Aloha Friday: Internet/Social Media Breaks?

Today is the last in a long line of Jewish holidays. While I’m not Orthodox, I do stay offline during these holidays just like I do for Shabbat every Saturday. Of course, this year, the holidays fell on Thursdays and Fridays leaving me offline for 3 days straight for 3 out of the past 4 weeks. By the time it was over, I was itching to get back online.

Still, I actually like being offline every now and then. It’s nice to forget about whether this person has a new blog post, whether that person has tweeted something new or whether there’s a new and interesting e-mail in my inbox. Instead, I focus on whether my sons have a new game to play, whether my wife has something new to talk about and what new and interesting things we can do as a family.

My Aloha Friday question for today is: Do you take regular Internet/Social Media breaks?


Thanks to Kailani at An Island Life for starting this fun for Friday. Please be sure to head over to her blog to say hello and sign the Linky there if you are participating.

Aloha Friday by Kailani at An Island Life

Aloha #57

A Vaccination Simulation

During some rare spare time, I began to think. When discussing vaccination, proponents like to point out how Herd Immunity helps those who can’t vaccinate. I wondered if there was some visual way of showing it. (I know Penn and Teller did a video recently, but I haven’t watched it yet.) For some reason, one of my old computer programming assignments, The Game of Life, came to mind.

The Game of Life is a simulation where each square represents one "cell" of life. The cells will multiply or die based on certain rules. They might blossom into a vast colony, die on the vine, or even move around the board (spawning new cells in the front and having old ones dying off behind).

I resolved to make a Vaccination Game of Life or, for a more descriptive and catchy name, a Vaccination Simulation. Fast forward through some programming, testing, great advice from Phil Plait (thanks, Phil!) and here it is: http://www.techydad.com/Vaccinate/

Just set some parameters like how deadly the virus should be, vaccinate some people and then let loose the plague. Will all of your people die? Will some recover? Will the virus spread to everyone or fizzle out? Will Herd Immunity protect the unvaccinated?

What about Herd Immunity? I had set out to test this and test it I did. I ran 5 different scenarios: a 0% vaccination rate, a 25% vaccination rate, a 50% vaccination rate, a 75% vaccination rate and a 90% vaccination rate. For each scenario, I ran the simulator 3 times and took the average number of dead and recovered. Then, I figured out the death rate (defined here as Number Who Died / Number Who Got Sick).

Here are the results:

Results.jpg

Note that the Death Rate (on the chart labeled as "% Non-Vacc Died") declined as the vaccination rate rose. For the more visual, here it is in graph format.

graph.jpg

What does this mean in human terms? Let’s take 5 people and put them in 5 different communities. For whatever reason, these 5 people can’t recieve the vaccination for The Virus. The person in the 0% vaccination group would stand an 80% chance of dying. The person in the 25% group would stand a 76.44% chance. And so on to the person in the 90% vaccination group who would only stand a 13.33% chance of dying. The people have the same immunity, but the vaccinated people around them reduces the spread of the virus and makes it less likely that they’ll contract it. Less likelihood of contracting the virus means less likelihood of dying from it. Herd Immunity in action.

Now go off and enjoy Vaccination Simulation for yourself whether to educate or just to mercilously kill a hundred square representations of people.

Beware The Twitter Black Text

As a web developer, one thing you learn early on is that you can’t trust the user’s input at all. When you ask for a date of birth in mm/dd/yyyy format, people *will* type in September 17th, 1962. When you ask for a number from 1 to 10, people *will* type in “red.” Don’t ask me why, but people do these things. Sometimes it is out of sheer ignorance of what should be entered (either due to a fault of the webmaster’s for not being clear enough or due to the user not reading directions). Sometimes, though, the user will be malicious in nature and will be trying to find holes in your code to exploit.

A common method of attack is called a SQL Injection attack. In layman’s terms, this is an attack that fools the script into running what the hacker wants instead of what the webmaster intended. For example, if the webmaster asked you for your user ID and used that to form a query like “Select * From users Where ID = USERID” (where USERID is the ID you entered), this could be hacked by someone entering “1; Delete From users;”. The “1” would complete the webmaster’s original query and the semi-colon would indicate to the server that another query was coming. Then the Delete statement would delete all data in the database (well, at least the Users table).

Obviously, webmasters would want to take measures against this. To do this, they would check the user’s input against what they were expecting and act accordingly. Using the example above, I could check to see if the data was a number. If the user entered “5”, they would be ok and the query would be run. If the user entered “1; Delete From users;”, their data would either be cleansed (just use the “1” portion) or rejected outright.

So what does this have to do with Twitter? This:

TwitterBlackText.jpg

The black text above hides a Twitter worm working its way through Twitter.com as of this writing. This is similar to the database example above, only in this case it involves Twitter and link formation.

