'Holiday home' rates because you're usage is so low that they don't believe it can be a permanent home.

Haha how'd you convince them otherwise?

By going into long and boring detail about why it was so low :) it probably helped that, coincidently, I was the one who had written the policy that they were trying to enforce

That is funny Venturing.  Hoist by your own petard!

dragoncar

  • Walrus Stache
  • *******
  • Posts: 7092
  • Registered member
Re: Mustachian People Problems (just for fun)
« Reply #2333 on: December 15, 2015, 01:08:22 PM »
When the power company puts you on to the higher 'Holiday home' rates because you're usage is so low that they don't believe it can be a permanent home.

Haha how'd you convince them otherwise?

By going into long and boring detail about why it was so low :) it probably helped that, coincidently, I was the one who had written the policy that they were trying to enforce

That is funny Venturing.  Hoist by your own petard!

Hey, read the forum rules.  Don't call venturing a petard that's horrible some people are petarded and they can't help it they were born with a lack of oxygen


Sam E

  • Stubble
  • **
  • Posts: 173
Re: Mustachian People Problems (just for fun)
« Reply #2334 on: December 17, 2015, 03:55:16 PM »
Mustachian problem I just discovered today: I use my car so little and fill the tank so infrequently that when people complain about gas prices I can't join the conversation for the simple reason that I can barely remember what gas cost a month ago when I last filled up. Gas costs 2.75 per gallon? Is that trending up or down? No idea. Lots of awkward nodding and blind comiseration while I hope someone changes the subject.

GreenSheep

  • Bristles
  • ***
  • Posts: 474
Re: Mustachian People Problems (just for fun)
« Reply #2335 on: December 17, 2015, 04:13:39 PM »
Mustachian problem I just discovered today: I use my car so little and fill the tank so infrequently that when people complain about gas prices I can't join the conversation for the simple reason that I can barely remember what gas cost a month ago when I last filled up. Gas costs 2.75 per gallon? Is that trending up or down? No idea. Lots of awkward nodding and blind comiseration while I hope someone changes the subject.

Yes! Me too!

And even when I was driving way too far to work, I always wondered why gas prices were so interesting to people. You still have to go to work. You still have to go to the grocery store, or wherever else your car takes you. Other than maybe postponing a road trip, I don't think most people really change their driving habits in response to gas prices. It's just an inane topic of conversation.

Zikoris

  • Handlebar Stache
  • *****
  • Posts: 2450
  • Age: 30
  • Location: Vancouver, BC
  • Vancouverstachian
Re: Mustachian People Problems (just for fun)
« Reply #2336 on: December 17, 2015, 04:20:23 PM »
Mustachian problem I just discovered today: I use my car so little and fill the tank so infrequently that when people complain about gas prices I can't join the conversation for the simple reason that I can barely remember what gas cost a month ago when I last filled up. Gas costs 2.75 per gallon? Is that trending up or down? No idea. Lots of awkward nodding and blind comiseration while I hope someone changes the subject.

That applies to a lot of things as well - when people tell me they got a good deal on something for $X, nine times out of ten I have to ask what the "normal" amount would be because I genuinely have no idea. There are so many things I've never in my life bought, like gasoline (or car anything), alcohol, any kind of meat or animal products, and most consumer goods.

Luckily, people don't seem upset by it and happily give me baseline numbers.
« Last Edit: December 17, 2015, 04:22:08 PM by Zikoris »
Blogging about frugality, travel, and Vancouver life - www.incomingassets.wordpress.com

I also have a journal! http://forum.mrmoneymustache.com/journals/the-zikoris-diaries/

MoneyRx

  • 5 O'Clock Shadow
  • *
  • Posts: 82
  • Location: USA
Re: Mustachian People Problems (just for fun)
« Reply #2337 on: December 17, 2015, 04:47:52 PM »
Missed out on a leftover giant salad from a work meeting to take home because I can't carry it on my bike. Probably would have fed me for a week.

Zikoris

  • Handlebar Stache
  • *****
  • Posts: 2450
  • Age: 30
  • Location: Vancouver, BC
  • Vancouverstachian
Re: Mustachian People Problems (just for fun)
« Reply #2338 on: December 17, 2015, 05:31:16 PM »
Missed out on a leftover giant salad from a work meeting to take home because I can't carry it on my bike. Probably would have fed me for a week.

I love office scavenging! I work in a very big office and there are large catered lunches at least a couple times a week. As a vegan I have less scavenging options than other people, but sometimes manage to get a pretty good haul! My favourite things to bring home are raw ingredients that I can make into other things, like the leftover cut up vegetables from a veggie platter, but there's also sometimes this delicious roasted vegetable quinoa salad that my boyfriend is crazy about. I get a wrap or sandwich once in awhile and bring that home for dinner, but generally those are a hot commodity. Leftovers from fruit platters are also great.
Blogging about frugality, travel, and Vancouver life - www.incomingassets.wordpress.com

I also have a journal! http://forum.mrmoneymustache.com/journals/the-zikoris-diaries/

Taran Wanderer

  • Bristles
  • ***
  • Posts: 464
Re: Mustachian People Problems (just for fun)
« Reply #2339 on: December 17, 2015, 11:16:28 PM »
People like to complain about things they perceive as having no control over.  Gas prices are an easy target.  It's easier to complain about gas prices than to actually think about driving less to keep their total cost of driving the same.

