1

Fight WordPress comment spam with .htaccess

Posted by T. Greg Doucette on Aug 4, 2010 in Technology

Spambots really frost my Wheaties… :mad:

Given the prevalence of Google indexing and the role links to a given site play in search rankings, “spamdexing” is something every blog author is going to face at some point or another. Basically spammers write scripts to leave fake comments on a sh*tload of blogs containing a bunch of links in an effort to boost the search engine rank for their own site.

I had taken a fairly laissez-faire attitude toward spammers since law:/dev/null started back in August, but after getting slammed with spam last month I decided that needed to change. So part of my delay in getting things posted last week (aside from just having a lot to edit) was the product of me dusting off some of my old Computer Science notes and getting intimate with some old spam-fighting techniques.

I’m not sure I’ve got it completely re-mastered, but I figure I’ve got things down enough that I can share some of that insight with y’all. Besides, it took me 6 years to finish a 4-year degree — I might as well put what I learned to some use :beatup:

The overwhelming majority of websites across the globe use the Apache HTTP server, a truly excellent, scalable and secure open-source web server. Odds are good your own blog is running on Apache right now1 and that means you have an effective anti-spam tool built-in using an .htaccess file.

Disclaimer: .htaccess and regular expressions are both powerful tools for web development — especially when they’re combined together. Be über-careful as you work on this file (and make back up copies) because mistakes or typos can basically make your blog totally inaccessible to everyone. I’m also assuming you have at least some familiarity with your own webserver; since I don’t know the specifics of your own setup, proceed at your own risk, caveat emptor, etc etc etc. Basically #dontsuemeplzkthxu ;)

.htaccess is a plaintext file used by the Apache web server to process access-related commands called directives. To create one, all you have to do is create a new plain text file (e.g. in TextEdit on my Mac, after opening a new file I go to Format > Make Plain Text), save it, upload it to your server via FTP or however you directly upload files, then rename it “.htaccess” (without the quotes).

There are all sorts of cool things you can do with .htaccess… but I’m only going to show you a small subset, so feel free to Google for the rest ;)

====================
1) FIRST LOCK DOWN YOUR SERVER…
====================

Certain files on your blog get accessed on the backend by the web server itself or by you via a command-line interface. They’re not the type of thing that should ever be viewable or accessible to the public through a web browser.

For example, you don’t want everyone being able to read your .htaccess file because they’ll know what you’re defending against… and, by implication, what you’re not defending against ;)

Here’s a quick code snippet to block access to these files:

############ PROTECT FILES ############
# This snippet prevents unauthorized access to certain
# core files like .htaccess as well as logs, scripts,
# and other things that can be exploited by spammers
#######################################
<FilesMatch “\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$”>
order allow,deny
deny from all
</FilesMatch>

The “#” denotes a comment to the web server, so everything after that symbol is ignored.

The line is a function call, and the “|” works as an OR logical operator, So here the function is telling the web server to run the inner segment of code if any file request contains .htaccess or .htpasswd or .ini or .phps or .fla or .psd or .log or .sh.

That inner segment of code just says to deny all access to the file requested. Someone trying to access this file will get a “403 – Forbidden” error message.

Then the tells the server the function is done.

====================
2) …THEN REDUCE SERVER OVERSHARE
====================

Turns out overshare isn’t just a people problem: computer servers sometimes needlessly share too much information themselves.

On many installations, for example, whenever the Apache web server generates a document (e.g. a “403 – Forbidden” error message or a “404 – Not Found” error) it includes a line at the bottom listing the version of the web server and what modules are running. This Server Signature is designed to help folks accessing websites through proxy servers who might not be able to tell which site generated a given error. But it also lets spammers know what you’re running, and if for some reason you have out-of-date software — more common than you’d think — spammers will then know which security exploits they can use against your server.

This information is still relatively easy to figure out, but there’s no point in letting your server just offer it up willy-nilly ;)

The ServerSignature is usually off by default, but just in case you can use this code:

############ DISABLE SERVER SIGNATURE ############
# This snippet disables the server signature so the server
# is not volunteering data about itself that could be useful
# to spammers in determining what attacks would work best
##################################################

ServerSignature Off

This just tells the Apache web server to shut off its ServerSignature. Very simple. :)

====================
3) BAN REMOTE COMMENTS
====================

In WordPress, leaving a comment accesses the wp-comments-post.php file. Some spammers will try to access this file without ever actually visiting your site.

You can stop these kind of non-local comments with the following code snippet:

############ NON-LOCAL COMMENT BAN ############
# This snippet prevents spammers from directly accessing
# the wp-comments-post.php file. In order to leave a comment
# a spammer must be “in” your domain by visiting your site.
###############################################
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^/?wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !^http://www\.yourdomaingoeshere\.com [NC,OR]
# RewriteCond %{HTTP_REFERER} ^-?$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule .* – [F,L]

The 1st line is a function call that checks if you have the mod_rewrite Apache module installed and running; odds are you do, but it’s good to check just in case. The 2nd line tells Apache to turn on the URL ReWrite engine.

The next 4 lines cover the conditions that must be met for the URL rewrite command to be executed: (1) the spammer must be trying to POST data,2 (2) the POST data must be going directly to the wp-comments-post.php file, and either (3) the POST attempt is not coming from your domain itself (the “NC” in brackets means the URL is not case-sensitive) or (4) the commenter is using a browser that does not have a HTTP_USER_AGENT programmed.3

Assuming that batch of conditions are met — 1 and 2 and (3 or 4) — the ReWriteRule line is executed. In this case the poster gets a 403 Forbidden error when the comment is submitted (the “F” in the brackets) and the ReWriteEngine stops processing because this is the last command (the “L” in the brackets).

You can also uncomment the line I included that blocks people from posting if there is an empty HTTP_REFERER field also. I left this one out because some security programs intentionally send blank referrer info so you don’t know what website someone is coming from, but if you don’t mind the risk of blocking those folks you can enable that rule as well.

====================
4) BAN SPAMMERS
====================

This is the real “meat and potatoes” of the .htaccess file as far as WordPress spam goes, and in my tests over the past couple weeks it’s been highly effective.

Although you can find tutorials online using the ReWriteEngine for this, similar to the non-local comment ban in #3 above, I’m personally a fan of using Apache’s environment variables. Since the objective of spamdexing is to increase rankings in search engines, spammers usually leave referrer code in your logs that you can use to ferret them out and stop them from ever coming back.

Here’s the code snippet:

############ SPAMMER BAN ############
# This snippet uses environment variables to ban spambots
# that come to your site with certain characteristics, such
# as Referer code from a spam-y site
#####################################

SetEnvIfNoCase Via badproxy spambot
SetEnvIfNoCase Referer badspammer1.com spambot
SetEnvIfNoCase Referer badspammer2.ru spambot
# […add as many of these lines as you have bad referrers…]
SetEnvIfNoCase User-Agent ^Bad.Spammer.Browser1 spambot
# […add as many of these lines as you have bad User-Agents…]

order allow,deny
deny from env=spambot
deny from 0.0.0.0
deny from 255.255.255.255
# […add as many of these lines as you have bad IP address not blocked by referrer bans…]
allow from all

So here’s the way this works. If you see a comment from a spam website or you notice a spamming User-Agent in your logs, you create an entry for it like in the first paragraph.

SetEnvIfNoCase tells Apache to create an environment variable if the given characteristic exists. So, in this example, if a spammer is coming from badspammer1.com Apache will create an environment variable called “spambot”.4

Down in the second paragraph, it will deny access to your site from that referrer since the “spambot” variable is true.

Also in this section, you can deny access from specific IP addresses as well if you notice the same IP producing the same spam over and over. For example, earlier this week I had a handful of compromised PCs leaving me spam comments with fake URLs (meaning the Referrer info was useless) and no common User-Agent I could ferret out of my logs. So I just blocked their IP addresses.

