Skip navigation

Category Archives: Humor

Avast, me hearties! It’s time four t’ annual International Talk Like a Pirate Day #rstats post!

(OK, I won’t make you suffer continuous pirate-speak for the entire post)

I tried to be a bit more practical this year and have two treasuRe chests for you to (hopefully) enjoy.

A Package Full o’ Pirates

I’ve covered the Anti-shipping Activity Messages (ASAM) Database before for TLAPD before but getting, updating and working with the data has more pain points than it should, so I wrapped a small package around it.

Here’s how to get all pirate attacks this year (2015) so far:

# devtools::install_github("hrbrmstr/asam")
library(asam)
 
data(asam_shp)
pirates <- subset(asam_shp,
                  grepl("pirate", Aggressor, ignore.case=TRUE) &
                  format(DateOfOcc, "%Y") == "2015")
 
nrow(pirates)
## [1] 78

It looks like there have been 78 registered pirate attacks this year. The National Geospatial Intelligence Agency (NGIA) marks the attacks by lat/lon and also by region/subregion, and I managed to obtain the official polygons for these regions, so we can plot these attacks on a world map and also show the subregions:

library(ggplot2)
 
# get the ASAM subregion polygons
subregions <- asam_subregions()
subregions_map <- fortify(subregions)
 
# get the world map
world <- map_data("world")
 
# get the points for the pirate attack occurrences
pirate_pts <- data.frame(pirates)
 
gg <- ggplot()
 
# world map layer
gg <- gg + geom_map(data=world, map=world,
                    aes(x=long, y=lat, map_id=region),
                    color="black", fill="#e7e7e7", size=0.15)
# ASAM regions layer
gg <- gg + geom_map(data=subregions_map, map=subregions_map,
                    aes(x=long, y=lat, map_id=id),
                    color="white", fill="white", size=0.15, alpha=0)
 
# attacks
gg <- gg + geom_point(data=pirate_pts, color="black", fill="yellow", 
                      aes(x=coords.x1, y=coords.x2), shape=21)
 
gg <- gg + xlim(-170, 170)
gg <- gg + ylim(-58, 75)
gg <- gg + coord_map("mollweide")
gg <- gg + theme_map()
gg <- gg + theme(panel.background=element_rect(fill="steelblue"))
gg

README-map-1

There is quite a bit more data than just location, though and we can work with it much better in an interactive map.

Makin’ Interactive Pirate Maps

Now, what makes the following an interactive pirate map is not so much the fact that we’ll be plotting points of pirate attacks on a Leaflet map, but we’ll also be using a pirate treasure map theme on the Leaflet map.

Let’s start with showing how to use a general pirate map theme before adding in the ASAM data.

You’ll have to pause here and head on over to MapBox to register for a (free) account. You’ll need to go through the gyrations to eventually get a public token and mapbox id to use the pirate map tiles they have. I store those in my .Renviron so I don’t have to cut/paste inane strings when I need to use this, or other, APIs or need to keep them from prying eyes. Since MapBox exposes these strings in GET call URLs, the use of environment variables is strictly for convenience in this case.

library(leaflet)
 
mapbox_public_token <- Sys.getenv("MAPBOX_PUBLIC_TOKEN")
mapbox_map_id <- Sys.getenv("PIRATE_MAP_ID")
mapbox_url <- "https://a.tiles.mapbox.com/v4/%s/{z}/{x}/{y}.png?access_token=%s"
mapbox_tiles_template <- sprintf(mapbox_url, mapbox_map_id, mapbox_public_token)

Now, what good is a pirate map without an ‘X’ marking the spot for some treasure. For that we’ll need an ‘X’:

in a format we can use with Leaflet:

x_marker <- icons("http://rud.is/dl/x.png",
                  iconHeight=64, iconWidth=64,
                  iconAnchorX=32, iconAnchorY=32)

Now, we can display a pirate map for all scurvy dogs to see:

leaflet() %>%
  addTiles(mapbox_tiles_template) %>%
  setView(lng=-50.9249, lat=45.68929, zoom=3) %>%
  addMarkers(-70.2667, 43.6667, icon=x_marker)

NOTE: I have not buried treasure in Portland, Maine, but go nuts digging at that location if you still want to.

