IPv6 Woes

Noticed one particular social media site was demonstrating slow performance. For the past week or so, it has been frustrating to use. And because it was only this one site, where I saw the issue, I figured it was them.

Slowness across all websites would indicate a problem on my end. Slowness on just one? It seems like their issue.

Only… There were no other people really complaining about their slowness. And it lasted far too long. So, I started picking at it.

I started with the Chrome DevTools and its Network tab to watch where there is slowness. It only presented in the images. The HTML, Cascade Style Sheets, and JavaScript all downloaded fast. The images were slow. And they came from a different server.

I started exploring under which circumstances they presented a problem by looking at the same content in different contexts. The breakthrough came from looking at the networking.

A traceroute to compare the main URL with the media URL were odd. The IP address for the main website came back with an IPv4 address while the media one was IPv6. The traceroute data showed the www site was relatively snappy while the media site timed out on most tests.

So, to verify the IPv6 was the problem, I went into adapter settings and turned it off. Then, I restarted the adapter. Now, the traceroute test looks fast for both addresses. And the page quickly loads.

This suggests either my ISP, router, modem, or computer have an issue with the IPv6. That is annoying, but I will just leave it off for now.

False Memories

Apparently, I never posted about my complaint that one cannot replace a compromised Social Security Number the same as you can a bank card. I was sure I had written about it.

One possibility is that I did write something, but I deleted the draft without posting. About two-thirds of what I write suffers that fate. Either I discover the idea was without merit (aka evidence contrary to what I initially thought) or the logic behind the idea too tenuous to support publishing it.

Another possibility is that I thought about writing something, but I never actually wrote it.

Who knows? Certainly not me.

Maybe I can fix the first one by leaving things in the draft state for longer? Or privately publish them with a note why I no longer claim it?

Resolution Progress 2017: Third Quarter

(Original ; First Quarter ; Half ; Third-Quarter ; Final)

For the third quarter, I should have progressed about 75%. So, let’s see where I am.

TED Talk: How To Ask Good Questions

Why ask questions? Sometimes being able to ask a good question is more important than finding a good answer.

If the video above does not work, then try How To Ask Good Questions: David Stork at TEDxStanleyPark

What makes a question the best?

  • Clearly stated and unambiguous
  • There must be a solution
  • Solution method exists
  • Improved solution methods will likely be useful
  • Extremal
  • Goes to hear of issue
  • The “right” level
  • Leads to new questions

General techniques

  • Isolate components
  • Consider all attributes and combinations of attributes
  • Explore missing aspects
  • Consider extereme cases
  • How does X depend on Y?
  • How to measure?
  • Transisitions from state 1 to state 2
  • Invert things
  • Who, what, where, why, when?
  • Analogies
  • Different “languages” (math, code)
  • Different disciplines

How wide was the Equifax data breach?

143 million US consumers were caught up in the data breach. I keep seeing it portrayed as 44% of the US population. But, the US population includes children.

Initially, it seemed to me the better metric was 11 million more than all of 2016 IRS tax filers. The problems with this latter comparison? Lots of people who file taxes might not have a credit history and some with credit histories might not file taxes in a specific year. Which brings up taxes for a specific year comparing against people who had a credit history across many years is sketchy.

Other statistics give me headaches too.

  • The US Census’ latest 2016 estimate is that there were 325M (million) people in the country. The original 44% statistic is based on that.
  • The US Census’ latest 2016 estimate is that there were 249M adults in the country. That brings the percentage up to 57%.
  • The Bureau of Labor Statistics says in July 2017 when the hack occurred, there were 160M members of the civilian noninstitutionalized population. That excludes inmates and members of the armed forces most of whom probably have credit histories.

So, I took the BLS 160M and looked up the excluded populations.

  • It looks like there were about 1.5M in the prisons.
  • And there is about 1.4M active military.

Combining these, it looks like about 88% of people in the “potentially have worked population” were affected.

I feel good with the 88% number.

Really, though, everyone probably has had their SSN and birthday exposed.  If you have ever attended a K-12 school, post-secondary education, gotten insurance, gone to a doctor, engaged in any way with a financial institution, or given your SSN to a government entity, then you should assume that your personal information is ready to be exposed at any time. Nor should you rely on being told. The state of Georgia exposed every voter’s SSN to subscribers of the voting list by accident and notified no one because they felt the CDs being returned meant no one could have the info. (Because the subscribers could not have copied the files off the discs.)

Overuse of SSNs

The overuse of the Social Security Number bothers me.

Healthcare providers use the SSN. They all want it, so they all have it in their files and databases. Given the push to move records to electronic form, they all have it recorded in databases. This makes them tempting targets for fraudsters. They have to use the strongest security practices to protect the data which also makes working with it more difficult which leads to shortcuts that make them more vulnerable.

From Bruce Schneier,

It’s not just Equifax. It might be one of the biggest, but there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about you — almost all of them companies you’ve never heard of and have no business relationship with.

He goes on to talk about how companies are tracking our moves online and tying it to their profiles of our identity.

If my financial account (like a credit card number) is compromised, then the bank’s solution is to close the bad account and open a clean one for me. If my Social Security Number is compromised, then my solution is to closely monitor the opening of accounts using it. Getting a new SSN is very difficult because unlike a financial account, the number is my unique identifier.

Personally, I think the fine for a healthcare entity getting breached should be $100 per account. So, Anthem’s 2017 breach of 18,000 members would cost it $1,800,000. Anthem’s 2015 breach of 78.8 million would cost it $7.88 billion. (They got a fine of $115 million or about $1.50 per account.)

 

Acknowledgement

Trying to get a price quote from a vendor. It has been two full weeks. The first week plus was confusion within their organization who should be working on it. See, back in April they reclassified our account, so we got a different representative, which is fine. But four months later, they should not be repeatedly trying to have the old one work on the quote. Only when the old one realized that we were not his client did it get shifted to the correct person.

However, three days since then I just realized that I have not seen anything from our representative that he is in indeed aware of the quote, confirming what is supposed to be in the quote, or providing the estimated time it should take to provide us a quote.

Hopefully, I am not a narcissist, but this lack of acknowledgment made me nervous the request had been overlooked. After yet another poke of the vendor, we did finally get a quote. Overall, it was two weeks, one hour, 28 minutes later after the initial request. I hate to nag, but I also hate to allow the request to be overlooked. The acknowledgment lets me know the fulfiller knows about it and it not being done is due to something else.

Collected Quotes 2017-SEP-01

Life shrinks or expands in proportion to one’s courage.
— Anaïs Nin (via thepowerwithin)

Staying true to yourself is not about staying the same. It’s not about making a goal to be the exact individual whom you were since day one. Staying true means expressing what you think, feel, and value; regardless of when in your life it arises. You may not be the exact same person who you used to be, however that’s completely natural. You have simply grown and deepened your self image since then.
— Nicole Addison (via thepowerwithin)