tag:blogger.com,1999:blog-187703792024-03-23T03:17:37.266-07:00LOCUS DEMENTIAThe trickling <a href='http://en.wikipedia.org/wiki/Madness'>madness</a> of a <a href='http://en.wikipedia.org/wiki/Cynical'>cynical</a> <a href='http://en.wikipedia.org/wiki/Solipsism'>solipsist</a>.Unknownnoreply@blogger.comBlogger98125tag:blogger.com,1999:blog-18770379.post-47975843528074579002024-03-21T15:30:00.000-07:002024-03-21T15:30:08.990-07:00AI or AI, Which Is It?<p>Artificial Intelligence, a noun that has become a household term. Most refer to it as AI, which is less of a mouthful. Where and when did this term become real? [1] Apparently John McCarthy coined this phrase in 1956 at a conference. Vannevar Bush and Alan Turing both mused about computers being intelligence and being able to enhance human intelligence or even simulate human-like thinking.</p><p>Is this thinking really "artificial" though? To suggest it being artificial would imply that there is a non-artificial type of intelligence. Otherwise, there is just intelligence, or thinking, or cognition. </p><p>The famous Turing Test may be the source of this "artificial" notion. If there is an intelligent series of responses to a human interaction, and those responses are created using a computer program, then that is considered artificial. </p><p>On a philosophical note, though, the programs are written by humans. Those programs, using rules given by humans, are creating responses that a human would create when the rules are triggered. A strict rule following human would, arguably, create the same stream of responses that a computer program would produce. Is that still "artificial?"</p><p>I suggest the narrative change. We are not making "artificial" intelligence tools, rather we are making Automated Intelligence tools. Whether it is ChatGPT or Gemini or CoPilot, the output is just an automated processing response to known inputs. </p><p>When AlphaGo won a match of Go against a human it was not an artificial win. This was an automated win using rules and logic that optimized the response to the human's play style and followed some programming that was optimized for success.</p><p><b><u>Automated Intelligence</u></b>, a term that makes AI more palatable because it doesn't anthropomorphize the notion of computer generated intelligence. </p><p>[1] https://courses.cs.washington.edu/courses/csep590/06au/projects/history-ai.pdf </p><p><br /></p><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-84537277079424433052022-09-19T16:51:00.003-07:002022-09-19T16:51:58.084-07:00Why Taxes Make You Feel Empty<p>The IRS published the tax brackets for 2022 here [1]. The tax brackets are important because they tell you how tax burden is calculated. If you've never calculated your taxes, then understand that you are taxed on a marginal bracket schedule.</p><p>If you are married and a joint filer, then the schedule starts with $20,550, and has steps at $83,550, $178,150, $340,100, $431,900, and $647,850. Each bracket is a bucket of burden where the tax rate changes from 12%, to 22%, to 24%, then 32%, 35%, and finally 37%. As you fill buckets your marginal tax rate changes. This complexity is why tax accountants make bank throughout the year. Or not ...</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaKuuNHauuDPg4X4WDyoMBcPcVmv2oO-Xy33GEXhWFhIo3uw08-0rSWjDp9t0YLyZZcOM11h8CaU7ysvNfgk6dtokS2o9oVDwT2obldCCbY8in2GJv1xdFdtAgCeVatDT8ktI7Ah-JTm1ij5zW94DezSgHvPbuclwrQx9u4mVdx2dtIBVCkA/s4316/2022-pct-change-tax-income.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2512" data-original-width="4316" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaKuuNHauuDPg4X4WDyoMBcPcVmv2oO-Xy33GEXhWFhIo3uw08-0rSWjDp9t0YLyZZcOM11h8CaU7ysvNfgk6dtokS2o9oVDwT2obldCCbY8in2GJv1xdFdtAgCeVatDT8ktI7Ah-JTm1ij5zW94DezSgHvPbuclwrQx9u4mVdx2dtIBVCkA/s320/2022-pct-change-tax-income.png" width="320" /></a></div>Inline is an image that is the graph of the marginal rate by income. It's the gray line that is scaled according to the right hand side axis. It's also the only line always increasing. Your taxes are always increasing, no matter how much you make. That's the start of the misery.<br /><p>The hyperbolic-like lines are the relative changes of income and tax burden. The orange line, or the lowest level, is the relative change in income (in $5k increments as a percent). That's a depressing line, and it is always decreasing.</p><p>The other line, which is blue and just above the lowest hyperbolic line, is the percent change in the marginal tax burden per $5k increase in income. Look at that line and understand what it is telling you.</p><p>At $100k and $280k there are large inflections because the congress thinks that these milestones are easy to tax. The congressional people are way out there in the $600k range, so they don't feel much pain. </p><p>What is important to note is that every time you get a pay raise, your <u style="font-style: italic;">relative</u> increase in marginal tax is higher than your wage increase. That's the reason why it always feels like you're paying more in taxes despite getting more wage. </p><p>The optimal salary for a married joint-filing couple is $280k or $610k. The absolute worst is getting $281k or $611k. When you get a salary that is just above the marginal bracket then you feel the change in tax the most. </p><p>Take a hard look at the marginal rate too. All of the double-speak about the "wealthiest paying their share" of tax is a huge crock of nonsense. The marginal rate of 35% doesn't kick in until you're making $3,325,000. By the time you're making $880k per year your marginal tax rate change per $5k is less than 0.1%, which doesn't feel like anything.</p><p>The only people who are getting taxed to death are those making less than $280k per year, and those who are just at the $285k - $300k per year jump. Anyone making more than $610k per year is feeling pretty good and mostly immune to any tax policy.</p><p>[1] <a href="https://www.irs.gov/newsroom/irs-provides-tax-inflation-adjustments-for-tax-year-2022" style="font-family: Calibri, sans-serif; font-size: 11pt;">https://www.irs.gov/newsroom/irs-provides-tax-inflation-adjustments-for-tax-year-2022</a></p><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-33169792861416247362021-05-14T12:12:00.003-07:002021-08-13T16:18:38.146-07:00A Mask Protocol<p>The SARS-COV-2 [1] virus pandemic that started in late 2019 and took over the planet in 2020 has been the big news of late. I don't think there is anyone on the planet who does not know about the virus and its impact on the world.</p><p>XPrize [2] held a competition in 2020 called the XPrize Pandemic Response Challenge [3]. I competed in this challenge and made it to the final. The competition concerned itself with creating two kinds of models, one to predict mortality and morbidity, and another to predict intervention policy. The first round was the prediction portion where my model performed quite well. The model I wrote used some anecdotal knowledge about prevention and risk as well as some research topics that were emerging in 2020. </p><p>Out of this competition there were some interesting anecdotal observations about virus transmission.</p><p></p><ol style="text-align: left;"><li><i><u>Masks could be ineffective</u></i>. When you respirate through a mask in an area that has elevated concentrations of the Covid-19 virus, the particles hosting the virions will collect on your mask. These particles are huge compared to the 90nm - 140nm size of the virus [4] so they effectively stop the virus from passing through to 300nm holes in your mask [5,6]. Yet, if you do not clean the mask, or change masks, then these particles will "build up" and create a living biofilm on your mask. That biofilm will then pass virions through the 300nm holes in the mask and you will eventually develop a Covid-19 infection.</li><li><i><u>Atmospheric inversion is not your friend</u></i>. One of the participants in the competition was from Mila in Canada. He had a theory about environmental temperature being an influencing factor for morbidity. I asked for an explanation on this but did not get one. My explanation is about atmospheric inversion. When a group of humans congregate (3 or more) into a huddle where the ambient temperature is 65F or cooler, that huddle will start to warm itself. The warming of the air around the humans will create a pressure bubble that will simulate the atmospheric inversion phenomenon. This inversion will create a bubble where virion transport particles, such as water vapor and dust, can become suspended in the warming air and thus increase the mean free path length of a virion to infected.</li><li><i><u>Fans and coughers make for bad environment control</u></i>. A South Korean study reported that a person who sat in front of a fan and was coughing had spread their infection on to other people in the same room who were down-wind of this fan [7]. This goes back to bullet 2 above where the mean free path to infection is increased because of atmospheric charging. In this case, the excess fan pressure was the charging condition that elevated the infection risk.</li><li><u><i>Fashion played a role in anti-mask sentiment</i></u>. My competition model used Twitter sentiment about covid-19 infections, mask wearing, and conspiracies, as one of the features in the regression predictor. This feature was not helpful in the prediction model, but it did elucidate some interesting trends early in 2020. I noticed, anecdotally, that when posters would lament the fashion-negatives about mask wearing, then followers and fans would <i>star </i>and <i>repost </i>those lamentations more often than of positive mask postings. Nobody looks clever wearing a carpenter's dust mask, but today's mask fashion options have certainly removed most of this stigma.</li><li><i><u>Testing was the key prediction feature</u></i>. In my model that predicted the outbreak in India in April of 2021, the amount of testing done by the country was a critical feature. Countries that were not testing enough were experiencing outbreaks at an uncontrolled rate. India, at its first wave, responded remarkably to controls. This confused me quite a bit given that population density and mean distance to hospital were key factors in morbidity predictions, because India has poor population density and even poorer mean hospital distance. How did it "control" the infection? By not testing in the high risk areas. Once the upper-caste Indians had experienced the first wave, it appeared as if the government had stopped testing the lower-caste areas and wrote off the infection as "done." Brazil had performed similarly and resulted in an equal catastrophic resurgence of infected.</li><li><u><i>30 minute rule was life</i></u>. There was a great paper [8] that determined this 30 minute rule for effective infection risk. If you limited your exposure to less than 30 minutes in any situation, the you would have a lower risk of covid-19 morbidity. This doesn't mean you have zero risk. Rather, this means you are mitigating your risk by lowering your time of exposure to less than 30 minutes. Obey the 30 minute rule and you have a better chance of not getting infected.</li><li><u><i>No shared food</i></u>. This was the least scientific of the observations because in almost every situation of cluster morbidity there was a shared food component. There is no evidence that esophageal ingestion of the virus can cause an infection, but the cofactors of shared food environments lend to higher risk of infection. For instance, people talk more and respirate more heavily around food tables. People also linger more around the food table, thus breaking the 30 minute rule of #6. </li><li><u><i>Gyms are a hot spot for infection</i></u>. In the exercise gym there are fans blowing virions at your face, there are heavy breathers respirating large droplets of water carrying virions in high concentration, and there is dust blowing around carrying those virions. If you had to visit a gym during 2020 then you likely developed covid-19. The best advice I have for gym-goers is to avoid fans, and change your mask every 10 minutes. Bring 6 masks with you and every 10 minutes, like clockwork, put the used one in your Zip-Loc bag and put on a fresh one. Then at home, clean those masks (see #9).</li><li><u><i>Cleaning a mask means exposing it to sunlight for 15 minutes</i></u> [9]. UV radiation can destroy most everything, and little viruses are no exception. You need to wash the mask for 30 seconds, then take it outside and expose the outside of the mask (not the face side) to direct sunlight for no less than 15 minutes. I preferred to leave the masks outside for several hours. Not only does UV neutralize the mask, but oxidation will occur of those broken down proteins thus neutralizing their effectiveness. You should hang with your mask for 30 minutes outside too, just to get some sun and Vitamin-D. That'll help your disposition during this quarantine.</li><li><u><i>Air blowing outside is not a vector</i></u>. The likelihood of your body producing a negative pressure condition strong enough to ingest virions outside when the wind blows 10 mph or greater is incredibly low. So low, that you will not get the virus, even if someone is coughing up-wind of you. Just remember to obey #2 and #6 to ensure that your risk is mitigated properly. Don't congregate with people because they will shield you from that wind and create the bubble.</li></ol><div>My prediction for India as of February 17th, 2021. The red is the known/reported infections, and the green was my regression model. The gap is evidence of a lack of testing being done in high risk areas of India. </div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-WyfwrOc9-do/YJ7LJj0YluI/AAAAAAAAAHQ/6HT9lVZBpVkvDU_cmfPg7BIaQlf3MeWgACLcBGAsYHQ/s640/NewCases_IND_predictions_2020_12_01_2021_06_19.