Jeremy Wright and Mike Hillyer have just launched a new weblog called "The Wealthy Blogger," with the tagline "Money Management Blogging from two Decidedly Un-Wealthy Bloggers."

It looks like a great new site where conversations can take place about the pains of credit, debt and money management. It's a topic many people should be interested in, whether they actually are or not.

Anyhow, after reading a pre-release entry on the subject of credit card companies and the draining of today's college student population, I had some thoughts, which I posted there as a comment and am cross-posting here (slightly edited, but I have had more time to think about it since I originally posted my comments - see below).

But that's not really the point - go check out the site - I think it will be well worth our collective time as the site grows. I've subscribed.

Anyhow, here is me quoting myself (weird eh?) talking about my view of the reality of "borrowing" money... (edited and enhanced)

To get you started, please remember one very important thing. Behind the spin and sales lines, there are only two types of people in the world:

• People who buy money (often mistakenly called "borrowers")
• People who sell money (often mistakenly called "lenders")

That said, here are my comments:

Looking even beyond just the credit card companies, *no* company that "lends" you money is doing you a favor. That's like saying the car salesman is doing you a favor by letting you buy a car.

The fact of the matter is that when you get a home loan, a credit card, a personal loan, or charge to an installment account, *you* are the customer.

People need to realize that: When you take out this kind of loan, you are buying money. You are the customer and the lender is the one who is selling you the money in order to make a profit. No lender does anyone a favor, even if it feels like that's what's happening. Just like with the car salesman, the idea is to make it *feel* like it's a favor. But in reality, the profits are theirs. They do those things necessary to maximize their profits and minimize their losses, just like any other business.

Would you pay $100 in cash for $20 worth of groceries? If you put it on a card, that's possibly what you're doing, unless you pay your full balances within one or two months.

It used to be that credit cards were held and used for emergencies. Now people use them like they're free money, without thinking. That's too bad, because unless you happen to have a very astute credit mind and the ability to pay off everything you charge within the grace period, you're borrowing from sharks.

I know two young guys, about 20 to 22 years old, both of whom got credit cards and immediately ran them up buying fancy new computer equipment. One of them talked to me about it before he did it, and I advised him against it, but he did it anyhow. The other acted on his own without advice. Now they're both listening, after realizing how big a deal it is. I explained to both that it would take 30 years (or more with the high rates their cards had) to pay off a computer that would be outdated in one or two years if they made minimum payments. I told them about the virtues of saving and having cash on hand.

Credit cards are evil for most things, but they can be a blessing for a few things: Purchase protection for big-ticket items is nice to have, and rental car coverage is a good benefit if you travel. But some of the check cards with a logo of the major companies on it will give you similar benefits.

Which brings me to my final point: If you like using credit cards just because they are convenient and because you can use them to buy things online, you're probably using the wrong kind of card. Shop around for a ATM/Debit/Check/Visa-or-MasterCard type of card, and make sure you get one from a bank that offers the features you want.

Finally - a reminder: Whether it's a credit-card loan or another kind, the APR of the loan is what determines how much you are paying on an annual basis (compounded - which means you pay interest on the accumulated interest, too, and not just the dollar amount you originally borrowed) for the money you are buying from the lender. Yes - I said *you are buying* money from a lender, and how much you'll pay depends on how long it takes you to pay it off. It's as simple as that. Credit cards are a big-money business for lenders and are a big-loss pig of a deal for borrowers.

If you have to borrow, like for a car or home purchase, you should always shop for money the same way (or more diligently than) you shop for gas, cars, clothes, airline tickets, electronics, homes and whatnot. No lender is ever doing you a favor - they are selling you money, and they are doing so at a profit. Don't ever forget that.

See that? I did learn something, after all.

Speaking of audioblog.com, Eric pointed out to me that he and the others over there have been busy:

[9:59:12 PM] Eric Rice says: added some crazy mad new features to audioblog
[9:59:18 PM] Eric Rice says: podcasting without needing a blog
[9:59:18 PM] Greg Hughes says: yeah?
[9:59:25 PM] Eric Rice says: and recording to MP3 right over the web

Come to think of it, I read that on Friday, but I have not had a chance to check it out yet.

Eric made a QT movie that shows how to make podcast RSS feeds with audioblog.com, and how to record your podcasts straight to MP3 online, with nothing but your web browser pointed to your audioblog.com account.

Upload an audio file, record it online with the browser, or call it in... All three ways will let you create your podcasts anyplace, anytime. You don't even need a text weblog to do this, just audioblog.com and it's enclosure feeds - cool stuff!

