Eight ways to improve 401(k)s

Congress is working on the SECURE Act 2.0. It provides for automatic enrollment, increases the catch-up contribution limit and makes many other changes.

Here are eight more ways to make 401(k)s fairer. Call it SECURE 2.0.1.

  1. Mandatory Roth
    Not all 401(k) plans allow for Roth 401(k)s. Mandate that plans provide this as an option.
  2. Don’t punish good savers
    If you max out your 401(k) before December 31, you can lose the benefit of the company match, unless the plan offers a true-up. Many plans do not have this feature. Make true-ups mandatory.
  3. In-plan conversions
    Some plans allow you to convert traditional 401(k) contributions to Roth contributions, requiring you to pay the taxes. But not all plans do. Once idea (1) is implemented, more plan participants could take advantage of this, Make in-plan conversions mandatory.
  4. Immediate vesting of matches
    Some plans require participants to be with the employer for many years before they can keep any earned matching funds. Retirement plan money should not be used as leverage/a threat. Ban vesting periods.
  5. No waiting periods
    Some employers don’t allow contributions to 401(k) plans until the employee has been there for several months. Ensure all employees are eligible on their first day of work.
  6. No fractional matches
    Some employers will match 50% of up to 4%. This is confusing and punishes those who can least afford it. This match should be 100% of the first 2% instead. Only allow matches 1:1 or greater. 
  7. Immediate custodial transfers
    Many providers send funds via paper checks via untracked mail. This is slow and increases the potential loss. Require all providers to make transfers electronically by default, and complete them within 72 business hours of the request.
  8. Good selection of index funds
    Many plans greatly restrict the choice of funds. Often, these choices have high fees or poor returns. Require plans to provide access to a complete set of index and target date funds from at least one provider (Schwab, Vanguard, Fidelity, etc.)

On asking questions

John Sawatsky is an expert on interviewing and asking questions. Here is some coverage of his work.

HOWTO create a bootable USB installer for Mac OS X Lion

Here are instructions for doing this in the Terminal. (Other answers you find are out of date, as they change every time Disk Utility’s UI changes, which is a lot.)

Before you begin, make sure to partition the USB drive as GPT and format it as Mac OS Extended (Journaled) (aka JHFS+).

Make a copy of the installer dmg:

$ cp "Install Mac OS X Lion.app/Contents/SharedSupport/InstallESD.dmg" ~

Scan the image to make it ready for restore

$ asr imagescan --source InstallESD.dmg 
Checksumming partition of size 0 blocks...done
Checksumming partition of size 4 blocks...done
Block checksum: ....10....20....30....40....50....60....70....80....90....100
successfully scanned image "/Users/paul/InstallESD.dmg"

Restore the image to as USB drive

$ sudo asr --source InstallESD.dmg --target /Volumes/Untitled --erase --noprompt 
	Validating target...done
	Validating source...done
	Retrieving scan information...done
	Validating sizes...done
	Restoring  ....10....20....30....40....50....60....70....80....90....100
	Verifying  ....10....20....30....40....50....60....70....80....90....100
	Restored target device is /dev/disk6s2.
	Remounting target volume...done
asr: Couldn't personalize volume /Volumes/Mac OS X Install ESD - State not recoverable

HOWTO update HP LaserJet Pro P1102w firmware on macOS

The current version of the firmware (20201023, as of January 22, 2022) for the HP LasterJet Pro P1102w only runs on macOS 10.14 or earlier.

This is not great, as macOS 10.14 was released back 2018. If you try to run the (unsigned, sigh) updater, it crashes looking for a missing dylib (/usr/lib/libnetsnmp.15.dylib):

Not only is this binary unsigned, it uses com.yourcompany instead of com.hp.

The workaround — using an Intel-based Mac — is to install Windows in a VM and update it from there. Here’s how:

  1. Download and install VirtualBox and VirtualBox Extension Pack
  2. Download a Windows 10 VM
  1. Import the VM into VirtualBox
  2. Plug your printer in via USB
  3. In VirtualBox, select your IE Win10 VM. Click Settings > Ports > USB, enable the USB controller and add a USB filter for your printer.
  1. Start Windows. Remember the password is “Passw0rd!”
  2. Go to the HP P1102w driver page. Select Windows and “Windows 10 (64-bit)”:
  1. Download and install the driver. A test page will print.
  2. Download and run the firmware updater

You’re done! Shut down the Windows VM and go about your day.

HP LaserJet Pro P1102w driver fails to install on macOS ≥ 12.0.1

Cross-posted from HP support forum.

