Posted on

At least it’s not COVID: Day 26

I went in for an X-ray on Wednesday after becoming worried about my breathing issues. I had a slight shortness of breath as well as some sort of weird noises from my lungs when inhaling or exhaling deeply. Given all the various ailments that the members of my family have had, I suppose I was becoming anxious. Plus my wife has still been going to her job at the medical center, which now has well over two dozen confirmed cases between patients and staff. One of the main reasons I went was to try to get an answer, whether it be COVID, or pneumonia. I was fairly confident that I had coronavirus, and was hoping I could get it confirmed so that my wife could get her two weeks excused from work. Turns out my x-rays are “consistent with bronchitis.” I payed a hundred dollars for the diagnostic.

Last week was spring break for the kids, so we put all instruction time on hold. In line with my post about raising successful people, I stopped forcing them to do chores, and just told them what to do if they wanted to watch a show. Their task was to clean the living room floor of all their toys. They did not accomplish this, but it was fine cause they actually spent all day playing together and outside. It was a beautiful day. The next day Elder complained to me for hours that her sister wasn’t helping, and she eventually did it herself. The new approach seems to be working. Its similar to how I’d taken to dealing with dinner: you don’t have to finish your plate, but you’re not getting seconds or desert until you do. We’ll see how this approach plays out next week, but I’m rather optimistic.

Facebook’s Messenger Kids has been a bit of a godsend. One our friends said they were using it and I finally got around to installing it a few days ago. I was able to add all of our family members to it, as well as some of Elder’s friends, and it was so nice for the girls to be able to contact their grandparents or friends without my wife or I having to facilitate. Plus it’s got those silly video filters that does the silly transformations that the kids like.

No progress on the “garden”. Nothing has sprouted yet, it’s been more than two weeks. I put more tomato and cilantro in the pots, but I think the seeds are too old or have been killed by keeping them in the shed. I may have to try the old paper towel in plastic bag method to be sure.

I am so close to getting my degree. The past week has been Django, Django, Django, as our team works to get our final prototype demo read for presentation on Thursday. Them I’m done with my professional development course, which leaves just numerical methods and independent study, which I have sort of rolled into one. I’ve been unable to get much out of my professor, I’m not sure what the problem is, and I’m sort of peeved as I think I’ve done him a big favor by converting his course materials into a GitLab repo. I spent hours converting his old HTML docs into Markdown and LaTeX, and I can’t even get an acknowledgement out of him. I think it’s cause he’s basically adverse to technology. It’s so ironic for a CS/engineering professor. Hopefully I’ll be able to get some closure on this Monday, and figure out what the hell I actually need to do to finish the semester. And hopefully I’ll be able to fulfill the requirements for my independent study at the same time.

There’s not a lot to say about work. It basically involves checking in for a morning scrum call, then there’s maybe an hour or two of actual work that needs doing. There’s work on my side projects that needs doing, but not a lot of income. I’ve been spending some extra time working on coding projects: I just got another commit on the TDAmeritrade library and have start looking at how to implement websockets for real time data. It will come in handy for the GBTC estimator, and allow me to make my value averaging protocol and trade planning more sophisticated. There’s probably several posts right there already.

Now that I seem to be on the other side of my medical problems, I’m going to need to start getting back into a fitness regimen. It’s been weeks since I lifted a weight, unless you count swinging the kids around.

Been playing games to unwind. FrostPunk and 8 Billion Humans on the PC, and just got a copy of Root in the mail yesterday that I’ve been waiting for. Elder and I had a late-night session playing last night that was fun. And I’ve been doing a lot of yummy cooking. We made a loaf of bread with the kids that came out nice and have promised them we’d do a practice run of a cake and frosting — from scratch — for their mother’s birthday next month.

Posted on

WordPress moban.html hack

So I just finished cleaning up one of the WordPress sites that I manage from a hack. I was checking Google Analytics and noticed a few irregularities. The first was a number of hits from China, and then noticed some URLs in the site description that didn’t belong there.