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="480" data-original-width="640" src="https://1.bp.blogspot.com/-WyfwrOc9-do/YJ7LJj0YluI/AAAAAAAAAHQ/6HT9lVZBpVkvDU_cmfPg7BIaQlf3MeWgACLcBGAsYHQ/s320/NewCases_IND_predictions_2020_12_01_2021_06_19.png" width="320" /></a></div><br /><div><br /></div><p></p><p>[1] <span face="arial, helvetica, clean, sans-serif" style="background-color: white; color: #303030; font-size: 13px;">Zheng J. SARS-CoV-2: an Emerging Coronavirus that Causes a Global Threat. </span><i style="background-color: white; color: #303030; font-family: arial, helvetica, clean, sans-serif; font-size: 13px;">Int J Biol Sci</i><span face="arial, helvetica, clean, sans-serif" style="background-color: white; color: #303030; font-size: 13px;">. 2020;16(10):1678-1685. Published 2020 Mar 15. doi:10.7150/ijbs.45053</span></p><p>[2] xprize.org</p><p>[3] https://www.xprize.org/challenge/pandemicresponse</p><p>[4] <span face="arial, helvetica, clean, sans-serif" style="background-color: white; color: #303030; font-size: 13px;">Bar-On, Yinon M et al. “SARS-CoV-2 (COVID-19) by the numbers.” </span><i style="background-color: white; color: #303030; font-family: arial, helvetica, clean, sans-serif; font-size: 13px;">eLife</i><span face="arial, helvetica, clean, sans-serif" style="background-color: white; color: #303030; font-size: 13px;"> vol. 9 e57309. 2 Apr. 2020, doi:10.7554/eLife.57309</span></p><p>[5] https://blogs.cdc.gov/niosh-science-blog/2021/04/23/bfc-standard</p><p>[6] https://www.ll.mit.edu/news/tests-verify-if-uncertified-n95-masks-are-effective</p><p>[7] https://www.latimes.com/world-nation/story/2020-12-09/five-minutes-from-20-feet-away-south-korean-study-shows-perils-of-indoor-dining-for-covid-19</p><p>[8] Leung, Nancy H., et al. Respiratory virus shedding in exhaled breath and efficacy of face masks. Nature Medicine, 2020; Volume 216, pp 676-680.</p><p>[9] https://onlinelibrary.wiley.com/doi/10.1111/php.13293</p><p><br /></p><p><br /></p><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-54831633458287765612020-10-23T11:05:00.001-07:002021-05-14T11:01:30.919-07:00THE RISE OF FASCIST SOCIAL MEDIA<p><span style="font-family: courier;">The Merriam-Webster dictionary defines fascism as: <i>a tendency toward or actual exercise of strong autocratic or dictatorial control</i>. </span></p><p><span style="font-family: courier;">The phrase "dictatorial control" is important for the case that I am going to make about fascism in social media. The word "dictatorial" means "of or relating to a dictator," and a dictator is "one ruling in an absolute and often oppressive way."</span></p><p><span style="font-family: courier;">In 2020, social media has seen a rise in the number of autocratic events of censorship. The two social media outlets that I am going to focus on are Facebook and Twitter. </span></p><p><span style="font-family: courier;"><b>Background</b></span></p><p><span style="font-family: courier;">Facebook is a semi-private curated blogging platform where you, the user, share information at your leisure. The public part of Facebook is in Facebook Groups. With a group, outside people who are not privy to your "Facebook Wall" will join your group and establish a communal discourse. This can be private, by invitation only, or public. The Facebook is auth-walled so that you must login with an account to view any content from any user, even if they post "publicly."</span></p><p><span style="font-family: courier;">Twitter is a public chatroom platform where your account is the chatroom. Anyone, with or without an account, can view the content from any other person's account unless they configure their chatroom to be "protected." This is referred to as "protect my tweets" on the platform.</span></p><p><span style="font-family: courier;">Both of these platforms are Web based and are addressable using the publicly available Internet. They are used by billions of people around the world and are subjected to the legal jurisdiction of the United States of America and the State of California. Other countries have forced their jurisdiction onto these platforms by threatening to "block" their access to people in such jurisdictions. </span></p><p><span style="font-family: courier;">The companies that operate these platform are publicly traded on the US-based Nasdaq (FB) and the New York Stock Exchange (TWTR). Being publicly traded they must report financial information and business operations to their stock holders at regular meetings.</span></p><p><span style="font-family: courier;">The vast majority of the revenue claimed by these companies is generated through advertising and sponsorships. People use the platform to read information, companies try to pair that information to their products and reach interested potential consumers. </span></p><p><b style="font-family: courier;">The Events</b></p><div><u style="color: #303336; font-family: courier; font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">Advance NZ on Facebook</u></div><p></p><i>The result means the party will not enter parliament. Two days before
the election, Facebook removed Advance NZ’s page from its platform for
spreading Covid-19 misinformation.</i><br /><p style="text-align: left;"><i>“They are cynical, opportunistic narcissists and this is absolutely what they deserved,” <a class="u-underline" data-link-name="in body link" href="https://twitter.com/vodbox_io/status/1317452653404680193?s=21">said Emma Wehipeihana</a>, a political commentator for 1 News, in election night remarks that were widely applauded on social media. [1]</i></p><p></p><p>
</p><p><span style="font-family: courier;">This event happened around October 15, 2020 [2]. Apparently the postings by Advance NZ were so influential and offensive that they had to be silenced to prevent anyone from believing them. </span></p><p><span style="font-family: courier;">Did Facebook explain why they removed the Advance NZ page? Is there a published set of rules that can be applied to any page to determine if the page should be removed? </span> <span style="font-family: courier;">Facebook claimed that Advance NZ's page was posting "misinformation" about Covid-19 and that would cause "imminent physical harm."</span></p><p><span style="font-family: courier;">Facebook's rules [3] suggest: "<i>The goal of our Community Standards has always been to <a data-lynx-mode="asynclazy" data-lynx-uri="https://l.facebook.com/l.php?u=https%3A%2F%2Fnewsroom.fb.com%2Fnews%2F2018%2F08%2Fhard-questions-free-expression%2F&h=AT2t1vm6ISvaGRGnpf6_uE9DZyvchgblM5FTdEcYudC-VnGhMw95u7x88AdW6C8VuPtpUkgXcPdgDsv_2-jrOaksfsftAtzImfmC_BWHu3qzTWbaDCn5z9wAlHw06Xlpiyb5ze6_Y3rFNGkrgtcydw" href="https://newsroom.fb.com/news/2018/08/hard-questions-free-expression/" rel="noopener nofollow" target="_blank">create a place for expression and give people a voice</a>.</i></span><span style="font-family: courier;">" That blue text leads to [4].</span></p><p></p><div style="text-align: left;"><i>Facebook is not a government but it is a platform for voices around the
world. We moderate content shared by billions of people and we do so in a
way that gives free expression maximum possible range. But there are <a href="https://www.facebook.com/communitystandards/">critical exceptions</a>:
we do not, for example, allow content that could physically or
financially endanger people, that intimidates people through hateful
language, or that aims to profit by tricking people using Facebook.</i></div><p></p><p><span style="font-family: courier;">Which people is Facebook protecting? Do they take down posts from people who write inflamed counter arguments to racist and otherwise derogatory posts? Juvenile behavior aside, what Facebook does claim is to abide by the ICCPR:</span></p><p></p><div style="text-align: left;"><i>We look for guidance in documents like Article 19 of the <a href="https://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx">International Covenant on Civil and Political Rights</a>
(ICCPR), which set standards for when it’s appropriate to place
restrictions on freedom of expression. ICCPR maintains that everyone has
the right to freedom of expression — and restrictions on this right are
only allowed when they are “provided by law and are necessary for: (a)
the respect of the rights or reputations of others; (b) for the
protection of national security or of the public order, or of public
health or morals.”</i></div><p></p><p><span style="font-family: courier;">In the case of Advance NZ, the ICCPR article 18(b) applies because of their misinformed posts about Covid-19 as they were related to <i>public health</i>. Facebook doesn't say that explicitly, they just suggest the page violated their policies, which was a decision adjudicated by their "15,000 person" [2] strong army of moral police. That army sounds more like the old "Moral Majority" [5].</span></p><p><span style="font-family: courier;">Yet, does claiming that "5G is a bioweapon that causes symptoms-of or infection-by Covid-19" really truly harm public health? Exactly how many people believe that rhetoric? Facebook claims to engender a platform of free expression, so long as it doesn't "intimidate" or "silence" other users. I don't see how Advance NZ violated their policies so remarkably that they deserved censorship. Were they trying to turn a profit by tricking users? We know that never ever happens on Facebook, or at least not without Facebook turning a profit from it (shameless jab at advertisers).</span></p><p><span style="font-family: courier;"><u>President Donald Trump on Facebook and Twitter</u></span></p><p><span style="font-family: courier;">The story starts with this mysterious laptop recovered by an unknown repair person claiming there is incriminating emails between Hunter Biden and Vadym Pozharskyi [6].</span></p><p></p><div style="text-align: left;"><i>The Post story hinges on an email
message from Vadym Pozharskyi, an adviser to Ukrainian gas company
Burisma, thanking his colleague Hunter Biden for "giving an opportunity
to meet your father and spent some time together.”</i></div><p></p><p><span style="font-family: courier;">The pedigree of this information is in question, and the FBI has reviewed it [6]. If this was anything interesting in any way, The Bureau would be acting on it. So it's just a big pot of heresay and emails, again. </span></p><p><span style="font-family: courier;">Yet, Facebook and Twitter both censor the story. Facebook claims [7]:</span></p><p></p><div style="text-align: left;"><i>Facebook was the first to take action, with communications manager Andy
Stone saying the platform was applying its viral misinformation policy
to limit the spread of the article and allow its third-party fact
checkers to evaluate it. [7]</i></div><p></p><p><span style="font-family: courier;">There is no such policy at Facebook given the information they publish about their censorship policies [3]. This would suggest that Andy Stone and his Moral Majority took unilateral action to remove the post and discourage its ingestion by the Facebook community.</span></p><div class="dfp-tag-wrapper wrapper" id="dfp-ad-incontent_desk_1-wrapper"><div class="dfp-tag-wrapper" id="dfp-ad-incontent_desk_1"></div></div><div class="dfp-tag-wrapper wrapper" id="dfp-ad-incontent_desk_1-wrapper"><div class="dfp-tag-wrapper" id="dfp-ad-incontent_desk_1" style="text-align: left;"><i>Twitter
approached the story differently by barring users from sharing links to
it in tweets and direct messages, but without informing users that the
company had determined that the article violated the platform’s policy
