Buying Lotion on Amazon.com

Posted on 11 June 2017 in Asides • Tagged with amazon.com, finance, online shopping

Amazon.com's Aveeno purchase options.

I was recently shopping online for a specific type of lotion (my skin seems to hate all other types). I am somewhat predisposed to avoid Amazon.com because its size and increasing dominance of online shopping concerns me as it moves closer and closer to "shopping" (in the sense that "searching" means Google to most people). However, my biggest reason for avoiding Amazon.com is simpler: it has become incredibly confusing to shop there. Searching for just about anything will yield thousands of results and it takes (me) a lot of effort to determine which one is appropriate. This can be a great thing in a lot of cases, but more often than not it feels more like navigating a minefield of deceitful listings than comparing competing products.

This lengthy post evaluates one example - Aveeno "Daily Moisturizing" lotion. As with most personal care products, when searching online I pull up a couple of websites to compare prices. In this case I pulled up Amazon.com last, searched for "Aveeno" and was impressed to see just what I was looking to compare (the 18 oz., non-SPF version) as the first result. I clicked through and, curious to figure out the price per ounce, looked to the "add to cart" area. What are are my options?

  • Sizes select list with 37 sizes.
  • Styles (??) select list with three styles.
  • "Subscribe & Save" (pre-selected) and "One-time purchase" radio buttons.
  • "Qty" select list.
  • "Delivery every" select list (2 months pre-selected).
  • "Subscribe now" button.
  • "Add to List" button.
  • Three "Add to Cart" buttons with different prices.

Well, this is going to be complicated...


Continue reading

Yes This Is A Really Long Request URL

Posted on 20 April 2017 in Asides • Tagged with apache, logs, security, vulnerabilities

Yesterday, while reviewing some logs I came across a curious entry in an Apache error log:

[Wed Apr 19 08:51:48.119666 2017] [core:error] [pid 29210] (36)File name
too long: [client 137.226.113.7:40907] AH00036: access to
/YesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForR
esearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongReques
tURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALo
okAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurpos
eWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisI
sAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPu
rposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWe
AreDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUs
erAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreSca
nningForResearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyL
ongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPurposePlea
seHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingI
tOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTH
XYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScann failed
(filesystem path '[...]')

Formatted to plain English: Yes, this is a really long request URL but we are doing it on purpose. We are scanning for research purpose. Please have a look at the user agent. Thanks!

What does the user agent for this request have to say?


Continue reading

Responding to Identity Theft

Posted on 23 March 2017 in Life • Tagged with credit, data breaches, finance, identity theft, privacy, usability

On Sunday, 19 March around 10AM I received an email with the subject line IMPORTANT: ProtectMyID Surveillance Alert. I was busy at the time so I flagged the message and moved on with my day. I had received these alerts a few times before when applying for credit cards and getting a home loan. While I hadn't done either of those things lately, I still was not particularly alarmed by the subject alone and had many other things on my mind. Going about the busy day, I promptly forgot about the email.

Before starting the work day the next morning, I noticed and remembered the email in my inbox. Why do I even have ProtectMyId? Because my personal data was part of a breach at some point. Which breach? I don't even recall - there have been so many. I opened the email and logged in to find that a new credit account with a provider I had never used had been opened in my name. Surprise! I am a victim of identity theft.

What do I do now?


Continue reading

RDAP Explorer

Posted on 06 February 2017 in Technology • Tagged with django, ip, ipv4, ipv6, ipwhois, nginx, python, rdap, uwsgi, whois

Having fallen behind a bit on Takeout Inspector, the 12 Years of Gmail series and some other projects, I decided to try to put something very simple together from beginning to end and actually launch it. One of my previous posts, Examining the Remnants of a Small DDoS Attack introduced me to the Python package ipwhois and the alternative WHOIS system RDAP. This eventually led me to a quick and simple project called RDAP Explorer...


