Hard /CIDR

Note: Bonobos has been contacted about this issue and has been taken care of. All of the codes are dead now anyway

Every year for the past couple of years the online retailer Bonobos.com has held an “Easter Egg Hunt” on their website. This is typically a fun event whereby you check various pages on their website for codes used to unlock store credit, discounts, and other goodies. The main prize this year was a $500 voucher off any order, but you had to be the first to find and use the code.

I woke up fairly for a Saturday (10AM) to participate in this competition, figuring that I could always use some new Bonobos clothes on the cheap. I noticed that they changed it up this year – instead of plaintext codes, they have a javascript popup that displays an image containing the code. Clever, probably harder to download the entire site and grep your way to victory this year. Below is what you see when you first get to the site:

Interesting, let’s take a look at the source just for curiosity’s sake.

So it links directly to an image! After playing around with the URL, I found that directory listing/traversal wasn’t an option. Well, what happens when we increment/decrement the image file name?

Awesome, it looks like they are using sequential filenames for this promotion. After decrementing further, I was able to score all of the coupon codes with ease. Here they are below:

Instead of abusing this newfound power, I decided to call Bonobos and report the issue directly to them. They answered the phone immediately (amazing customer service), and I reported the issue to the rep, who was able to replicate the problem and report it to someone who could fix it. He said that the $500 code was already taken, but I could use any of the ones that I discovered (all of them). I tried all of them, and settled with the largest one that worked – the $100 off $250+. Not bad! +1 for responsible disclosure and Bonobos customer service!

This issue shows how important it is to cross your tees (pun intended) and dot your i’s when it comes to security. It’s a minor issue, and it’s definitely not as severe as an XSS or SQLInjection, but it could damage the reputation of the company. Simply randomizing that string of numbers would be enough to make it more secure, but they didn’t go that far when setting it up. It may be the fault of Monetate.net, which is where the images are hosted, but there should have been some check along the line before launching the promotion.

Overview

We have seen something unprecedented during this election season. This thing has appeared on Saturday Night Live, The Colbert Report, CNN, Fox News, and countless other media outlets. It also has more mentions on Twitter than both the abortion issue and social security combined. What is it? It’s the rise of the political meme.

A political meme can literally be anything by definition – but they all share one common trait – virality. Generally they are funny pictures, tweets, statements, or slogans that mock a political candidate in one form or another. Naturally the presidential debates were prime breeding grounds for memes, as you have political candidates in an unscripted setting. We will examine six big memes that evolved during the debates – Big Bird, “Horses and Bayonettes”, Laughing Biden, Creepy Romney, Malarky, and “You sunk my battleship!”.

General Impact

Are political memes even worth a formal analysis? Well, let’s examine their impact. We will be utilizing Radian6 to analyze data from Twitter to determine the social impact of these memes. There were 1.7 million tweets surrounding our sample memes, out of a population of 36.5 million total tweets regarding the candidates. That represents close to 5% of the total discourse around the candidates!

Which political memes were talked about the most? Let’s take a look.

Big bird was clearly the most talked about meme over the last thirty days. The recent meme “Horses and Bayonets”, which stemmed from a zinger Obama threw at Romney during the final debate, is second followed by Joe Biden’s laugh. The other three political memes were minor blips in the twitter-sphere.

Meme Analysis: Big Bird

On October 3rd, 2012, the first 2012 U.S. presidential debate between Romney and Obama was held at the University of Colorado in Denver, moderated by PBS journalist Jim Lehrer. During the course of the debate, Mitt Romney remarked that he “[will] stop the subsidy to PBS” in order to reduce the national deficit despite his self-declared affection for Big Bird, a protagonist of the children’s television show Sesame Street. This sparked a frenzy of pictures, tweets, parody Twitter accounts, and videos all about Romney wanting to “fire Big Bird”.

The interesting thing about this meme is how well it has held up throughout the subsequent debates as well. Let’s take a look at tweets over time about big bird.