on hacked materials. [7]</i></div></div><p></p><p><span style="font-family: courier;">At least Jack Dorsey was critical of how Twitter handled the decision, but it doesn't excuse the blatant censorship. This looked more like a mob-ruled conspiracy to prevent negative information about Joe Biden, the Presidential nominee for the Democratic Party.</span></p><p><span style="font-family: courier;">I wonder, is it possible to value information as a commodity, and then to control its value? If so, then could one argue that both Facebook and Twitter were trying to manipulate the value of the information that they were censoring. This would be tantamount to market price fixing. Price fixing is one of the RICO statutes [8]. Racketeering is a slam-dunk for any company because that's how they stay in business. Create a racket to exploit consumers. That's business 101. Maybe that's 2 out of 3 statutes. Look for a third. Bribery is always a fun one to pursue because, how else do those politicians become so wealthy in office? </span></p><p><span style="font-family: courier;"><b>Back to the story.</b></span></p><p><span style="font-family: courier;">At MIT's EmTech on October 22nd, Parag Argawal, the CTO of Twitter, suggested in video that Twitter was actively engaged in fostering "Healthy Public Conversations." [10] That really sounds more like censorship </span></p><p><span style="font-family: courier;">Jack Dorsey's Twitter feed suggests that Twitter is actively investing in only 5 "open source architects, engineers, and designers" to develop an open and decentralized standard for social media [9]. Really? What kind of architects, Jack? Gothic? Medieval? Are you talking about information architects, such as the very same people who created the censorship platforms known as Twitter and Facebook? This is going to be a "standard" of content moderation? So these 5 people will decide a "standard" for 7.5 billion people? Wow, the fascist arrogance is astounding. </span></p><p><span style="font-family: courier;">I predict Parag's career at Twitter to be short. He makes short handed comments that negatively impact the company's technology vision:</span></p><p><span class="css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0"></span></p><p><span class="css-901oao css-16my406 r-1qd0xha r-ad9z0x r-bcqeeo r-qvutc0"></span></p><i>3 - The traditionally slow and deliberate consensus-building approach to evolving standards might fail to keep up with a rapidly changing ecosystem and set of consumer needs. [11] (tweet from Dec 11, 2019 at 6:13 AM)</i><p></p><p></p><p><span style="font-family: courier;">This comment truly astounds me. "What everyone thinks and has input on - so what, we need to move fast, so I am going to decide." So says every dictator...</span></p><p><span style="font-family: courier;"><b>Wrap It Up</b></span></p><p><span style="font-family: courier;">I don't condone any sort of hate or X-supremacist rhetoric in any blog, social media, conversations, scratching on bathroom stalls, or sky-flying billboards. We should all endeavor to express our likes and dislikes in a way that is intellectual and representative of our times. Nobody is made better or worst or more entitled than any other person. We are all made randomly and have no control over how we start this life. Our only metric of value is in our actions and how we have pursued our lives. </span></p><p><span style="font-family: courier;">The argument around "Social Media" was the same arguments about Network News (NNTP) back in the early 90s. There is nothing special about Facebook or Twitter, they are just network news all over again. Someone of you may have been avid readers of alt.conspiracy or alt.sex, and most of the older computing people from Gen X have seen the RN classifieds for buying and selling their junk. Back then news trolls would harass people and post junk that was offensive to some. We all learned to ignore it.</span></p><p><span style="font-family: courier;">Trolls have always lived on The Net. They will always be here, no matter now much fascist regime-ism takes hold of the media space. The freedom of expression through written words or speech is important. Unless someone is making specific allegations that are false about another person or entity, so what. If you think Covid-19 mutates pigs into flying buffalo, then so what, nobody should be harmed by that. </span></p><p><span style="font-family: courier;">We are smart people who can filter out the flotsam of a failed psyche crying out for attention and aide. The government does not need to be our nanny. If Twitter or Facebook censor content, then so be it, they are a private organization, right? Well, Facebook is. Twitter, on the other hand, endeavors to be a public commodity of news and information, which smells ripe for regulation. Like I suggested earlier, short career...</span></p><p><span style="font-family: courier;">In closing, I leave you with [12] "Technology-facilitated Societal Consensus" and [13] "Consensus-based ranking of Wikipedia topics" and [14] "The role of conflict in determining consensus on quality in Wikipedia articles" and [15] "Understanding and coping with extremism in an online collaborative environment: A data-driven modeling". These readings, and their references, should be required readings for anyone at the executive level of a large social media commodity.</span></p><p><span style="font-family: courier;"><span style="background-color: white; color: #303336; font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;"><br /></span></span></p><p><span style="font-family: courier;"><span style="background-color: white; color: #303336; font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[1] </span></span><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">https://www.theguardian.com/world/2020/oct/19/why-new-zealand-rejected-populist-ideas-other-nations-have-embraced</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[2] https://www.msn.com/en-nz/news/national/facebook-takes-down-advance-new-zealands-page/ar-BB1a29zi</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[3] https://www.facebook.com/communitystandards/</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[4] https://about.fb.com/news/2018/08/hard-questions-free-expression/</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[5] https://en.wikipedia.org/wiki/Moral_Majority</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[6] https://thehill.com/homenews/campaign/521045-trailing-in-polls-trump-campaign-resurrects-hunter-biden-attacks</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[7] https://thehill.com/policy/technology/521277-facebook-twitter-new-york-post-election-night-concerns</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[8] https://en.wikipedia.org/wiki/Racketeer_Influenced_and_Corrupt_Organizations_Act</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[9] https://twitter.com/jack/status/1204766091475480576</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[10] https://blog.twitter.com/en_us/topics/company/2018/measuring_healthy_conversation.html</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[11] https://www.firstpost.com/tech/news-analysis/twitter-is-funding-a-group-to-create-an-open-and-decentralised-standard-for-social-media-7771371.html</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[12] https://dl.acm.org/doi/10.1145/3314183.3323451</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[13] https://dl.acm.org/doi/10.1145/3106426.3106529</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[14] https://dl.acm.org/doi/10.1145/2491055.2491067</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;">[15] https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5360246/</span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;"><br /></span></span></p><p><span style="color: #303336; font-family: courier;"><span style="font-size: 18px; font-variant-ligatures: no-common-ligatures; letter-spacing: 0.2px;"><br /></span></span></p><p><br /></p><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-55630924305395969242020-05-21T14:31:00.000-07:002020-05-21T14:31:09.835-07:00A Self Defeating Race False Narrative2020 is the year of the pandemic. The SARS-Cov-2 (Covid19) virus has rampaged across the planet infecting 4,893,136 [1] people by May 20, 2020. At this time, of those 4.8M people, 323,256 people have perished from complications that arise from the infection.<br />
<br />
Arising out of this pandemic has been a narrative about non-white ethnic groups being disproportionately affected by the infection [6,7,8]. A narrative that conditions people to believe that they are perpetually victims only creates a "collective victimhood" [4,5] in that group. This "collective victimhood" costs its members millions in unrealized potential, sends them cowering from social interactions that would otherwise benefit them, and ultimately creates an environment that perpetuates itself.<br />
<br />
Let's try to dispel that false narrative and deal just with data. I pulled my data from the CDC [9] looking at mortality only.<br />
<br />
The mortality data from CDC contains per-state mortality rates on a per-infection basis and a weighted per-capita basis. This means that you will see a mortality rate as a function of infections, and then one that is weighted by the population of "race identifiers" in that group.<br />
<br />
I am also using data from May 20th, 2020. You may have newer data when you read this.<br />
<br />
The first three rows of the data give the United States aggregate statistics.<br />
<br />
Non-Hispanic White: 52.3% of covid19 deaths as a group of covid19 infections<br />
Non-Hispanic Black or African American : 22.4% of aggregate<br />
Hispanic or Latino : 16.6% of aggregate<br />
<br />
Now let's correct that number for the actual population of the ethnic group.<br />
<br />
<u>Non-Hispanic White</u>: 41.4%<br />
Non-Hispanic Black or African American : 18.2%<br />
Hispanic or Latino : 26.8%<br />
<br />
The numbers clearly show that Non-Hispanic Whites are the vast majority of deaths in the U.S. from covid-19 related illness.<br />
<br />
This race narrative had to originate somewhere, right? Let's find it. Again, I am looking at the weighted distribution of population for mortality, which is a better depiction of per-capital mortality rate as a function of infection per aggregate.<br />
<br />
<b>California:</b><br />
<u>Non-Hispanic White</u>: 37.9%<br />
Non-Hispanic Black or African American : 9.9%<br />
Hispanic or Latino : 33.4%<br />
<br />
<b>Washington, D.C.</b><br />
Non-Hispanic White: 37.1%<br />
<u>Non-Hispanic Black or African American</u> : 44.9%<br />
Hispanic or Latino : 11.3%<br />
<br />
<b>Florida</b>:<br />
Non-Hispanic White: 31.8%<br />
Non-Hispanic Black or African American : 18.5%<br />
<u>Hispanic or Latino </u>: 45.8%<br />
<br />
<b>New Mexico</b>:<br />
Non-Hispanic White: 38.5%<br />
Non-Hispanic Black or African American : 2.2%<br />
<u>Hispanic or Latino</u> : 46.3%<br />
<br />
<b>New York City (NYC)</b>:<br />
<u>Non-Hispanic White</u>: 30.5%<br />
Non-Hispanic Black or African American : 23.3%<br />
Hispanic or Latino : 28.5%<br />
<br />
<b>Texas</b>:<br />
Non-Hispanic White: 32.9%<br />
Non-Hispanic Black or African American : 16.9%<br />
<u>Hispanic or Latino</u> : 41.8%<br />
<br />
The rest of the states in the U.S. are dominated by Non-Hispanic White infection mortality, so they are not reported here.<br />
<br />
The CDC doesn't report error in its numbers. I suspect there is going to be a good margin of error in this data set where the reporting of a "covid 19 death" may not be covid-19 related. Someone who died of cardiac arrest while convalescing for covid-19 may be mis-identified in the mortality group. A 5% error rate would be expected, in my opinion.<br />
<br />
NYC is a good example of how the infection likely really looks like. It did not discriminate along racial boundaries in NYC.<br />
<br />
In many states there is an ethic group that is disproportionately affected by covid-19 related mortality, and that is the <i>Latino population</i>. Yet, this is only true for border states where there is a higher rate of immigration from the Latino countries into the U.S.<br />
<br />
Why do we care about this, anyway? A false victim narrative perpetuates stereotypes. Perpetuating "group victimhood" further maligns the efforts of ethnic groups such as African Americans who have actually been, or are actively being, victims of many bonafide social injustices. What we don't need is setbacks in the fostering of improved self esteem and inter-racial relations by creating false narratives that sell news eyeballs.<br />
<br />
The economic fallout of the pandemic quarantine [11,12,13] is another story. Low income labor has been hit the hardest during the quarantine. It is one of many social injustices where minority groups like African Americans are likely the dominant demographic in those low income labor groups [14].<br />
<br />
Victims, or people who believe themselves to be a "victim," rarely have the self esteem necessary to rise out of that self defeating cycle of poverty [10,15]. Let's be more accurate in our reporting and make it clear that the economic fallout from this quarantine will likely affect minority groups in a disproportionate way on a per-capita basis. It's not the virus infection and mortality that is affecting ethnic groups disproportionately.<br />
<br />
One economic control the US government should enact is a $500 or $1000 tax credit for every minority worker hired during the unemployment recovery period who is employed for at least 12 months.<br />
<br />
If you're looking for a job, then it's time for you to research where money was being spent before the quarantine. Hope to see you in Santa Cruz, CA, or Cleveland, OK (<a href="https://www.google.com/maps/place/Cleveland,+OK+74020/@36.2477537,-96.5976006,10.81z/data=!4m5!3m4!1s0x87b12c3a0f452771:0x84101fddb9c18660!8m2!3d36.3100688!4d-96.4641886">https://www.google.com/maps/place/Cleveland,+OK+74020/@36.2477537,-96.5976006,10.81z/data=!4m5!3m4!1s0x87b12c3a0f452771:0x84101fddb9c18660!8m2!3d36.3100688!4d-96.4641886</a>), yes that's Oklahoma.<br />
<br />
US Bureau of Labor Statistics: <a href="https://www.bls.gov/">https://www.bls.gov/</a><br />
<br />
=== References ===<br />
<br />
[1] <a href="https://covid19.who.int/?gclid=Cj0KCQjwzZj2BRDVARIsABs3l9LAUvp2K20psuvBZrx5OGxVmWQFMoKEossusyV27Nwtel_kFF0jTPUaAt9NEALw_wcB">https://covid19.who.int/?gclid=Cj0KCQjwzZj2BRDVARIsABs3l9LAUvp2K20psuvBZrx5OGxVmWQFMoKEossusyV27Nwtel_kFF0jTPUaAt9NEALw_wcB</a><br />
<br />
[2] <a href="https://www.npr.org/sections/health-shots/2020/04/18/835563340/whos-hit-hardest-by-covid-19-why-obesity-stress-and-race-all-matter">https://www.npr.org/sections/health-shots/2020/04/18/835563340/whos-hit-hardest-by-covid-19-why-obesity-stress-and-race-all-matter</a><br />
<br />
[3] <a href="https://www.nytimes.com/2020/05/03/opinion/coronavirus-race-class.html">https://www.nytimes.com/2020/05/03/opinion/coronavirus-race-class.html</a><br />
<br />
[4] <a href="https://sites.insead.edu/facultyresearch/research/doc.cfm?did=50114">https://sites.insead.edu/facultyresearch/research/doc.cfm?did=50114</a><br />
<br />
[5] <a href="https://www.siue.edu/~njohnag/on-individual-responsibility/">https://www.siue.edu/~njohnag/on-individual-responsibility/</a><br />
<br />
[6] <a href="https://www.apmresearchlab.org/covid/deaths-by-race">https://www.apmresearchlab.org/covid/deaths-by-race</a><br />
<br />
[7] <a href="https://www.aarp.org/health/conditions-treatments/info-2020/minority-communities-covid-19.html">https://www.aarp.org/health/conditions-treatments/info-2020/minority-communities-covid-19.html</a><br />
<br />