Pirates on Pirate Maps

We can make a [crude] interactive ASAM browser by combining our data from above with our new, pirate-y mapping capabilities:

library(asam)
library(sp)
library(dplyr)
library(leaflet)
 
data(asam_shp)
dat <- subset(asam_shp,
              DateOfOcc > as.Date("2015-01-01") &
                grepl("pirate", Aggressor, ignore.case=TRUE))
# could also do data.frame(dat)
dat <- bind_cols(dat@data, data.frame(coordinates(dat), stringsAsFactors=FALSE))

We’ll build a popup with the ASAM incident description fields and add it and the pirate incident points to a pirate-themed Leaflet map:

popup_template <- '<div style="background:#f3e0b5; padding:10px"><b>Date:</b> %s
<span style="float:right"><a target="_blank" href="https://msi.nga.mil/NGAPortal/msi/query_results.jsp?MSI_queryType=ASAM&amp;MSI_generalFilterType=SpecificNumber&amp;MSI_generalFilterValue=%s&amp;MSI_additionalFilterType1=None&amp;MSI_additionalFilterType2=-999&amp;MSI_additionalFilterValue1=-999&amp;MSI_additionalFilterValue2=-999&amp;MSI_outputOptionType1=SortBy&amp;MSI_outputOptionType2=-999&amp;MSI_outputOptionValue1=Date_DESC&amp;MSI_outputOptionValue2=-999&amp;MSI_MAP=-999">ASAM Record</a>
</span><br/>
<b>Victim:</b> %s<br/>
<b>Description:</b> %s</div>'
 
nona <- function(x) ifelse(is.na(x), " ", x)
 
pirate_pops <- sprintf(popup_template,
                       dat$date,
                       gsub("-", "_", dat$Reference),
                       dat$Victim,
                       paste0(nona(dat$Descript),
                              nona(dat$Desc1), nona(dat$Desc2), nona(dat$Desc3),
                              nona(dat$Desc4), nona(dat$Desc5), nona(dat$Desc6),
                              sep=" "))
 
mapbox_public_token <- Sys.getenv("MAPBOX_PUBLIC_TOKEN")
mapbox_map_id <- Sys.getenv("PIRATE_MAP_ID")
mapbox_url <- "https://a.tiles.mapbox.com/v4/%s/{z}/{x}/{y}.png?access_token=%s"
mapbox_tiles_template <- sprintf(mapbox_url, mapbox_map_id, mapbox_public_token)
 
leaflet() %>%
  addTiles(mapbox_tiles_template) %>%
  setView(lng=-50.9249, lat=45.68929, zoom=3) %>%
  addCircles(dat$coords.x1, dat$coords.x2, radius=300,
             color="#664c1f", popup=pirate_pops)

Select any of the circle marks and you’ll get a popup with a description and link to the official ASAM record (like this):

tlapd2015012_html

Fin

I’m not sure when I’ll get back to the asam package, but it could use some attention. The Aggressor field could be auto-cleaned to make it more usable and a dplyr-esque interface could be developed to select incidents. Also, since it includes a shapefile of subregions, that could also be used to do more spatial-oriented analyses of the incidents. It’s all there for any pirate lackey to pilfer.

Drop a note in the comments if you have any of your own pirate-y creations or an issue on github for feature requests & bug reports.

wwdpm.001For those that wanted to play along at home, I’ve cleaned up the text and made the Wait Wait…Don’t Pwn Me! closing segment of SOURCE Boston 2013 available for download [PDF]. The video crew had cameras running, so keep checking the @SOURCEconf web site as it’ll probably get posted as they crank through all of the conference session videos (give them time, tho, as there are a ton of vids to process).