Blocking IPs is a bit extreme since they can be dynamically assigned and may end up belonging to a legitimate commenter days later, so if you do block an IP address I’d suggest commenting it out with a “#” after a couple weeks just in case. You can always un-comment it if the spamming picks up again. :)

====================
5) BAN HOTLINKERS
====================

Hotlinking is the process of taking a URL of where an image is hosted and pasting it into your own page. This is particularly common on message boards where folks post images they see around the web. When you hear people talk about “bandwidth theft”, hotlinking is the action that leads to it. Basically people are loading the image from your own server without ever visiting your site.

I’ve always taken a fairly permissive view toward hotlinking, mostly because I generate a lot of tables and graphs that I’m perfectly fine with other people using — and if they use them, I’d like to see in my logs where they’re using them ;)

But sometimes you get someone hotlinking an image that is loaded so many times (like on a super-busy forum) that your server chokes or you use all your bandwidth for a given month or you get a nastygram from a server administrator for hogging system resources. That’s what happened to me earlier this month :( So using the same environment variables approach for banning spammers I wrote up a blacklist for banning certain excessive hotlinkers.

Here’s the code snippet:

############ HOTLINK BAN ############
# This snippet prevents hotlinks to files in your local domain
# to prevent others from stealing your bandwidth (almost always
# used for picture files).
#####################################
SetEnvIfNoCase Referer badhotlinker1.com hotlinkers
SetEnvIfNoCase Referer badhotlinker2.ru hotlinkers
#[…add as many of these lines as you have hotlinkers…]
<FilesMatch “\.(png|jpg|jpeg|gif|bmp|swf|flv|pdf)$”>
order allow,deny
deny from env=hotlinkers
# ErrorDocument 403 /somedirectory/nohotlinking.gif
allow from all
</FilesMatch>

My current anti-hotlinking pic. It needs work.

We create the environment variable “hotlinkers” if someone is coming from a recognized domain where the image is getting hotlinked. We then use the FilesMatch directive (the same type we used in #1 up at the top) to see if they’re trying to load certain image files like .png, .jpg, .gif, and so on.

If they’re accessing those filetypes from the hotlinked domain, they’ll get a 403 Forbidden error instead.

And if you’re in an artistic mood, the commented line sends them to a custom 403 Forbidden error page — just uncomment it and in place of the hotlinked image they’ll instead see whatever you choose to put in its place. In my case I went with advertising for the blog :beatup:

—===—

Hope this helps any of you fellow blawgers who are tired of dealing with spam comments!  If you have any questions let me know in the comments — and if you’ve somehow been banned from commenting, send me an email5 ;)

And if you happen to be one of my CSC colleagues from NC State, please feel free to double-check my syntax and make sure I’ve got everything right :D

Have a great night y’all! :)

  1. If you’re not sure what webserver you’re on, check with your web administrator. []
  2. This is usually what happens when you submit a form online, contrasted with a GET submission where the data being submitted is embedded within the result URL itself. []
  3. This might, in very rare occasions, block a legitimate commenter. I’m not sure if it will ever happen but consider yourself forewarned :) []
  4. The default value for these is TRUE, but you can also type in “spambot=TRUE” if you’re a stickler for proper coding techniques. []
  5. My email address is located at the bottom of our About page ;) []

Tags: , , ,

 
2

A “real world” byproduct of overshare

Posted by T. Greg Doucette on Jul 29, 2010 in Technology

Good evening y’all! :)

Unlike last week and the week before, I don’t have a string of almost-ready entries just awaiting editing before they’re posted. There’s been a lot of upheaval going on this past week (some of it good, some not so much) so I haven’t been as diligent in keeping law:/dev/null as up-to-date as usual :beatup:

I’m making an exception today, though, because this dovetails with my comments to you about Facebook and overshare in last week’s TDot’s Tips entry on tightening up your digital life.

From today’s article at msnbc.com:

Details of 100 million Facebook users published online
Users’ personal information cannot now be made private, security consultant says
updated 7/29/2010 8:59:38 AM ET

The personal details of 100 million Facebook users have been collected and published online in a downloadable file, meaning they will now be unable to make their publicly available information private.

photo courtesy of msnbc.com

However, Facebook downplayed the issue, saying that no private data had been compromised.

The information was posted by Ron Bowes, an online security consultant, on the Internet site Pirate Bay.

Bowes used code to scan the 500 million Facebook profiles for information not hidden by privacy settings. The resulting file, which allows people to perform searches of various different types, has been downloaded by several thousand people.

This means that if any of those on the list decide to change their privacy settings on Facebook, Bowes and those who have the file will still be able to access information that was public when it was compiled.

Bowes’ actions also mean people who had set their privacy settings so their names did not appear in Facebook’s search system can now be found if they were friends with anyone whose name was searchable.

‘Scary privacy issue’
On his website, www.skullsecurity.org, Bowes said the results of his code were “spectacular,” giving him 171 million names of which were 100 million unique.

“As I thought more about it and talked to other people, I realized that this is a scary privacy issue. I can find the name of pretty much every person on Facebook,” he wrote.

“Facebook helpfully informs you that “[a]nyone can opt out of appearing here by changing their Search privacy settings” — but that doesn’t help much anymore considering I already have them all (and you will too, when you download the torrent). Suckers!”

“Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details,” Bowes added. “If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops :)”

He said he discovered the top first name in the list was Michael, followed by John, David, Chris and Mike. The top surnames were Smith, Johnson, Jones, Williams and Brown.

A privacy expert expressed concern at the implications of Bowes’ actions. Simon Davies, of campaign group Privacy International, told the BBC that some Facebook users “did not understand the privacy settings and this is the result.”

“Facebook should have anticipated this attack and put measures in place to prevent it,” he told the BBC. “It is inconceivable that a firm with hundreds of engineers couldn’t have imagined a trawl of this magnitude and there’s an argument to be heard that Facebook have acted with negligence.”

‘A little terrifying’
Some users of Pirate Bay shared his concerns.

“This is awesome and a little terrifying,” lusifer69 wrote on the site. And another, Porkster, said: “I don’t think this is a hack, but a collection from public domain info that people have shared. The importance of the info is structuring it and allowing someone to search or compute the data.”

However, jak322 said: “I’ve got to say, who cares. All the info here is already in the public domain, is not sensitive and as a developer I already have access to what could be deemed personal and private data through the Facebook API.”

In a statement emailed to msnbc.com, Facebook agreed, saying the information on the list was already available online.

“People who use Facebook own their information and have the right to share only what they want, with whom they want, and when they want,” it said.

“Our responsibility is to respect their wishes. In this case, information that people have agreed to make public was collected by a single researcher. This information already exists in Google, Bing, other search engines, as well as on Facebook,” the statement added.

“No private data is available or has been compromised. Similar to a phone book, this is the information available to enable people to find each other, which is the reason people join Facebook. If someone does not want to be found, we also offer a number of controls to enable people not to appear in search on Facebook, in search engines, or share any information with applications.”

© 2010 msnbc.com

The comments in this article notwithstanding, go through your privacy settings and lock down anything in your profile that you may not want permanently open to the public.

It’s true the information that was public when this user-created database was compiled will still be in it — but (i) relatively few people will know about this database so the threat should (hopefully) be limited, and (ii) locking your profile down now will prevent any future access to anyone trying to create a similar or updated database of this information down the road.

That’s it for today. Hope all of you are having a great week! :D

Tags: ,

 
2

TDot’s Tips: Tighten up your digital life

Posted by T. Greg Doucette on Jul 16, 2010 in TDot's Tips

Hey everybody :)

Today was another mediation day in court as part of my volunteer work with the ADR Clinic at NCCU Law. My co-mediator and I only had two cases, but they both involved actions seeking protective orders to prevent one party from contacting the other.  The first case involved a lady being harassed by one (or more) of her fiancé’s ex-girlfriends, including being the target of a fake Facebook profile, a fake profile on some dating site, and so on.

