Tax in NY v.s. NJ State
A choice many young professionals make on moving to NYC, NY to work for one profitable company or another is where they should live. The choices are typically Manhattan, Queens Brooklyn, another borough of NY such as Staten Island, or New Jersey. Weighing the neighborhood, rent, social scene, and proximity to fast public transportation are not the only choices you should consider; the tax rate of NY and NJ are worth thinking about. In fact, New York City is one of the few cities in America to charge a unique city-tax for residents in any of its boroughs.
Our young example is a 23 year old woman working for Citigroup. As an entry level programmer working in straight-through-processing, she might make $100,000 a year in taxable income (it’s a round number, not a real one). She is single, and will not be claimed as a dependent. Now let’s run the numbers for NY:
- $100,000 taxable income
- 6.85% state tax
- $1,706 plus 3.648% of excess over $50,000 NYC tax
- $7,500 standard deduction
So the total NY taxes she’ll pay is ($100,000 – $7,500) * .0685 + $1,706 + ($50,000 – $7,500 ) * .03648, which is $9,593 in taxes to New York. The New Jersey tax works slightly differently:
- $100,000 taxable income
- 6.37% state tax
- $2,126 post-tax deduction
In NJ, she will pay the following taxes: $100,000 * .0637 – $2,126, which is $4,244 in taxes to New Jersey. This is $5,369 in taxes she gets to keep in her pocket, an extra $450 post-tax dollars a month of savings. Please note that I am not a tax accountant or lawyer, so these figures should not be taken as advice; they may very well be wrong. But to me, they provide real evidence that living in NJ has substantial tax benefit.
Squidoo XSS Exploit Leads to Wordpress Spam Deluge
I’ve been getting a lot of Wordpress comment / trackback spam pointing to Squidoo these days, because it doesn’t valid the HTML markup users can enter into their pages. This makes it easy for spammers to put in an iframe with an external src that basically redirects the browser to their spam (usually porn) page. If the javascript were nice it would look like this:
window.onload=function(){
window.location = "http://wpi.biz/in.cgi?5¶meter=porn";
}
The page you get redirected looks like a bunch of adult-themed Youtube vidoes–they’re just images, actually, which I’ve censored–that prompt you to download something that’s probably spyware. I didn’t really investigate this further, it’s obviously very evil:
The code actually sitting on Squidoo’s servers looks like this:
And the comments left on my blogs are of the form:
New trackback on your post #1852 "Coding Horror: Hot Tech Blog"
Website: hot ebony men (IP: 190.72.74.193 , 190-72-74-193.dyn.dsl.cantv.net)
URI : www.squidoo.com/some-nasty-url/
Excerpt: hot ebony men...
I’ve sent email to both the Akismet team and the Squidoo team about this, hopefully they will:
- Implement kses-based filtering on their html input *immediately*
- Add some spam-weight to the squidoo domain until this is fixed
There’s no excuse for an XSS attack of this simplicity to exist. Javascript, iframes, etc should be disallowed. Just let basic markup through, and strip out the rest! For now, I also recommend adding the word “squidoo” to your blacklist in the Wordpress discussion options.
Update: According to the Squidoo blog, iframes will banned as of July 12th. I can’t think of anything you can do with an iframe that you can’t do with regular HTML except untrusted stuff, like redirects or arbitrary JS.
Monetize Your Blog With Image Ads
There’s a new monetization service from AdBrite which is quite promising. It’s called BritePic and offers to overlay assorted controls on top of your images, as well as unobtrusive advertisements. Their list of features is long, but rather unimpressive:
# Email this image
# Link to this image
# Embed this image (you still get the ad revenue, even if your pic is embedded elsewhere)
# Zoom in and out (see demo)
# Captions that slide out when you hover over the pic
# Ads from AdBrite
# Link the image to another URL
# Subscribe to RSS
What really shines is the user interface for their BritePic enhancements. It’s a sheer, transparent overlay that reacts to mouse events and hides when not active. For example, it adds a header which you can mouseover to show the advertisement:
There’s also a menu added to the bottom to produce a list of features:
I’m definitely going to start running the ads on this blog, just because I like how easy they are to use, and how little they get in the way of the user experience. I coded up a quick Wordpress plugin to replace all image tags with appropriate adbrite tags, and it works fine for me so far: adbrite-images.rar. You need to replace the Adbrite ID with your own, and then activate and you’re good to go.