[8] <a href="https://www.oakpark.com/News/Articles/5-20-2020/COVID_19-and-the-'race-tax'--/">https://www.oakpark.com/News/Articles/5-20-2020/COVID_19-and-the-'race-tax'--/</a><br />
<br />
[9] <a href="https://data.cdc.gov/NCHS/Provisional-Death-Counts-for-Coronavirus-Disease-C/pj7m-y5uh">https://data.cdc.gov/NCHS/Provisional-Death-Counts-for-Coronavirus-Disease-C/pj7m-y5uh</a><br />
<br />
[10] <a href="https://www.psychologytoday.com/us/blog/think-well/201502/how-break-the-bonds-victimhood-and-build-self-esteem">https://www.psychologytoday.com/us/blog/think-well/201502/how-break-the-bonds-victimhood-and-build-self-esteem</a><br />
<br />
[11] <a href="https://www.marketwatch.com/story/controlling-the-coronavirus-pandemic-and-the-economic-fallout-may-be-above-politicians-pay-grade-2020-04-15">https://www.marketwatch.com/story/controlling-the-coronavirus-pandemic-and-the-economic-fallout-may-be-above-politicians-pay-grade-2020-04-15</a><br />
<br />
[12] <a href="https://www.forbes.com/sites/randybrown/2020/04/16/if-covid-19-is-like-past-pandemics-we-could-face-decades-of-economic-fallout/#5e2f40353b81">https://www.forbes.com/sites/randybrown/2020/04/16/if-covid-19-is-like-past-pandemics-we-could-face-decades-of-economic-fallout/#5e2f40353b81</a><br />
<br />
[13] <a href="https://www.businessinsider.com/coronavirus-economy-top-likely-global-fallout-scenarios-risks-wef-survey-2020-5">https://www.businessinsider.com/coronavirus-economy-top-likely-global-fallout-scenarios-risks-wef-survey-2020-5</a><br />
<br />
[14] <a href="https://www.epi.org/indicators/state-unemployment-race-ethnicity/">https://www.epi.org/indicators/state-unemployment-race-ethnicity/</a><br />
<br />
[15] <a href="https://www.theatlantic.com/business/archive/2015/12/black-white-unemployment-gap/421497/">https://www.theatlantic.com/business/archive/2015/12/black-white-unemployment-gap/421497/</a><br />
<br /><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-19571146664903067352020-03-07T06:59:00.019-08:002021-08-19T14:17:36.719-07:00Number of Primes<b>Anderson's Theorem</b><br />
<br />
<i>(a) The number of primes in [1,n] is no more than 2+floor(n/2).</i><br />
<br />
The probability of n being prime when n is not prime is 1/2 - see Dasgupta,Papadimitriou,Vazirani "Algorithms" page 26. Therefore, the E(pi(n)) is n/2.<br />
<br />
<i>(b) There does not exist another set of adjacent primes other than {1,2,3}</i><br />
<i><br /></i>
5: 2 + floor(5/2) = 2 + 2 = 4:=> {1,2,3,5} : 4 <= 4<div>7: 2 + floor(7/2) = 2 + 3 = 5 => {1,2,3,5,7} : 5 <= 5<br />11: 2 + floor(11/2) = 2 + 5 = 7 => {1,2,3,5,7,11} 6 <= 7</div><div>
26: 2 + floor(26/2) = 15 => {1,2,3,5,7,11,13,17,19,23} : 10 <= 15<br />
<br />
<b>Lagrange's Theorem is Inaccurate</b><br />
<br />
Lagrange's theorem about primes states that pi(x) is the number of primes <= x. The pi(x) is approximately x/ln(x). He postulated that the lim of pi(x)/(x/lnx) as x-> infinity was 1. This is incorrect. if the number of primes is bounded by n/2 then refactoring and reducing Lagrange's Theorem results in the lim of ln(x) as x approaches infinity. This is always infinity.<br />
<br />
Lagrange's theorem on some tests:<br />
<br />
5: 5 / ln(5) = 3.1, incorrect</div><div>7: 7 / ln(7) = 3.59, incorrect</div><div>11: 4.58, incorrect<br />
26: 7.9, incorrect<br />
<br /></div><div>Using Anderson's Theorem, the number of prime numbers in [1,74] is 39. Lagrange says there is only 12.</div><div><br /></div><div><b>Fun With Primes</b></div><div><br /></div><div>Let's make some primes to test out my theory versus Lagrange. The goal is the find all of the primes between 1 and N using Lagrange's estimate as the stopping criteria versus mine.</div><div><br /></div><div><div style="background-color: #1e1e1e; color: #d4d4d4; font-family: Consolas, "Courier New", monospace; font-size: 14px; line-height: 19px; white-space: pre;"><div><span style="color: #569cd6;">def</span> <span style="color: #dcdcaa;">is_prime</span>(<span style="color: #9cdcfe;">p</span>) :</div><div> <span style="color: #c586c0;">if</span> <span style="color: #9cdcfe;">p</span> == <span style="color: #b5cea8;">1</span> <span style="color: #569cd6;">or</span> <span style="color: #9cdcfe;">p</span> == <span style="color: #b5cea8;">2</span> <span style="color: #569cd6;">or</span> <span style="color: #9cdcfe;">p</span> == <span style="color: #b5cea8;">3</span> :</div><div> <span style="color: #c586c0;">return</span> <span style="color: #569cd6;">True</span></div><div> <span style="color: #c586c0;">for</span> <span style="color: #9cdcfe;">j</span> <span style="color: #c586c0;">in</span> <span style="color: #4ec9b0;">range</span>(<span style="color: #b5cea8;">2</span>,<span style="color: #4ec9b0;">int</span>(<span style="color: #4ec9b0;">np</span>.<span style="color: #9cdcfe;">sqrt</span>(<span style="color: #9cdcfe;">p</span>)+<span style="color: #b5cea8;">0.5</span>)+<span style="color: #b5cea8;">1</span>) :</div><div> <span style="color: #9cdcfe;">a</span> = <span style="color: #9cdcfe;">p</span> // <span style="color: #9cdcfe;">j</span></div><div> <span style="color: #c586c0;">if</span> <span style="color: #9cdcfe;">p</span> - <span style="color: #9cdcfe;">a</span>*<span style="color: #9cdcfe;">j</span> == <span style="color: #b5cea8;">0</span> :</div><div> <span style="color: #c586c0;">return</span> <span style="color: #569cd6;">False</span></div><div> <span style="color: #c586c0;">return</span> <span style="color: #569cd6;">True</span></div><br /></div></div><div><br /></div><div>I know you Cambridge Maths nerds say that '1' is not prime, but I disagree, so I am putting it into the list of primes. You can hate on that later.</div><div><br /></div><div><div style="background-color: #1e1e1e; color: #d4d4d4; font-family: Consolas, "Courier New", monospace; font-size: 14px; line-height: 19px; white-space: pre;"><div><span style="color: #c586c0;">if</span> __name__ == <span style="color: #ce9178;">"__main__"</span> :</div><div> <span style="color: #9cdcfe;">max</span> = <span style="color: #4ec9b0;">int</span>(<span style="color: #4ec9b0;">sys</span>.<span style="color: #9cdcfe;">argv</span>[<span style="color: #b5cea8;">1</span>])</div><div> <span style="color: #9cdcfe;">n_primes</span> = <span style="color: #9cdcfe;">max</span> // <span style="color: #b5cea8;">2</span> + <span style="color: #b5cea8;">2</span></div><div> <span style="color: #9cdcfe;">primes</span> = []</div><div> <span style="color: #c586c0;">for</span> <span style="color: #9cdcfe;">i</span> <span style="color: #c586c0;">in</span> <span style="color: #4ec9b0;">range</span>(<span style="color: #b5cea8;">1</span>,<span style="color: #9cdcfe;">max</span>+<span style="color: #b5cea8;">1</span>) :</div><div> <span style="color: #c586c0;">if</span> <span style="color: #dcdcaa;">is_prime</span>(<span style="color: #9cdcfe;">i</span>) :</div><div> <span style="color: #9cdcfe;">primes</span>.<span style="color: #dcdcaa;">append</span>(<span style="color: #9cdcfe;">i</span>)</div><div> <span style="color: #c586c0;">if</span> <span style="color: #dcdcaa;">len</span>(<span style="color: #9cdcfe;">primes</span>) == <span style="color: #9cdcfe;">n_primes</span> :</div><div> <span style="color: #c586c0;">break</span></div><br /><div> <span style="color: #dcdcaa;">print</span>(<span style="color: #ce9178;">"found"</span>,<span style="color: #dcdcaa;">len</span>(<span style="color: #9cdcfe;">primes</span>),<span style="color: #ce9178;">"primes. Lagrange predicted"</span>, <span style="color: #4ec9b0;">int</span>(<span style="color: #9cdcfe;">max</span> / <span style="color: #4ec9b0;">np</span>.<span style="color: #9cdcfe;">log</span>(<span style="color: #9cdcfe;">max</span>)),<span style="color: #ce9178;">", I predicted"</span>,<span style="color: #9cdcfe;">n_primes</span>)</div><div> <span style="color: #dcdcaa;">print</span>(<span style="color: #9cdcfe;">primes</span>)</div><div></div></div></div><div><br /></div><div>Now run that in python and you get the list of prime numbers between 1 and the first command line argument, which is N for argument's sake.</div><div><br /></div><div>"python mkprime.py 26"</div><div><br /></div><div><div>found 10 primes. Lagrange predicted 7 , I predicted 15</div><div>me: [1, 2, 3, 5, 7, 11, 13, 17, 19, 23]</div><div>Lagrange: [1, 2, 3, 5, 7, 11, 13 ]</div></div><div><br /></div><div>Obviously, Lagrange under estimated the number of primes and we missed some crucial primes up to 26. Primes are very important numbers, so we don't want to miss them. They are also very expensive to compute, so we don't want to compute more than we know exist. </div><div><br /></div><div>What if we determine a number to be prime and have a last known prime that is adjacent to that candidate prime? How do we know that the candidate is really prime? Is there a rule to follow? I really don't know, but what I did find is that there is a pattern to the placement of primes on the number line. They are not random.</div><div><br /></div><div><div style="background-color: #1e1e1e; color: #d4d4d4; font-family: Consolas, "Courier New", monospace; font-size: 14px; line-height: 19px; white-space: pre;"><div> <span style="color: #9cdcfe;">diffs</span> = []</div><div> <span style="color: #9cdcfe;">diffs</span>.<span style="color: #dcdcaa;">append</span>(<span style="color: #b5cea8;">0</span>)</div><div> <span style="color: #c586c0;">for</span> <span style="color: #9cdcfe;">i</span> <span style="color: #c586c0;">in</span> <span style="color: #4ec9b0;">range</span>(<span style="color: #b5cea8;">1</span>,<span style="color: #dcdcaa;">len</span>(<span style="color: #9cdcfe;">primes</span>)) :</div><div> <span style="color: #9cdcfe;">diffs</span>.<span style="color: #dcdcaa;">append</span>(<span style="color: #9cdcfe;">primes</span>[<span style="color: #9cdcfe;">i</span>] - <span style="color: #9cdcfe;">primes</span>[<span style="color: #9cdcfe;">i</span>-<span style="color: #b5cea8;">1</span>])</div><div> <span style="color: #dcdcaa;">print</span>(<span style="color: #9cdcfe;">diffs</span>)</div><div></div></div></div><div><br /></div><div>Add that to your python, and run it again:</div><div><br /></div><div><div>found 10 primes. Lagrange predicted 7 , I predicted 15</div><div>[1, 2, 3, 5, 7, 11, 13, 17, 19, 23]</div><div>[0, 1, 1, 2, 2, 4, 2, 4, 2, 4]</div></div><div><br /></div><div>Hmmm. After '3' the diff is 2 or 4 from the last adjacent prime. Let's shoot it farther out ...</div><div><br /></div><div>"python mkprime.py 2000"</div><div><br /></div><div>the diff:</div><div>[0, 1, 1, 2, 2, 4, 2, 4, 2, 4, 6, 2, 6, 4, 2, 4, 6, 6, 2, 6, 4, 2, 6, 4, 6, 8, 4, 2, 4, 2, 4, 14, 4, 6, 2, 10, 2, 6, 6, 4, 6, 6, 2, 10, 2, 4, 2, 12, 12, 4, 2, 4, 6, 2, 10, 6, 6, 6, 2, 6, 4, 2, 10, 14, 4, 2, 4, 14, 6, 10, 2, 4, 6, 8, 6, 6, 4, 6, 8, 4, 8, 10, 2, 10, 2, 6, 4, 6, 8, 4, 2, 4, 12, 8, 4, 8, 4, 6, 12, 2, 18, 6, 10, 6, 6, 2, 6, 10, 6, 6, 2, 6, 6, 4, 2, 12, 10, 2, 4, 6, 6, 2, 12, 4, 6, 8, 10, 8, 10, 8, 6, 6, 4, 8, 6, 4, 8, 4, 14, 10, 12, 2, 10, 2, 4, 2, 10, 14, 4, 2, 4, 14, 4, 2, 4, 20, 4, 8, 10, 8, 4, 6, 6, 14, 4, 6, 6, 8, 6, 12, 4, 6, 2, 10, 2, 6, 10, 2, 10, 2, 6, 18, 4, 2, 4, 6, 6, 8, 6, 6, 22, 2, 10, 8, 10, 6, 6, 8, 12, 4, 6, 6, 2, 6, 12, 10, 18, 2, 4, 6, 2, 6, 4, 2, 4, 12, 2, 6, 34, 6, 6, 8, 18, 10, 14, 4, 2, 4, 6, 8, 4, 2, 6, 12, 10, 2, 4, 2, 4, 6, 12, 12, 8, 12, 6, 4, 6, 8, 4, 8, 4, 14, 4, 6, 2, 4, 6, 2, 6, 10, 20, 6, 4, 2, 24, 4, 2, 10, 12, 2, 10, 8, 6, 6, 6, 18, 6, 4, 2, 12, 10, 12, 8, 16, 14, 6, 4, 2, 4, 2, 10, 12, 6, 6, 18, 2, 16, 2, 22, 6, 8, 6, 4, 2]</div><div><br /></div><div>Whoa. The difference between two adjacent primes is always an <i>even distance</i>. Let's histogram that and also let's make that first element '1' instead of '0' because 1 is '1' away from 0, just to make you Cambridge Maths nerds even more frustrated. Here's the histogram for primes up to 26.</div><div><br /></div><div><div>1 : 3</div><div>2 : 4</div><div>4 : 3</div></div><div><br /></div><div>How about for the primes up to 10,000, here is the histogram of the differences between adjacent primes:</div><div><br /></div><div><div><div><div>1 : 3</div><div>2 : 205</div><div>4 : 202</div><div>6 : 299</div><div>8 : 101</div><div>10 : 119</div><div>12 : 105</div><div>14 : 54</div><div>16 : 33</div><div>18 : 40</div><div>20 : 15</div><div>22 : 16</div><div>24 : 15</div><div>26 : 3</div><div>28 : 5</div><div>30 : 11</div><div>32 : 1</div><div>34 : 2</div><div>36 : 1</div></div></div></div><div><br /></div><div><i><u>Lemma: The difference between any two primes that are larger than 3 is always a factor of 2.</u></i></div><div><br /></div><div>In fact, the majority of primes are 6 away from the next prime. This creates a nifty algorithm for finding primes. Starting with the first prime you find, just check every other number. What's even more interesting is the distribution of primes in [1,1e6], shown in the following figure:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-dymt16DPGME/YRbwiQEmA3I/AAAAAAAAAIA/-wbTECKtp3wXSLElRTsFxdiIPnXv_6N_QCLcBGAsYHQ/s640/pct_distro_1000000.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="480" data-original-width="640" height="354" src="https://1.bp.blogspot.com/-dymt16DPGME/YRbwiQEmA3I/AAAAAAAAAIA/-wbTECKtp3wXSLElRTsFxdiIPnXv_6N_QCLcBGAsYHQ/w472-h354/pct_distro_1000000.png" width="472" /></a></div>This figure looks almost like a Poisson probability mass function with lambda=4:<div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-UKnZXVIBpTM/YRb0fjPf5XI/AAAAAAAAAII/qC2WMNr3IN8Ny-mq4fsAB2dVg9X-ZMvjQCLcBGAsYHQ/s1008/poisson-lam4.