I also wanted to, again, thank @selenakyle for her most excellent job playing Carl Kasell; the awesome panelists: @451Wendy, @innismir & @andrewsmhay; @joshcorman for—yet again—putting up with me picking on him (and getting all the questions right); and our volunteers: @ra6bit, @Gmanfunky (and three more who I need Twitter handles from :-).

I only hope that @petersagal & the WWDTM crew can forgive me if they ever read the transcript or views the video of the segment.

(With apologies to Barry McGuire & P.F. Sloan)

To a familiar tune

RIM of Destruction

The mobile world, it is explodin’
executives flarin’, app updates loadin’
you’re Bold’s enough to sell but no one’s buyin’
no one believes in your PlayBook, but that’s what your totin’
and even the Curve won’t keep you a floatin’
but you tell us over and over and over again my friend,
ah you don’t believe you’re on the RIM of destruction.

Don’t you understand, what I’m trying to say?
Can’t you see the fears that I’m feeling today?
Your consumer and business customers are all running away,
There’ll be nothing to save with QNX in a grave,
take a look around you, Bidulka, it’s bound to scare ya,
and Thorsten tells us over and over and over again Boulben,
ah, he don’t believe he’s on the RIM of destruction.

BYOD’s got me so mad, my blood’s coagulatin’,
I’m tweeting here (from my iPhone), just contemplatin’,
I can’t twist the truth, it knows no regulation,
that iOS & Android are wildly propagatin’
and BB10 promises alone can’t bring integration,
when platform respect is disintegratin’,
this whole mobile world is just too frustratin’,
and you tell us over and over and over again my friend,
ah, you don’t believe you’re on the RIM of destruction.

Think of all the Samsung phones in China,
iOS is on top even in Redmond, WA!,
Ah, you may think you’re a leader in this space,
but you keep returning to that same old place,
your quarterly reports show no pride, just disgrace,
you buried your heads, and soon there won’t be a trace (of you),
copy your neighbours, who’ve all taken your place,
and you tell us over and over and over and over again my friend,
you don’t believe you’re on the RIM of destruction.
no no you don’t believe you’re on the RIM of destruction.

Rik Ferguson, Director Security Research at Trend Micro, had a great tweet early last Tueday morning calling out potential FUD in an article over at The Metro:

Given the plethora of FUD-dropping in the article, I could only think of one way to do it justice, and that was a paragraph-by-paragraph check-in via:


Every FUD-check counts!

(it may help to have the article open in another window)

OK! we’ve got you at The Metro. You’ve been here 1 time.
  • +1 for heartstring tug (“Children”)
  • +1 for immediate FUD in headline
  • +1 for Facebook reference in headline
Nice check-in! You earned +3 points!
  • +1 for mention of Pentagon in sub-head
  • +3 for context switch from personal to national scariness
  • +1 for Facebook reference in sub-head
  • +1 for first use of “cyber”

Great mixing of FUD domains!
  • +3 for context switch to “child pornography” in main article picture caption
  • +1 for Facebook reference in caption

You’ve been to Facebook FUD 3 times! You’re the Mayor!
  • +3 for context switch back to national scariness
  • +1 for use of “cyber”
Every cyber-FUD check-in counts!
  • +2 for global scariness
  • +1 for social-media scariness
  • +3 for Facebook (you’re the Mayor!)
  • +1 for mentioning Sony attack
  • +1 for national scariness
  • +1 for mentioning Lockheed attack
  • +1 for mobile scariness
  • +1 for use of ‘bot’
Whoa! +10 points! Awesome check-in!
  • +3 for context switch back to personal scariness
  • +1 for re-mention of child pornography
  • +2 for added scariness of kidnappers

You know “they” know where they live and aren’t afraid to spread the FUD!
  • +1 for geolocation scariness