I checked the first URL and yep, we have a hack. I logged into the WP dashboard and immediately found two admin users. I did not find the urls in posts or pages, which was odd, so I started scrubbing the site. I found that I was locked out of several administrator functions, such as updating WordPress or installing new plugins. Thankfully, I was able to deploy them through Infinite WordPress. I ran several scans to check for modifications to the wp-admin directories, and even deleted them and uploaded them from a fresh download of WordPress over FTP.

I found several directories that were out of place: developerl, openbayl, and webstruct. The latter was filled with XML documents, some sort of sitemap: 

<?xml version="1.0" encoding="UTF-8" ?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     <url>
			 <loc>http://<my_hacked_site></loc> 
			 <lastmod>2020-04-07T10:13:06-05:00</lastmod> 
			 <changefreq>always</changefreq> 
			 <priority>1.0</priority> 
			 </url>
		     <url>
					 <loc>http://<my_hacked_site>/46/Auto-34cm-2-Meter-Kabel-C16620-Aerzetix-Radio/</loc> 
					 <lastmod>2020-04-07T10:13:06-05:00</lastmod>   
					 <changefreq>daily</changefreq> 
					 <priority>0.9</priority> 
					 </url>
				     <url>
					 <loc>http://<my_hacked_site>/141/35-mm-KlinkenStecker-und-Adapter-Handy-25-mm-Stecker-iPad-MP3Player/</loc> 
					 <lastmod>2020-04-07T10:13:06-05:00</lastmod>   
					 <changefreq>daily</changefreq> 
					 <priority>0.9</priority> 
					 </url>
				     <url>

The openbayl directory contained a moban.html file that contained some sort of HTML template, and the developerl directory seems to have the core part of the hack. It includes another moban.html file that contains a bastardized copy of the sites WordPress headers and footers, and some mangled content that appears to be scraped from the site as well. There was some sort of encoded key in a logs.txt file, and a map.log file pointing to the webstruct xml files. I’ve uploaded this file as a gist.

I downloaded a copy of these files, then deleted them from the site. After running security scans and looking for any additional files that didn’t belong, I was still locked out of installing plugins. I started pouring through the SQL data, looking for what happened. I checked the .htaccess file for any shenanigans, and disabled all plugins. My user appeared to have admin access in the database, and I verified that the administrator role had the install_plugin role in the wp_options wp_user_roles row. But when I added a PHP check in the site files, I didn’t have the role.

I had spent almost two hours digging through this. I had identified the time of the hack, and thankfully, I had a backup from the night before. I restored it, and functionality was back to normal.

I’m troubled that I don’t know how the hack occured. Everything was reasonably up to date. We were behind on a WordPress update, 5.3.x to 5.4, but I’m not aware of any vulnerabilities that would have allowed us to be hacked. Regardless, I took additional steps after restoring the site, including installing Sucuri Security and NinjaScanner. I’m also going to be deploying them on all sites under management.

Posted on

Raising successful kids

Having the girls home from daycare has really given me more hands on with their education. The little one is still too little to do much formal learning, but I’ve been trying to engage my second grader with various activities to help drive her creative and technical talents for some time. My wife and I have always made reading a part of their daily routine since they were in utero, and it’s paid off. We got Elder’s acceptance letter to the gifted school earlier this week.

I had behavior problems when I was in primary school, mostly due to me being ahead of the class in some way or another. I can see the same issues with Elder when she’s doing her Zoom conferences with her class. She’ll be distracted by messing with her camera background, painting her face, or working on something else and constantly interrupting what’s going on to chime in with a progress update. It’s hard for me to witness without trying to correct her, so I’ve taken to leaving her alone to it.

Once she had the dexterity and reading skills to starting using the computer and keyboard, I got her a typing game to play. I had one when I was little, and want to make sure she has proper technique. She finished it, but I still catch her two finger typing, so I need to reinforce it, or find something to mix it up a bit. I hear speed typing is a competitive thing now, so I’ll see if she’s interested in that. Of course I realize that voice first is now a big thing, but I want her to have the underlying skill.