You see, if you’re typing a tweet and say, for example, “I really like http://www.TheAngelForever.com/“, Twitter will helpfully turn the typed URL into a clickable link for you. It does this by detecting where the link is and sticking it in a <a href=”URL”>URL</a>. (The actual code is slightly more complex, but this simplified version will work for now.) This works fine when the typed URL is http://www.TheAngelForever.com/, but what if the URL is this:

http://a.no/@”onmouseover=”;$(‘textarea:first’).val(this.innerHTML);
$(‘.status-update-form’).submit()” style=”color:#000;background:#000;/

Don’t worry. I’ve kept this code from forming a link and split it on two lines for good measure. The first segment (“http://a.no/”) is used to fool Twitter into thinking that the rest of the code is just a hyperlink. Next, a double-quote (“) is used to close out the HTML link section. Now the real “fun” starts. The “onmouseover” tells the browser to run the following code when the user hovers over the link. The code within this section enters the whole fake link into Twitter’s status update box and submits it. This is what makes you tweet that link and thus spread the worm. The remaining section (“style…”) turns the text and background colors to black to hide the text and make it look “censored” (prompting you to hover over it to see what it says). The slash at the end further fools Twitter into thinking that the whole thing is one big URL.

So what should you do if you’ve been hit? Delete the tweet, for one thing. I’d also recommend using a 3rd party application like Seesmic Desktop or TweetDeck until Twitter addresses it. At this writing, the worm is only propogating itself and isn’t otherwise a threat. Still, the code it runs could send you to other websites (which could infect you with malware/viruses/trojans) or do other things to compromise your account/computer. So keep your eyes peeled for suspicious activity.

What can Twitter do? For one, I’d recommend that they escape any double-quote in URLs. If that code was rendered as:

http://a.no/@&quot;onmouseover=&quot;;$(‘textarea:first’).val(this.innerHTML);
$(‘.status-update-form’).submit()&quot; style=&quot;color:#000;background:#000;/

then the worm wouldn’t be able to run its payload. Hopefully, Twitter will act on the fast and prevent any further spread.

UPDATE: Twitter has fixed the bug that allowed this script to run. You can see my non-malicious test tweet here. Notice how the link cuts off before “onmouseover.” This means that the worm is now stopped in its tracks. While an old infection-tweet might cause you to post the link, the resulting tweet won’t be able to spread the worm. In addition, Twitter seems to be deleting the worm where they can find it. Good job, Team Twitter!

When Angel Met TechyDad

With all of the Rosh Hashana and blogoversary stuff, I almost forgot another anniversary. The anniversary of B and me. Not of our marriage. That was in June. This anniversary was of the first time we met. Yes, it was 11 years ago last night that B and I first met. I remember it like it was yesterday… or at least like it was a flashback.

*wavy flashback lines*

The date was September 12th, 1999 and I had just come back from Rosh Hashana services. I signed onto my computer, after being offline for 2 days, and decided to browse through the Yahoo! chat rooms for a bit before heading to bed. A few weeks prior, I had edited my profile to include the line “Nice, Jewish Guy Looking For Nice, Jewish Girl.”

Meanwhile, B was online, but had forgotten to close the chat window. She noticed it open, looked at the chat room, noticed me in there and decided to look at my profile. That line I had added a few weeks prior caught her eye and she contacted me. Right from the start, I knew that something was special about this “angel.”

We chatted for hours that night and many nights afterwards. Late night online chats turned into late night phone calls. That turned into meeting in person which turned into a long distance relationship. Before I knew it, I had fallen helplessly in love with my angel and have been stuck there ever since. (No rescue attempts please. I’m happy being stuck here in love with my angel!)

Happy Meeting Anniversary to My Angel Forever!

Aloha Friday: How Does That Work?

While at the BlogHer 2010 session “Fight Spam and Hackers! Plugging Security Holes in Your Social Media Life” (audio), I Amy of Amiable Life asked a question. She said that she wants to understand security issues but that much of the reference material went over her head. She was wondering if there was any “WordPress for 5th Graders” or “How to Protect Yourself for an eight year old.”

This sparked an idea. I understand this technical stuff and pride myself on the ability to explain complex items in simple terms. So why couldn’t I take a subject like “How Does The Internet Work” and, perhaps using some crude graphics, explain how it works without delving into the details of TCP/IP, request headers and other topics that would cause peoples’ eyes to glaze over?

I still have some work to do before I can pull this off. The words will come easily, but I’ll need some graphics. And those might be trickier for me to do. So this might be a once every-other-month type of feature. My other concern is the selection of topics. How am I going to figure out which topics people want to learn about? Well, as this is an Aloha Friday, I bet you can guess how. I’m going to ask everyone out there!

My Aloha Friday question for today is: What computer/technology subjects would you like explained simply?


Thanks to Kailani at An Island Life for starting this fun for Friday. Please be sure to head over to her blog to say hello and sign the MckLinky there if you are participating.

Aloha Friday by Kailani at An Island Life

Aloha #53

1 10 11 12 13 14 17