The lady being harassed was justifiably upset, and had initiated a criminal investigation along with bringing every piece of documentation she had to the court hearing. But the ex-girlfriend accused of doing the harassment was adamant that she wasn’t involved at all — claiming that in fact another ex-girlfriend was impersonating her.1 :crack:

The whole hearing was filled with talk of IP addresses, passwords, email accounts and other Computer Science-y stuff.2 I’m convinced they were both being less-than-honest, but at least they got this particular issue resolved for now.

But given how much of our lives are now online, and how trivially simple it is to compromise our digital security, I thought I’d share a handful of easy tips to help you tighten up your digital life :)

Quick disclaimer: In computing, there’s no such thing as “total” security. Everything can be hacked with enough time, ingenuity, and computational effort — and anyone who tells you otherwise is lying to you ;) Your objective as a user is just to make sure that the time / ingenuity / effort that would have to be spent to compromise your security is worth more to the attacker than the value of what you’re securing.

====================
1) STRENGTHEN YOUR PASSWORDS
====================

Passwords are so ubiquitous online that even non-tech-savvy computer users often have several of them. The problem is that we have so many passwords on so many sites that they’re almost impossible to remember without making them simple, which also makes them easy to compromise.

There are a variety of ways hackers try to break passwords. “Dictionary” attacks use regular words as password guesses. “Brute force” attacks try every possible password combination. “Rainbow tables” are used to try and crack encrypted passwords. The list goes on.

You can limit the success of these attacks by making some really simple changes:

  • The longer a password, the better the security. This makes intuitive sense to most people but you’d be surprised by how many folks have passwords of only 6-8 characters. Your password should ideally be twice that long or more, which in turn requires far more effort on the part of hackers to figure it out.
  • NEVER use regular words in your password. Remember those “dictionary” attacks I mentioned? They use dictionaries of common words/names/places (often coupled with numbers) to guess a password. If you’ve only got regular words as your password, odds are good it will be compromised.
  • Use all available character sets. If you’re a user of the Latin alphabet (ISO 8859-1) you typically have 4 groups of characters you can use in fashioning a password: lower-case letters a-z, upper-case letters A-Z, numbers 0-9, and symbols like $ and @. The vast majority of passwords only use one or two of these groups, and that makes them much easier to hack. For example, someone with the 8-character password “thomas08” is only using two groups, so a cracking program only needs to try at most 2.1 billion possible combinations before guessing it correctly (since there are 26+10 possibilities for each character and therefore 36^8 possible passwords). That seems like a lot, but a typical brute force attack using just one computer can guess 30 million passwords every minute. So in the very best case scenario, where the password only gets figured out on the very last guess, this password will be cracked in a little over two months. But slightly tweaking that password to something like “tHom@s08” makes it far more difficult: now all four character groups are used and there are 94 possible options for each character in the password (26 lower-case, 26 upper-case, 10 numbers, 32 symbols) so a hacker needs to try over six quadrillion combinations (94^8 possibilities) — or guessing 30M passwords a minute for roughly 386 years.
  • Don’t re-use passwords across multiple sites. This common-sense principle is also frequently ignored. Password security not only depends on the strength of your password but also the strength of protection used on the website storing it. If something happens where Facebook or Google get hacked and your password is compromised, far more damage can result if you use that same password at other sites. Whenever possible, use a different password at every site you access to limit the problems caused by a security breach.

====================
2) TURN OFF UNUSED SERVICES
====================

Computers are useful even when they’re disconnected from the rest of the world, but the really fun stuff only happens when computers talk to each other. Accessing websites, sharing files, using Bluetooth accessories — each of these options uses a different “service” on your computer, basically opening a tunnel to the outside world through which other computers can communicate with your own.

If you’re not using a specific service, but the service is still turned on, it’s basically the equivalent of leaving a door to your house wide open. Someone may not come in and steal anything… but why take the chance? :P

Turn off all network services you’re not going to use. The exact details of how to turn things off varies greatly depending on your operating system so I’ll skip detailing it here, but a quick Google search on “turn off unused services” will get you results on how to turn things off in Windows XP, Windows Vista, MacOS X and more.

====================
3) BOOST YOUR WI-FI ENCRYPTION
====================

Wireless communication is rapidly replacing wired networks as the preferred choice for home and corporate users. Wi-fi networks provide far more flexibility in terms of how and where we can use a network, but it comes with a significant security tradeoff: electronic eavesdropping by hackers using readily-available software.

To limit the impact of eavesdropping, encryption algorithms have been developed to secure the data being broadcast over a wi-fi network. Unfortunately some of the most widely used algorithms — specifically Wired Equivalent Privacy (or WEP) — are also the weakest. The WEP algorithm is often the first choice presented to a user setting up his/her home router, even though it has been deprecated by the IEEE because it is inherently insecure. Any WEP-protected network can be compromised in 5 minutes or less with publicly-available software :surprised:

And once someone has access to the unencrypted contents of your wi-fi network, they get to see everything being transmitted by your computer (including websites, passwords, account numbers, and so on).

If at all possible, you should be using at least WPA2 security with a key that follows the same strong-password techniques I mentioned in #1 above. Even the most-secure WPA2 network can be compromised, but it will take so much time/effort that all but the most-determined hackers won’t bother to try.

====================
4) FACEBOOK: LOCK DOWN YOUR PROFILE WITH LISTS
====================

Despite all the outrage regularly heaped on Facebook (not without justification) the social network site deserves some credit for at least trying to have a robust privacy architecture. In addition to being able to restrict access to “Friends” or “Friends of Friends” or “Everyone”, you can also create lists to include whoever you designate — and these lists can, in turn, be used to limit access to parts of your profile.

For example, if you’ve got “friends” on Facebook who you don’t know that well, you can create a list like “People I Don’t Know”, put those folks on it, and then change your privacy settings so no one on that list can see things like your wall or your date of birth or your photo albums.

The reverse also works well: you can block access to sensitive info for everybody (like employers ;) ) and then allow access to selected lists with bona fide friends on them.

The whole process can be tedious and time-consuming, but can be a great help in protecting your identity.

====================
5) FACEBOOK: BE CAREFUL WITH REGIONAL NETWORKS
====================

While we’re on the topic of Facebook privacy settings, many folks join regional location-based networks (“Raleigh/Durham” for instance) without realizing the security implications.

Many of your profile’s security settings are configured by default to allow access to your friends and your networks. But since no email address is required to join a regional network, basically those settings enable literally anybody to join a regional network that you happen to be in, and then have access to your entire profile unless/until you lock it down.

I’ve never joined a regional network myself for that reason, but if you decide to join one make sure to adjust your privacy settings to limit what people in your networks can see.

====================
6) BE AWARE OF WHAT YOU SHARE…
====================

People like social networks because of the sense of intimacy they provide, and that in turn tends to create “overshare” — disclosing information that you’d never reveal if you noticed thousands of people were watching (which they typically are on Facebook and elsewhere).

For example, how many of you have your full date of birth (including the year) on your Facebook profile?

If you raised your hand, did you know that in many states someone’s name and full date of birth are the only things needed to access things like their full voter registration profile… which almost always includes a residential address? Most of us would never randomly announce our birthday in a room full of people, but we do it online without thinking. Complete DOB’s on Facebook profiles are a stalker’s dream come true.

This and other information gets shared with everybody every day on social networks. Be aware of what information you’re revealing publicly and how it can be used by others.

====================
7) …AND CONFIGURE PASSWORD-CHALLENGE QUESTIONS ACCORDINGLY
====================

Another example of the security implications of overshare: learning the answers to password-challenge questions.

Those of you who paid attention to the 2008 presidential elections may recall that Sarah Palin learned this the hard way. On most websites, if you’ve forgotten your password typically you can answer one or more “challenge questions” that are supposed to have answers only you know. Figure out the answer, and you get access to the password or the ability to create a new password.

One of the most common challenge questions: “what is your mother’s maiden name?”

Seems innocuous enough, until you notice that the vast majority of women on Facebook include their maiden names in their profile, and many of the mothers have their sons/daughters linked to their profile. I actually once fell into this category: I have my mom listed as one of my parents, but she has her maiden name as part of her profile. So because of that I had to go through several websites and change my challenge-response questions.