To that end, I’ve started asking her to do morning pages. I gave her one of my Ubuntu laptops and set it up for her with Atom, and tasked her with doing twenty five written words, as a sort of morning pages exercise. I don’t put any requirements on what she writes, and she’s still struggling with it. I’m not sure I’ve really made the case for why I’m asking her to do it. She sees me writing these blog posts in the morning, so I think she gets what I’m doing, but she complains about not having anything to write.

Music is very important to both my wife and I. I’ve played guitar for twenty five years, and we both love singing. The girls enjoy their cartoon musicals, and will often make up songs. I wanted the girls to have access to the tools to make their own music, so I bought a ukelele for them early on. It didn’t take — they haven’t figured out frets — so I bought a piano and got Elder doing Playground Sessions. She still complains about it, but I keep encouraging her to push through the lessons. Getting to the point where she’ll be able to play her favorite songs and create her own is hard, but I want her to see through it. Younger seems to enjoy the song modes on the piano, and likes to “play” along with The Muffin Man. Lately we’ve being taking turns with the pre-programmed rhythm and accompinament options and have been holding dance parties. It’s super cute.

I started Elder on Code.com’s lessons about a year ago. Most of the exercises are centered around moving a character, say a bee, around a path using move forward, turn right, repeat and while blocks. It was fun working with her to solve the puzzles using the minimum number of code blocks, and one of them took us several tries to optimize.

A few months ago I started picking up a few Python For Kids books from the library and tried to entice her into taking a look at it, but she wasn’t interested. We had talked about making programs for various things, but I guess the timing wasn’t right and we set it aside.

Perusing Barnes and Nobles kids gaming section in the pre-COVID days, I came across books about Roblox among the Minecraft and Fortnite books. So I finally set it up on her shared computer a few weeks ago, hoping to give her an alternative to watching TV. And man, she loves it. I pretty much leave her to it, although I have walked in on her playing shooting games on it. She really gets sucked into some of them: a pizza shop simulator, a mansion building time sink, and some sort of boat builder river obstacle course.

I took a look at the Roblox developer docs; it’s actually a sophisticated gaming platform. It incorporates 3D modeling for the various game assets, as well as Lua scripting for the game logic. Elder and I have spent some time playing with the Roblox Studio, placing models and messing around with terrain generation, then letting her playtest by running around in them. We’ve talked about making a game together, and she wants my help building one. I have to question why she wants to make a hunting game where the goal is to shoot bears and lions and “sell their meat” for money, but I’ll take it one step at a time.

Roblox is free to play, but it does have in game purchases using Robux. You can spend this in game money on items for your avatar, or powerups in game, but we’re not doing that. Instead, I decided to see what we could do by creating our own assets. I found out that you can import and export models from the Studio, so I went and downloaded Blender on her computer. We spent Friday and Saturday night watching tutorial videos on YouTube, and took turns sculpting faces in Blender. I even broke my old Wacom tablet out of the closet to play around with. The package is way to sophisticated for her, but I’m glad she took a little bit of interest in it. She says that she has no interest in any of the animation features, but I can tell you that it’s spurred my interest!

Of course making sure the two of them get plenty of non-screen time is important, so I’m making sure they get plenty of outside time. It’s hard since we’ve been isolating for the last two weeks, cause it’s just the two of them. We’ve been taking daily bike rides for exercise and I’ve been trying to get them to sit through some mindfulness lessons via Anaka Harris on the Waking Up app. It doesn’t seem possible for Younger at this age, but Elder at least seems capable of about thirty seconds max before she starts fidgeting. We’ll see how practice goes. All I can really do now is set an example and try to encourage three to give minute sessions.

I want to wrap up by mentioning a Knowledge Project podcast I listened to yesterday with Esther Wojcicki, author of How to Raise Successfull People. Ester’s learning model goes by the acronym TRICK, for trust, respect, independence, collaboration and kindness. There’s a lot of good points in here, although, as other’s have noted, Esther’s privelege and affluence is quite grating in some respects. Still, it’s something that I shared with my wife last night and am going to share with the girls also.

