Tuesday, September 4, 2018

My startup is serving half a PB a month

In 2016, I founded GC GROUP, LLC; a lawful American startup handling few websites. Today, we're managing around 20 websites, many of which are highly trafficked. We serve around 2,000 users a second and use many cloud providers including Google Cloud Platform, Highwinds and Amazon Web Services.

Our stats show that we have been delivering around half a PB a month; that's around 500TB a month and 6PB a year!

Stats for August 2018:


Stats for July 2018:




We use many technologies to optimize and cache our content properly; but most importantly, we ensure downtimes are never acceptable.
Share:

Monday, September 3, 2018

Friday, August 31, 2018

Increasing the security on my professional email

In 2016, I have decided to stop my personal emails for professional communication (eg: @gmail.com, @hotmail.com). I have changed my personal emails and I made sure they remain strictly confidential and shared only with close friends and family.



My professional email ends with @georgechalhoub.com now and is managed by me. It gives me total control over all the configuration and settings, and it is inaccessible via a login page. It gives me great power and control over my email and all the settings and configurations. Here are the security settings I use:

DKIM - DomainKeys Identified Mail

According to Zoho, "DKIM is an authentication method, which uses encryption with public/ private keys, to validate whether the emails are generated from the authorised servers, recognized and configured by the administrators of the sending domains."

This would prevent Email Spoofing and Email Backscattering. In DKIM, a public key is published as a TXT record for the my domain's DNS Manager which is managed by Cloudflare. Every outgoing email includes a distinct signature generated using the private key for my domain. The receiving email server uses this private-public key combination to validate the email source. If there is a validation failure, the recipient server may reject the email or classify it as Spam/ Forged email, based on the server behaviour.

SPF - Sender Policy Framework


According to Zoho, "Sender Policy Framework/ SPF is an Email validation system, to find out spoofed/ forged emails using a specific SPF record published for the domain with the details of hosts, that are permitted by the domain's administrators." 

Sender Policy Framework/ SPF Records is also published as a type of DNS record published in my domain's DNS which identifies the email servers that are permitted to send emails. The main goal of SPF records is to help the receiving server identify the spam emails, sent using my domain name by spoofing/ forging the From email addresses. 

Now, I have recently added DMARC:

DMARC - Domain-based Message Authentication, Reporting and Conformance


According to Wikipedia, "Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email-validation system designed to detect and prevent email spoofing. It is intended to combat certain techniques often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organizations. Specified in RFC 7489, DMARC counters the illegitimate usage of the exact domain name in the From: field of email message headers."

This is really great because now users cannot forge the 'From:' field of the email message headers. DMARC is capable of producing two separate types of reports which would allow me to find out who is trying to forge emails on my behalf.

Here are DMARC rows of an aggregate record shown in tabular form: 




Share:

Sunday, August 26, 2018

Power: The US TV Show that made me ignore socials and thesis work

I rarely get to have some time to watch any series or movies, but when I do, it doesn't go well. I've had dozens of unfinished series on Netflix; I either lose interest or get bored. But that was not the case with POWER.

In fact, while browsing my Netflix collection, I have clicked on the entry by mistake and the show started; but I thought I'd give it a try. One episode, two, four, I was hooked.

My sleep schedule got fucked up, I slept at 5 am (instead of 12 am), I didn't set up a meeting with a supervisor, and I ditched socials.


If I were to describe this show in one word, I'd say 'original'. The show is really unique and presents something you have never seen before. I fell in love with the characters, direction, plot and the brilliant acting.

I've started the show on the 10th of August and finished it on the 20th of August (so total 10 days). Yet, three remaining episodes left which will air every Sunday.

Here is the plot of the show from Wikipedia/Google: 'It appears James "Ghost" St. Patrick has it all -- a drop-dead gorgeous wife, a stunning Manhattan penthouse, and the power and success that come with owning hot new nightclub Truth. But a closer look reveals a man living a double life. When Ghost isn't tending to his Fortune 500 business, he's catering to clients of another operation: a drug empire that serves only the rich and influential. While loyal sidekick Tommy protects the cash-cow narcotics venture at all costs, Ghost's new reality is using Truth as more than a front to launder money. It's a way out of the drug game and into a legitimate life with his family, even if everything he loves becomes unknowingly threatened. "Power" is co-executive produced by Curtis "50 Cent" Jackson (who also co-stars) and show creator Courtney Kemp Agboh ("The Good Wife").'


