North Korea And Trump

After seeing Trump’s recent tweets for the past few days, I’m getting even more concerned about America’s current state of leadership.

Seeing his Tweet about firing NFL players if they kneeling or sitting down during the NFL anthem is antithetical to what America stands for. Soldiers fight for this country to protect the constitution, not the flag. What I find more alarming than Trump’s divisive language is that he is quite hypocritical. He seems to be anti political correctness and pro free speech, yet he furthers this message that NFL players that do not participate in the pledge of allegiance should be fired.

At first, I thought this tweet was to distract the American people from the escalating tensions between North Korea and the US. Nevertheless, I was proven wrong when I saw that he wrote 9 hours later, tweeting “Just heard Foreign Minister of North Korea speak at U.N. If he echoes thoughts of Little Rocket Man, they won’t be around much longer!”

His approach towards North Korea is alarming and not effective at all. He wants to show that he is tough which I understand, but constantly escalating the rhetoric won’t help. I believe he should keep his rhetoric down low while putting pressure on China and Russia to place economic sanctions will put enough pressure towards North Korea to give up its arms eventually.

Curbing the North Korea issue requires patience similar to the long conflict with Russia in the Cold War. Specifically, Trump can learn from John F. Kennedy’s solution towards the Cuban Missile Crisis with a naval blockade. Trump needs to be patient and resort to the international community to put pressure on North Korea.

We must understand that North Korea has demonstrated that it can actually cause great harm to US allies such as South Korea and Japan. If it launches a missile towards either country, that would cause economic instability, kill many innocent lives, and spark an unnecessary war.

Also, we should be aware of North Korea developing its warfare in the cyber arena. North Korea has been developing its cyber capabilities and have been training the brightest young civilians to learn how to hack. Most recently, North Korea has been trying to hack the bitcoin blockchain infrastructure to steal bitcoins to fund the regime. With technologies growing ever so quickly, the US should develop its own program to prepare for cyber warfare. Soon enough, wars we be conducted more and more through hacking and defense against it.

The North Korean issue should not be taken lightly and trump’s hostile language towards North Korea just brings us closer to direct and military conflict.

Charlottesville

The recent “Unite the Right” event is a testament that racism is still a huge issue that needs to be address. No one should ever be attacked or threatened on the basis of their race.

Here is the flyer for this eveent:

The event was formed to protest the removal of the Robert E. Lee Charlottesville Statue. Here’s a good reddit comment I found on the r/TheDonald subreddit which demonstrates why they were so angry about this: https://www.reddit.com/r/The_Donald/comments/6t9ot1/realdonaldtrump_we_all_must_be_united_condemn_all/dlj0j33/

I’ve been passively following these alt-right/Donald Trump supporter groups online for the past year through their Discord groups (an anonymous chat platform) and have seen racism and anger towards anyone that is opposed to their views.

I joined the alt right’s biggest Discord group earlier this month to evaluate why they were so passionate about white nationalism. The alt right Discord group only allows white people to join their group according to their rules:

On the other hand, in other right-leaning Discord groups such as the ones that support Donald Trump strongly oppose any racist sentiments and ban any users that racistly attacks others.

Nevertheless, their anger has reached to a high point where they are now organizing protests towards the Google memo issue and the most recent Charlottesville statue issue. This “Unite the Right” event was organized and promoted by the alt-right and Donald Trump groups in anonymous circles:

Why is this happening?

After the most recent presidential election, We’ve seen extremes from both the left and the right such as the Antifa and certain alt-right members physically attack others and promote violence.

I think all this racism and anger stems from the lack of open and civil dialogue from both sides. Media platforms such as CNN and Fox News promulgate sensationalist rhetoric which demonize certain political ideologies and people that follow under those ideologies. Thus, people from both sides are often tricked by these news media platforms and replicate this anger by calling others with labels such as “snowflakes”, “libtard”, “racist”, or “homophobic”.

To solve this issue, people should come face to face, perhaps in a town hall setting and have an open conversation on heated issues like healthcare, nationalism, etc.

Here’s a video about how a black man convinced a KKK member to quit: https://www.youtube.com/watch?v=ipuJHdFliBk

How did he convince these people who were vehemently racist towards non-whites to completely flip in his ideologies? He sat at the table with these KKK members and had an open conversation.

Many of these racist or violent people from both ideologies formulate a certain evil image of the other side. Schools, churches, and public policy won’t change a racist and violent person but perhaps an open conversation will.

In closing, I’d like to end this blog post with a quote from Martin Luther King: “Darkness cannot drive out darkness; only light can do that. Hate cannot drive out hate; only love can do that.”