Continue reading

12 Years of Gmail, Part 5: Mail

Posted on 05 December 2016 in Technology • Tagged with 12 years of gmail, email, graphing, plotly, python, takeout inspector, wordcloud

After taking a look at the chat data in my export, I am finally ready to move on to some of the actual mail! Much of what I will look at here is pretty similar to what I was able to turn up with chat data. I tried to branch out a bit, bringing in a new package to create word clouds, and also refactored some of the Takeout Inspector code to form the beginning of a more "formal" report generating process (instead of just spitting out a single HTML file with only a certain subset of the data). Hopefully I can continue to improve this to a point allowing for easier report generation for any user. Anyway, on to the mail data!


Continue reading

Examining the Remnants of a Small DDoS Attack

Posted on 03 December 2016 in Technology • Tagged with apache, botnets, ddos, drupal, ip, logs, sqlite

On Sunday (27 November 2016) a small website that I advise on was the victim of a DDoS attack that managed to knock the site offline. I received notice on Monday that the website was not working. I was able to ssh to the web server and quickly found that the database service was stopped. After a brief examination of the database logs (nothing too out of the ordinary), I started the service back up and sure enough the website came back online. As the website runs on Drupal, I logged in to take a peak at the Recent log messages and found hundreds of records of log in attempts from a lot of different IP addresses. User accounts on the website are only used by administrators to update content, so it was clear that the site was hit by a DDoS attack!


Continue reading

Loading Plotly Graphs on Demand with Waypoints

Posted on 23 November 2016 in Technology • Tagged with graphing, javascript, plotly, waypoints

In my last post, 12 Years of Gmail, Part 4: Chat, I included eight Plotly graphs on a single page. All the graphs worked correctly, but the page was taking almost four seconds to render any content at all and up to 6-8 seconds to load completely without cached elements. By contrast, the landing page of chrxs.net takes less than a second to load with visual content rendering almost immediately. The site is intentionally designed to be light weight and uses very few resources on a standard load. But Plotly graphs require a big (1MB+ uncompressed) JavaScript file in order to load with all the bells and whistles. What can be done to improve this slow load time, particularly when many graphs are on a single page?


Continue reading

12 Years of Gmail, Part 4: Chat

Posted on 18 November 2016 in Technology • Tagged with 12 years of gmail, chat, graphing, plotly, python, takeout inspector

With the Finishing Touches in place, it's finally time to start looking at some of the data in my Google Takeout Mail export file. What better to start with than the Google Talk (or Google Chat, as I will refer to it) content stored within!

I am starting with Chat because I was surprised to find it all stored in the export file. It makes sense as chat history is accessible from the Chats link in the old Gmail interface (I couldn't find an equivalent in Inbox). My surprise led to curiosity and my curiosity led to obsession with trying to figure how the Chat data is stored and what information each messages contains. It turns out there are quite a few things that can be gleaned from these chat messages -


Continue reading

12 Years of Gmail, Part 3: Finishing Touches

Posted on 12 November 2016 in Technology • Tagged with 12 years of gmail, configparser, names, graphing, plotly, python, takeout inspector

After spending last week Bootstrapping things and, somewhat related, working my way around Pelican, today I have tried to tie up loose ends so I can start spending more time thinking about what information I can get from all this data. While the package is far from complete, these "finishing touches" ended up being the three themes of this morning's work -

  1. Implementing a settings file
  2. Customising Plotly graphs
  3. Generating random names

Continue reading

12 Years of Gmail, Part 2: Bootstrapping

Posted on 08 November 2016 in Technology • Tagged with 12 years of gmail, mailbox, graphing, plotly, python, sqlite, takeout inspector

Jumping back in to Python has been just as fun as my first experiences with it. After brushing off some of the dust, I have managed to put together a (very) small package that does a couple of basic things with a Google Takeout Mail (mbox) file:

  1. Parses and standardizes the format of email addresses;
  2. Imports key messages data in to an sqlite database;
  3. Produces simple graphs of top recipients and senders.

Continue reading