Share:

Wednesday, August 15, 2018

6 Types of Academic Plagiarists


Plagiarism is defined as using a work that doesn't belong to you. Here are the 6 most common types of academic plagiarism I know:



1. The malicious plagiarist: This is the plagiarist who copies stuff word from word and adds it to his report without giving any single fuck. This generally works in highschools and when presenting work that doesn't get checked by Turnitin and another plagiarism checker.

2. The smart plagiarist: This is the plagiarist who hires someone to do his or her work on their behalf. This is too common in college and students generally get away with it because there is no way for the instructor/lecturer to know. One way to avoid this is to ask students to write some sample work at the beginning of the semester and store a copy of it. You can compare the work together and ask the student to resubmit their work.

3. The translator plagiarist: This is the student who plagiaries a work made in a different language than the original one required. If the assignment was due to be delivered in English, they find a Chinese, Arabic, Russian article and they simply translate it and submit it. TurnItIn might be able to detect this sort of plagiarism, but you may need to contact them to make sure.

4. The Innocent plagiarist: This is the student who quotes and paraphrases one paragraph or two from elsewhere without realizing they need to reference it. This comes due to ignorance, and innocents shouldn't be heavily punished for making such a mistake (An academic warning would do).

5. The Self-Plagiarist: This is the student who resubmits his previous work. This usually works if the previous work isn't submitted on TurnItIn and generally there is no way for the instructor to know.

6. The Group Plagiarist: This is very common and the most underrated type of academic plagiarism. This is a student who is in a group project and does minimal to no contribution to work. His name is submitted and he gets equal marks to his classmates. This can be resolved if the instructor makes all a group members sign a mark distribution sheet at the end.
Share:

Tuesday, July 31, 2018

Why people cheat in academia and life

This is an essay I wrote either in 2012 and 2013 illustrating why people cheat:

It is commonly said that “most people are virtuous, but a few bad apples spoil the bunch”. This pseudo-proverb reveals a truth that many of us try not to notice but is nonetheless a reality that has been empirically observed and fact-checked. The vast majority of young people (and adults for that matter) believe that cheating is wrong. Yet, by nearly every poll, most young people cheat at least once in their high school career. So, the most important question is why do young people behave in ways that are inconsistent with their stated beliefs? Two of the major reasons behind cheating are: the survival instinct and the easy way out.



First, cheating is in one’s self-interest and increases one’s chances of survival. As Ariely said: “Everybody has the capability to be dishonest, and almost everybody cheats – just by a little” (2012, p12).  I am not a psychologist, but I believe there is a mechanism within each of us which triggers a need to "save face." Saving face can mean a desire to save oneself from the angry assault of a parent or teacher; it can mean avoiding embarrassment; it can mean economic survival or a perceived pressure be it self-inflicted or inflicted by some other extraneous force. Although I cannot excuse it, I understand why an educator imposes unbearable testing pressure on his students in order to better ensure the results of the State official exams. If you tell a school administrator that his school's existence or employment might hinge on his students' performance on a test, I believe you are tempting him to cheat in order to achieve a better outcome. Most human beings have a breaking point and when anything threatens a person's livelihood, income and/or social status, you put them in a survival mode. In other words, as you threaten that individual's existence, you tempt them to reach their moral breaking point. What lies at the heart of cheating in any avenue of life, whether personal, academic or career, is self-interest, which most would argue is a particularly vile human attribute. To sum up, there may be nothing more fundamental to human existence than self-interest which, at its foundation, is an expression of our most basic instinct to survive.

Second, cheating offers an easy way out.  Cheaters break the rules to gain an unfair advantage in any competitive situation.  They do not have to cheat all the time, but once faced with a challenge that they do actually want to win, they will go back to their cheating strategies. For example, cheating in high school means better grades and likely admittance into better colleges. Cheating in college provides admission to better graduate programs and more job opportunities. Cheating in graduate school results in better job offers. Cheating among athletes with performance-enhancing drugs provides a performance advantage on the field that can start as early as high school and continue into the professional and Olympic ranks. Cheating in the financial industry results in a bigger paycheck and a faster and higher advancement. Cheating by corporations ensures continuing market share and profits (and survival) when companies are dying daily. Some people simply like to pick the easy way out. Why bother studying hard and doing all those term papers by yourself if you can use somebody else's work? Seriously, why bother? What's the point of studying, working hard, and going to college? Can't you skip all the hassle and hard work and just cheat?  After all, you’re only concerned about money or accomplishing anything “great” in this world. Unwilled to do the work, or just plain lazy, some people don't want to put the time and effort into studying and learning. They take the easy way out by cheating. This may go hand-in-hand with the belief that cheating is "easy" and "no big deal," and "everyone does it”.