HP’s LaserJet Pro P1102w printer drivers (download) fail to install on macOS 12.0.1 or later. Attempting to install them displays the error:

This update requires macOS 12.0 or earlier.



  • macOS 12.0.1 was released on October 25, 2021.
  • HP’s drivers (5.1) were were released on October 27, 2021.
  • Previous thread (“Hp printer driver for Macos Monterey 12.0.1 not available“) October 11, 2021. Support agent @Kumar0307 failed to escalate this to engineering and falsely suggested the driver would work with 12.0.1; it does not.
  • macOS 12.1 was released on December 13, 2021.
  • As of December 29, 2021, HP has not released a fix.

The problem is due to the Distribution script in the installer. It looks like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<installer-gui-script minSpecVersion="1">
<options hostArchitectures="x86_64"/>
<installation-check script="InstallationCheck()"/>
<license file="License.rtf"/>
<line choice="manual"/>
<choice id="manual" title="SU_TITLE">
<pkg-ref id="HewlettPackardPrinterDrivers" auth="Root" packageIdentifier="com.apple.pkg.HewlettPackardPrinterDrivers">#HewlettPackardPrinterDrivers.pkg</pkg-ref>
function InstallationCheck(prefix) {
if (system.compareVersions(system.version.ProductVersion, '12.0') &gt; 0) {
my.result.message = system.localizedStringWithFormat('ERROR_25CBFE41C7', '12.0');
my.result.type = 'Fatal';
return false;
return true;
<pkg-ref id="HewlettPackardPrinterDrivers" installKBytes="933742" version=""/>

The script is checking for 12.0 instead of 13.0.

The workaround is described in a macrumors thread: run these commands in Terminal:

curl -o ~/Downloads/hpdrivers.dmg&nbsp;<a href="https://updates.cdn-apple.com/2020/macos/001-41745-20201210-DBC9B46B-88B2-4032-87D9-449AF1D20804/HewlettPackardPrinterDrivers.dmg" target="_blank" rel="noreferrer noopener">https://updates.cdn-apple.com/2020/macos/001-41745-20201210-DBC9B46B-88B2-4032-87D9-449AF1D20804/Hew...</a>
hdiutil attach ~/Downloads/hpdrivers.dmg
pkgutil --expand /Volumes/HP_PrinterSupportManual/HewlettPackardPrinterDrivers.pkg ~/Downloads/hp-expand
hdiutil eject /Volumes/HP_PrinterSupportManual
sed -i '' 's/12.0/13.0/' ~/Downloads/hp-expand/Distribution
pkgutil --flatten ~/Downloads/hp-expand ~/Downloads/HP_Drivers_12.pkg
rm -R ~/Downloads/hp-expand

Then open the newly-created HP_Drivers_12.pkg and install it.

Music booking and house concert notes

House concert information

Businesses that book small shows


HOWTO change a theme slug in WordPress

If you rename a WordPress theme, you will lose customizations (theme mods). They’re stored in wp_options based on the theme’s slug.

WP CLI makes it easy to quickly copy the theme options over:

wp> $new_slug = "my-new-theme-slug";
wp> $theme_slug = get_option( 'stylesheet' )
wp> $mods       = get_option( "theme_mods_$theme_slug" );
wp> update_option( "theme_mods_$new_slug", $mods );

State legislature websites, compared

Having recently spent some time with OpenStates data, I noticed the state government websites varied … a lot. Wanting to quantify this variation, I used the SSL Labs scanner, Lighthouse, and some Ruby scripts to compare the 50 states, DC and Puerto Rico’s legislature’s websites.

The table below covers usability (is the hostname flexible), security (does it allow or require HTTPS), server configuration (SSL Labs) and performance (Google Lighthouse).