The same applies to other information as well. A close friend of mine once blew me off when I told him he needed to do a better job securing himself online, insisting to me that his information was secure and that he’d buy me a fifth of vodka if I could hack one of his accounts. The challenge question to access the website for his student loans was “What was the color of your first car?”… and his profile picture on both AIM and Facebook was him standing in front of his ’98 Wolfpack red Mustang.

Needless to say I enjoyed the vodka :D

Go through all of your challenge-response questions on each site you use, and make sure the answers are information that can’t be easily figured out from your publicly-accessible information on Facebook, Twitter, a blog, or any other sites you use. Otherwise you might be unknowingly giving access to your information to anyone who wants it badly enough.

====================
8) SEARCH FOR YOURSELF PERIODICALLY
====================

Don’t hesitate to occasionally do a search on your name to see if anyone is impersonating you or has compromised your information. We can get free copies of our credit reports each year to verify our financial health, but few folks realize they can easily check the internet to detect if their information has been compromised as well.

Besides, odds are good potential employers are going to do a Google search on you as part of their background check anyway. Shouldn’t you already know what they’re going to find? ;)

====================
9) LIMIT WHAT E-COMMERCE INFO YOU STORE ON VENDOR SITES…
====================

Along with your passwords being at the mercy of a website’s security, the same is true for any credit/debit card information you store with a vendor. Stories of vendor databases being hacked and credit cards being revealed are all over Google yet people still choose to store that information on vendor sites for the sake of convenience.

Don’t do it.

I know it’s annoying to go grab your credit/debit card when you want to make an online purchase, especially if it’s a website you use frequently. But the inconvenience that can be caused by your credit card being compromised by hackers is far bigger than the minor inconvenience of entering in a number each time you use it.

If you do choose to store credit card information online, see if your banking institution provides an automatic card number generator. These are slowly becoming more common with banks and essentially let you create a bunch of “temporary” card numbers linked to your real account, with different restrictions on how long they last or how much money can be charged to them. Using these temporary numbers limit the fallout if a vendor’s database gets hacked.

====================
10) …AND MOVE QUICK IF SOMETHING IS WRONG
====================

If, God forbid, you have the misfortune of having your identity stolen — or being harassed by your fiancé’s ex-girlfriends — make sure to move quickly.

Certain information about you is logged every time you do something online. For example, just by reading law:/dev/null or any other blog your computer has shared your IP address (the numeric address designating what computer you’re using to access the site), the browser you’re using, your operating system, and so on. Almost every single site you ever access, especially things like social networks or financial institutions, keep all this information in case it’s ever needed by law enforcement.

The catch is that a lot of this info is only stored for 30 days. If someone has hacked into your email or your Facebook account or something similar, you’ve got a narrow window of time to notify law enforcement to help catch the people responsible. And if someone has obtained your financial information, usually you have to notify your bank immediately to use any identity theft protection they might offer.

Theft of your personal information is one of those instances where procrastination is a certifiably Really Bad Idea™ ;)

***

Hope y’all find this info useful :) And if you have any computing security tips of your own, feel free to share them in the comments! :D

Postscript: I’d also like to thank professors Sammie Carter and Dr. Annie Antón for their respective Introduction to Computer Security and Privacy Policy, Technology & Law classes at N.C. State. Even though I was among their worst students, I promise I really did learn some things :)

—===—

Past TDot’s Tips entries:

  1. It was at least a plausible claim, as the criminal investigation had apparently implicated two other ex-girlfriends in addition to the defendant in this case :crack: []
  2. It was entertaining watching their reactions when they found out it was my major at NC State. []

Tags: , , , ,

 
2

Shameless attention-whoring FTW

Posted by T. Greg Doucette on Jul 3, 2010 in Site Stats

You don’t have to be one of our long-time readers here at law:/dev/null to know that I like charts.

Facebook + attention-whoring = traffic spike!

And data.

And benchmarks. And tables. And trendlines.

And more charts just for good measure :beatup:

Grade distributions, tuition savings, site stats — I compulsively sprinkle data and tables throughout the blog. Besides, pictures spice up the text-only entries ;)

That also means I’ve started looking for more ways to spread the word in the hopes of attracting more eyeballs / readers / commenters :) There was political controversy in March, a new Twitter account in April… and a slight drop in May.

So to continue the outreach effort I borrowed a page from Huma over at TRPLS and created the Facebook page for law:/dev/null ;)

Apparently most of my Facebook friends never knew about this place, because after sending everyone invites the number of unique IP addresses we had visiting the site jumped by more than a third. Average pageviews per day climbed even more, at +37.7%.

Over a quarter-million pageviews!

And the really nifty thing for a guy who loves benchmarks? This past month we served up our quarter-millionth pageview! :D

I put together a chart (of course) that shows the cumulative number of pages viewed over time. For a blog visited mostly by spambots in its first few months, having real honest-to-goshness live bodies reading over 250,000+ pages is pretty doggone cool :spin:

Anyhow, enough on the statistics — I know the main reason y’all read these entries are for the search terms ;)

***

On the search query front, here are 20 of the 140+ unique search terms that brought folks here in June:

  • rick ingram sbp: I don’t know if this is the same person doing multiple searches or what, but this was our #2 most-frequent search result last month with a dozen queries (along with “rick ingram unc” and “rick ingram dth”). It’s a little peculiar since he’s only mentioned in one entry about his endorsement by the UNCCH Daily Tar Heel. Odd or obsessive? I’m not sure which… :crack:
  • when is 1l orientation for nccu school of law: Orientation for the night program starts on Monday, August 9th. The day program starts the next morning on August 10th. Double-check the start time the night before. Trust me.
  • cute bunny: nom nom nom :D
  • nccu law academic calendar 2010 2011: Can be found on TWEN at the Law School Registrar page. If you’re a pre-L, you’ll get your WestLaw registration info at Orientation. If you’re a 2L/3L/4LE, you should know to check there first before checking Google :P
  • when does nccu school of law give refunds from financial aid?: Around August 30th for the Fall, January 15th for the Spring, May 28th for Summer Session I, and July 9th for Summer Session II. Those dates change slightly based on the calendar and when financial aid actually hits your account with the University. Sometimes refunds happen early but don’t count on it.
  • ex con mother gets law degree: I’ve never been a fan of the adjective “ex con,” but yes I know one — she’s much cooler in person than you can tell from the news story ;)
  • nccu law grading: Sparked some controversy among the blawgs when I declared my support for NCCU Law’s strict-C model. It’s not all that great for getting a job, but I still think it contributes to making more competent attorneys compared to the alternatives :P
  • nc central law reputation: Depends on where you’re looking for a job. I’m not familiar with our national reputation (outside of HBCU’s), but within the state NCCU Law is known for producing highly-talented litigators. It’s one of the four key reasons why I made NCCU Law my first choice for law school — and I suspect it’s one of the reasons the NCCU Law 1L trial team excelled against dozens of teams from neighboring law schools ;)
  • what are acceptable 1l grades?: Whatever is high enough for you to get a job? ::shrug::
  • how long 25 page paper: 25 pages…
  • greg doucette myspace: MySpace? Eww :sick:
  • has anyone received an acceptance package from north carolina central state university school of law: NC Central State University School of Law? No. NC Central [notice there’s no extra word here] University School of Law? Yes. ;)
  • opening statement competitions: Are much harder than closing argument competitions :beatup:
  • received a rejection letter from nccu law stating to try again later: Assuming that language wasn’t part of the standard NCCU Law form letter, you probably should try applying sooner since we use rolling admissions like most law schools.
  • wanted one piece: Sounds like a challenge for the Reasonably Prudent Law Student :D
  • the pornstars in winston salem: I know the political hacks over at the Pope Center wanted UNCSA and its film school to be privatized, but I don’t think that’s what they had in mind…
  • it’s been a month and i still don’t have my law grades: You get no sympathy from me — welcome to the club :*
  • nccu law now tier two: Someone lied to you. The amount of $$$ the school would have to spend to climb to T2 would totally defeat the point of getting a T1 legal education at a T4 price ;)
  • dennis jansen birthday: Happens every year. When? You should probably ask him instead :P
  • nccu law section 103: Is the best section in the school, hands down. And if anyone tells you otherwise you tell them they can kick rocks. Then tell them TDot said they can kick rocks. Then send them to me so I can tell them in person they can kick rocks. B-)