You can see that the meme resurges to a certain extent every time a new debate starts, then fades away as the general population loses interest. Every peak is the night of a different debate, with the first being when the meme was created. What does this mean? Political memes have contextual sticking power – so anytime somebody thought “debate”, their mind went to Romney trying to fire Big Bird. It will be interesting to follow this meme until the election and beyond, but my guess is that this meme has run its course.

The big question that comes up every four years always winds up being – h

ow can we best quantify a presidential debate? CNN has tried quantifying public opinion around the debates with it’s “undecided voter” sentiment, rudimentary Twitter analysis, and polling random joes on the street. The problem with these studies is one simple thing – sample size and error. In a world where 1%-2% more votes means victory or defeat, we cannot have small sample sizes that lead to 4-5% error. Large scale social media analysis, thanks to Radian6, seems to solve this issue, and I’ll be breaking down aggregate social data around last night’s VP debate in response to the media’s horrible metrics.

Number of Tweets

This metric is a double edged sword for us as researchers.

How can we derive any meaning from the aggregate number of tweets about a candidate during the debates? Is it true that there is no such thing as bad press? Regardless, here is the aggregate tweet data from Thursday until Friday, including the spike in tweets about the debate. Our query is simply searching for the names of the ca

ndidates, their twitter handles, and common abbreviations of their names.

As you can see, Biden clearly led Ryan in the number of people talking about him on Twitter. Let’s run a word frequency cloud on each candidate to get a feel for what people were saying about each candidate.

Word clouds can give you a lot of noise, but a couple interesting words pop out. Paul Ryan generated a lot of hits from the hashtag #factsmatter, which was used when the tweet focused on fact checking the candidate. Over on the Biden word cloud you can see some negative words like “rude”, “interrupting”, and “laughing”. It is interesting to note that the opposing candidate in each word cloud is the second largest in frequency, which indicates that there was a lot of direct comparisons made between the candidates.

Topic Analysis

What were the hot topics during last night’s debate? Let’s take a look:

Defense related topics (Iran, military spending, Libya) were at the forefront of the debate last night, and that is reflected in the social data. The interesting data point here is that the abortion topic only came up for a short time at the end of the debate, but takes second place for most discussed issue over jobs/unemployment and tax reform.

How did this debate affect the presidential candidates when it comes to the issues? The graph on the left shows the aggregate number of posts about each issue over two weeks (starting the day before the VP debate) as they relate to the presidential candidates. The graph on the right shows the same thing over the same span of time, but also includes last night’s debate (as they relate to the presidential candidates, not VPs). This will effectively show us HOW the discourse around the candidates changed as their VPs duked it out last night.

Notice anything? They are nearly identical. If you look closely abortion and defense got decent sized bumps, but the discourse remained relatively the same. There just wasn’t enough volume to affect the proportion of issues talked about over the last two weeks, but it’ll be interesting to see what happens if we were to compare this graph to the same graph 1-2 weeks from today, to see if the VP debate had any longer term shifts in issues.

Who Won?

This question has always bothered me. There are a million ways to measure who won the debate, and really, is there a binary yes/no answer to this question? Anyway, CNN introduced two hashtags – #BidenWinning and #RyanWinning – which they encouraged their viewers to tweet throughout the night. Well, the results are in!

Conclusions

Well, that’s all the data! Interpret it as you will, but it suggests that Biden had a stronger performance comparative to Ryan.

The popular game show Who Wants to Be a Millionaire used to fascinate me as a child. The show itself was entertaining, novel for the time, and dramatic (“Is that your final answer?” anyone?). However, one part of the Millionaire always stuck out to me: why was the audience always right? According to James Surowiecki, the best-selling author of “The Wisdom of Crowds”, the audience on Millionaire was correct 91% of the time. The basis of Surowiecki’s argument is that the decision of a group is always better than the decision of one of its members. Surowiecki postulates that the group needs to meet several requirements – such as being from diverse backgrounds, resistant to groupthink, and have access to the same basic information – in order of them to make the best decisions possible. That’s what made the audience from Millionaire so great – it was a group of diverse people who couldn’t communicate with each other giving their qualified opinions on which answer was correct. So how does this relate to social media, the foreign exchange market, and a potential correlation worth millions? Read on.