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="614" data-original-width="1008" height="271" src="https://1.bp.blogspot.com/-UKnZXVIBpTM/YRb0fjPf5XI/AAAAAAAAAII/qC2WMNr3IN8Ny-mq4fsAB2dVg9X-ZMvjQCLcBGAsYHQ/w444-h271/poisson-lam4.png" width="444" /></a></div>What is really looks like is the Nearest Neighbor Routing probability distribution function in Jung, Haejoon & Lee, In-Ho. (2018). Performance Analysis of Millimeter-Wave Multi-hop Machine-to-Machine Networks Based on Hop Distance Statistics. Sensors (Basel, Switzerland). 18. 10.3390/s18010204. See equation 16 in that paper and figure 3. The red line in that paper's Figure 3 matches almost exactly the shape of the distribution of prime numbers.<br /><div><br /></div><div>Every n-digit prime number, where n > 1, ends in either 1, 3, 7, or 9. The likelihood of either of these numbers is almost even. The numbers 1 and 9 are equally likely and 3,7 are equally likely, with a slightly higher chance of being 3 or 7 in the [10,1e8] number range.</div><div><br /></div><div><div>1 : 1440298 - 24.99 %</div><div>3 : 1440473 - 25.0 %</div><div>7 : 1440494 - 25.0 %</div><div>9 : 1440186 - 24.99 %</div></div><div><br /></div><div>When I ran 1e8 primes, the distance graph turned out a quirk. The distance of 132 appeared 132 times. This following table shows the distribution of distances between adjacent primes in [1,1e8].</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-GaPZGagaJq4/YR6Dnn7FGpI/AAAAAAAAAIY/rP0kGQ3NRegzSKSPIEJ3aXmJd8jbp9ffQCLcBGAsYHQ/image.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="701" data-original-width="577" height="838" src="https://lh3.googleusercontent.com/-GaPZGagaJq4/YR6Dnn7FGpI/AAAAAAAAAIY/rP0kGQ3NRegzSKSPIEJ3aXmJd8jbp9ffQCLcBGAsYHQ/w804-h838/image.png" width="804" /></a></div><br /><br /></div><div>The Second Hardy-Littlewood Conjecture</div><div><br /></div><div>https://en.wikipedia.org/wiki/Second_Hardy%E2%80%93Littlewood_conjecture</div><div><br /></div><div>I learned about this conjecture today which states that <i>the sum of the number of primes in A and B is greater than the number of primes in A+B</i>. Using my formula to find the number of primes, let's prove this conjecture. The following is a rudimentary demonstration of this conjecture, not necessarily a proof because there is no proof that my theorem is accurate. It's more accurate than Lagrange's method, though. Someone else agrees that this conjecture is true: https://arxiv.org/abs/2101.03283</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://lh3.googleusercontent.com/-hqzqBaHu9do/YR7J8fwnQbI/AAAAAAAAAIg/JwA4zTG9VuQCueOnVQ7sqjODLQHL2Ar5wCLcBGAsYHQ/conjecture-proof.png" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="448" data-original-width="594" height="369" src="https://lh3.googleusercontent.com/-hqzqBaHu9do/YR7J8fwnQbI/AAAAAAAAAIg/JwA4zTG9VuQCueOnVQ7sqjODLQHL2Ar5wCLcBGAsYHQ/w490-h369/conjecture-proof.png" width="490" /></a></div><br /><br /></div><div><br /><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div></div><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-66146795462867264782019-01-09T15:26:00.000-08:002019-01-09T15:26:34.432-08:00Atoms in The UniverseComputer scientists like to talk about the number of atoms in the universe when talking about computational complexity. If you have 10**100 nodes to evaluate, and there are only 10**86 atoms in the universe, then there is no way to compute your node tree.<br />
<br />
10**86 atoms? Where does that number come from? Who made this up. In [1] the claim is that there are 10**86 hydrogen atoms out there. That seems like alot, right? Remember Avogadro? He came up with a number too [2]. His number is 6.022 x 10**23 atoms per mole. That's alot of atoms too, right?<br />
<br />
Hmm.<br />
<br />
If you had one cubic mole of something, how many atoms are in there? Well, that's (10**23)**3, or about 10**69. That's not 10**86, but it's close. How many cubic moles are 10**86 atoms then? Well, about 86/69, or about 1.25 cubic moles.<br />
<br />
So the total sum of all atoms in the universe is just 1.25 cubic moles? Or rather, let's topsy turvy this. There are more atoms in 1.3 cubic moles of water than the universe.<br />
<br />
Ah snap. I broke the universe. ** walks in shame **<br />
<br />
[1] https://www.universetoday.com/36302/atoms-in-the-universe/<br />
[2] https://www.britannica.com/science/Avogadros-number<br />
<br />
<br /><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-34075353075244984772018-11-30T10:49:00.002-08:002018-11-30T10:49:57.088-08:00HTML Core ObfuscatorIt's time for <i>HTML of the future</i> to give us the ability to obfuscate data in-memory. If password fields were stored as obfuscated values, then there would be a very low chance of a password recovery by any person or any exemplary skill. Plus, we wouldn't have to rely upon client-side JS to do hash obfuscation.<br />
<br />
I suggest a simple extension to the input form element:<br />
<br />
[ input type='password' obfuscator='sha512;salt=FooFooFoo' ]<br />
<br />
We would define our own salt, or no salt, to keep the hash consistent (homomorphic) across creation and challenge.<br />
<br />
This can be done with JS but it doesn't prevent malicious adware JS from exploring the DOM and getting the "value()" property of an input element that is named "password".<br />
<br />
Pretty please?<br />
<br />
<br /><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-53461737317349597342017-09-07T12:17:00.003-07:002017-09-07T12:17:44.304-07:00HP Web Site Failure<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-U9OhhC-sHx0/WbGa3dms4WI/AAAAAAAAABU/44ZicdUI95wPeP9lJlnZAtHuokqzpkpagCLcBGAs/s1600/broken-hp-site.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1128" data-original-width="1392" height="259" src="https://1.bp.blogspot.com/-U9OhhC-sHx0/WbGa3dms4WI/AAAAAAAAABU/44ZicdUI95wPeP9lJlnZAtHuokqzpkpagCLcBGAs/s320/broken-hp-site.png" width="320" /></a></div>
<div>
<br /></div>
<div>
The HP site for buying stuff on their Labor Day Sale is broken. I tried it on other computers and each had the same result. Not sure if HP was able to sell anything on their big sale weekend, but I couldn't buy anything.</div>
<div>
<br /></div>
<div>
Funny part was the feedback widget that didn't work. Not only could I not buy anything from HP but I couldn't report the problem I was having.</div>
<div>
<br /></div>
<div>
Maybe someone at HP could run this through QA again.</div>
<br /><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-54383047305212861622017-05-30T12:40:00.002-07:002017-05-30T12:40:15.432-07:00Gonna Get You SuckaSo my 3rd grade daughter writes a note at the beginning of the year (last year). It says "I am coming to get you," and it's just a joke note as a group of the kids are doing this. They're young, 2nd graders, and they do dumb things. Zero tolerance is the policy at the school so she has to write an apology and go visit the principal's office and I had to pick her up from school. She's scared and crying. Another kid also writes a note, a boy, and he gets the third degree too. I looked at her cohort and he was mortified. He was 8.<br />
<br />
Today, Alfonso Nevarez a Democrat legislator from Texas [1] makes a similar verbal claim that he is going to "get you" to a fellow legislator. What happens? He gets on CNN and denies it [2].<br />
<br />
Apparently we hold our grade school children to a higher standard of behavior? Maybe the standards of behavior are lower in Texas. I won't speak for Texans, but if he were a California rep we'd be asking for his removal.<br />
<br />
[1] https://www.txdirectory.com/online/person/?id=44687<br />
[2] http://thehill.com/blogs/blog-briefing-room/news/335593-texas-dem-denies-threatening-colleague-on-legislature-floor<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-18579799598393898472017-05-10T10:58:00.001-07:002017-05-10T10:58:16.618-07:00TLS 1.2 and PCIAs you may know, the payment card industry is moving quickly to adopt TLS 1.2 and get rid of less secure protocols.[1] To this end, Authorizet.Net has turned off TLS.1.2 on its sandbox environment as of April 30, 2017. [2]<br />
<br />
The curious part about this change is how it impacts the developer world. We have some older projects built using VS2010 (msbuild) and old web deploy projects. Up until April 30, we could build those with .NET 4 and VS2010. So we happily and blindly did that, until May 1.<br />
<br />
Starting May 1 we started to see those pesky communication disconnection errors. Darn, what is that? Well, that's the TLS 1.2 requirement in sandbox. So we apply the fix and discover that .NET 4 does not have the TLS 1.2 enum SecurityProtocolType. Well, double bummer.<br />
<br />
When we move on to .NET 4.5.1 to get that SecurityProtocolType.Tls12 we discover that we can no longer use VS2010 msbuild. Why? Because that old VisualStudios can't build .NET 4.5.1. [3] How fun is that?<br />
<br />
With one change from an unrelated industry our development environment will be forced to phase out anything prior to VS2013, and thus all web deploy projects. Now we have to adopt a different web application build workflow. I am sure we are not alone.<br />
<br />
There are alot of developers who resist migrating to newer versions of VS. I remember one guy who was adamant that VS2010 was the best IDE ever built by Microsoft and tried everything to keep it working. We only keep it around for the old web deploy projects for some apps that are huge.<br />
<br />
Hasta la vista, baby!<br />
<br />
<br />
[1] http://help.theatremanager.com/frequently-asked-questions/june-2016-use-tls-11-and-authorizenet<br />
[2] https://github.com/AuthorizeNet/sdk-php/issues/222<br />
[3] http://stackoverflow.com/questions/12390175/targeting-net-framework-4-5-via-visual-studio-2010<br />
<br /><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-32072219426212618192017-04-27T22:02:00.002-07:002017-04-27T22:02:35.342-07:00CancerLooking at a picture of my mother laying in her hospital chair taking her chemo medication makes me think about cyber. Our bodies are a network of connected computers. Blood and lymph are the communication channels that relay information between these computers. The mainframe, of course, is your brain, which is another highly connected network of computers.<br />
<br />
When cancer invades it starts by infiltrating a system. The system is homomophic usually, which makes it easier for the cancer (cyber infiltrator) to gain its foothold. Sometimes the infiltrator moves fast and runs through multiple systems wrecking havoc. Yet there are those infiltrators who move slow, learning each system as it goes slowly through the entire system. Nonhodgkins Lymphoma is that slow hacker. That's what my mother has. She's had this for a very long time. Mostly ignored by her "doctors" 8, 12, maybe 30 years ago, finally they see the infiltration and recognize the need to respond.<br />
<br />
Once the cancer becomes apparent, like the infiltrator, we struggle to figure out where it started. That's where we need to address the treatment otherwise we just move it around. That sounds exactly like the cat and mouse chase of counter infiltration. How do we backtrack?<br />
<br />
None of the medical "doctors" who work on my mother are savvy enough to even think about this concept. They are mostly preoccupied with billing medicare and collecting their fee for their time. The nurses care, but they're so overwhelmed (like those network techs) that they don't have time to think deeply. Who can stomach a deep dive on the root cause when your system is about the suffer a catastrophic failure, right? Dead humans make for bad test subjects.<br />
<br />
Let's work backwards from the visible evidence of infiltration. We see the "cancer" tumor which is the equivalent of a malware drop or data erase, or even a damn DNS exfil that the Cisco guy described. How the infiltrator get into that zone? We look at the path you would take, follow the network, the connected lymp tissue and where it could stage. Look for a similar exploit in that staging area and then again, backtrack. Like a worthy infiltrator, you eventually find rings of exploit that lead back to themselves. That's the frustrating part, and it's the part where most just stop looking. There's always a trail, often some escape that transcends the homomorphic nature of the system.<br />
<br />
So you jump across system barriers too. Instead of on a Windows system, you look into the Linux network that has a physical separation (maybe it was your IB HPC network). This is akin to looking into the circulatory system (blood) where it intersects with the lymphatic system, i.e. the liver. The liver would be another computing system with an embedded switch. You look for signs of collateral infiltration, for instance signs of renal cancer (she had that a few years ago).<br />
<br />
In all of this backtracking you keep looking for the infiltrator. There is a fingerprint out there, there is always a fingerprint. No matter if it's cancer or a hacker, each infiltrator leaves its mark where it started. Not even the most fantastic NSA red team hacker is immune to leaving a trace. Not every trace is measured in the system they infiltrator.<br />
<br />
I am a firm believer that most cancers are the result of viral infection that goes unstopped by an immune system. Sometimes that IPS doesn't know how to handle the foreign "zero day" known as cancer. Maybe one day I will be able to reconnect with Travis, the virology cohort I knew during my SERS experience.<br />
<br />
Until then, somebody still needs to collect on the $100 challenge. How many neutrons does it take to make a black hole? My hundo awaits...<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-74072335649213244052017-04-27T08:44:00.004-07:002017-04-27T08:44:41.828-07:00EzLynx Splunk regexLooking to extract the EzLynx app and quote IDs from those referrer URLs in splunk?<br />
<br />
Use this regex:<br />
<br />