Posted on

GBTC Estimator Update

I spent some time this weekend working on my GBTC price predictor. The original idea behind this tool is to take the price action of BTC while the market is closed and use it to predict what will happen to the price of GBTC after the market opens. The original implementation uses the last close price of GBTC, and the price of BTC at the same time, then calculates the premium. It then retrieves the current price of BTC, then uses the calculated premium to determine what the current price of GBTC should be. It’s rather rudimentary, but serves as a quick and dirty calculator.

My hunch is that there are huge arbitrage opportunities to be found within the price action, especially when there are big moves in BTC’s price action. The big unknown, however, is the GBTC premium. The actual underlying value of a GBTC share is 0.009BTC, but the actual trading price fluctuates around 0.0012, so there’s some possibility to take advantage of this spread. We’re talking about the possibility of potential dollars in share price.

GBTC premium. NAV is <0.0009.

For example this morning, our calculation, based on the price of BTC at $7157, is that GBTC should be at $7.98-8.01 range. Here’s the current premarket spread.

The 7.82 bid order was quantity 800 about half an hour before open. Here’s the chart about five minutes after open.

The difficulty that we’re facing right now is matching the price action between the equity, GBTC, and the underlying crypto, BTC. For our inital purposes, it was enough to use the daily OHLCV data for the equity, and hourly data for the crypto. We only needed to track the crypto price at market close to get our initial premium value. But to do a proper arbitrage bot, we’ll need minute-by-minute data. This presents problems, since all of our work through the TDAmeritrade API has been via the REST API, and this work will involve streaming data via websockets, and likely some async programming.

It would be nice to be able to see the intraday price action of the GBTC premium. Right now our free-tier TradingView account only gives us the daily interval, so being able to chart this ourselves is one of our priority. From there we can calculate some sort of moving average and standard deviation to determine when a price is out of band, and represents an arbitrage opportunity. It might be possible to configure something similar with TradingView, but since they don’t support TDA brokerages, we would be subject to a fifteen minute delay on the GBTC data. There’s also the cost factor. As an OTC listing, GBTC trades still have fees associated with them, so any arbitrage situations will have to be large enough to offset the trade.

I’ve got lots of changes that I need to make to the code; right now I’m running into some testing issues related to monkeypatching out the API calls. I’m planning on doing some real time charting using the Bokeh library, and this will have it’s own set of issues, I’m sure.

Posted on

Alienware m15 slow resume fix with TLP

I’m happy to report that I finally got my new Alienware m15 properly configured. I got it through work via the Dell Outlet, and immediately wiped Windows off of it and installed Ubuntu. There were some issues. The unit shipped with a 256GB M2 drive and a 1TB hybrid. The 1TB was set as the primary drive, so I had to mess with UEFI/Secure boot to get it installed. However the main problem I had was with the power and sleep/hibernation functions.

The main annoyance was that opening the lid to resume the unit from sleep took upwards of half a minute to do anything. I tried a multitude of APCI settings in grub, poured through logs and updated to Ubunutu 19 with no fix, and had finally resigned to the issue.

This was especially frustrating since the unit this machine was obstensibly replacing, a seven year old Dell Latitude, had almost identical hardware and had no problems with the power — although it did have lockup issues related to running Windows in VMM….

This Alienware is quite the power hog, as the battery would only last about an hour on max charge. Again, quite frustrating given that my Latitude can easily get three hours or more. In installed prime-select to disable the GPU, but it didn’t seem to help. Then a few days ago as I was typing with it on my lap, I decided to do something about the intense heat coming from the metal heat grate on the bottom that had been toasting my legs. So installed the tlp advanced power management package. I saw a dramatic decrease in heat and fan activity, and was pleasantly surprised the next time I opened the unit and saw the lock screen almost immediately. Problem solved!

It’s only moderately improved the battery life though, maxing out around an hour and a half. I may experiment and pull the hybrid drive out to see if that is the culprit. I figure the 9th gen i7 should be more efficient that my older one, and with the same screen size there isn’t any other component that could be sucking the battery down like this.