Sanne

  • Stubble
  • **
  • Posts: 101
  • Location: The Netherlands
Re: Mustachian People Problems (just for fun)
« Reply #2340 on: December 18, 2015, 12:32:28 AM »
People like to complain about things they perceive as having no control over.  Gas prices are an easy target.  It's easier to complain about gas prices than to actually think about driving less to keep their total cost of driving the same.

Yup this. It's easier if you "can't" do anything about it. "I'm the victim here!"

JrDoctor

  • Stubble
  • **
  • Posts: 101
Re: Mustachian People Problems (just for fun)
« Reply #2341 on: December 18, 2015, 12:55:35 AM »
Lecture yesterday at lunch on duty of candour.  Had a free lunch, got two packed sandwiches, three apples and a banana on the way out.  And got paid for going.  Only left half an hour late yesterday as well.

merula

  • Pencil Stache
  • ****
  • Posts: 754
Re: Mustachian People Problems (just for fun)
« Reply #2342 on: December 21, 2015, 08:19:12 PM »
Mustachian person problem: I was out doing some final Christmas shopping this morning. I stopped at the gas station and bought $50 worth of gift cards, and then went to Goodwill, where my card was declined.

I paid the $4 in cash, and called the credit card company on my way out. They put a hold on my account because of "unusual activity" and wanted me to verify the $50 transaction.

I buy gas so infrequently, and my car is compact enough, that what is a twice-weekly expense for some is a transaction worthy of fraud protection for me. Oh well. I'm just mad that I won't get the cash back from Goodwill. That's $0.04 I'll never see...

johnny847

  • Magnum Stache
  • ******
  • Posts: 3190
    • My Blog
Re: Mustachian People Problems (just for fun)
« Reply #2343 on: December 21, 2015, 09:22:04 PM »
Mustachian person problem: I was out doing some final Christmas shopping this morning. I stopped at the gas station and bought $50 worth of gift cards, and then went to Goodwill, where my card was declined.

I paid the $4 in cash, and called the credit card company on my way out. They put a hold on my account because of "unusual activity" and wanted me to verify the $50 transaction.

I buy gas so infrequently, and my car is compact enough, that what is a twice-weekly expense for some is a transaction worthy of fraud protection for me. Oh well. I'm just mad that I won't get the cash back from Goodwill. That's $0.04 I'll never see...

You should get a 2% credit card. Fidelity Amex is good because you can enroll it in Amex offers available on Twitter. Of course, there are some merchants that don't take Amex. The other option is the Citi Double Cash (Mastercard), which earns 1% at time of purchase and 1% when you make a payment.

I'm surprised that $50 is a fraud alert for you if this is the same card that you use to pay gas. Typically when you swipe your card at the pump it puts a temporary hold for some predetermined maximum which varies by gas station (typically $100, sometimes $150) because it doesn't know how much gas you're going to put in. It then later adjusts the transaction for the correct amount.
But I'm fairly certain that the cc company can't differentiate a temporary hold from a real purchase (could be wrong about this) so they should already expect $100 transactions on the card...

GreenSheep

  • Bristles
  • ***
  • Posts: 474
Re: Mustachian People Problems (just for fun)
« Reply #2344 on: December 22, 2015, 08:03:45 AM »
I've started getting gas so infrequently that I have to look at the little marker on my dashboard to remember which side of the car I need to put near the pump.

iowajes

  • Magnum Stache
  • ******
  • Posts: 4551
Re: Mustachian People Problems (just for fun)
« Reply #2345 on: December 22, 2015, 08:30:08 AM »
A neighbor was selling "savings books" that you got your money back on with just one coupon.
The book cost $10.

The coupon was $10 off a $100 purchase at the grocery store I use. 

Except we NEVER spend close to that in a single trip!

Hadilly

  • Stubble
  • **
  • Posts: 186
Re: Mustachian People Problems (just for fun)
« Reply #2346 on: December 22, 2015, 08:50:54 AM »
Greensheep: putting a marker on is an excellent idea! I have that same problem when getting gas.

johnny847

  • Magnum Stache
  • ******
  • Posts: 3190
    • My Blog
Re: Mustachian People Problems (just for fun)
« Reply #2347 on: December 22, 2015, 08:53:07 AM »
Greensheep: putting a marker on is an excellent idea! I have that same problem when getting gas.
Your car already has that marker. I'm pretty sure this was discussed on the thread at some point.

slugline

  • Handlebar Stache
  • *****
  • Posts: 1071
  • Location: Houston, TX USA
Re: Mustachian People Problems (just for fun)
« Reply #2348 on: December 22, 2015, 09:33:33 AM »
Greensheep: putting a marker on is an excellent idea! I have that same problem when getting gas.
Your car already has that marker. I'm pretty sure this was discussed on the thread at some point.

Mustachian problem: Missing out on the the gas gauge arrow because you drive an old car.

riverffashion

  • Pencil Stache
  • ****
  • Posts: 888
  • Age: 33
Re: Mustachian People Problems (just for fun)
« Reply #2349 on: December 22, 2015, 09:50:37 AM »
A neighbor was selling "savings books" that you got your money back on with just one coupon.
The book cost $10.

The coupon was $10 off a $100 purchase at the grocery store I use. 

Except we NEVER spend close to that in a single trip!

Wow what a bunch of BS! And to think people actually buy those things......