Armed with this knowledge, I was given access to a social media-monitoring and engagement platform called Radian6. It allows the user to search, collect, and visualize data from the social web on a grand scale. Radian6 allows companies to track the effectiveness of their social campaigns (“are people actually talking about my brand?”) , along with engage directly with their customers in one convenient platform. I was given access to this amazing platform thanks to a partnership between Clemson University, Dell, and Radian6 – which gave students like myself unlimited access to research anything we wanted. I immediately thought back to an article in Wired  in which researchers from Indiana University found a correlation between the general mood on Twitter and the stock market. The general “mood” on Twitter was able to accurately predict the daily movements of the stock market 86.7% of the time, which is an incredible correlation (source). Similarly, researchers from HP Labs identified a correlation between posts on Twitter about movies and their respective box office sales. I figured that this deserved to be looked at a second time, so several of us (myself, Scott Cole, Paul Smith, James Kaplanges, and Brett Smentek) formed a group to analyze this further.

I learned very quickly that constructing a social query surrounding stocks would not be an easy feat. How would we differentiate the company “Apple” from the fruit? How would we interpret news about AAPL as positive, negative, or neither? Why were people misspelling “back” as “bac” and throwing off our search results for Bank of America’s stock ticket, BAC? This was going to be a nightmare. However, we also discovered that people on Twitter used the notation $BAC or $AAPL to talk about stock tickers. After analyzing how many people used that notation, we decided that weren’t able to effectively watch one stock. We would encounter spikes of traffic surrounding one company – for instance if an earnings report came out, or a large piece of news was released. So, we plugged in all 3000+ securities listed on the NYSE one-by-one into Radian6 and watched intently on which stocks were being talked about the most. We were able to spot a correlation between social traffic on a particular ticker and big market movements, which was exciting. However, the amount of queries that Radian6 had to run for our stock analysis slowed their servers down to the point where it affected other customers. We had our topic profile disabled, but thankfully we were able to keep our access to the platform. Whoops! If you want to see a full write-up on our efforts in the stock market, I’d recommend checking out Brett Smentek’s blog over here.

With our stock project essentially shut down I turned my focus to the foreign exchange market. Since there are only a few currency pairs to examine, it ensured that we could drive in enough social traffic to examine with only a few search keywords. After searching through social media posts about foreign exchange, we discovered several keywords that would yield tons of relevant opinions on whether to buy or short a currency pair at a specific time. We had essentially found the Ask the Audience lifeline for the foreign exchange market.

Let me show you what I mean. This is a picture of Radian6′s output:

We look for instances where Buy or Sell volume outweigh each other by a certain amount. In this example we would have executed trades in the 8AM and 12PM ranges. Now if we compare that to the EUR/USD price graph for the day:

After analyzing some preliminary data from our Radian6 topic profile, we had enough data to construct a rudimentary automated trading algorithm.  The initial results of this algorithm were overwhelmingly positive, so we pressed on. Over the course of seven weeks we have come up with a very sophisticated trading algorithm that can respond to a number of market conditions, which has shown to have a very effective in practice trading.

Out of 58 trades made by our Radian6 powered social algorithm, only 13 moved in the opposite direction. That is a 77% prediction rate, which may be higher because of inefficiencies within the autotrading algorithm. On average we secured 32 pips per trade, which beat our goal of 20 pips per day by a good percentage.

We started with $5,000 in a demo brokerage account leveraged 50:1 and let it trade over the course of seven weeks. As of today, we have $44,000 in the account (784% increase) and are on course to have over one million dollars in the account before the end of June.

The X axis represents individual trades, while the Y axis represents dollars in the demo account. We make anywhere between 1-2 trades per day, and this represents 35 days worth of trades. Note that there was a period of neutral/negative growth for about a week. That week was extremely volatile price wise (no discernible upward/downwards trends), and pointed out a flaw in our method. Group decision making may be accurate and effective, but it is far less fast and efficient in comparison to individual decision making. By the time enough posts come through to trigger a trade, the market has already made its short-lived movement and is moving towards a correction. Regardless of this setback, our social media autotrading bot destroyed our expectations and continues to make great trades.