^.+(app\.ezlynx\.com).+[qQ]uote[dD]etails\.aspx\?[aA]pp[qQ]uote[iI]d=(?P<ezlynx_quoteid>\d+)(&[aA]pp[iI]d=(?P<ezlynx_appid>\d+))?\".*$</ezlynx_appid></ezlynx_quoteid><br />
<br />
I still take coffee as payment.<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-69243922938663626092017-04-19T08:38:00.001-07:002017-04-19T08:38:47.063-07:00Password InsecurityI tried to change my password today on a contractors portal. My password is 20 characters long. It's pretty strong as far as I am concerned. So I enter a new one and what do I get?<div>
<br /></div>
<div>
<span id="lblError_lblErrorMessage" style="color: red; font-weight: bold;">The password does not meet the minimum requirements: password length cannot be less than 15 characters and greater than 50 characters and password must have 1 character of each of the following character types: upper case letter, lower case letter, number, symbol. In addition, your new password must be different than the previous 10 passwords, must have at least 4 characters different than your most recent password and cannot be changed more than once in 24 hour period.</span></div>
<div>
<span style="color: red; font-weight: bold;"><br /></span></div>
<div>
That's a long message saying my password is not secure. What is particularly interesting?</div>
<div>
<br /></div>
<div>
<span style="color: red; font-weight: bold;">must have at least 4 characters different than your most recent password </span></div>
<div>
<br /></div>
<div>
Yup, that's the fun statement that says all passwords on this system are reversible. Maybe they use CryptDB [1]? I don't really know, but I highly doubt it. Yet, all of the password "strength" mumbo-jumbo you throw at your password system means very little if the passwords are reversible. I suppose this was more clever US Cyber Security Guidelines advice. Who is in charge of that again??</div>
<div>
<br /></div>
<div>
[1] https://css.csail.mit.edu/cryptdb</div>
<div>
<br /></div>
<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-46780546027931029712017-03-29T11:27:00.001-07:002017-03-29T11:27:45.296-07:00Whiskey Tango FoxtrotToday is one of those Whiskey Tango Foxtrot kind of days. I've been tracking a real November Sierra since December, and even reported it. I figured it was a bug, so I submitted it to the security folks. Their response? "We're not the team for this problem." ok.<br />
<br />
Now today I see two data points, one weird-o one-timer kind of probe. Yup, for real, a solo IP in the gigabytes of logs that my splunk eats. Yet this IP correlates with another IP that has been on my radar.<br />
<br />
So I get out my splunk and pull a "deny" query on this IP. Not only does it generate IPS hits from my desktop, outbound to destination, but I see inbound activity from this IP (also denied, of course).<br />
<br />
<span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">(</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t"><span class="t"><span class="t">2017</span>-<span class="t">03</span></span>-<span class="t">29T17</span></span>:<span class="t">56</span></span>:<span class="t">44</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">) </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">firewall</span>:</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">msg</span>_<span class="t">id</span></span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">3000</span>-<span class="t">0150</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t a" style="background-color: #fae4ae; border-bottom: 4px solid rgb(250, 228, 174); border-top: 4px solid rgb(250, 228, 174); color: #004c69; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">Deny</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">1</span>-<span class="t">Trusted</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">0</span>-<span class="t">External</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">9840</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">tcp</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">20</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">64</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> [desktop_ip]</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t a" style="background-color: #fae4ae; border-bottom: 4px solid rgb(250, 228, 174); border-top: 4px solid rgb(250, 228, 174); color: #004c69; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t"><span class="t"><span class="t">184</span>.<span class="t">86</span></span>.<span class="t">92</span></span>.<span class="t">71</span></span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">12766</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">80</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">offset</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">5</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">A</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">2936268642</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">win</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">342</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">signature</span>_<span class="t">name</span></span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">WEB</span>-<span class="t">CLIENT</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">WScript</span>.<span class="t">Shell</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">Remote</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">Code</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">Execution</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">-<span class="t">1</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> (</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">Ransomware</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">A</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">signature</span>_<span class="t">cat</span></span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">Access</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">Control</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">signature</span>_<span class="t">id</span></span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">1110895</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">severity</span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">5</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">geo</span>_<span class="t">dst</span></span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">USA</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">msg</span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">IPS</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">detected</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" (</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">HTTP</span>-<span class="t">proxy</span></span>-<span class="t">00)</span></span><br />
<span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><br /></span></span>
<span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">(<span class="t"><span class="t"><span class="t"><span class="t"><span class="t">2017</span>-<span class="t">03</span></span>-<span class="t">23T08</span></span>:<span class="t">35</span></span>:<span class="t">36</span></span>) <span class="t"><span class="t">firewall</span>:</span> <span class="t"><span class="t"><span class="t">msg</span>_<span class="t">id</span></span>=</span>"<span class="t"><span class="t">3000</span>-<span class="t">0148</span></span>" <span class="t a" style="background-color: #fae4ae; border-bottom: 4px solid rgb(250, 228, 174); border-top: 4px solid rgb(250, 228, 174); color: #004c69;"><span class="t">Deny</span></span> <span class="t"><span class="t">0</span>-<span class="t">External</span></span> <span class="t">Firebox</span> <span class="t">936</span> <span class="t">tcp</span> <span class="t">20</span> <span class="t">56</span> <span class="t a" style="background-color: #fae4ae; border-bottom: 4px solid rgb(250, 228, 174); border-top: 4px solid rgb(250, 228, 174); color: #004c69;"><span class="t"><span class="t"><span class="t"><span class="t">184</span>.<span class="t">86</span></span>.<span class="t">92</span></span>.<span class="t">71</span></span></span> [office-ip] <span class="t">80</span> <span class="t">1847</span> <span class="t">offset</span> <span class="t">5</span> <span class="t">A</span> <span class="t">2554649786</span> <span class="t">win</span> <span class="t">913</span> <span class="t"><span class="t">msg</span>=</span>"<span class="t">tcp</span> <span class="t">syn</span> <span class="t">checking</span> <span class="t">failed</span> (<span class="t">expecting</span> <span class="t">SYN</span> <span class="t">packet</span> <span class="t">for</span> <span class="t">new</span> <span class="t">TCP</span> <span class="t">connection</span>, <span class="t">but</span> <span class="t">received</span> <span class="t">ACK</span>, <span class="t">FIN</span>, <span class="t">or</span> <span class="t">RST</span> <span class="t">instead</span>)<span class="t">.</span></span></span><br />
<span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><br /></span></span>
That IP (184.86.92.71) is owned by non-other than Microsoft. They host the OfficeCat update content on Akamai:<br />
<br />
<span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">(</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t"><span class="t"><span class="t">2017</span>-<span class="t">03</span></span>-<span class="t">29T17</span></span>:<span class="t">56</span></span>:<span class="t">45</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">) </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">http</span>-<span class="t">proxy</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">[</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">2026</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">]</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">:</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">msg</span>_<span class="t">id</span></span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">1AFF</span>-<span class="t">0021</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">Allow</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">1</span>-<span class="t">Trusted</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">0</span>-<span class="t">External</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">tcp</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> [desktop_ip]</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t a" style="background-color: #fae4ae; border-bottom: 4px solid rgb(250, 228, 174); border-top: 4px solid rgb(250, 228, 174); color: #004c69; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t"><span class="t"><span class="t">184</span>.<span class="t">86</span></span>.<span class="t">92</span></span>.<span class="t">71</span></span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">12768</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">80</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">msg</span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">ProxyAllow</span>:</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">HTTP</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">Request</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">categories</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">proxy</span>_<span class="t">act</span></span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">HTTP</span>-<span class="t">Client</span></span>.<span class="t">1</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">cats</span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">Information</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"> </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">Technology</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">op</span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">GET</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">dstname</span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">www</span>.<span class="t a" style="background-color: #fae4ae; border-bottom: 4px solid rgb(250, 228, 174); border-top: 4px solid rgb(250, 228, 174); color: #004c69;"><span class="t">microsoft</span></span></span>.<span class="t">com</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t">arg</span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t"><span class="t"><span class="t"><span class="t"><span class="t"><span class="t">/<span class="t">office</span></span>/<span class="t">offcat</span></span>/<span class="t">2</span></span>.<span class="t">5</span></span>/<span class="t">en</span></span>/<span class="t">offcat</span></span>.<span class="t">nextversion</span></span>.<span class="t">xml</span></span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" </span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">geo</span>_<span class="t">dst</span></span>=</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">"</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">USA</span><span style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;">" (</span><span class="t" style="background-color: white; color: #333333; font-family: "Droid Sans Mono", Consolas, Monaco, "Courier New", Courier, monospace; font-size: 12px; white-space: pre-wrap;"><span class="t"><span class="t">HTTP</span>-<span class="t">proxy</span></span>-<span class="t">00)</span></span><br />
<br />
I sent email to security at microsoft.com explaining how this first showed up in December during a Visio update (2AM kind of MSFT update). They responded with the "yeah, not our problem," kind of email.<br />
<br />
The other November-Sierra involves a fast tripwire that implicated Microsoft again. That one won't go up on the blog until after I get a response from BigSoft's contact.<br />
<br />