I really get a kick out of the different search terms people use to get here each month… :spin:

***

And finally, here are the Top 5 most-viewed posts for the month of June 2010, with a heavy leaning toward grades and cash:

  1. On Spring ’10 final grades: Spring ’10 Final Grades (or, “A 2L. For srs.”) (06/08/10)
  2. On saving money: TDot’s Tips: More $$$-saving ideas (06/13/10)
  3. Also on saving money: TDot’s Tips: Tips for the pre-L’s on $$$ (05/29/10)
  4. On the legal effects of political cowardice: Unsolicited commentary on the legal clusterf*ck facing homosexuals (06/11/10)
  5. On my impatience: Where are my @#$%ing grades?? >:o (06/07/10)

Many thanks to all of you for supporting the blog, including the new folks who got here as a result of my shameless attention-whoring on Facebook :) I truly appreciate all of you! :*

—===—

Past Site Stats entries:

Tags: , , , , , , , , , , , , ,

 
4

TDot’s Tips: More $$$-saving ideas

Posted by T. Greg Doucette on Jun 13, 2010 in TDot's Tips

Good evening everybody! :D

A couple weeks ago I posted a handful of tips for the pre-L’s on how to live within their means when they get to law school in a couple months.

Several of you sent positive feedback saying you thought the tips were useful, but a few folks complained they focused more on money management habits (making a budget, living like a law student instead of a lawyer, etc) instead of tangible ways to save $$$ while you’re in law school.

Luckily for y’all, I’ve got a few of those too ;)

Here are some suggestions I’ve used to live large without going broke:

====================
1) FIND A 2L AND PHYSICALLY ATTACH YOURSELF TO THEIR HIP
====================

Figuratively at least :)

2Ls can already give you great advice because they remember 1L year like it was yesterday — since it basically was yesterday for us, being only a couple months ago.

An added perk of 2Ls: they’ve got 1L books they need to sell, or know classmates who have them. Selling direct to a 1L gets them more cash than they’d get from the bookstore, and saves you a tidy sum compared to what you’d pay buying from the bookstore or Amazon.

*PLUS* you get the added perk of their text highlights. It’s like peering into the mind of someone who was in your class just before you, and can be a huge help for digesting cases.

In my own case, I bought 2 of my books from Delta the now-3L1 and a 3rd from a classmate she arranged for me to meet. The highlights in my Torts textbook were spot-on — I didn’t highlight a single thing the entire semester because I knew exactly what “take home” points to pull from the text. Same with CrimLaw.

And I saved $100+ in the process, which got used to pay my BLSA dues and buy a handful of class-related t-shirts throughout the year.

====================
2) CHECK STATE SURPLUS FOR OFFICE SUPPLIES
====================

With few exceptions, every state and local government across the country has an office or agency where they take surplus government property and sell it to the public. Many universities have them as well.

These are easily among the biggest bargains you will ever find on anything office-related ;) A few (like North Carolina’s state surplus office in Raleigh) even have surplus vehicles and fancy stuff seized from drug dealers and such.2

Things like computers and GPS units are quickly snapped up by folks who then resell them on eBay, so if you want the good stuff on those you need to be there early and on days when shipments come in. But for things like chairs, desks and filing cabinets, they’ll always have a constant supply that you just have to inspect closely.

For example, my desk chair is nicely cushioned, vertically adjustable, rocks back, has rolling wheels on it, etc. It was sent to state surplus because the left armrest was loose, which I discovered could be fixed with about 10 minutes of work adjusting the screw.3

Retail price: $110 + tax
eBay price for similar style and use: $30 + shipping
My surplus price: $5 cash
Savings: $25+ (83%)

The only catch for most of these surplus offices is that it’s a cash- or money-order business many times. Most don’t take checks, and many don’t take credit or debit cards because state laws typically ban paying the card vendor fees (and the card vendors ban merchants from directly passing the fees on to customers).

====================
3) CHECK CRAIGSLIST FOR EVERYTHING ELSE
====================

More well-known than trolling the surplus offices (but still an excellent spot to find good deals) are the CraigsList listings for your area.

I’ve used CraigsList three times since law school. The first time was finding someone who had just moved in and needed to get rid of their cardboard boxes — got a bunch of really good ones free of charge, and used them to move myself to Durham :D

雅雅 also helped me look for a bed, where we found a lady who had a full-size bed and box spring in a spare room. She was upgrading her own bed to a queen-size, her old bed was going to replace the spare room bed, and the spare room bed needed to be sold. She was incredibly nice and even agreed to hold the bed until the week before orientation so I could come up with the cash.

Retail price for same bed and box spring: $900 + tax
eBay price for similar style and use: $500 + shipping
My CraigsList price: $100 cash (plus she delivered it!)
Savings: $400+ (80%)

Great for football, Wii, and L&O:SVU marathons ;)

The last time I used it was actually a couple weeks ago, when I needed to find a TV for my living room. I had previously figured out how to jerry-rig a normal office projector to play video from the cable box, and got über-spoiled by essentially having a 110″ TV in the living room.

I found a couple who had just moved from California to Chapel Hill, and because of the configuration of their new place there wasn’t a suitable place to put their projector and still get a decent-sized picture. Their loss turned out to be my gain :D

Retail price for cheapest projector with comparable specs: $700 + tax
eBay price for similar style and use: $400 + shipping
My CraigsList price: $300 cash
Savings: $100+ (25%)

The risk with CraigsList is its popularity among scammers, and the fact you typically end up visiting the house of someone you don’t know… who could conceivably be a serial killer or stalker or something. So if you’re nervous grab a buddy and bring them with you.

And like the surplus offices, finding the really sweet deals require a certain level of diligence and luck — check the listings regularly throughout the day, and if you find something you want contact the seller ASAP.

====================
4) SEE IF YOUR MOBILE PHONE PLAN IS OBSOLETE
====================

I stumbled onto this one by accident, so you’re forgiven if you didn’t know about it already ;)

Mobile phone companies adjust their calling plans frequently, usually at least twice a year. They usually feature capacity increases for minutes (and data usage if you’ve got a smartphone), changes to other calling features, and occasionally price reductions.

If you’ve got a plan that’s been phased out, your mobile phone company will happily continue letting you keep that plan and continue taking your money without ever telling you. But they also like getting rid of obsolete plans when it makes sense for them to do so, since it cuts down on operational expenses the more people are in a “one size fits all” arrangement.

Periodically check with your mobile phone provider and see if your current plan is obsolete. If it is, see if they’ll let you change to the new plan without requiring a contract extension (or if you really like the provider, extend your contract with them).

Two years ago, back when I was both NC State‘s Student Senate President and UNCASG President at the same time, I needed to upgrade my phone plan so that I’d have more than the 900 minutes I was originally using. I found out my current plan was no longer offered and I upgraded to 1350 minutes a month for less money than I was already paying.

Now that I’ve retired from both positions, I actually need to downgrade… and lucky for me it turns out the 1350-minute plans are no longer offered, so I can downgrade back to 900 minutes, pay less $$, and don’t have to extend my contract :spin:

====================
5) CHECK FOR YOUR UNIVERSITY’S DISCOUNTS
====================

While we’re on the topic of mobile phones, this one is a potential gold mine :)

Almost every school of law in the country is affiliated with a public or private university. And almost every university in the country works out special deals with all sorts of vendors so their students and employees can get discounts on a variety of products and services — anything to help lure people to the institution.

For example, back when I was at NC State everyone affiliated with the University was eligible for a discount on their Verizon mobile phone service: 20% per month, for the life of their account. All I had to do was present my student ID and a University-affiliated email address.