More updates to come! Stay tuned.

I recently bought a new Macbook Pro (my first OSX computer, in fact) just a few weeks to replace my dying Google CR48 Chromebook. Since I deal a lot with used electronics, I understand that Macbooks hold their value very well, even over several hardware changes. I did some research on this topic before my purchase and came across something called the “Jade Plan” on the Ars Technica forums. The premise of this plan is very simple: sell your old Macbook to fund the purchase of your new one. There are several variations of this plan, including waiting until the next major OS upgrade to purchase (to save on software costs), to waiting for a redesign. There are numerous “Jade Plan” success stories on those forums, but I wanted to drill down and find some real evidence that you can pull this off successfully.

Objective:

Test the legitimacy of the “Jade Plan” by analyzing historical eBay prices in respect to Macbook Pro generations. The “Jade Plan” can be considered successful if the total cost of ownership of a Macbook Pro is less than $100 per year after a successful upgrade.

Data:

The data was collected over the course of a day by myself (I tend to lead an exciting life), and is stored in this Google Doc. Sheet 1 contains summary data, and Sheet2 contains the raw data. It’s a little messy, but you can figure it out.

Observations

Let’s start off with a couple simple observations I had while collecting the data.

1. People who overvalue their Macbook (ie. set the price too high) will not sell it
2. Likewise, those who set the price too low will not sell their Macbooks. If you plot the data on a histogram, you will in fact see observations #1 and #2 clearly defined in that regard
3. Upgrades don’t tend to do much to selling price. Upgrading your MBP to 8GB of RAM is definitely a plus, but don’t expect much more money when you go to resell it.
4. Preinstalled software leads to higher selling prices. The highest selling MBPs, even some of the crazy high outliers, had things like Adobe CS5 and Office 2011 preinstalled. This applies to every model, for every year.

Those are some pretty simple observations, but the real shocker lies in the data. The average selling price of an early 2011 MBP is about $920, which is a 23% depreciation over the course of a year (and a MBP refresh). Without taking into account tax and eBay/Paypal fees, that is roughly a $280/yr cost of ownership. The same cost of ownership occurred with the 15″ model, but the 17″ model was by far the worst with a $425/yr cost of ownership. The older models of Macbook Pros (I went as far as the mid-2009 model line) fair a little bit better – with the mid-2009 13″ MBP having a cost of ownership of $218/yr if you bought it on release day. Again, this isn’t taking eBay fees or sales tax into account, and as the data shows, those numbers aren’t pretty.

Conclusion

If you buy your Macbook Pro for the full retail price, then sell it on eBay after the next model comes out, then I can definitively say that the Jade Plan is nothing more than rumor. However, there are several things you can do to make sure you can get the best price for your shiny Macbook Pro. The first is to keep everything – the laptop, box, cables, etc. – in perfect condition. Any kind of dings/scratches/dents can severely cut the price. The second is to go ahead and preinstall software on the MBP if you have the ability to do so. The MBP’s that went for the most money had expensive software suites like Adobe CS5 and Office 2011 preinstalled and ready to go. Many of the items that I saw that fit those two descriptions were selling above their retail price – and therefore beat out the Jade Plan by a mile. Also, anything to avoid fees is a good thing, so try Craigslist if that is an option in your area.

Please feel free to make any comments/suggestions! I’ve spent the last several days collecting and pouring over this data, so feel free to ask anything.

Last Friday I won the LaunchPadSC 2011 entrepreneurship competition with my idea for Green Tigers – an electronics recycling firm that targets college aged students. It was a great experience, and the prize money wasn’t bad either! You can see my winning pitch deck here, and note that Green Tigers is currently a live web service. It may be down for the holidays, however, as I want to figure out where I’m taking this idea…so stay tuned!