Fun times.<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-982516199655146122017-03-03T09:36:00.001-08:002017-03-03T09:36:43.070-08:00Outlook ConfigurationTo read all email in text and be able to extract the mail using mail headers:<br />
<br />
> regedit<br />
HCU/Software/Microsoft/Office/16.0/Outlook/Options/Mail<br />
MinimalHeaderOn = 0 (dword)<br />
ReadAsPlain = 1 (dword)<br />
SaveAllMIMENotJustHeaders = 1 (dword)<br />
<br />
restart Outlook afterwards, maybe even reboot just for good measure. Now you get to see all of those phishy urls in the emails and you can get all of those embedded image attachments as raw encoded binary when you get the header details on the message.<br />
<br />
Put the Message Options button in the hot button task bar so you can quickly get this info.<br />
<br />
No more phishy phish from the numbskulls.<br />
<br />
I take payment in coffee. It's been a long time since I've had Jamaica Blue Mountain. Just saying.<br />
<br />
If you know how to disable the jpeg thumbnail render of attachments, please share on twitter. That's an obvious vector.<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-43368770274571024912017-03-01T08:31:00.000-08:002017-03-01T08:31:01.132-08:00USAA PhishMIJN Security Partner.<br />
Placotiweg 2K<br />
4131 NL Vianen (Netherlands)<br />
<br />
You are the proud hoster of alpacasvomhahnerfeld.de, which resolves to 185.41.127.3. This domain is the landing domain for a phishing email targeting USAA members.<br />
<br />
"Dear Customer,<br />
<div class="MsoPlainText">
<o:p></o:p></div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
Your account has been locked due to an update in our
security features, we were unable to update your account. For your protection,
online access to your account will remain locked until we properly verify your
identity.<o:p></o:p></div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
To re-instate your access, view your account below to
start the update process."</div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
Good try. You even go as far as embedding USAA content (usaa.com) into the email. There is even a twitter.com link, of all things. Very good try.</div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
Farther down in the email you try to distance yourself from pretending to be the USAA:<o:p></o:p></div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
"USAA means United Services Automobile Association and its insurance, banking, investment and other companies . Banks Member FDIC."</div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
The email "from" is "foi at gkclasses.com" which is entirely irrelevant.Except that the email originated out of 104.239.173.146, which is a Rackspace IP (hoster of gkclasses.com).</div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
This was the weakest phish I've seen in a long time. If this was you, Bearded Michiganite and neighbor of the beast, then I am disappointed. That AMEX phish you did was a Rembrandt compared to this rubbish.</div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
Received: from [104.239.173.146] ([127.0.0.1]) by gkclasses.com with Microsoft SMTPSVC(7.5.7601.17514);</div>
<div class="MsoPlainText">
<span class="Apple-tab-span" style="white-space: pre;"> </span> Wed, 1 Mar 2017 14:03:18 +0000</div>
<div class="MsoPlainText">
boundary="===============1676980232=="</div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
There was even a facebook link: USAA?EID=3D87909-0411_body haha. </div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
What does Status=CONNECT mean at ICANN though? That's pretty clever. </div>
<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-35342625912989211862017-02-06T09:34:00.003-08:002017-02-06T09:34:57.809-08:00Western Digital and IP 78.137.100.54We have an RX4100 and a DX400 series Sentinel device in two separate networks. Every week I get an IPS hit on 78.137.100.54 for a buffer overflow:<br />
<br />
<a href="http://www.watchguard.com/SecurityPortal/ThreatDetail.aspx?rule_id=1054796" rel="nofollow" target="_blank">Watchguard IPS Notice</a><br />
<br />
I've ignored this in the past because I couldn't find much information about it. Plus, the IPS is denying it, so I didn't pay much attention to it.<br />
<br />
Today, though, I dug a little bit deeper.Turns out 78.137.100.54 is Star Wind, which is a virtual storage software provider (in Germany).<br />
<br />
<a href="https://www.starwindsoftware.com/" rel="nofollow" target="_blank">https://www.starwindsoftware.com/</a><br />
<br />
I couldn't find the offending header that was triggering the IPS. We don't track that level of detail in the IPS detection, unfortunately. That would be a nice thing to have.<br />
<br />
Why the WD devices are contacting StarWind on a weekly basis is unknown to me. I don't recall any disclosures about that activity when I bought these devices.<br />
<br />
We're retiring that RX4100 soon. It's network cards always go offline for no apparent reason. Other IT people have reported a similar experience with the RX4100. That usually happens at night, which is no big deal, but sometimes it happens at the start of the business day. That's happened enough times to warrant immediate retirement.<br />
<br />
We've purchased a Synology to replace it. Hopefully the Synology does't make unexpected outbound connections to a German ISV.<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-57522092505556062452016-12-14T16:00:00.000-08:002020-05-21T11:02:53.586-07:00Joined #TOKUGAWAThe first track-back (reversal) I did was on some Japanese hackers who staged out of South America. Here's an excerpt from the log of the server they attacked:<br />
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">200.165.33.242 - - [18/Jun/2006:19:16:50 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 51<br />200.165.33.242 - - [18/Jun/2006:20:32:28 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 62<br />200.165.33.242 - - [18/Jun/2006:20:32:34 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 6568<br />200.165.33.242 - - [18/Jun/2006:20:33:04 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 34<br />200.165.33.242 - - [18/Jun/2006:20:33:08 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 6564<br />200.165.33.242 - - [18/Jun/2006:20:33:14 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 34<br />200.165.33.242 - - [18/Jun/2006:20:33:19 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 6574<br />200.165.33.242 - - [18/Jun/2006:20:33:25 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 34<br />200.165.33.242 - - [18/Jun/2006:20:34:00 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 34<br />200.165.33.242 - - [18/Jun/2006:20:34:16 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 34<br />200.165.33.242 - - [18/Jun/2006:20:34:32 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 34<br />200.165.33.242 - - [18/Jun/2006:20:34:36 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 56<br /></span><div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">(***) 200.165.33.242 - - [18/Jun/2006:20:34:43 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 34<br />(***) 200.165.33.242 - - [18/Jun/2006:20:34:59 -0500] "GET /cartaoUOL/ HTTP/1.1" 200 43611<br /><br />200.165.33.242 - - [18/Jun/2006:20:35:24 -0500] "GET /cartaoUOL/ HTTP/1.1" 200 43611<br />200.165.33.242 - - [18/Jun/2006:20:35:41 -0500] "GET /cartaoUOL/ HTTP/1.1" 200 43611<br />200.165.33.242 - - [18/Jun/2006:20:39:47 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 62<br />200.165.33.242 - - [18/Jun/2006:20:39:55 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 6574<br />200.165.33.242 - - [18/Jun/2006:20:40:00 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 52<br />200.165.33.242 - - [18/Jun/2006:20:40:09 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 34<br />200.165.33.242 - - [18/Jun/2006:21:07:48 -0500] "GET /cgi-bin/ikonboard.cgi HTTP/1.1" 200 62<br />200.165.33.242 - - [18/Jun/2006:21:08:25 -0500] "GET /cartaoUOL/ HTTP/1.1" 404 133</span><div>
<br />
Note the tell-tale "ikonboard" which in 2006 had all sorts of security problems. What you should immediately see in this listing is the test of "cartaoUOL" with a 404, then some CGI work, then suddenly "cartaUOL" exists. That was the start of the exploit.</div>
<div>
<br /></div>
<div>
They went on to add their IRC bot for the C&C and start exploring the file system. They defaced the web site and caused all sorts of embarrassment. Their target was an athletic association that helped kids. Way to go h4x0r! 1337 skillz with milkshakes.</div>
<div>
<br /></div>
<div>
200.165.33.242 - that's a Brazilian IP, naked just like a brazilian. The IRC bot called back to irc.irchighway.net and connected to the #TOKUGAWA room. There it looked like the bot was trying to upload some 30MB file:</div>
<div>
<br /></div>
** 2005-11-08-20:38:29: DCC Send Accepted from Named: [animesquest]_imyme01.rm (30622KB)<br />** 2005-11-08-20:38:29: Upload Connection Established<br />** 2005-11-08-20:38:32: Upload: Connection closed: Connection Lost<div>
<br />
All of this was happening on:</div>
<div>
<br /></div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">** 2005-11-08-20:37:55: NOTICE: :Named!named@76b3cfb.3d716d1f.telesp.net.br NOTICE TK|Sasuke :DCC Chat (200.158.244.210)</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span><div>
200.158.244.210 was also Brazil. It's Telefonica now.</div>
<div>
<br /></div>
<div>
The ISP hosting the site ran a scan of the virtual host and found some compromised files. </div>
<div>
<br /></div>
<span style="font-family: Courier New, Courier, monospace;">www/cgi-bin/<br />bindz : Backdoor.Trojan<br />php : replacement script for PHP executable<br />sn : unknown script/executable<br />sitevars : help script<br />www/<br />new.cmd : Infostealer.Bancos</span><div>
<br />
They were able to do this because the web process was running elevated and had permission to write over itself. Something more common in 2005 than in 2016, thankfully.</div>
<div>
<br /></div>
<div>
They left their "snarf.c" and its compiled executable. Mostly these were amateur hackers who were just experimenting with a site that was very unsecured. I remember digging into their irc traffic and finding some irc logs published on the internet. That's where I learned that they were Japanese and had been using another relay "jump" node out of Uruguay. I don't have records on that anymore.</div>
<div>
<br /></div>
<div>
The owners of those IP addresses back in 2006:</div>
<div>
<br /></div>
<div>
<div>
inetnum: 201.14/16</div>
<div>
aut-num: AS8167</div>
<div>
abuse-c: BTA17</div>
<div>
owner: Brasil Telecom S/A - Filial Distrito Federal</div>
<div>
ownerid: 076.535.764/0326-90</div>
<div>
responsible: Brasil Telecom S. A. - CNRS</div>
<div>
address: SEPS 702/092 Cj. B - Bl B 3 andar Gen. Alencastro, S/N,</div>
<div>
address: 70390-025 - Brasilia - DF</div>
</div>
<div>
<br /></div>
<div>
<div>
inetnum: 200.165/16</div>
<div>
aut-num: AS7738</div>
<div>
abuse-c: CGR13</div>
<div>
owner: Telemar Norte Leste S.A.</div>
<div>
ownerid: 002.558.134/0001-58</div>
<div>
responsible: Marlemar Telgon</div>
<div>
address: Rua Humberto de Campos, 425, 7º andar</div>
<div>
address: 22430-190 - Rio de Janeiro - RJ</div>
</div>
<div>
<br /></div>
<div>
<br /></div>
</div>
<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-69427203098001998822016-12-12T13:43:00.001-08:002016-12-12T13:43:58.408-08:00GuessworkDear Mr. Perez, the CIA does not engage in "guesswork." To say on national news (CNN 12/12/2016, 12:02PM Pacific, COX channel 1031) that the CIA used "guesswork" to conclude that "Russians" were engaged in cyber-espionage to influence our electoral process is insulting to an army of people who have dedicated their lives protecting your right to say that they are engaged in "guesswork."<br />
<br />
This national concern with the FBI and CIA and their "counter" analysis of the cyber activity around the DNC/RNC "hacking," is a clear show of how the American public has lost trust in its intelligence community. I wonder when the mistrust of these organizations started. Could it be the way in which Hollywood has depicted them? I can't remember the last movie I saw where FBI cyber operations was portrayed in a positive manner.<br />
<br />
The FBI investigates crime. For crime to happen there has to be a victim. You could argue "liberty" and "freedom" being the victims in the DNC hack. Yet, that's not what FBI is investigating. It appears they are approaching this from a "Clinton Campaign" as the victim of a retaliation attack. [1][3][5]<br />
<br />
On the CIA side, investigations are centered around influence and misrepresentation. For them to conclude anything there has to be a case of broken trust and influence. That is why they appear to be focused on the "Trump Campaign" as a victim. [2][5]<br />
<br />
In both analysis, though, the same intelligence is at work. The same analysis has happened. An unauthorized entity, with high likelihood of connection to Russian interests, has engaged in felony cyberterrorism against a private political entity with national level influence. While a private entity hack, it is still a great concern and should be dignified with a similar level of outrage by our governing representatives.[7]<br />
<br />
Yet, I can't be me without the conspiracy theory, right? So there is a conspiracy angle to this, and that's the IC is <i>the source</i> of the DNC/RNC hack, and the RNC hack was likely just a me-too. [4] You told me "your government is not trying to deceive you," and I believe you. Yet, the greatest tool of deception is plain sight.<br />
<br />