By the way, there's video enclosures on the system, too... Videoblogging feeds - hmmm!

A friend of mine from the online world (and big shot from audioblog.com), Eric Rice, has taken over the Engadget "airwaves" and is now hosting the Engadget podcast.

Eric's a cool guy, and it's great to have an Engadget podcast back online. It's a tough room to play to, but Eric will do well with it.

Check it out here. The Podcast feed is here.

A different kind of game...

My friend Broc works at his family business. They have this great big lot and facility in an industrial area of Portland, with a few warehouses and huge shop buildings. Two of the buildings are vacant, and the lot lends itself to hiding, sneaking around and - well, a different kind of organized (and safety-conscious) fun.

I didn't take the pics, I just lent my camera to another person who ran around trying not to get shot at, while I took an MP5 and defended the base.

By the way - and before anyone freaks out: While this looks hard-core, realistic and (if it was real) dangerous, it's actually a game/sport called Airsoft, and the people who play are quite safety-conscious and wear proper protective gear. The guns shoot lightweight, tiny plastic balls the size of a BB. Yes, they can hurt if shot too close, but a red welt is about the worst one can expect when wearing the proper protective gear - namely good eye protection. Safety is important, and it's what makes the game fun. You'll hear people calling "safety kill!" if they are too close to shoot safely, for example. Obviously, point-blank shots with plastic BB's will hurt, so everyone's quite careful and adheres to certain rules. Never play games like this without the proper safety gear - anyone who doesn't practice safe play is an idiot, and you should not include them. Trust me, having fun is good, but being cool and safe with others is much more important.

Ok, anyhow - here's some pictures of what we did last night:

Don't have any train cars available in your local industrial complex, a la Counter-Strike? That's okay, semi trucks are a good stand-in, and besides they have real horns and lights and other things that can throw people off. Plus, the trains are just over on the other side of the fence, so the crashing train sounds are there, even if the cars are not.

Flash photography makes these guys a little more visible than they actually are when you're playing. Imagine nighttime alley lighting and shop lights indoors being turned on and off by whoever happens to have control of the light switches at the time. You never really know when it will be dark or light.

Hard Core Dave. Camper, heh. 'Nuf said.

Cory checks the warehouse floor from behind cover. See the light switches? Cory's the master of lighting tactics.

The attacking team posed for a photo. All us defenders should have done the same. Doh! There was 12 or more of them and 8 of us on the defending team.

Three posers of us from the defending team: Dave, me and Cory. Dave and Cory were a little more effective than me - I got safety-killed around a doorway corner right at the beginning of the first game, and got one "kill" in the second game before I got exposed when the lights came on and I was in the clear. Dave got several, and Cory got a couple too.

That was fun. I discovered I definitely need to go and buy glasses (or contacts maybe) again (I broke my last pair and have not had them replaced because I am lazy that way). Gun sights just aren't as easy to see as they used to be!

It's windy and a bit chilly today. But the flowers are cool. Spring's sprung.

Microsoft has published their Security Development Lifecycle whitepaper, where they describe the process that Microsoft has adopted for the development of software that needs to withstand malicious attack.

It's a good read for people responsible for writing software, as well as those responsible for ensuring software development processes properly addresses security as a requirement.

The basic principles of the Security Development Lifecycle are described in the paper:

• Secure by Design: the software should be architected, designed, and implemented so as to protect itself and the information it processes, and to resist attacks.
• Secure by Default: in the real world, software will not achieve perfect security, so designers should assume that security flaws would be present. To minimize the harm that occurs when attackers target these remaining flaws, software's default state should promote security. For example, software should run with the least necessary privilege, and services and features that are not widely needed should be disabled by default or accessible only to a small population of users.
• Secure in Deployment: Tools and guidance should accompany software to help end users and/or administrators use it securely. Additionally, updates should be easy to deploy.
• Communications: software developers should be prepared for the discovery of product vulnerabilities and should communicate openly and responsibly with end users and/or administrators to help them take protective action (such as patching or deploying workarounds).

Also discussed are the phases of the lifecycle in application, and Microsoft's experience in putting the DSL into use at that company, as well as the results of the initiative. If the small amount of information quoted above is of interest, take the time to read the paper.

Dana Epp comments and has insights into the changes that have happened at Microsoft over the past few years. It is pretty darned amazing to have watched (and participated in, as part of my roles as partner and customer) the changes Microsoft has made with regard to security. I can say from my own experience that security is at the front of MSFT developers' minds every day, and while it's not perfect (and never will be, regardless of the software or authors), it definitely shows.

(via Dana Epp's weblog)