state URL www .gov HTTPS Support HTTP Upgrade SSL Labs Perf AX Best Practices SEO
AKakleg.gov ✔️C56747369
ALlegislature.state.al.us 🚫 root15766075
ARarkleg.state.ar.us 🚫 root✔️B65948784
AZazleg.gov ✔️✔️A43907382
CAassembly.ca.gov ✔️✔️B31926080
CAsenate.ca.gov ✔️✔️B30688091
COleg.colorado.gov ✔️A29938090
CTcga.ct.gov ✔️✔️B22896792
DCdccouncil.us ✔️A64817377
DElegis.delaware.gov ✔️✔️B14856776
FLflsenate.gov ✔️✔️B44888791
FLmyfloridahouse.gov ✔️✔️B69827391
GAlegis.ga.gov 🚫 root✔️✔️A231008092
HIcapitol.hawaii.gov ✔️✔️B85567350
IAlegis.iowa.gov 🚫 root✔️✔️A+94718078
IDlegislature.idaho.gov ✔️✔️B27877369
ILilga.gov ✔️✔️C87615350
INiga.in.gov ✔️B96776775
KYlegislature.ky.gov 🚫 www✔️✔️B38898068
LAhouse.louisiana.gov ✔️✔️B48738074
LAsenate.la.gov ✔️✔️B41858091
MAmalegislature.gov ✔️✔️F301007371
MDmgaleg.maryland.gov ✔️B60926088
MDmsa.maryland.gov ✔️✔️F41827377
MElegislature.maine.gov ✔️A76857389
MIhouse.mi.gov ✔️✔️B98946762
MIsenate.michigan.gov ✔️✔️C86978791
MNhouse.leg.state.mn.us 🚫 root✔️B32988090
MNsenate.mn ✔️A+91008779
MOhouse.mo.gov ✔️✔️B94619354
MOsenate.mo.gov ✔️✔️B10937384
MSlegislature.ms.gov ✔️❌❌B34658082
MTleg.mt.gov ✔️✔️B37916777
NCncleg.gov ✔️✔️B40936788
NDlegis.nd.gov ✔️✔️B651007364
NEnebraskalegislature.gov ✔️✔️B80998097
NHgencourt.state.nh.us F0846075
NJnjleg.state.nj.us ✔️A+89674775
NMnmlegis.gov ✔️✔️B87807383
NVleg.state.nv.us ✔️B581006791
NYnyassembly.gov ✔️✔️B57988799
NYnysenate.gov ✔️✔️A39806785
OHohiohouse.gov ✔️✔️B27987369
OHohiosenate.gov ✔️✔️B34616075
OKoksenate.gov ✔️✔️A7767383
OKokhouse.gov ✔️✔️B43907388
ORoregonlegislature.gov ✔️✔️B29977374
PAlegis.state.pa.us ✔️B82638074
PRsenado.pr.gov ✔️✔️B12736769
RIrilegislature.gov ✔️F58694742
SCscstatehouse.gov ✔️✔️B89827379
SDsdlegislature.gov ✔️✔️A69893100
TNcapitol.tn.gov ✔️✔️B641006782
TXhouse.texas.gov ✔️✔️B68976769
TXsenate.texas.gov ✔️✔️B52807377
UTle.utah.gov ✔️✔️A71988085
VAvirginiageneralassembly.gov 🚫 www✔️✔️B46876769
VTlegislature.vermont.gov 🚫 www✔️✔️B90947387
WAleg.wa.gov ✔️✔️B34897380
WIlegis.wisconsin.gov ✔️✔️B80958770
WVwvlegislature.gov ✔️B86847390
WYwyoleg.gov ✔️✔️B4928083


  • Three sites don’t support HTTPS: Alabama, Kansas and Puerto Rico’s lower house. Mississippi downgrades HTTPS request to HTTP.
  • Of the sites supporting HTTPS, Massachusetts, Maryland, New Hampshire and Rhode Island get an “F” grade. (Get it together, northeast!)
  • New York’s old state assembly site (assembly.state.ny.us) still works and doesn’t redirect you to nyassembly.gov.
  • The Michigan House uses house.mi.gov; house.michigan.gov redirects there (but doesn’t have a valid certificate).
  • The Michigan Senate uses the opposite: senate.michigan.gov. Going to senate.mi.gov redirects you there (and also lacks a valid certificate).
  • Alabama, Arkansas, Georgia, Iowa and Minnesota require you add a www prefix.
  • Kentucky, Virginia and Vermont don’t permit www prefixes.
  • The Minnesota state senate uses an .mn domain, which belongs to the country of Mongolia. Seems like a security risk.

Installing and updating Creative Suite 6

After upgrading from Mojave to Catalina and Big Sur, Adobe Creative Suite 6 Design Standard no longer worked (despite Illustrator and Photoshop being 64-bit apps).

Not wanting to spend $60/month for occasional use, running these under Mojave in a VM was my next-best option. After repeatedly running into an error using a VirtualBox setup script, I downloaded VMware Fusion 12 Player and tried to install it. The installer got stuck at the macOS Utilities screen, regardless of whether I dragged the Mohave installer app to Fusion or built an ISO.

Eventually I installed Mojave on an external hard drive and used Fusion’s “Install macOS from the Recovery partition” feature to create a working VM.