As for those electorates who think they are entitled to see classified intelligence reports? I have to wonder about their motivations. Maybe they are trying to smoke out CI's? You need to trust the IC when it tells you it has conclusive evidence. Intelligence reports are hundreds of pages of back story and interrogations. You don't have the IQ to ingest that data and make use of it in a productive manner.<br />
<br />
[1] http://www.redstate.com/absentee/2016/12/12/trump-cia-fbi-russia-dnc-rnc/<br />
[2] https://www.washingtonpost.com/world/national-security/obama-orders-review-of-russian-hacking-during-presidential-campaign/2016/12/09/31d6b300-be2a-11e6-94ac-3d324840106c_story.html<br />
[3] http://www.politico.com/story/2016/07/clinton-putin-226153<br />
[4] http://www.zerohedge.com/news/2016-10-22/nsa-whistleblower-us-intelligence-worker-likely-behind-dnc-leaks-not-russia<br />
[5] https://www.washingtonpost.com/business/economy/russian-propaganda-effort-helped-spread-fake-news-during-election-experts-say/2016/11/24/793903b6-8a40-4ca9-b712-716af66098fe_story.html<br />
[6] http://www.usatoday.com/story/opinion/2016/10/24/russian-hacking-dnc-podesta-clinton-passwords-column/92647858/<br />
[7] http://chicagoist.com/2016/12/12/joe_walsh_donald_trump_third_grader.php<br />
<br />
Merry Christmas you guys. Maybe we'll see each other at Islands again.<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-88201321810522568822016-12-07T17:00:00.001-08:002016-12-07T17:00:42.463-08:00Tyranosaurus'rex'Today I discovered REX. This is the regular expression extract tool for splunk. As I stared at these syslog records I wonders, how can I get the IP addresses of that shiznit? rex was the answer.<br />
<br />
A simple rex for a WatchGuard log to get the allow/deny on a report:<br />
<br />
[the search] | rex field=_raw ".(?<result>Allow|Deny)."</result><br />
<br />
Yes, that's a pipe, because you are piping the results through rex. Splunk just gets more and more fantastic.<br />
<br />
Alas, I am at 82% of my license. I'm going to have to fork over another G-note to expand my collection. It's worth it because I love to bask in the orgy of denial.<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-70896628892122215172016-12-01T11:47:00.001-08:002016-12-01T11:47:45.674-08:00Chrome and Google DNSYou should lock down your DNS. No machine should be calling out to the DNS upstream. You should setup a local DNS relay so that all DNS goes through that, and that machine can then relay upstream to the ISP DNS.<br />
<br />
That said, you may find one day that your box is calling out to DNS on 8.8.8.8 or 8.8.4.4. A quick ARIN lookup on those and you see it's Google. Turns out, if you are using Chrome, then you will see these DNS requests appear in your logs.<br />
<br />
Chrome calls up to 8.8.8.8 and 8.8.4.4 to check "internet" health. If it can't get a connection to those IP addresses then it boldly proclaims there is no internet connection.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-EpJ5ZyIaoEs/WEB-UX_ni8I/AAAAAAAAAAc/2hpFVl725AkxK4qSh3vs4LoNPH0rznAlwCLcB/s1600/chrome-dns-deny.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="13" src="https://4.bp.blogspot.com/-EpJ5ZyIaoEs/WEB-UX_ni8I/AAAAAAAAAAc/2hpFVl725AkxK4qSh3vs4LoNPH0rznAlwCLcB/s320/chrome-dns-deny.png" width="320" /></a></div>
<br /><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-63748485177234212412016-11-29T22:17:00.000-08:002016-11-29T22:17:33.604-08:00401K and IRAYou asked why I don't like to invest money into 401K and IRA funds. Well, I do. The problem with a 401K is in the government management and oversight. The small business I own is designed for heavy weight at the top of the salary scale as it's a Subchapter S corporation. That means all of the profit passes through to the principal shareholder at the end of the fiscal year. That pushes my income to very high levels sometimes, much higher than the employees. As a result, the audit on the 401K causes a reimbursement of funds to make it "fair."<br />
<br />
Every year I get a fat check back out of the 401K that I don't want. So what' the point of investing money into a retirement fund that refuses to grow past an arbitrary limit. it's a waste for me and so I don't put excess money into it.<br />
<br />
The IRA is another fun vehicle. There are limits on how much you can put into that type of fund. Then you have to hope that it grows. I have a Legg-Mason IRA and for about 5 years it did nothing. It lost some money and then finally started to get some life. I'd rather not put money into an idle account like that when I have more fun things to do with it.<br />
<br />
The best investment for your money is yourself. I like to use my money to invest in curious business plans, new pursuits with technology, and keeping myself from getting bored. I've spent a good amount of money over the years creating mobile games, experimental web applications, and new business ideas. Some of those ideas were met with government resistance and so I am burned out on them. The mobile games were expensive, but fun. There's very little opportunity in the mobile space. You have better luck playing black jack with your money.<br />
<br />
Instead of taking more money from my clients, I choose to throttle the money machine and slow down the burn. Helping my clients to maintain their cash flow means there is longer-term cash flow for my business too. Sure, I could take more money and put that into a 401K or IRA and get that reimbursement check every year. That doesn't really help me though. We all need long term cash flow opportunities, and we can get those only by taking what we need instead of taking all that we can get.<br />
<br />
I hope that answers your question da, tineh, john, lucy ...<div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-36504452881700628622016-11-07T22:22:00.001-08:002016-11-07T22:22:19.991-08:00Robot MeSome time ago, feels like years, my cousin's daughter proclaimed that she wanted to be a robot. She was 6 at the time, I think. Samurai Lucy probably knows the exact date of this conversation I had with my cousin, as it was on facebook.<br />
<br />
I told my cousin that her daughter was the greatest robot ever built. Indeed we are. Our soft bodies are cushions for the hard endoskeleton that keeps our body able to be rigid. We have control circuitry distributed throughout our bodies with a central computer. That central computer is controlled by an expert system that knows how to integrate signals and train several connected neural networks.<br />
<br />
We are the greatest robot ever built because we are self-locomotive. We create our own energy, don't need to get an external battery to replace old ones. Our computer is capable of work using single electrons and their quantum spin. Our ligature learns how to adapt to its environment, like those incredible Boston Dynamics [1] robots.<br />
<br />
We are the greatest robot ever built because we are self propagating. This is an important distinction because it supports panspermia [2]. From a tiny sperm with half of the host DNA and a gigantic egg with a whole bunch of DNA, their combination as a single cell turns into a trillion cells capable of writing this blog.<br />
<br />
Imagine those BD guys making those robots. One day they think, hey, how small can we make these robots. So they make lots of tiny robots, and even more tiny robots, and then nanoscale robots [3]. Now how do we make more of these monsters? That's tough, because we're manufacturing stuff, and that makes for waste and inefficiency. So those BD guys get to thinking again. How do we get this robot to make itself.<br />
<br />
So they make two pieces from a host. One that is the real host, the egg cell, with programming and capability to divide and make more of itself. Then the other is the "randomizer" code that is used to diversify the robots. Diversity is the mission profile of science, so these robots were made for scientific exploration.<br />
<br />
Where do we get the raw resources to make the robot, though? That's dirt. From dirt we get "food" which is just fancy dirt. Put that into a chemical reactor and pull off some carbon, oxygen, water, and electrons, and now you have a fuel cell. To clean up the chem byproduct, we can use bacteria (specialized nano robots) to convert even more complex molecular products.<br />
<br />
Now we have a fully operational robot that can adapt to its environment, propagate itself, and create its own energy. It can also heal itself when it is damaged, and in some cases, can even grow new support "organs." [4]<br />
<br />
Imagine you are stuck on a planet too, just like us. You create robotic satellites that explore the galaxy, and you send some robots out there like our Curiosity rover. They break and the mission is over. That really stinks. So you ask these BD guys to create you a dynamic robot that will not break so easily. You can't send it in a long space mission because it needs energy, so you keep it in a simple form, the two part DNA package (sperm and egg) and send it out into space. [5]<br />
<br />
The real question is how do you communicate with your space fairing robot? Do you program quantum entanglement so the robot's brain entangles with the origin system? Until we find a way to detect quantum entangled communication we will never know for sure. If it is entanglement, then we should be able to detect it across both space and time.<br />
<br />
[1] <a href="http://www.bostondynamics.com/">Boston Dynamics</a><br />
[2] <a href="https://en.wikipedia.org/wiki/Panspermia">Panspermia</a><br />
[3] <a href="https://en.wikipedia.org/wiki/Nanorobotics">Nanorobotics</a><br />
[4] <a href="https://www.ncbi.nlm.nih.gov/pubmed/22457174">Organ Repair and Regeneration</a><br />
[5] <a href="http://www.dailymail.co.uk/sciencetech/article-2955620/Did-aliens-send-metal-orb-seed-life-Earth-Microscopic-sphere-contain-microorganisms-claims-astrobiologist.html">Daily Mail - Titanium Germ Ball</a> and <a href="http://www.huffingtonpost.co.uk/2015/02/17/is-this-an-alien-seed-mysterious-metal-orb-is-baffling-scientists_n_6696474.html">Huffigton Post - Alien Seed</a><br />
<br /><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-18770379.post-11234521160161723192016-10-26T16:55:00.000-07:002016-10-26T16:55:09.786-07:00Splunk To root or Not To rootToday I added some add-ons to my splunk and did some sysadmin on the server. Restarted and noted the splunkd was not running. Ahh, well, that's typical. Starting the splunk daemon is easy enough:<br />
<br />
<a href="http://docs.splunk.com/Documentation/Splunk/6.5.0/Admin/StartSplunk">Start Splunk</a> - from the people who made splunk.<br />
<br />
There are two ways to start splunk, as you can read from above. One is to run the "splunk" process from your root shell after logging in. This will run splunk as root. The other is to use the nifty systemctl service script to daemonize the process.<br />
<br />
Prior to today, I had the same problem and ran the splunk process as root. This was foolish. If you happen to have once started splunk as root, and then successfully started splunk as the "splunk" user, you will find that your splunk login page is empty. You get the background picture, but no input controls.<br />
<br />
Damn. Google that, nada. Damn again.<br />
<br />
Today, I learned alot more about selinux and permissions and labels, so I investigated the "web_service" log (/opt/splunk/var/log/splunk/web_service.log) and found:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">IOError: [Errno 13] Permission denied: '/opt/splunk/var/run/splunk/session-d07528932b4314e72a9f5bccd0f85fb27e8f30bd.lock'</span><br />
<div>
<br /></div>
<div>
Double damn. So I run an "ls -lZ" on that var/run/splunk directory to see what is going on, and I find the following.</div>
<div>
<br /></div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace;">drwx------. splunk splunk unconfined_u:object_r:usr_t:s0 scheduler</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">-rw-------. root root unconfined_u:object_r:usr_t:s0 session-d07528932b4314e72a9f5bccd0f85fb27e8f30bd</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">-rw-------. root root unconfined_u:object_r:usr_t:s0 session-d07528932b4314e72a9f5bccd0f85fb27e8f30bd.lock</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">-rw-r-----. splunk splunk system_u:object_r:usr_t:s0 splunkd.pid</span></div>
</div>
<div>
<br /></div>
<div>
There it is, my foolishness. The lock files are owned by root and not splunk. Do a quick "chown splunk.splunk" on everything in the var/run/splunk directory, and reload your splunk login page.</div>
<div>
<br /></div>
<div>
You should have the login now.</div>
<div>
<br /></div>
<div>
I have found the splunk systemctl service to be very very (very) temperamental. Sometimes it works, sometimes not. I saw someone on my google quest suggesting a "su -c blah blah" on the service commands, but that's the wrong answer. Just keep trying to get it to work, eventually something magically gives-in and cooperates. I still don't know what that something "is." </div>
<div>
<br /></div>
<div>
Don't run splunk as root. Don't run any web thing as root. Typically don't run anything as root. You can try changing the service config files in /etc/systemd/system, but remember to run "systemctl daemon-reload" otherwise, you will get the whiney message about changes not being reloaded.</div>
<div>
<br /></div>
<br /><div class="blogger-post-footer">(c) Jacob W Anderson, all rights reserved. Syndication,
distribution, and any use other than directly from blogspot.com
is expressly forbidden. Read at your own peril. Cite at
your own demise. I am not responsible for any of the content in
this posting. None of this is fact, only fiction and opinion.</div>Unknownnoreply@blogger.com