Ultimately, cheating is an omnipresent phenomenon in human society and is a behaviour that we can find in the lives of the majority of any population. The reasons, however, for such a human trait seem to be more complex.

Share:

Sunday, July 22, 2018

Receiving a 120,000£ (160,000$) scholarship for my doctorate degree at Oxford University

I am very happy and grateful to have received a 120,000£ scholarship to support me for my next 4-years of studies at Oxford University.


The scholarship was awarded by Fondation Sesam, founded by Abdallah Chatila, which is a non-profit organization based in Switzerland: 

"Non-profit organization recognized by the cantonal authorities of Geneva as a public utility, sesame is a donor foundation based in Geneva. It supports social projects in Geneva and Lebanon, the country of origin of its founder. Sesam favours the creation of partnerships with associations, NGOs or programs aimed primarily at the most disadvantaged." (Translated) 


I will be pursuing a DPhil (PhD) in Cybersecurity from the 28th of September 2018 until the 7th of October 2022. This is what I will be studying:

"The student will receive a broad education for two terms in the broad topics of cyber security, including social and technical aspects.  Research will follow from this, in one of four areas: security of big data, cyber-physical security; effective systems assurance; and real-time security controls.  Students will use techniques from systems engineering, mathematical modelling, empirical research, and other methods to determine the effectiveness of existing security controls and to design and evaluate new approaches for improving cyber security in realistic and deployed contexts, for current and future technologies; against both known and newly-emerging threats."

I am very grateful to the professors that vouched for me at the University of Southampton. The friendship and support provided by the other members of the School of Electronics and Computer Science was groundbreaking. I am indebted to them for their help.

As a computer professional, I believe that is my responsibility to study and find solutions for social and ethical issues that emerge from the cyber world and especially ones related to cyber-security. Mixing my depth knowledge in Computer Science and Cybersecurity would also make a great candidate for this course at Oxford University. The EPSRC Centre for Doctoral Training would also provide the perfect opportunity for me to fulfil my dream of contributing to the advancement of cyber-security. 

I am ready to start my new journey at the University of Oxford and make the most out of it.


Share:

Wednesday, July 18, 2018

Dealing with a security vulnerability

A few days ago, one of my websites which are run by an American startup, has received an email entailing details of a possible security vulnerability. The email was forwarded to me and I followed up on the situation.

The email came from a gentleman from the Netherlands named Thijs who is a security research and a university student:


After doing further research, it was evident that the vulnerability is present on the site and affects search pages only. The vulnerability was resolved within hours.

The search page affected has resulted in 43 million search queries since 2016, it is highly likely that the security vulnerability has been exploited: 


I cannot reveal any further details of the vulnerability but I am glad that it was resolved. Thjis was rewarded with a small bounty of 100$:


Ethical white-hat security researchers like Thijs should be cherished. Have I been able to increase the bounty reward for Thijs, I would have done it. 
Share:

Thursday, July 12, 2018

How to increase security of confidential digital files

If you've ever had sensitive documents, files, or photos and you want to store them securely in a digital environment. The only way to do that store them in an environment (computer) that:


  • Has never been connected to the internet 
  • Doesn't have any Wifi, Ethernet, Bluetooth chips
  • Has its location undisclosed
  • No one is aware of its existence 
  • Is not connected to systems that have been connected to the internet
This is known as an air-gapped computer. If you ever decide to make your air-gapped computer, you should never discuss its existence with anyone, especially on the web. You should know that your air-gapped computer could be vulnerable to attacks so the first step is to not disclose its existence with anyone.

All the attacks I've been stumbled upon know where the location of the victim machine is, so you really need be careful with the secrecy.

Do not use any operating system other than Linux. Do not use Windows. I do recommend Centos 6 or 7 (Linux).

Do not buy commercial laptops to accomplish this task, instead build your own desktop PC, buy your own parts.

Air-gapped computers have been targeted by attacks in the past, so they are still not fully secure. You might want to strongly encrypt any files you add on those computers.

