Wednesday, February 10, 2016

(Off Topic) Investing and Active Management

So... as an investor you are an owner of a company right? Well I've actually decided to test that theory.

My usual stock picking pattern combines value investing (Benjamin Grahm's P/E suggestions, etc.) with playing off of others fears... Usually resulting in selling off soon. This allows me to buy LOW, and minimize risk. For example, recently oil dropped like crazy, so I went out and found some companies that had value. NADL dropped 25% in one day, I bought it, and it had gone up 8% from my price by the next week. The market aslo drove down FSC, which returned 15%. I always check Yahoo Finance's "market losers" section to find some value stocks, there is great earning there.

But back to ownership, I have recently bought 2 companies that are WAY low priced (and quite frankly don't have too much value). I bought 1100 shares of VPCO and 100 shares of DRYS. Not too much money to risk, but enough for my experiment. So I researched the board of directors, found some contact info for a few of them, and also gather up the Investor Relations contact info.

Basically what my email outlined was that I believed these companies could benefit from adopting Lean Production/Toyota Production System or Six Sigma in their management styles (I even added a little slideshow on TPS and some fancy formatting). I think that by adding these management practices it could increase profits in these companies and gain investor confidence (Dr. Michael Burry, the guy that shorted the housing market, even wrote in his case study that he bought a company called Huttig Building Products because the management adhered to Six Sigma).

The potential is pretty good if it works. My $1.87 equity in 1100 shares of VPCO could become $1100 if it regains its $1 a share position, and I could have similar results with DRYS. So we shall see how it works!

Wednesday, March 18, 2015

Free Hosting on Content Delivery Network & A look at it's headers

So, CDN's are becoming more and more popular these days with easy access to amazon web services (I have to do a quick shout out to my employer! Even though I am at the Lex1 fulfillment facility) as well as the HP Public Cloud, CloudFlare, Rackspace, Akamai, etc etc. BUT did you know there are easy work arounds (we can call them life hacks, pun definitely intended) where you can host the images on your website on a CDN for free to speed up your own site.

Simply put, because so many of these sites are using CDN's when you host an image on a site like facebook, twitter, etc, as long as you have very easily accessible security settings you can often find the CDN the image is hosted on and use that link to host it on your own website, therefore making your images, and your website as a whole load faster. For an example, I posted a public photo that I have shared on facebook below with an example showing the domain so you can see what I'm talking about:

And boom! Now image hosting all the banners, backgrounds, button icons, etc that you use in your html for your website with "public" settings, copying and pasting the cdn domain, and building your website like that! Free content delivery! So try it out, and let me know if it works. Also, this may be able to go to all sorts of media, because there are free services for anything now days!

Now for those of you more curious about fbcdn (the facebook content delivery network), I just checked the server headers of the site (using the image above) and this is what was returned:

Last-Modified: Tue, 01 Jan 2008 00:00:00 GMT
Content-Type: image/jpeg
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Expires: Wed, 01 Apr 2015 20:19:56 GMT
Cache-Control: max-age=1209600, no-transform
Date: Wed, 18 Mar 2015 20:19:56 GMT
Connection: keep-alive
Content-Length: 50669

Nothing really unexpected, but an excellent look under the hood of a CDN! Hope you enjoyed the post, and I hope you all have a fun time with this!

Tuesday, July 8, 2014

Using Punycode and Special Characters as Protection from Automated Systems: drunycode

1. Its been a while since I have posted anything on here, so I figured I would give some details on my latest projects that I posted on Github. You can see it here:

So, in essence what it is is a method to protect content delivery networks, code libraries, and image files from ddos software and penetration testing software (vulnerability scanners). Basically software written in a shell script or in C will have a hard time understanding unicode characters... especially software designed to work with or use valid urls. So basically, by using punycode (Internationalized Domain Names) to make your code libraries (all your external scritps, files, etc) in a IDN subdomain, you make it so that these scanners can't understand that they are real urls.

I have taken it a step further by adding special characters into the file names. This gets tricky, because some systems don't recognize certain characters in filenames, but many characters are pretty universally acceptable... for example all~my_java^script-code.js should work pretty universally, but also help encrypt the urls against potential automated attacking systems.

Altogether I call the method of encoding the urls and files: Drunycode

2. Since I realize I haven't posted much about my github projects on here I'll go ahead and talk about some of my shell scripts:

The one above is a heroku toolbelt installer for fedora. Basically, I was having trouble installing heroku's toolbelt on fedora, so I rewrote the bash installer for it. Mainly the problem was because fedora uses "yum install" instead of the "apt-get install" that debian-ubuntu uses. Another issue was with the ssh key. But for all purposes, the installer works if you are using fedora, red hat, opensuse, or centos.

In closing, here is a thought for the day: Why can the US government seize websites, ISP's shut down internet service for traffic is doesn't approve of, and domain providers shut down a site because it doesn't meet their expectations - BUT when a group of individuals shut down a site in protest (a constitutional right) it becomes illegal?

Wednesday, June 4, 2014

Check out my article on huffington post

I was recently published on Huffington Post about how we need new ways to encrypt and protect our data. Here is the article:

I personally am working on drunycode, which is mostly for protecting code libraries, external scripts, and content delivery networks... So pretty much everything important. I believe that if we can have encryption algorithms that can even be shorter, but include not latin characters it makes encryption SOOOOOO much harder to crack. Check it out.

