« July 2011 | Main | September 2011 »

August 29, 2011

34 million percent gain

I keep a spreadsheet of my investments and one of my favorite things the spreadsheet does is track not just the average cost of the investments, but overall how much it is worth over the net amount of money spent on the investment (accounting for dividends and so forth). It also tracks reportable gains or losses using average cost or by identifying shares sold. As I held onto investments for longer periods of time, I wanted to get an average annual return, so I came up with a formula based on the date I first buy shares in something to set a timeline up to now. And it uses exponents correctly so it doesn't just say that if you have a 50% gain over 5 years that you have a 10% annual return (it would really be more like 8.4% annually with compounding). The flip side of that is if I buy something and it goes up even a small amount after the first day (a tiny fraction of a year), it shows a ridiculous annual percentage increase. Now, I don't like to brag about stock picks because I am losing money on the year, but I did buy some Bank of America one week ago (not enough to make a difference since most of my money stays in mutual funds). I bought at $6.50 a share and soon it was down as low at $6.01 a share. But then Warren Buffet made a play and it went up over 20% during one day (less than that by the end of the day). And my spreadsheet showed some ridiculous percentage increase. But it has kept going up for a couple of days. Usually by a week, the percent gain drops to something reasonable, but right now my investment (on paper) is up 28% in a week. In fact the percentage is so high that Excel just showed #######, meaning the number is too large to fit in the square (as an investor this is something that makes you feel pretty good, like on the Dukes of Hazzard when Boss Hogg was calculating how much some scam of his would make on his calculator. Once he pressed the equals button he hollered for delight. Roscoe asked him "How much will we make?" And he said with great glee: "This calculator don't go that high!"). It turns out that if you take into account compounding, 28% in a week gives me an equivalent annual return of 34,753,785% which would make me a millionaire by the end of the year (really in almost exactly 28 weeks). Actually I won't last nearly that long because I put in a sell order when it goes up by 50% (I usually do 20%, so this is almost certain to backfire).


August 28, 2011

Wiki Upgrade

After getting the Flashlight Wiki secured, I wanted to upgrade the MediaWiki software to the latest version. I am running v1.16 from when I installed it last year, but since then they have come out with v.1.17. I'm not sure that 1.17 offers a whole lot, but I thought I would try the upgrade. I have been doing backups of the wiki almost weekly. I export the MySQL database that the wiki is based on, compressing it to a zip file first. This is about 1.5MB. Periodically I will also create a zip archive of the entire wiki folder and all the files it contains. This archive is about 20MB. It has all the images, all the installation files, the settings, and pretty much everything that makes it work except the content which is all in the database. Actually it has the content as well since the pages are actually generated and cached in folders.

I always wondered if I lost everything would I be able to reinstall the database and the Wiki from the backups and have everything running again. It is one thing to do backups, it is another to actually be able to recover.

Anyway, the first step towards upgrading the wiki is doing a complete backup, so I did that first. Then I downloaded the latest version of the software to my hard drive, then uploaded that file to the web server (it would save a lot of time to download the file directly from MediaWiki to my web server, but I don't know how).

Once the installation file is on the server, you can extract all the thousands of files that make up the installation. They are in all kinds of folders. Then I made a backup copy of my localsettings.php file and dragged all of the new files and folders and everything onto my old installation. For some reason I thought that's what you were supposed to do, but in doing so, I didn't get everything and now I had remnants of the old installation mixed in with new stuff. Essentially I had ruined both folders and now neither place would work.

So I uploaded my zipped archive of all the files I had backed up. This takes a very long time because my DSL speed isn't that great in the first place and upload speed is a fraction of the download speed. Did all that and the site worked again. So at least the backup of files is working.

I still wanted to try the upgrade, so I read the instructions a little more. The instructions are absolutely awful. They assume you have a command-line interface for your website, which I don't have. Then they say things like "run the upgrade script" but they don't tell you where the upgrade script is or how to run it. Meanwhile they want to cover themselves on everything so they say to read all of the new version's release notes first, even though the instructions are written specifically for that version. One problem is they don't know what your server configuration is or even what version you are upgrading from.

At any rate, they say that you want to unpack all the files and do a new installation from scratch in a separate folder from your real installation. Sounds easy, but the installation asks you for table names and admin id's that I don't necessarily remember. Eventually I remembered them though. Once you get that new folder working you can bring over your localsettings.php file. At some point you would also need to bring over your extensions and images as well.

So I tried that. I got through the first couple of screens and it said it was ready to convert my tables to the new format needed by v1.17 (no going back from there). Go! And I got an error about an internal server error. The bad thing would be if the database were converted and the new version of the software wouldn't run, but fortunately, the database wasn't converted and so the installation still works. So no v.1.17 for me. Which is really fine anyway.

Curious about whether I could re-create the wiki from my backups, I logged on to another server account I have and tried to import my database. First I tried to import the zipped database but php MyAdmin said the zip archive couldn't be extracted. So I unzipped the file on my hard drive and it went from 1.5MB to 15MB. Ouch. I tried uploading that archive which was going to take a while, so I took the dogs for a walk. When I got back, the file had uploaded but I got an error saying the database couldn't be installed because I didn't have permission to mess with those tables from this account (I think it wanted to overwrite my original tables since both web servers are with the same company, just different accounts). Hmmph. So I do think I could import the tables into my own account if I needed to recreate everything, just not at any server other than the one I have now. That in itself is worrying because it seems like I should be able to have a way to do that. The problem is all the databases in my igirder account start with igirder_ . So I might have igirder_mywiki as a wiki database. In that database would be all the tables for the wiki. But what if I go to some other new account and put the database into tednet_mywiki? There is probably a way to do it, but I was pretty frustrated by all of this.