I've come to accept and understand that nothing I do online will be secure or private, it took me years to accept the concept, but I have adapted now.  Every email, photo, message, text you send and receive online no matter what companies brag about. Similarly, your online 'bank account' could be intercepted as well. Even things you do offline are not fully secure.

That doesn't mean that you shouldn't use the internet, but it means you should not never send or store anything you deem confidential on the web.
Share:

Thursday, June 21, 2018

16 Qualities Every Great Webmaster Has

I have been a webmaster for 6 years, for now, I have learned a lot in the past 6 years. Here are the qualities I think every successful webmaster should have:



Great Webmasters Know Basic Programming

You can't be a great webmaster if you don't know basic PHP, basic JS, basic BASH, basic PYTHON and basic HTML/CSS. You can't be code-illiterate if you want to be a great webmaster. Many times, you have to handle code yourself, and you can't always hire someone to write basic tasks for you.

Great Webmasters Don't Rely on cPanel

We all have started working cPanel, but a successful webmaster doesn't just rely on cPanel to manage a website. You will need to have root access to a server and some point and execute many commands that generally cPanel can't easily do.

Great Webmasters Don't Use Shared Hosting

Seriously, if you use Shared Hosting for any website,  you should consider moving to a dedicated hosting. The 'Unlimited Bandwidth and Storage' is a classic, old-fashioned and misleading hosting scam that has been going on for decades.  Shared Hosting generally goes down many times and limits the number of users you can have on your site at a time which is the opposite of what you want. 

Great Webmasters Don't Break US Laws

If you run pirated (movies, music or torrents) or rogue websites, then your profits will be short-term and eventually, you will be charged and your domain would be seized. There are thousands of previous websites which operated illegally and now are seized. You should hire American lawyers and make sure you are compliant with US laws; you should also register your website in the DMCA copyright office and handle any copyright violations that occur on your website.

Great Webmasters Hire

Good webmasters aren't afraid to hire people when in need. You can't expect yourself to do it all, and if you expect that, you are destined to fail. A website is very demanding (on the front-end, back-end, database, server maintenance, etc...) and at some point, you will want experts to handle specific issues on your website.

Great Webmasters Care About Profit

You're not a charity. Great webmasters care about profit and don't operate websites that generate small to no profit. If your website is not generating good income or good traffic, you should not give up and keep trying until you achieve your goals. Not all websites are destined to succeed, so if a website has failed for years, it might be time to launch another one.

Great Webmasters Don't Mess With Google

If you're a webmaster, then you should know that Google plays a huge part in your success. Almost half of your traffic could be sent from Google and you should know that you should never mess with Google Webmaster Guidelines in order to boost your ranks. The only way to rank up in Google Search is to have original content and trigger a good user experience - that is all. Many webmasters dive into Black-SEO in order to attempt to cheat the system and eventually almost get punished and lose their rankings. There are no magic formulas to rank you up on Google.

Great Webmasters Put User Experience on Top

If your profits are at the expense of user experience, then definitely you are doing something wrong. User experience should remain a top priority on the website and plays an important factor in a website's success. You should make sure that you create the best experience possible for users that visit your site. As Google once said: "Focus on the user and everything else will follow".

Great Webmasters Don't Sell Personal Information

It is very easy for a webmaster to be able to collect personal information such as email, IP addresses, names, addresses, etc... Great webmasters don't sell personal information no matter how much it could be profitable. This is a matter of ethics and you should be very careful not to fall into this trap.

Great Webmasters Don't Mine Bitcoins Without User Consent 

If you're secretly mining bitcoins on your user's CPU, you're a dick and a moron, period. Great webmasters don't engage in this malicious activity which could push away your users permanently.

Great Webmasters Don't Get Hacked 

Your website, database(s) and server(s) are your own responsibility and you should ensure that you use high-security standards (such as two-step authentication, public and private keys, etc...) in order not to get breached. Getting hacked or breached could be extremely embarrassing or cause permanent data loss.

Great Webmasters Backup 

You should be doing daily backups to your servers, and most importantly your database. If you don't backup very often, you should know that you're playing with fire and data loss is more frequent than you think. 

Great Webmasters Care About Speed

Users aren't patient. If your website is taking more than 2s to load, you could be losing up to 50% of users on mobile. This is quite serious. You should do your best to load your website as fast as possible and use caching and other means to make this goal achievable.