Wednesday, May 14, 2014

Coding in Spanish and other languages: Diseño Web en Español

With a growing international marketplace and the spread of computers to everyone throughout the world, coding and web design has to start making moves towards internationalization, which can take place in multiple different ways... Not to mention some of the methods ICANN has implemented can be used in different ways.

The Drunycode Method- ICANN recently implemented Internationalized Domain Names (IDNs) using punycode, which allows non-latin unicode characters to be used in URLs (such as in my resume). In my research, I have found that by using this as well as special characters in filenames (which doesn't require punycode) you can block ddos software or vulnerability scanners, since they cannot interpret them as valid sites or files. It is basically way of encrypting URLs and filenames. Below are some screenshots of tests:
Lexington Ky Web Design and Web Security

IDN and Punycode encryption of URL - drunycode

Coding in Spanish- While domain names can now use special characters, coding does not, because all the tags are all in english. I personally believe it is important to add what you can to span class tags, input name (and $ php values), and other tags. While it doesn't do a whole lot, it does help spanish speaking html, php, or css coders to understand what each tag means. Other things to keep in mind are the lang='es' tag and the special character codes for text. I have posted the code for an example of a spanish language html page below:

<html lang='es'>
<title>Dise&#241;o Web en Espa&#241;ol</title>
<style type="text/css">
.estilo {color:blue;
<span class="estilo">Este es un ejemplo de la codificaci&#243;n en espa&#241;ol.</span>
<form action="correo.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="action" value="submit"/> Tu Nobre:<br />
<input name="nombre" type="text" value="" size="30"/> <br /> Tu direccion:<br />
<input name="direccion" type="text" value="" size="30"/> <br /> Mesaje:<br />
<textarea name="correo" rows="7" cols="30"> </textarea> <br />
<input type="submit" value="Enviar"/>

Codificación en Español- Mientras que los nombres de dominio ahora pueden usar caracteres especiales, la codificación no es así, ya que todas las etiquetas están en Inglés. Personalmente, creo que es importante añadir lo que pueda para abarcar las "span class", "input name" (y "$" valores en php), y otras etiquetas. Si bien no hace mucho, sí ayuda HTML, php, o css codificadores de entender el significado de cada etiqueta. Otras cosas a tener en cuenta son las etiquetas lang = 'es' y los códigos de letras especiales para el texto. He publicado el código de un ejemplo de una página HTML idioma español anteriormente.

In closing, as always, if you are going to post a job listing or trying to find a web designer, search engine optimization/social marketing, or someone to do web security- look not more. You can hire me, as I am currently looking for something new. Especially if you are looking for someone to code in spanish (or crudely in another language).

Friday, May 9, 2014

PaleOnion and Other Recent Projects

As far as search engine optimization goes, I need to keep adding information to this blog, so I'll update it with some of the projects I've been working on recently.

First and foremost is a new open-source software project I've been working on called PaleOnion, which is a Tor browser based on the optimized firefox browser called Palemoon. The version I just released on sourceforge and github is a Linux/BSD/Unix version written as a bash shell script. My hope was that it would have somewhat faster load times than the original Tor browser. If you are not familiar with TOR, it stands for "The Onion Router" and it is the best tool to keep your anonymity by not only encrypting your web traffic but routing you through several "nodes" to keep your browsing completly anonymous and secure from snooping and surveillance. Anyone wanting to help work on the project is more than welcome! Here are some screenshots:

Palemoon optimized tor browser


The second project I've been working on is playing around with the OpenCatamount operating system built by Sandia National Laboratory for their supercomputers. I was trying to build the Catamount Lightweight Kernel on Lubuntu (a lightweight linux) which didn't turn out too well... so I'll keep working on that one. Here's a screenshot of that project:

Open Catamount Operating System

So, that's about it for now. Of course if anyone in Lexington, Frankfort, Georgetown, Richmond, or just anywhere in the Central Kentucky area needs webpage design, web security, or SEO feel free to get in contact and we'll see how I can help.

Thursday, April 24, 2014

In need of web security or front end development?

Hi! I'm Drew Edwards!
I do freelance web security (owasp standards) and front end web development in Lexington, Ky.
You may be wondering why, if I am a web developer, am I using blogger instead of making an awesome site to promote myself? The answer is simple: Google often puts blogspot in the top of the rankings on a google search (I do seo as well... but it seems EVERYONE does seo).

So lets get down to what I can do for you.
First and foremost, I do web security. You want your website to to be secure from hackers or other predatory beings. The first thing I do is a full evaluation of your website by owasp standards (xss, sql-injections, privilege escalation, etc) then check it for more simple but overlooked vulnerabilities such as exposed internal directories, vulnerability to well crafted social engineering attacks, heartbleed, and other bad "stuff". Then I help fix anything I do find, plus help you with solutions for common problems such as protecting from ddos, setting up ssl, and more.

Protecting your company's security often means the following:

  • A firewall on your systems
  • SSL on all websites
  • Buffer overflow protection
  • pgp or other secure email system for internal email
  • Vulnerability assessment
  • Potection from DDOS attacks

I have proven results through security bug bounties at:
Cisco Meraki
Mozilla Corp.
Barracuda Networks
The Gallery Project

As well as having my own research into the use of punycode/Unicode/special characters in defense against Denial-of-Service software and and Vulnerability Scanners:

And for those interested in web design and development services I code html, css, php, javascript (including jquery and json). As well as use and knowledge of linux (ubuntu and apache) and windows systems. See more on this at:
(this has an htpasswd file, so use username "login" and password "password" to see my resume)

If you are interested, feel free to contact me at drew[at]xn--5dbdcf0e[dot]tk