Headed in the right direction with this check in!
  • +1 for more geolocation scariness
  • +3 for Facebook (you’re the Mayor!)
  • +2 for “bedroom”

With that last check-in, you’re well on your way to becoming the Mayor of FUDville!
  • +1 for social-media scariness

Social-FUD FTW
  • +3 for Facebook (You’re the Mayor!)
  • +3 for coining ‘lifejacking’
  • +1 for mobile scariness

The Mayor is in the house!
  • +2 for Android scariness
  • +1 for “Wild West”

Artifical life-form FUD meets historic gunslinger FUD!
  • +1 for mobile/acrobatics tie-in
You’re a FUD gymnast!
  • +1 for SMS scariness
Every check-in counts!
  • +3 for Anonymous reference
  • +3 for LulzSec reference
  • +3 for context switch back to national scariness
Good use of “cyber-vigilante” FUD!
  • +1 for Lockheed reference

Defense FUD FTW!
  • +1 for “cyber”
  • +1 for “cyber”
  • +1 for “cyber” (You’re the Mayor!)
  • +3 for “cyber”

You’ve earned the Cyber-FUD Badge!
  • +3 for “cyber” (You’re the Mayor!)
  • +10 for nuclear scariness
  • +10 for “scary”
FUD is scary
  • +10 for context switch to global “Olympic” scariness

Congratulations! You scored over 100 points! You’re the mayor of FUD-ville!
(Done with homage to @shpantzer‘s SCSOVLF.)

UPDATE: I have intentionally cross-posted this to my SIRA blog since the combined wit & intelligence of the folks there trumps anything I could do alone here.

All the following newly-minted risk assessment types have been inspired by actual situations. Hopefully you get to stick to just the proper OCTAVE/FAIR/NIST/etc. ones where you practice.

  • HARA :: Half-Assed Risk Assessment — When you are not provided any semblance of potential impact data and a woefully incomplete list of assets, but are still expected to return a valid risk rating.
  • CRA :: Cardassian Risk Assessment — When you are provided the resultant risk rating prior to beginning your risk assessment. (It’s a Star Trek reference for those with actual lives)

    We’re going to do x anyway because we don’t believe it’s a high risk, but go ahead and do your assessment since the Policy mandates that you do one.

  • IRA :: Immediate Risk Assessment — This one has been showcased well by our own Mr. DBIR himself on the SIRA podcasts. A risk assessment question by a senior executive who wants an answer *now* (dammit)! It is often phrased as “Which is more secure, x or y?” or “We need to do z. What’s the worst that can happen?“. You literally have no time to research and – if you don’t know the answer – then “Security” must not be very smart.
  • IRAVA :: In Reality, A Vulnerability Assessment — When you’re asked to determine risk when what they are *really* asking for what the vulnerabilities are in a particular system/app. Think Tenable/Qualys scan results vs FAIR or OCTAVE.
  • IOCAL :: I Only Care About Likelihood — This is when the requester is absolutely fixated on likelihood and believes wholeheartedly that a low likelihood immediately means low risk. Any answer you give is also followed up with “have we ever had anything like x happen in the past?” and/or “have our competitors been hit with y yet?
  • AD3RA :: Architecture Design Document Disguised As A Risk Assessment — When you are given all (and decent) inputs necessary to complete a pretty comprehensive risk assessment but are then asked to include a full architecture design document on how to mitigate them all. The sad truth is, the project team couldn’t get the enterprise architects (EA) to the table for the first project commit stage, but since you know enough about the technologies in play to fix the major problems, why not just make you do the EA dept’s job while you are just wasting time cranking out the mandatory risk assessment.
  • WDRA :: Wikipedia Deflected Risk Assessment — When you perform a risk assessment, but a manager or senior manager finds data on Wikipedia that they use to negate your findings. (Since – as we all know – Wikipedia is the sum of all correct human knowledge).

If you are also coerced into performing an insane risk assessment that doesn’t fit these models, feel free to share them in the comments.