Once Mojave was up and running, installing Creative Suite from the DVD worked as expected.

After installation, I ran Adobe Application Manager to check for updates. The apps themselves (InDesign, Photoshop, Illustrator) updated successfully. However, several pieces of support software failed to update:

  • Adobe Bridge 5.0.2
  • Photoshop Camera Raw 9.1.1
  • Adobe Extension Manager 6.0.8
  • Adobe Digital Publishing Suite Tools 2015.5

The updater would get to the end of the process and error out.

Updating these four components manually was difficult.

Adobe Support was anti-helpful. @AdobeCare sent me to chat support, who told me (rather ungramatically) that since CS6 was discontinued, support wasn’t available. I didn’t need support, I just wanted the updater to work and for their website to have working links. They sent me to the Bridge updater page (the one I had already found, with its broken link). After I told them (via email) the link was no good, they doubled down on the idea the link was working:

We would like to inform you that the direct download link is working fine at our end. You need to to follow the “Right Click” steps which was attached with the last email for downloading the file on your computer from the link below:

Thanks, folks. I know how to click things, and I know when something is 404:

~  $ curl -I http://download.adobe.com/pub/adobe/bridge/mac/5.x/AdobeBridge_5.0.2_mul_AdobeUpdate.dmg
HTTP/1.1 404 Not Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Mon, 01 Feb 2021 15:56:23 GMT
Connection: keep-alive

Since updates took a while before failing, I figured it was actually executing something and used fs_usage -f filesys -w | grep -i adobe to check. Sure enough, it was downloading a file … but deleting it on error, before I could save the downloaded installer file.

My next step was to figure out what was being dowloaded and download those files manually. Using tcpdump -A port 80 | grep -A 5 GET, I was able to grab the swupdl.adobe.com URLs the updater uses, and manually download:

Each dmg contained an installer that ran successfully.

Updating a ThinkPad z60t

I recently refurbished an old IBM ThinkPad z60t to make it usable and suitable for donation. This involved two areas of work:

  • Installing Linux
  • Upgrading the firmware

Upgrading the firmware

The ThinkPad has two different firmware upgrades:

  • BIOS
  • Embedded Controller

ThinkWiki’s list is pretty comprehensive, and pointed me to BIOS 1.24 and EC 1.18.

Because this machine is so old, it does not offer .iso files (to put on CD or USB drive) or Linux-compatible firmware. There are diskette versions (for putting on floppy disks) and non-diskette versions (run running manually).

The non-diskette .exe file cannot be extracted using The Unarchiver, unzip, or innoextract. It won’t run on Windows 10, and won’t run under DOS mode. (I tried installing FreeDOS on to a USB stick, too.)

Using Virtualbox and a Windows 10 VM, I installed AOMEI Partition Assistant and tried to create a Windows 7 to Go installation on a USB thumb drive. That got all the way to the end before erroring out.

At this point, I decided to pull the hard drive, install Windows on a new drive, and use Windows to update the firmware.

The BIOS updater runs on Windows 7 (despite not listing that as a compatible option), but the EC updater does not, and gives this error:

DeviceIoControl() returns 24 Please restart your operating system and execute the BIOS or Embedded Controller update utility again.

At this point, I had to find a sketchy Windows XP ISO, burn it to CD and install Windows again.

Once I had XP installed, the EC updater ran as expected and the update completed successfully.

Readers: if you know how to install the diskette version version onto a bootable USB drive, please share how in the comments.

Installing Linux

The z60t uses a Pentium M, which is a 32-bit processor. Most current versions of Linux (such as Ubuntu 20.10) only support 64-bit hardware. I chose Linux Mint 19.3 “Tricia” with Xfce, as it was the least resource-intensive.

After using Etcher put the installer on a USB thumb drive, I was able to easily install Linux Mint on the laptop.

After installation and rebooting, most things worked — except for Wifi. I spent an hour or so googling around and reading about rfkill and trying different commands:

  • sending enable to /proc/acpi/ibm/wan and /proc/acpi/ibm/bluetooth
  • adding blacklist ideapad_laptop to /etc/modprobe.d/blacklist.conf
  • adding option thinkpad_aacpi dbg_bluetoothemul=1 bluetooth state=1 to /etc/modprobe.d/thinkpad-acpi.conf
  • Turning bluetooth/WiFi off and on in the BIOS.

In the end, the solution was much simpler. There’s a hardware slider on the front of the machine, by the headphone ports. Sliding it enables the radios.