I never understood why people rely on the + trick to determine the source of new spam. Wouldn't a smart spammer / list-seller simply strip the suffix from all @gmail.com addresses?

I've thought the same thing since I encountered this trick a few years back. My guess is that most email providers don't allow the use of a "+" in the address and as a result its viewed as a fringe case and not accounted for.

It's not a valid way to test for illicit spam, but it's a good way to help keep honest people honest.

There are researchers who make brand-new addresses and put them in various places as a tripwire for spam.

So I've got a question. Isn't using a password manager with unique, big, long, randomly generated passwords per site essentially the same as two-factor authentication? Something I know (the master password) and something I have (the encrypted password list). The password list lives on my laptop, on my phone, etc. Furthermore, when I use 2 factor auth, I end up storing the lose-your-phone recovery password in the password manager anyway, so I'm probably missing the point of the SMS-, token- or Authy- based validation anyway.

No. Here are two differences between a password manager and 2FA:

1. A password manager will prevent someone from hacking into a website you use, stealing your password, then logging into another website as you. 2FA won't prevent this because someone who hacks into to a website can get access to the unique random seed that is used to generate the 2FA sequence, and can then use brute-force to determine your password.

2. 2FA will prevent someone from infecting your computer with a virus, stealing your password as you type it in, then using that password to log in as you in future. A password manager wont prevent this because the virus will gain access to both your main password and the list of encrypted randomly-generated passwords.

Re 1: If a.com is hacked, only a.com's OTP seeds are compromised. b.com should (hopefully) use different seeds, so 2FA still prevents someone from logging in.

Yes you are right - I was thinking about the case where only a.com uses 2FA, not b.com

Kx (http://kx.com) has been around forever and has a good rep for this sort of thing.

Matt Levine has excellent commentary on this: http://www.bloombergview.com/articles/2014-07-17/bitcoin-ban...

Although obviously much simpler, I've always been a huge fan of csshx. https://code.google.com/p/csshx/

csshx is great but lacks the audit trail (output stored) we offer. Additionally with standard parallel ssh tools, you don't have centralized user access management, and cloud provider integrations.

Not true.

Q-6: Does a taxpayer have gain or loss upon an exchange of virtual currency for other property?

A-6: Yes. If the fair market value of property received in exchange for virtual currency exceeds the taxpayer’s adjusted basis of the virtual currency, the taxpayer has taxable gain.