"Tiger Mom"

My mom is the strongest person I know. Her hard work ethic and her sacrifices for her family, my brother, and me are quite remarkable.

She grew up in a very poor family who fled to Hong Kong during the Communist Revolution after the communists ransacked their house and stole all their money. She had 7 sisters and brothers. Her two oldest sister had to work in the factory to put food on the table. Growing up, my mother’s mother often underscored the notion that if my mother failed, she would end up in the factory. Fearful of that, my mom worked hard and got her physical therapy license to practice in Hong Kong and then, over the course of a decade, moved to the US to work as a physical therapist.

Having a diffiult childhood led my mom to vow to raise educated children with many more opportunities than she ever had. She enrolled my brother and me into different educational platforms such as John Hopkin’s CTY or Stanfords ETGY or the Russian School of Math program throughout elementary, middle school, and high school. Moreover, she pushed us to explore different disciplines through sports programs such as the Boston Warriors AAU basketball program or art programs such as the New Art Center art camps. My mom wanted my brother and me to be exposed to many different subjects while having a strong academic foundation. More importantly, my mom wanted us to be happy.

Nevertheless, she was also very cautious, always planning 3 or 4 steps ahead. While my brother and I were in elementary school, she would work 3 jobs starting for 3 AM and ending at 6 PM and picking us up from school in the middle of work shifts. Both her and my father wanted to work as hard and long hours, often sacrificing their own health and social lives, to save money for me and my brother’s college education or potential healthcare costs.

When people meet my mother, they would consider my mom as a so called “tiger mom” or “helicopter” mom, but I see her as perhaps the most caring and dedicated mother. She instilled her hard work ethic into my brother and me. Her and my father’s hard work ethic and sacrifices motivate me to this day.

How to stop getting hacked

Recently, I’ve noticed some of my friends getting hacked on Facebook and other platforms. So, I’ve compiled a list of possibilities based on my own experiences:

1. Let’s say you are reading an article from a malicious site. The author could create it so that it opens a tab automatically with a fake Facebook login page with the url facebook.com/APP_ID/…. . This Facebook hack is most often implemented using this Facebook developer app method.

1. The Facebook user gives vast permissions to a Facebook app which allows the developer to submit posts and read/send messages. The Facebook user probably didn’t read the permissions they were giving to the app and just pressed “allowed”.

Screenshot of the Facebook Write Post Permission

Screenshot of the Open Facebook General Permissions Page

If you think you’ve fell for one of these traps, do the following:

1. Change your password!
2. Revoke the app’s access through this method.

I myself have been hacked many times on the web. Through the past few years, I’ve been trying to learn how black hat hackers operate by delving through the black hat forums. I’ve also had the opportunity to learn a lot about system securities and Cisco networking through the Cyberpatriot program.

Thus, based on my experience, I thought of three key tips that will help any web user learn how to protect themselves from hackers:

1. Always make sure to check the url when you are logging into something if you are on a public network (ex: Starbucks Free WiFi). A dead giveaway is if the site doesn’t have the secure green lock in the left of the url box which means it’s not encrypted with HTTPS or SSL. If you don’t use a secure protocol like HTTPS or SSL, that could lead to a potential hack through data interception. Hackers use networking tools like Wireshark and Network Miner to read through the data transmitted on a current router. HTTPS or SSL would encrypt this data to prevent people to see sensitive data. If you are interested in the finer details of this, check out this article by Case Western University on identifying insecure website.

Screenshot of the URL bar of a site which uses HTTPS and SSL

Screenshot of the URL bar of a site which doesn’t use HTTPS or SSL

1. Double check what permissions you give sites. For example, a common thing teens use is Facebook friendship apps like this “Who will you marry?” site. This gives them access to potentially a lot of data that they can mine which could enable them to guess your password. For google apps, there are permissions that allow the app to take total control of your account (send/read emails). So, be careful!
2. Don’t trust anybody on the web! The most common tactic by hackers is social engineering. They usually first gain your trust and gains some personal information which then allows the hacker to get access to your account(s) through methods like bruteforcing.
3. Don’t run any suspicious exe or packages on your computer without running it through antivirus. I recommend Malwarebytes and AVG.

Scraping Facebook with Javascript to Get a List of Your Friends

This is the first article of a new series called “Fighting against Fake News”. For the next few weeks, I’ll be writing about my technical challenges of this digital literacy research project as well as my own thoughts on the topic of misinformation. Hope you enjoy!