August 21, 2011

ASIRRA Security by Cats

I had a lot of success recently adding security questions to a community bulletin board to stop bots from registering and attempting to spam the forum. I have the same problem on the flashlight wiki, but it hasn't gotten out of hand yet. Lately I have been getting one or two bot registrations a day. Just like on the bulletin board, registering doesn't allow them to post spam, they still have to be confirmed by me to post anything. But I still go in and block them which takes a little time. So I was looking for a way to add security questions like I did for the bulletin board. I like the security questions because they are so easy for users to get correct (unlike the blurry text used in CAPTCHA systems). (To be fair, ReCAPTCHA, where you enter two blurry words, does have a practical purpose in helping to convert scanned books into text.)

But all I was finding for wikis was an extension called ConfirmEdit that is meant to flash a CAPTCHA every time someone makes an edit, which wasn't what I wanted. I should have read more about it though. CAPTCHA doesn't necessarily involve blurry text, it just means "Completely Automated Public Turing test to tell Computers and Humans Apart," which can be any kind of test. And in fact, ConfirmEdit has several choices including blurry text, asking simple questions, asking the user to solve simple math problems, and one that involves the user identifying pictures of cats. Yes, pictures of cats. People can easily recognize whether a picture shows a dog or a cat, but this is much more difficult for a computer. Microsoft has developed a system called ASIRRA ("Animal Species Image Recognition for Restricting Access") which shows you twelve thumbnail pictures of animals. You then click on only the pictures that are cats. The thumbnails are pretty tiny, but a bigger version pops up when your mouse is over the picture. Some people might still have a hard time, for instance if they are blind, though I doubt many people interested in flashlights are blind. Also some of the pictures can be kind of blurry, but you can get a new set of images if you want. The pictures themselves come from millions of pictures stored at petfinder.com and you could even adopt the dogs or cats shown if you want (this is why they make their database available). You can try it at ASIRRA.

Additionally, ConfirmEdit can be configured to control several different types of events, not just confirming edits. One of the options is for new user registration. Perfect.

Well, I had to try out the cat thing. It was pretty easy to install the ConfirmEdit extension and add a couple of lines to my localsettings.php file in my Wiki installation, but it didn't work because I didn't realize I also needed to install the ASIRRA extension (supposedly ConfirmEdit includes ASIRRA by default, but it didn't). Once I got that done, I configured it so that the only time it would use ASIRRA was when a new person registered. I already have anonymous edits turned off and only users that are confirmed by me are allowed to edit, so I'm not worried about spammers, just new registrations. I really like this idea.

catsecure.png


August 8, 2011

Freaky Facebook Friends

This weekend Jeb convinced me to sign up with Facebook again. I had done this before for a couple of weeks before I just got spooked by the excessive connectiveness and lack of privacy. Then I got an ad saying Mom had recommended some kind of dating service, when she says she didn't do that. So then it seemed to be all about me sharing tons of private information which was being used against me dishonestly.

When I signed back up, they hadn't really deleted any of the old information or my friends from the last time. Even my password was the same. So the first thing I did was set my privacy settings so only friends could see what I am doing, then I got rid of most of my old friends who were mostly people from high school that I don't keep up with and some of them I didn't even know.

So I had things a little more under control. And I like being able to see what's going on with the family. So maybe I'll stick with it. But Facebook continues to freak me out. I got some friend recommendations like Facebook does. Usually they seem to be people who are friends with my friends, like Bob. But somehow there were two people with whom I didn't have any common friends. One was the person who found the dog I fostered this year, and the other was a guy in California that I bought some flashlight parts from. What? I sent these people e-mails, so can Facebook read my e-mails that had nothing to do with Facebook and were sent after I left Facebook? Who knows? Maybe Yahoo is sharing my e-mails with Facebook. Or it could be these people are sharing their e-mails or contacts with Facebook, so Facebook knows I know them.

So Facebook is still awful, but I think I'll stay with it for another day or two anyway.


August 7, 2011

Fighting the Russians, Part 2

In Part 1, I was fighting bogus membership registrations on my community bulletin board by blocking IP addresses and certain e-mail domains. It was fairly effective for a while, but lately I was getting 10-20 bogus signups and the blocked IP addresses, which I could see were blocking people every day, could not keep up. It was also a pain to look up an IP address (to see where they were coming from, usually Russia, Ukraine, Poland, etc., but also France, China, Africa, even places in the US that wouldn't be interested in my bulletin board). Given all the different IP addresses using the same or similar e-mail addresses, I think the spammers were somehow spoofing IP addresses. They may have been using computers in other places that had been infected or something, but that seems unlikely just because it would be harder to do (though I don't know how hard it is to spoof an IP address either).

So I got rid of the Captcha (the blurry letters or numbers that you have to read to prove you're a real person) and added a plug-in that asks a simple question like "What is the capital of our state?" (that question has the advantage that anyone local will know the answer, but you can't Google the answer). I had never installed a plug-in with MyBB, but it wasn't that bad actually. I downloaded a file, unzipped it, and had to place about 8 files in the right place on my installation, and then I was able to use MyBB's control panels to activate the plug-in and customize the questions. I tried registering a couple of times and was able to register by answering the question correctly. The control panel for the questions shows me the percentage of people getting the answer to the questions correct.

After a day, I have gotten no spam registrations (and no real ones either since the bulletin board is barely active), though my IP blocks still show they are blocking some people. I am not sure if the Captcha was hacked so that a bot could read those letters or if people were reading them and registering or some combination where people read the Captcha and then a robot does the registration. Whatever, I like that the Captcha is gone because sometimes I have a hard time reading those anyway, and answering the question should be really much easier and more effective.