Uncategorized

• We the People, and the Republic we must reclaim (post / video)
• Trial, error and the God complex (post / video)
• (post / video)
• (post / video)
• (post / video)

The primary reason I like Goodreads is for the easy tracking the books I read. The second reason is the friend reviews.

Basically, bookstore website reviews are inundated with fake reviews. Maybe the author or publisher buys them or has people who have never read it review it. Maybe people are reviewing it based on their love of other works by the author. An easy example is The Winds of Winter having 4,482 five star reviews and the sequel A Dream of Spring. Neither book has yet to be finished. In both cases, my friends have the books marked as to-read.

The scores from these reviews go into a ratings score. Basically the formula is for each star multiply by the number given it and total it, then divide by the total of reviews.

((5*n5)+(4*n4)+(3*n3)+(2*n2)+(1*n1)) / (n5+n4+n3+n2+n1)

What I prefer is the rating score for a book based on my friends not general users. I place a higher weight on my friends. So this friends rating score is more valuable to me whereas I treat the existing one with such skepticism it isn’t useful.

At present, I basically have to go to the book, scroll down to the friend ratings score.

What would be nice is a browser add-on to move the friends ratings score to higher in the page to just under the title. That ought to be fairly viable.

What would be harder is for pages like the currently reading list, having the add-on visit each page, pull the friend rating and replace each “avg rating” with the friends avg rating.

This past weekend, a friend invited us over to play board games. Two of the people there have been on Jeopardy. So, I found this advertisement interesting. And when I went to the feature explaining why I got the ad, I found that explanation lacking.

Supposedly, it was because I live in the US and am the right age and are similar to their existing customers. I don’t watch the show. I don’t follow their pages. My friends probably do. But, these two friends have very different interests.

My guess? Physical proximity to these friends triggered the ad.

A few years ago, I read Hacking: The Next Generation which mentioned using LinkedIn to research an organization to attack it. Pick out the CEO and send an urgent email from this person to a peon to phish them.

Last week, I heard about a Russian campaign attempting to leverage LinkedIn. I just got a connection request from someone supposedly in a small town near where I used to work. This woman was supposed to be a recruiter, but used the most awkward language in the profile. Stuff like a recruiter for US citizens.

I laughed so hard at this. It seemed obviously like someone who doesn’t understand Americans. Which is odd because your trolling the US election was far superior. Maybe I attracted the D team?

I texted a friend about his employer showing up in a movie. He replied a few days later that the owners were excited about this free marketing. I was curious whether this has prompted people to search for them. So, I looked in Google Trends. I liked the feature showing the states and clicked on Georgia and really liked the metro area map.

It made me curious about the definition of the metro areas. It wasn’t clear whether Athens was in the Atlanta or the Augusta metro area. Clicking on the metro area does pull up an “Interest by city” but there were too few results for the employer for it to give me a report. Expanding the window of time gave me the cities list. Also, searching for UGA also gave me the cities.

Athens is at the western edge of the Atlanta one. So, now I know where I sit.

Now, I am trying to get a better sense of the western boundary of the Atlanta metro by trying to come up with searches that are both common enough to list the cities between Athens and the border with the Greenville and Augusta metro areas. Pretty sure the counties that border Athens are included in the Atlanta metro one.

It would be nice to have a list of cities, but I gave up searching for one.

Google collects and retains location data from Android-enabled mobile devices when a Google account user has enabled Google location services. The company uses this information for location-based advertising and location-based search results. This information is derived from GPS data cell site/cell tower information, and Wi-Fi access points… It is probable that the unknown suspects of this investigation had cellular telephones which utilized either Google’s Android or Apple iOS operating systems.

Like all evidence, there is potential for issues when the collectors are not scrupulous.

1. Location services might be turned off. Really, if you don’t have a need, then it should be turned off. And, they tend to drain the battery, so turning it off would mean less frequent recharging.
2. Location services might not be precise. Several apps work on geofencing. The concept being that if a phone enters a certain location, then do something. As examples, I have something that will silence my phone when I get to work. Initially, I set it for not much wider than the building, but it often didn’t run. After a few iterations of expanding the area, it is now about a quarter mile wide and seems to be consistent now.
3. Device Identities. My wife let the stepson borrow her phone to play a game. He signed into Google on the Android device. While she signed back into her account, somehow she still got his Google Hangouts messages until she replaced the device. Google might report both of them being at the phone’s location if Hangouts provides location information.

A friend’s Facebook account sent a message with a video link titled, “When was this video?” My hackles were raised because:

1. I rarely get messages from this person.
2. It reminded me of the Is This You video Facebook Messenger virus.

If you clicked on either, then go to the link on #2 to get advice on kicking off the program with access to your account.

I grabbed the link, https://mnch.at/r?act=48a93ac45jkbhf455465548bc&u=236764556620374&p=112045350166462&h=c2446617ed and had wget download the content safely. It took a couple iterations having it ignore the SSL mismatch and supply a “valid” browser user-agent.

It looks like this new to me version uses a Web Bot service called Manychat to propagate. mnch.at is a short DNS name for it. That posts to the /r URI with the act variable. That redirects to Facebook. Unfortunately, the Facebook HTML is obtuse to read, so I stopped here. I miss the days of hackers using simple HTML on compromised web servers.

Being able to host it in Facebook makes it more difficult to discover what they are doing.

If you go to manychat.com/r, then it has a redirect to send your browser to Facebook. I’m thinking the hackers are exploiting the trust of manychat to get a way to come to Facebook in a way that looks natural to tools looking to block malicious traffic. Sneaky.