Ultimately the issue is Dell’s lack of support for Linux. If I was going to recommend a laptop for a *nix user I would probably shy away from recommending Dell. They have dabbled with Ubuntu support in the past, and still may do so for their enterprise server lines, but you’re pretty much on your own if you’re using a desktop or laptop. That said, I haven’t run into many problems with the few deployments I’ve done. My old, old Latitude that I’ve given to my oldest works great, but I would probably go with a brand that is dedicated to supporting Linux if I was going to buy something out of my own pocket.

Hopefully this post will help someone experiencing similar problems. If so, please drop a line in the comments to let me know. Thanks!

Posted on

Housekeeping notes

I really wish I could write about something other than being locked up in this house with the kids, but it seems like time has collapsed into some sort of Groundhog Day existence.

I’ve still got this cough; I’ve been racking my brain trying to remember if this is a seasonal thing that I’ve dealt with in the past, or something else. We’ve had rain the past two days, so all the pollen has been washed away, but I haven’t noticed any improvement. I’ve been sleeping in the baby’s bed at night cause I don’t want to wake my wife with the coughing as I’m trying to fall asleep. Then I wake up barely able to talk until I can hydrate. I can probably rule out reflux as I’m not drinking alcohol or eating anything past 8PM, just water.

Today does mark a bit of improvement; I sat down with Big Kid this morning at my office desk and spent some time going through the first grade math module on Kahn’s academy, trying to close out her mastery level. Then we sat down and went over a few ReadTheory quizzes together. She reached the seventh grade level before she started running into trouble. Not bad for a second grader! She seemed excited when I showed her the progress chart and explained to her what happens when she gets to the twelfth grade level. I think the lesson here is that she enjoys it a lot more when we make it something that we do together, rather than something I make her go do to get out of my hair. Or it may be that I offered her candy rewards every time she levels up one of her skills!

I have really been delving into Django with class now. It’s been a long time, so I’ve been struggling to explain the way the infrastructure ties together. I’m trying to make sure everyone knows how to deploy their local Docker setup, and how to make modifications to the models and views. Cookiecutter-Django has saved us some time since they have the custom user model already available, but I was struggling to explain how to modify it and update the forms. We’ve got a presentation on it this Thursday to provide an update to the professor. I’ve been struggling to keep up with it lately, and have really been depending on my project team to keep me on point. It’s OK cause I’ve been going out of my way to help guide everyone, so I don’t think it’s going to be a problem. We’ve got a lot to do between now and then to get things pushed out, but I have no worries about expectations for our grade. Most people on the team have been getting 99s and 100s on our written work. The prototype is thirty percent of our grade, but I’m confident we’ll be able to demonstrate progress.

This is my priority for the week.

Side project updates: We launched the new website for the local party on Monday with a EmailChimp campaign. Had to get Google Analytics setup last night, and have been trying to get Infinite WordPress running in top shape. It’s a bit clunky, but I’m getting used to it. Making sure backups are running properly, then making sure that updates are getting run is my main priority.

Still waiting on our cornerstone client to get their ass in gear with one of our projects.

Have had an idea about a new personal domain to serve as a central home for my professional activities. I’ve got a couple ideas for clever domain names, and some spiffy WordPress themes that I can use to build it. I need to learn to leverage LinkedIn, and revisit the local startup community to see what opportunities are out there for me to go after. I still have yet to apply for any jobs. I need to prioritize my resume.

Chicks dig guys with skills. Still from Flato WordPress theme.

Last note, my wife is upset cause she think’s she’s being targeted by management at work. Said her supervisor wants her to transition to a role where she’ll be meeting with walk up clients. She’s obviously concerned with the increased risk that this puts her in. I suggested that she try to leverage her communications platform to do something about it. There seems to be a culture of passive aggressiveness at her office, and it seems like she wants to fall into similar behavior. She did not think I was validating when she told me after work; she was very distraught.