Great Webmasters Adapt to Change

Adapt or die. If you're not adapting to the changes that are happening on the web, then you're going to flop soon. For example, many websites still use Flash Player on their videos and don't support HTML5. Can you believe this? This is one of the worst things you could do to a website.

Great Webmasters Don't Go Down

This is 2018 and not 2000, going down (even for a few minutes) is not acceptable and could have a huge impact on your website on Google search rankings. If your website is not optimized to handle significantly high traffic, you're not going to make it far. Your code and database should be optimized to run high traffic. Many times one server isn't enough so you might consider using cloud resources such as Cloud Instances (Servers), Cloud Databases and Content Delivery Networks.

And finally...

Great Webmasters Don't Give Up

You're not going to have a straightforward path and each webmaster's journey is unique but almost all have hardships and obstacles. Great webmasters never give up... no matter what. 





Share:

Friday, April 13, 2018

Dealing with FirstChoicePay's retirement


On 1/11/2017, Payoneer announced that they would be launching a service called FirstChoice Pay:




On 2/1/2017, my FirstChoicePay's debit card has been shipped to me:



This Tuesday, I've been informed by a party that FirstChoice Pay is ceasing its service: 


Yesterday, FirstChoice Pay informed us formally that the service is stopping: 



But, why?  

The problem is caused, as you may have guessed, the latin american bank, Choice Bank. Apparently, the bank has been forced into “liquidity-constrained position”. The bank provides credit cards for FirstChoice Pay, without that bank, the service cannot operate.

“With a view to enable the bank to manage cash flows in an orderly fashion to work through the current liquidity situation, in the interest of depositors and other creditors as a whole, the bank has taken the decision in its view as a matter of necessity, with immediate effect, to temporarily suspend all withdrawals from deposit accounts with the bank and other outbound payment activities (save for payment of employees, suppliers essential for core operations, consultants and advisers) until the bank and/or its relevant regulatory authorities (as the case may be) are satisfied that such suspension is no longer required,” Choice Bank said according to an article by XBIZ.

“The liquidity challenges the bank currently faces is truly a short-term one. As it progresses through this process, the bank is confident that all its depositors, cardholders and creditors will be kept whole,” Choice Bank also said.

Now, what?   

The first step is taking my money out immediately from the credit card. Even though FirstChoice said the money is still available to use; their statement is alarming and I wouldn't want to have any relationship with that bank or their services in the future. 

Taking my money out... NOW  

I remember I asked someone to drive at my 2:00AM to the nearest ATM, where I withdrew initially a part of the payment (1,800$). The second day I withdrew another sum (1,800$). The third day I withdrew (2,400$). All the money on the card, almost totalling for (6,000$) was withdrawn.

I used more online services to empty my card until it had $0.41. This means I am done with this service. The generous 41 cents left on the card can be used by First Choice to deal with their issues.



Moving on... 

It is time to move on.
The news were indeed shocking; I have had 0 problems with FirstChoice Pay and I really enjoyed that service.

No words can describe how good that service is with excellent customer support which includes Chat, Ticket and Telephone.

Even though my card is set to expire in 2020, I will be keeping their debit card in archived. Furthermore, I will be exporting and archiving all my statements and account details.

I am grateful for the service they have offered for years and now that I've withdrawn all of the funds it was time to move now to other solutions. Businesses succeed and fail and in that case, we all been unfortunate to witness such a great service cease.
Share:

Wednesday, April 4, 2018

Thoughts on the sentencing of sharebeast.com's owner

I have recently learned that the owner of sharebeast.com has been sentenced to 5 years in prison for copyright infringement. The domain name has been seized by the FBI as well:
Copyright infringement crimes are increasingly common and it seems the operation of sharebeast.com was a blatant case of copyright infringement. The owner of the website uploaded copyrighted music and refused to take it down. It feels odd though because the owner lives in the US and has a chosen a domain name that is seizable by US Government agencies.

This is no different than websites pirating movies and streaming them to users. There are currently thousands of pirate websites, however rare are the operators who reside in the United States and use a '.com' domain name which is seizable by the US government.

As said previously, hundreds of thousands of websites exist worldwide with the intention to pirate. Some are 'rogue' sites, they pretend or do take down copyrighted content but it finds its way to the platform again. Example sites include "openload.co" (Alexa Rank: 134) and many others. A solution to that would be offering a service to fingerprint the content and automatically block it on re-upload. Also, a repeat infringers policy taking in place would be very appropriate.
Share: