Uncategorized – Rants, Raves, and Rhetoric v4

Insecure logins

January 6, 2021 by Ezra S F

I worked a ticket years ago where a student claimed not to have taken an exam. The faculty member asked the school who asked us as the hosting provider for the online class system to check on it. What I was able to see in the logs were sessions with two different IP addresses. One was in another state while the other was on the campus wifi network. The on campus one took the test. But, the student was traveling at the time. (We never got told the ultimate outcome of such requests, so I don’t know how that was resolved.)

crop hacker typing on laptop with data on screen — Photo by Sora Shimazaki on Pexels.com

The student admitted to having left the password the default provided by the school which was MMDDYY. The system had a school level option to change the password on first login. But, some students found that password so convenient they changed it back. And apparently the student also had the birthday listed in public view (non-friends). So really anyone could have looked up the Facebook profile and guessed both username and password to login as another student if they left the password the default.

Insecure.

The Georgia My Voter Page strikes me as similarly problematic. It asks for first initial, last name, county, and birthday. That is relatively common knowledge. Anyone who has sent me a birthday card has that at their disposal.

Certainly the whole reason for not allowing the use of cameras in the voting area is to prevent someone from knowing about my voting. They have everything other than who I voted for at their disposal in this website.

Also, the real reason for this post, is I saw about a month ago twin college students who applied to the same university with the same letters starting the first name. So, their logins would be identical. Same first initial, last name, county, and birthday. I am curious how they login to check their vote.

The complexities of a Multi-tenant Architecture

November 13, 2020 by Ezra S F

A coworker asked for a quote on what I thought about them:

Multi-tenant architecture initially reduces costs by streamlined business processes constraining tenants to make operations more consistent. Friction develops where existing processes shoehorned into something different feel less than ideal or not the way the tenant might have designed it.

The one I prefered:

Reductions in hardware, licensing, and staffing costs initially draw organizations into multi-tenant architectures. Streamlined business processes make operations more consistent to achieve an actual favorable return on investment. Friction develops where existing processes shoehorned into something different feel less than ideal or not how the tenant might have designed it.

He asked because of my experiences running “WebCT/Blackboard Vista” and D2L.

Let’s add more electoral votes

November 7, 2020 by Ezra S F

If we don’t want to make states out of the territories, then let’s at least give them non-voting members of Congress and Electoral College votes like the District of Columbia via the 23rd Amendment.

DC has a population of about 720,000 people which would make it the 3rd smallest state. It gets 3 electoral votes consistent with Wyoming, Vermont, and Alaska.
Puerto Rico has a population of about 2,874,000 people which would make it the 15th smallest state and would get 5 electoral votes similar to New Mexico and Kansas.

Setting up Puerto Rico with 5 electoral votes would make presidents more interested in their affairs. The 45th president told people at a rally Puerto Rico better vote for him. This could make that a reality.

It would be good for Virgin Islands and other places to get one elector.

Donation matching

October 11, 2020 by Ezra S F

Georgia Public Broadcasting just concluded their October funding drive. Something I noticed and wondered about is all the matching.

They would say, “whatever you donate will be matched dollar for dollar to double [or triple] it.” Then sometimes explain the matching funds came from earlier donations.

Something about this feels like a Ponzi scheme. I guess the way this would be legitimate is the people providing the matching funds donated to that cause knowing that the people donating later are going to be enticed into helping using them. I might have heard something about that earlier, but I am not sure.

I remember a decade ago GPB using the matching less frequently. I guess they are getting more success with donations to back the matches.

Are there any numbers on how much came in for the matching funds? If not, then people are taking their word about whether there is enough to cover. They could just say a donation is doubled to entice it when they ran out of matching funds before that point.

Election season: TED Talks

September 6, 2020 by Ezra S F

We the People, and the Republic we must reclaim (post / video)
Trial, error and the God complex (post / video)
(post / video)
(post / video)
(post / video)

Election season: My re-reading list mandatory

August 22, 2020 by Ezra S F

Illusory Truth Effect : how the frequency of statements influences how accurate we think they are.
Puppet Candidates : how candidates claim they create things reserved for Congress. (Bush v Gore)
The Enemy’s POV and Ideological Identity : ideology > facts. Even worse, we have arrived where ideology is our identity.
Bullshit Curation : “the Orwellian spin of stories from political groups to make the terrible sound good for us or the good for us sound terrible.”
Memic Straw Men & Gotcha Jerks & Gotcha Jerks II : is it better to be kind or to be right? Attacking people for their different understanding is just making them more entrenched.

To-do: Goodreads friends rating score browser add-on

March 11, 2020 by Ezra S F

The primary reason I like Goodreads is for the easy tracking the books I read. The second reason is the friend reviews.

Basically, bookstore website reviews are inundated with fake reviews. Maybe the author or publisher buys them or has people who have never read it review it. Maybe people are reviewing it based on their love of other works by the author. An easy example is The Winds of Winter having 4,482 five star reviews and the sequel A Dream of Spring. Neither book has yet to be finished. In both cases, my friends have the books marked as to-read.

The scores from these reviews go into a ratings score. Basically the formula is for each star multiply by the number given it and total it, then divide by the total of reviews.

((5*n5)+(4*n4)+(3*n3)+(2*n2)+(1*n1)) / (n5+n4+n3+n2+n1)

What I prefer is the rating score for a book based on my friends not general users. I place a higher weight on my friends. So this friends rating score is more valuable to me whereas I treat the existing one with such skepticism it isn’t useful.

At present, I basically have to go to the book, scroll down to the friend ratings score.

What would be nice is a browser add-on to move the friends ratings score to higher in the page to just under the title. That ought to be fairly viable.

What would be harder is for pages like the currently reading list, having the add-on visit each page, pull the friend rating and replace each “avg rating” with the friends avg rating.

Phishy Facebook ad explanations

January 22, 2020 by Ezra S F

This past weekend, a friend invited us over to play board games. Two of the people there have been on Jeopardy. So, I found this advertisement interesting. And when I went to the feature explaining why I got the ad, I found that explanation lacking.

Supposedly, it was because I live in the US and am the right age and are similar to their existing customers. I don’t watch the show. I don’t follow their pages. My friends probably do. But, these two friends have very different interests.

My guess? Physical proximity to these friends triggered the ad.

Dear Russians,

January 12, 2020January 12, 2020 by Ezra S F

A few years ago, I read Hacking: The Next Generation which mentioned using LinkedIn to research an organization to attack it. Pick out the CEO and send an urgent email from this person to a peon to phish them.

Last week, I heard about a Russian campaign attempting to leverage LinkedIn. I just got a connection request from someone supposedly in a small town near where I used to work. This woman was supposed to be a recruiter, but used the most awkward language in the profile. Stuff like a recruiter for US citizens.

I laughed so hard at this. It seemed obviously like someone who doesn’t understand Americans. Which is odd because your trolling the US election was far superior. Maybe I attracted the D team?

Google Trends Metro Areas

December 9, 2019 by Ezra S F

I texted a friend about his employer showing up in a movie. He replied a few days later that the owners were excited about this free marketing. I was curious whether this has prompted people to search for them. So, I looked in Google Trends. I liked the feature showing the states and clicked on Georgia and really liked the metro area map.

It made me curious about the definition of the metro areas. It wasn’t clear whether Athens was in the Atlanta or the Augusta metro area. Clicking on the metro area does pull up an “Interest by city” but there were too few results for the employer for it to give me a report. Expanding the window of time gave me the cities list. Also, searching for UGA also gave me the cities.

Athens is at the western edge of the Atlanta one. So, now I know where I sit.

Now, I am trying to get a better sense of the western boundary of the Atlanta metro by trying to come up with searches that are both common enough to list the cities between Athens and the border with the Greenville and Augusta metro areas. Pretty sure the counties that border Athens are included in the Atlanta metro one.

It would be nice to have a list of cities, but I gave up searching for one.

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28