To preface this, I’d like to describe briefly what this digital literacy project is all about. I’m currently working on this project with the Dav-lab group at Wellesley College to help people build digital literacy skills. With the proliferation of fake news on social media platforms like Twitter and Facebook, we thought we needed to address this issue by helping people develop digital literacy skills.

We thought a way to help people develop digital literacy skills is by developing a Google Chrome extension which gamifies the user’s Facebook news feed by allowing the user to guess which Facebook friend shared what type of news content in their news feed:

Screenshot of the Open Answer Game Format of the Extension

Initially, I programmed the extension so that it parsed through the user’s Facebook news feed and marks up every post which contained an article. Recently, I realized that this parser was quite useless due to it’s over modification of posts and realized it should only modify posts shared by the user’s friend. So, I needed to program a way to get a list of Facebook friends using Javascript for an extension I was building so that I could compare a list of posts with this list of friends to make sure I’m modifying posts shared by the user’s Facebook friends.

In a previous project, I ran into a similar issue where there were no documentation for getting a list of the current user’s Facebook Friends using the Facebook’s Graph API (Facebook got rid of the /me/friends node in version 2.0). Back then, I created a simple workaround:

window.fbAsyncInit = function() {
    FB.init({
      appId      : 'YOUR_APP_ID',
      xfbml      : true,
      version    : 'v2.3'
    });
    FB.AppEvents.logPageView();
    $( document ).ready(function() {
        FB.login(function(response) {
        if (response.status === 'connected') {
          FB.api('/me/taggable_friends?limit=5000', function(response) {
	          console.log(response);
	      });
	});
}; 
(function(d, s, id){
     var js, fjs = d.getElementsByTagName(s)[0];
     if (d.getElementById(id)) {return;}
     js = d.createElement(s); js.id = id;
     js.src = "//connect.facebook.net/en_US/sdk.js";
     fjs.parentNode.insertBefore(js, fjs);
   }(document, 'script', 'facebook-jssdk'));

Unfortunately, I couldn’t use this implementation due to these privacy requirements:

1. I didn’t want to store any data, meaning no server side requests.
2. I had to be able to use this method for a chrome extension.

So, I couldn’t use the Facebook API since it stores some of the user data server side and since it can’t be tested while developing the Chrome Extension.

Ultimately, I decided to create a scraping function using Javascript. To create an effective scraper, I inspected potential facebook links that had a clear list of friends that could be easily parsed. Unfortunately, there were no paths that led to a single full list of friends.

Luckily, I found a mobile basic version of facebook’s friend list, https://mbasic.facebook.com/friends/center/friends/?=1 , that had a clear url pattern for getting to each page of the user’s friends list. For example, https://mbasic.facebook.com/friends/center/friends/?=1 is page 1 of the user friends list, https://mbasic.facebook.com/friends/center/friends/?=2 is page 2 of the user friends list, and so on.

Here is the code I eventually came up with:

var activeTab;

var lastRequestTime = 0;
var requestInterval = 50;

var timeoutHistory = [];
var xhrHistory = [];

function get(url, done) {
	var xhr = new XMLHttpRequest();
	xhrHistory.push(xhr);
	xhr.open('GET', url, true);
	xhr.onreadystatechange = function (e) {
		if (xhr.readyState == 4) {
			done(xhr.responseText);
		}
	}
	var delay = Math.max(lastRequestTime + requestInterval - (+new Date()), 0) + Math.random() * requestInterval;
	lastRequestTime = delay + (+new Date());
	timeoutHistory.push(setTimeout(function () {
		xhr.send();
	}, delay));
}

var promises = [];


function getFriends(){
	
	var index = 0;
	var friends = [];
	while(index<=500){
		request = $.ajax({
		     url: "https://mbasic.facebook.com/friends/center/friends/?ppk="+index,
		     dataType: 'text',
		     success: function(data) {
		          if($(data).find(".v.bk")){
		          	var elements = $(data).find(".bj").children();
		          
			          for(var i = 0; i < elements.length; i++) {
			               var name = elements[i].firstChild.innerText;
			               var firstDigit = name.match(/\d/);
			               index = name.indexOf(firstDigit);
			               name = name.slice(0, index);

			               if(name.includes("Your PagesHelpSettings")){
			               		return false;
			               }
			               friends.push(name);
			          }

		          } else{
		          	return false;
		          }
		     }
		});
		index++;
		promises.push( request);

	}
	
	return friends;

}

The scraper does the following:

1. Visits the first friend page of the user, using an AJAX call to access the mobile basic version of Facebook.
2. Parse through each page based on class names, gather each name from the page and push it to the ‘friends’ array.
3. Continue steps 1 and 2 till there are no friends on the page.

That’s it! :)