My mobile phone savings: ~$300/year

NCSU had a large variety of other discounts too, I just never used them. It seems very few students actually know about the discounts, especially in the graduate/professional schools where you didn’t have the opportunity to go through the university’s orientation they give the undergrads. Check with your University’s student affairs folks or the business office to see if they have anything similar, or just ask the companies you use if they have student discounts for your university.

The worst they can do is say no ;)

====================
6) ALSO CHECK FOR GROUP-RATE DISCOUNTS
====================

Similar to the discounts that universities negotiate as perks for their students and employees, many state/national fraternities, sororities and trade organizations have similar discounts as well.

Consider car insurance.

Back when I used to work as a paralegal for a personal injury attorney, I saw entirely too many cases where accident victims were left with debilitating injuries and future medical expenses that would never be covered because the tortfeasor was uninsured or had a low policy limit while the victim had minimal underinsurance coverage (used when the tortfeasor’s policy is nonexistent or maxed out; you make a claim against your own policy).

Out of paranoia I amped up the limits on my auto policy to the max most companies offer in North Carolina “over the counter” without drafting special contracts: $100K/$300K personal injury, $100K damage, $5K medical payments, etc etc etc.

The problem is that much coverage is @#$%ing expensive, even when you have a flawless driving record :mad:

Turns out the North Carolina Farm Bureau, an advocacy group I’ve been a member of for the better part of a decade, has its own insurance company. In exchange for the mere $25 a year in dues I was paying to the organization, I was able to cut my auto insurance bill in half for the same policy limits.

Your mileage may vary (pun intended) depending on where you live and your group affiliation, but it can’t hurt to check :)

====================
7) ADJUST YOUR THERMOSTAT TO YOUR STUDY HABITS
====================

We’ve all probably seen or read at some point the various public service announcements on TV or in magazines about the money you could save by tweaking the temperature in your house up or down a couple degrees depending on the weather.

If you haven’t done that before, law school is the time to start ;)

Particularly if you’re the type of person who will spend a lot of time at school, you won’t be in your apartment all that much during the week. Set your temperature a few degrees cooler in the fall/winter months so your heat comes on less frequently when you’re not at home to enjoy it. Do the opposite in the spring/summer.

How much you save will depend on a number of variables (including living space, type of heating/cooling, the weather, etc) but using my own apartment as an example I’m running about $15/mo less than the previous tenant. It’s not much, but it adds up.

====================
8) WATCH YOUR EATING HABITS
====================

Food tends to become an afterthought when you’re trying to read through dozens of cases a night. My (admittedly unscientific) observations suggest the overwhelming majority of law students I’ve met fall into 2 groups: (1) folks who forget to eat and then grab fast food on the way home, and (2) folks who get bored out of their minds while reading and frequently snack on junk food to break up the monotony.

My stomach and I happen to span both groups :beatup:

In addition to the unpleasant health side effects — I’ve got several classmates who ballooned during the semester, dropped a ton of weight during winter break, gained it back during the spring semester, and are now starving themselves to lose it again — constantly eating fast food and junk food will eat up a lot of cash (pun intended here too :* ).

Now I’m not going to parrot other folks and tell you to eat fruits and veggies and all that jazz. It’d be great if you did, but I’m not gonna give y’all advice that I don’t follow myself ;)

You might want to learn to cook at least a little bit; see this TDot’s Tips entry for more, and also check out TDot’s Treats for some recipes. In terms of food-per-$, that’s the cheapest route to go by far.

But if you don’t have time to cook or forget, try to stick to the low-cost value menus if you go to a fast food place. Not only is the food cheaper, the portions are usually smaller but still filling (limiting the 1L weight gain).

====================
9) AND WATCH YOUR OTHER VICES
====================

All of us have our own “guilty pleasures.” Some folks like to buy shoes, others prefer video games, still others hit the bar every night of the week. In my case it’s DVDs — you could probably guess from the projector :beatup: — an unnecessary expense I justify to myself as a reward for being amazing.

No matter how well-deserved that reward may be ( ;)) the costs add up quickly.

Try to keep a close eye on how much you’re spending to indulge those habits. You might even want to put a line item in your monthly budget for the occasional splurge.

Especially in the beginning of the semester when cash is plentiful, it’s real easy to dig a financial hole without realizing it… and one you’ll have to fill in right around the time final exams get here. Not a good situation, but one you can easily avoid :)

***

That concludes my list of things to help save you money!

Hopefully all of you will find at least 2-3 items on this list that might be useful — and if you’ve got tips of your own, share them in the comments! :D

—===—

Past TDot’s Tips entries:

  1. I need to change Delta’s tag btw; I’ll knock that out some time soon. For now just remember she’s officially a 3L. []
  2. The office in Raleigh once had a diamond-encrusted pool table from a drug dealer. The diamonds alone were worth $50K+ :crack: []
  3. Work which I concede I still haven’t done because I just don’t care enough to fix it :beatup: []

Tags: , , , ,

 
2

More Pre-L Advice Around the Web

Posted by T. Greg Doucette on Jun 6, 2010 in Randomness

Good evening y’all! :D

Sorry for the 3-day mini-hiatus. I wish I had a good excuse for you, but in all candidness most of that time has been spent reading for summer school classes and cleaning up the apartment :beatup:

The reading shouldn’t surprise any of you, but the cleaning might be so let me explain briefly.  Even though my place is fairly tiny compared to many of my law school colleagues (a mere 650ish square feet), I’ve got a really bad habit of letting things slide until I get über-annoyed and go on a cleaning spree.

I hadn’t substantively cleaned anything since final exams,1 so today was spent going through numerous piles of old outlines, old cases, and miscellaneous other papers stacked high in the living room.

It also reminded me of the sheer volume of magazines and other @#$% I get from the ABA for being a student member :crack:

Anyhow, based on some of the feedback I’ve gotten it seems like folks actually found some value in our TDot’s Tips entry on $$$.  If you haven’t checked it out yet, please do — Ricky Nelson and Va. both had detailed comments on some things I hadn’t considered. Also much thanks and appreciation to ImNobody over at Thanks, but No Thanks, to Brent at Caffeine Review, and to the folks at ClearAdmit for sharing the entry with their readers.

I’ve got more cash-related tips to share in the next few days, but Brent actually rounded up a lot of recent pre-L advice and I thought I’d follow his lead. Here’s a handful of suggestions from across the web over the past couple weeks:

  • Brent’s roundup of 1L advice (Caffeine Review)
  • Part 1 of a 3-part series, Law School Ninja on the importance of enjoying your pre-L summer2) (Law School Ninja)
  • Part 2 of that series, this time on orientation, the curve, and study time (Law School Ninja)
  • Mariel with a thorough entry on school supplies, from computers to desk chairs and everything in between (Fresh Thought Soup)
  • Ricky Nelson with some housing advice for soon-to-be renters (Legally Questionable Content)
  • And some suggestions for soon-to-be bloggers (Legally Questionable Content)
  • Then there’s Dennis Jansen’s advice repository — it’s not as recent as these other entries but definitely falls in the “must read” category (Dennis Jansen)

I’m also told from the panicky status updates in my Facebook mini-feed that tomorrow is June LSAT day. As someone who didn’t take the June LSAT precisely because I had too much going on to focus, I’d encourage those of you planning to take the test tomorrow to read this entry from Ann Levine — if you’re not 100% comfortable and able to get into your “zone” definitely consider skipping the test tomorrow and knocking it out in October instead.

That’s it from me tonight folks, I’m off to continue reading for my ADR Practices class before heading to bed so I can get up early — allegedly the waiting for grades ends tomorrow :eek:

Have a great night!! :D

  1. “Substantively” meaning anything beyond the bare minimum necessary to ensure I’ve got clean clothes to wear, clean dishes to use, and the ability to shower without feeling like I’m bathing in mold :beatup: []
  2. Because you will not be able to truly prepare. Trust her. And me. And pretty much everyone else you’ve ever read who has finished 1L year ; []

Tags: , ,

 
5

TDot’s Tips: Tips for the pre-L’s on $$$

Posted by T. Greg Doucette on May 29, 2010 in TDot's Tips

Judging by some of the search queries bringing folks here to law:/dev/null, those of you accepted into the Class of 2013 are scurrying around online looking for law school advice before orientation starts in a couple months.

First, CONGRATULATIONS! :D I was just in your shoes not too long ago, I remember what it was like, and I’m excited for you!

Second, chill out ;) See this post from Law School Ninja — use this summer to relax, not to try and prepare for law school. Preparation is not gonna make a lick of difference, I assure you :)

Third, assuming you’re going to ignore that previous paragraph, use the summer to learn how to manage your finances. I’ve met a lot of law students from a lot of law schools who barely know how to balance their checkbooks.1  Law school is stressful enough without being worried about money.

Here are a few tips I’ve put together that might be able to help you in your first year:

====================
1) CREATE A BUDGET
====================

A simple sample budget

This one probably seems like common sense, but it’s probably the most important thing you can do financially — make sure you’ve got a decent idea of how much money you’ve got coming in, and how much you’ll have going out.

I’ve seen simple budgets sketched out on a piece of notebook paper; I’ve seen needlessly complex budgets using crazy functions in Microsoft Excel that I didn’t even know existed :beatup:

No matter what level of complexity you use, the important thing is to try and stick to the budget whenever possible.

To the right is a sample budget I put together for this blog entry, which I’ll probably end up using for the upcoming year. The main thing is to have an easy-to-reference sheet where you can see your major expenses and income sources.

====================
2) SET ASIDE $$ IN SAVINGS
====================

You might notice in that sample budget that I’ve included “Deposit to Savings Account” as an expense.

One of the weird things about 1L life is that you’re strongly strongly strongly discouraged from having any outside employment at all.2 That means if something unexpected happens, you don’t have the option of working overtime or extra shifts to make the $$ for it.

So if you’re living off student loans like most of us, your financial aid refund is all you get for the entire semester. Set aside a chunk of it early (I’d suggest 10%) into a savings account or some other safe spot, before you get tempted to spend it.

That way if something unexpected does happen, you’re covered. And if not, you’ll have extra money to use on whatever you want later on :)

And put it explicit in the budget so you actually remember to set it aside, rather than forgetting it’s supposed to be saved and then inadvertently spending it on something. Like highlighters ;)

====================
3) RENT THE LEAST EXPENSIVE PLACE YOU’RE COMFORTABLE LIVING IN
====================

Most of the expenses you’ll have in a given month will be in the sub-$100 range, and a good chunk of them (e.g. cable TV, fast food, etc) can be given up if you get into a real financial bind mid-semester.

That’s not the case with the rent ;)

As you’re searching around your new city for an apartment, make sure to do a comprehensive comparison among your options — then pick the least expensive place you’re still comfortable living in.

I’ve got a classmate who I’ll leave nameless, but who definitely isn’t stupid. When he signed his lease back in August, he picked a newer apartment complex up the road from me with all kinds of fancy amenities — gated entrance, nice pool, nicer gym, detached garage, etc etc. A really swank place, about $75/mo more than mine.

Then when late November got here, he was running short on his funding and was stressed out trying to figure out how to cover his December bills… right as he had to start studying for final exams :beatup: Luckily for him everything worked itself out, but you don’t need that pointless stress.

For that $375 he paid more than me over the 5 months of Fall semester, he used the nice pool all of 0 times, went to the nice gym just the first month before studying took up his free time, and spent a good chunk of his life at the law school while his detached garage was empty. Plus his summer internship is in another town so he’s trying to find someone willing to sublease for just a couple months (thus far no takers).

Now if a potential apartment just screams to you “LIVE HERE!“, then by all means go with it. Preferably after getting psychiatric help for thinking your apartment is screaming to you :* But if you can handle a smaller pool or gym, or forgo the entrance gate, consider giving up those amenities for the $$ you’ll save over the course of the year.

====================
4) USE YOUR REFUND TO PAY DOWN YOUR CREDIT CARDS
====================

By the time folks reach law school, odds are good they have at least one credit card. An April 2009 study found graduating students on average have 4.6 cards carrying $4,100 in debt.

Despite the high interest rates many credit cards charge, they can provide an invaluable level of financial flexibility. I’ve had to use mine on more than one occasion for textbooks or tuition when financial aid didn’t stretch far enough.

But that doesn’t mean you can’t trim the amount of interest you’re paying for that flexibility :D

If you get a financial aid refund, throw it all at your highest interest rate credit card(s). You’ll end up using your cards throughout the semester for basic purchases and paying bills, but you’ll be paying less in daily interest than if you kept the $$ in your checking account while making minimum payments on the credit card(s).

====================
5) “YOU’RE A LAW STUDENT, NOT A LAWYER”
====================

No matter how you handle your finances, or whether you follow any other money-related tips you come across, remember: you’re a law student, not a lawyer ;)

The mansion, home theater, luxury car, yacht and all the other accoutrements of being an attorney will come to you in due time. But that time isn’t going to be the 3 years while you’re in law school3

Live like a lawyer now and you’ll end up like my friend, stressing over cash flow when you need to be studying for Contracts. Live frugally and you’ll still have the resources to still enjoy yourself :spin:

***

That’s all I’ve got for this post — hopefully you’ll find at least one of these tips useful!

Good luck to all of you, and congratulations again on your acceptance! :) If you have any questions on anything, let me know! :D

—===—

Past TDot’s Tips entries:

  1. It’s even more amazing considering some of these folks will be managing finances for their law practices… []
  2. To underscore the point, the ABA actually has a rule saying you can’t work more than 20 hours a week :surprised:  []
  3. Unless you hit the lottery. Don’t hold your breath. []

Tags: , ,

 
-

TDot’s Tips #8: Don’t burn your bridges

Posted by T. Greg Doucette on Feb 8, 2010 in TDot's Tips

I’ll confess: I was notoriously arrogant when I first got to N.C. State back in 1998.

I know that comes as a shock to all of about -0- of you :P

In hindsight I’m not entirely sure why I acted the way I did. I was only a slightly-above-average student, paired with well-above-average acne and well-below-average athleticism :beatup: But you wouldn’t believe it from how I carried myself and interacted with other folks.

Until I met QuietStorm.

We both were freshman appointees to the single most distinguished student deliberative assembly ever conceived in the State of North Carolina, and both of us got assigned to the same committee. I jumped into the policy debates in person and over the listserv from Day 1, and didn’t hesitate to employ a little vitriol in condemning proposals I considered ridiculous.

In response to one of those emails a few days after our appointment, I got a polite response from QuietStorm — our first interaction with each other — essentially telling me to STFU. My response was far less refined, including at least one reference to me “actively mock[ing]” people with her political beliefs.

She shot back minutes later informing me that I didn’t know her well enough to know her political beliefs, she was only trying to be help me avoid alienating people, and a closing admonishment: “Don’t burn your bridges. You never know when you’re going to need one.”

I realized she was right — over the next few months I learned that she was not only more politically conservative than me, but that we also made a phenomenal team. So I dialed back the pretentiousness over the next semester and adopted a policy of trying to be courteous and respectful to everybody.1

I’m sure there are plenty of folks in the world who don’t like me, but hopefully their distaste isn’t from anything I did to them :)

Days like today remind me it was a good choice.

It started this morning in response to my quote in this article for the Raleigh News & Observer. I sound like a fool, but got a Facebook message from someone who graduated in 3 years, read the story and wanted to wish me well in law school.  The name looked familiar but I wasn’t 100% sure why. A quick Google search confirmed my hunch — QuietStorm and I both worked with him in the Student Senate way back in 1999.

Then after CivPro I drove down to Raleigh to get my car repaired (again). I was talking with one of my colleagues from western NC about the tuition/fee vote at this week’s meeting of the UNC Board of Governors, and after I hung up a guy standing near the door goes “Hey are you Greg?” After my initial impulse to go “who wants to know?” subsided, I found out he was a student at UNC Pembroke (about 1.5 hours south of Raleigh) who I had met for a few minutes almost a year earlier as part of our UNCASG Listening Tour.

Here in the span of a few hours were two folks, interaction with the former separated by time and the latter by geography, who I never expected to cross paths with again. Imagine how either of those conversations would have turned out had I still been an asshole! :beatup:

And as if Life wanted to underscore the point, just before writing this post I got a terse email from a guy working for an organization I’ll leave nameless, demanding a favor from me in my capacity as President of UNCASG — the largest student advocacy organization in North Carolina, and thus a preferred audience for his group. The guy in question? One of the folks responsible for deploying various crude insults about me2) back during my first campaign for Student Senate President.

Needless to say I declined his request :angel:

As many a 2L, 3L and post-L will tell you, the folks we’re working with in law school are going to end up being our friends and colleagues for years down the road. It’s probably a good idea to treat them well so they’ve got a favorable impression of you in the future, because whether it’s in a courtroom or a car repair shop you never know when you’ll cross paths with someone again :)

Have a great night everybody! :D

—===—

Past TDot’s Tips entries:

  1. Albeit only as a “no first strike” policy: folks who were rude/mean to me or friends were exempt :angel: []
  2. Mispronouncing my last name sounds similar to a feminine hygiene product, which was apparently the height of civic discourse for the campaign. It’s part of why I felt no sympathy when this poster started appearing ; []

Tags: , , , , , ,

 
4

TDot’s Tips: Final Exam Edition

Posted by T. Greg Doucette on Dec 16, 2009 in TDot's Tips

Sorry for the extended break, I was enjoying the whole “class is over and I don’t have anything to do”-ness of winter break.  But today was mostly spent at the law school, meaning it was time to finally get around to resuming the blog posts here at law:/dev/null :)

Today itself was… interesting.  I was fortunate enough to make the 1L trial advocacy team for a competition next month, but the preliminary interview for the Client Counseling Competition was an unmitigated disaster. I’m lucky Madame Prosecutor didn’t wring my neck in the middle of the interview room because I clearly don’t know the first thing about interviewing potential clients :beatup:

Fortunately I’m getting the experience now so I’ll be in better shape a few weeks from now.

Speaking of getting experience: exams! Wow. That was an experience.

My classmates and I had a little heads up on how everything was going to happen since the N.C. Central University School of Law is one of apparently few law schools that provide midterm exams. But in the words of MDG: “The difference between midterms and finals is like the difference between a chihuahua and a great dane.”

He wasn’t lying.

The multiple choice questions in all of the classes were almost absurdly nitpicky (hat tip to Jansen for the word choice ;)). It was one of those situations where I could tell what specific topic the professor was trying to test, but the particulars were sufficiently complex that I couldn’t say with any degree of certainty whether or not I chose the right answer. And of course nearly every question had “D. All of the above. E. None of the above.” as the last two answer choices.

I’m taking solace in the fact I finished all of the essays, which was a switch from midterms.

Anyhow, now that exams are over I figured I’d share some of my own tips on exam prep. I stipulate that some of this reiterates advice other blawgers have already given — see FTS and FO and idswj — but I figured I’d tell you what worked for me so you have another perspective to add when considering different techniques ;)

  1. DON’T STRESS! If you ignore every other bullet point in this entry, remember this. One of the awkward moments of final exams was spent trying to console a friend who was having a mental breakdown, even though she’s one of maybe 4 people in our section who I’d bet actual cash on knowing the material backwards and forwards. Yes, grades are important — but they’re not the end of the world. Stressing out to the point of melting down just makes you less competitive when you take the actual test.
  2. Rehearse if it helps. No matter how many times folks read that earlier bullet, some of them are still going to freak out over exams. One way to help deal with that nervousness is to practice under as-close-to-real-life conditions as you can get. Find practice exams and force yourself to take them under strict time conditions; use a stopwatch to time you if necessary. If you can only find 1 or 2 practice exams, re-take them until you’re comfortable. Remember the objective with these practice exams isn’t necessarily to get the material down cold, but instead to help you stay calm in the actual test.
  3. Study however works best for you. It may sound strange, but I’ve become a firm believer in Dr. Psych’s comments on learning styles. I’m overwhelmingly a kinesthetic/”tactile” learner — I learn by doing. For me that means writing out index cards (CivPro) or taking practice exams (Property). If you’re a visual learner, you’ll probably benefit from reading and re-reading your outline several times. And if you’re an aural learner, try saying your outline aloud so you hear it. Matching your study habits with your study style helps burn the information deep into your mind for finals :)
  4. Sleep. Adequate rest is important to remembering the information you absorbed studying, and it will help you stay focused on the exam itself. Trying to go off 2-3 hours of sleep because you pulled an all-nighter is counterproductive. You should have learned that in undergrad :P
  5. Do the multiple choice questions first. Unless you’re *very* disciplined with your test-taking skills, knock out the multiple choice questions before moving to the essays. A handful of my colleagues tried to reverse what they tackled first since several folks ran out of time on the midterms, and a few never made it to the multiples at all on the final as a result. Essays are free-form, so we naturally spend more time writing, tweaking, editing, adding, etc. They’re a huge time sink, and if you don’t grab the easy points first (the multiples) you risk missing them entirely.
  6. Remember the Rules of Fight Club. Mariel said it best, so I’ll defer to her ;)
  7. Smile (when it’s over). You’ve survived. Pat yourself on the back for a semester’s worth of hard work, and know you’re that much closer to the end of the road and the J.D. waiting there for you :D
  8. For those of you who are finally done with your final exams, congratulations! :) And to those of you still slogging through the trenches on the way to the end of the semester — GOOD LUCK! :D

Tags: , , , , , , ,

 
-

TDot’s Tips #1: Exercise!

Posted by T. Greg Doucette on Nov 29, 2009 in TDot's Tips

For those of you who are new readers to law:/dev/null (welcome!! :) ), the “TDot’s Tips” category is basically where I compile snippets of unwarranted and minimally useful advice from my life in case you’re a pre-L looking for suggestions on making it through law school or a #L wondering what works for other #Ls. Your mileage may vary, there are no express or implied warranties as to the effectiveness of the tips herein, caveat emptor, etc etc etc ;)

The draft of this particular post was actually written awhile ago, in anticipation of a day when I’d have nothing to post. Turns out life had other plans — I’m now crutch-stricken courtesy of a “suspected stress fracture to the left tibia.” I’ve been doing physical training to get in shape for the USMC (hoping to go to Officer Candidates School this coming June) and apparently have been running a little too far, a little too hard, a little too soon :beatup:

The upside? It provides an excellent segue into the topic of this entry :D

Studying the law is a tedious process. Mind-numbingly boring in fact. You’re basically growing your mind in two ways at once. First of course you’re learning the law itself… and the requisite exceptions… and the requisite exceptions to those exceptions. Then you’re also learning to be overly-analytical and “think like a lawyer” so you can successfully rob your life of anything even vaguely resembling spontaneity or simplicity as you invariably dicker over terms and conditions.

Even if both of those come naturally or you enjoy them, you’ll still be undergoing an evolutionary process only slightly more exciting than watching your hard drive defragment itself :beatup:

That’s the main reason why exercising in law school is so important. Even if you’re not the exercising type — I had been to the gym a grand total of maybe twice in my last 2-3 years of undergrad — just getting out of the house and going for a walk around the neighborhood will clear and refresh your mind.

Building up to more aggressive activities like running or playing basketball will also help you stay fit and be more energetic during the day. That’s a particular benefit if you’re not a morning type and spend your first class or two of the day in a haze (trust me).

And keeping your body accustomed to physical activity helps ensure you don’t end up breaking something doing too much too soon ;)

So as you’re studying for the LSAT or final exams or anything else coming up at this time of year, make sure to take at least an hour a day to do something non-school-related. You’ll be glad you did :)

Have a great night folks! :D

—===—

Past TDot’s Tips:

Tags: , ,

Copyright © 2022 law:/dev/null All rights reserved. Theme by Laptop Geek.
Find TDot on Twitter or on Google+.