Mathematics, Sports

Contrarian Positions in Horse Racing

Currently reading: Exotic Betting [1].

I find in life there are a lot of contrarian positions you can take in which you would be surprised how many times you are correct. It would be mundane as all hell for things to go the way you planned... sprinkle in some volatility for a good time :).

I've been particularly interested in horse racing as of recent. WARNING: Gambling is a losing deal in the long run, but the idea of contrarian (exotic) positions is to catch that rare (and more common than not) spurt of insane upside, resulting in an illustrious sense of accomplishment, or.. just another day at the track.

The house always takes its portion (~15%) during every race. The longer you bet over many races, the more likely you are to lose money. This is rule number one of gambling: the house always wins in the long run. No one can escape the law of large numbers. No one. That's why it's a law.

Keep this pool chart as we progress through some examples:

Exactas / Trifecta / Superfecta Tips & Strategies

  1. NEVER BOX YOUR BETS / NEVER USE ALL. There is no point making these exotic bets unless you have an opinion. Otherwise, you are diluting the pool of bets (and your win bets) trying to get lucky. We are trying to beat the pool payouts, remember?
  2. If you're lost on any bets, trifecta is a terrible idea. Trifectas are all about eliminating horses from contention.
  3. Betting a favorite in any of these exotics, severely depresses the payoffs in that single race, since that's where the pool's money is.
  4. Exactas to increase win odds without increasing risk. Put your hero (4-1) first, and run the favorite and 2 long shots that you like in second. This avoids the win pool of the favorite, multiplying your odds. Let's avoid following the crowd.
  5. Exactas to bet contrarian against the 1-1 favorite. Run a variety of exactas (different weights based on odds) with your hero and 2 long shots that you like. When the favorite misses the board, there is a phenomenon where the exact pays more generously than expected.
  6. Exacta (Contrarian) Situation: Skeptical of favorites but too confused to construct an aggressive play. Key 2 wing-and-a-prayer longshots (2nd to worst odds and 5th to worst) with 4 or 5 others on the field, leaving the favorites out all together.
  7. Trifecta small boxes: Usually players will play trifecta if they like 3 horses. It's far more likely for 2 to run their usual race and for the third to drop out. To accommodate this contrarian position, require 2 of your horses to hit the board and be loose on the third. Bet 1-2-3, 1-2-4, 1-2-5, and 1-2-6 boxes.
  8. Trifecta small part-wheels: Focus on 1 horse to place and then wheel the third slot. 1/3,5,7/3,4,5,6,7 and 3,5,7/1/3,4,5,6,7. We sacrifice the third place and gain additional horses.
  9. Trifecta aggressive punches: Do these every now and then to win big and when you're confident. $1 box 1-2-3, $1 box 1-3-4, $3 part-wheel 1/3/2,4 and $3 part-wheel 1/2,4/3.
  10. Superfecta: Key one to win and then bet a trifecta underneath.
  11. Superfecta variation: Key 2 with 4. 1,2/1,2/3,4,5,6/3,4,5,6 - 24 combinations. 1,2/3,4,5,6/1,2/3,4,5,6 and 1,2/3,4,5,6/3,4,5,6/1,2 for 72 total combinations.

Lastly before you make your exotic bets, make sure to bet superfectas in $0.10 amounts and trifectas / exactas in $1 amounts. This is due to another house, the IRS.

IRS rules require that winnings at odds of 300-1 or higher be reported to the government, if they exceed $600 and that the payoffs are subject to withholding if they total $5000 or more. [1]

Don't worry though, you can always repeat the bet. Think of 2 $333 winning tickets and ducking the $600 tax ;).

Best of luck contrarians.

Standard
Programming

How to Stop a Brute Force xmlrpc.php Attack on Bitnami WordPress

WordPress Inspiration (oxymoron).

I was trying to access my site the other day and noticed it took fucking forever for anything to load. I thought something was broken: server out of memory from a recurring CRON job, or maybe I had royally fucked over my WordPress ecosystem by accident. Who knows? It's WordPress after all...

Are you experiencing any of these symptoms? Then read on...

  • Perpetually waiting for a response from while your browser displays a white page?
  • When your website does manage to load, clicking any links could make the entire application stop responding..
  • Seeing an abnormally high AWS charge for a small instance? Blame Amazon for expensive cloud computing first...

Being the curious programmer here, I tried to look for the issue. PRO TIP: Always look at your Apache or NGINX logs. My god. Fuck this guy. Spamming my site with pointless brute-force password attempts on a file called xmlrpc.php. Eventually, you'll never succeed because the password is a million fucking digits long. Realistically, however, I'll probably be so pissed off at the AWS charge, that I would cancel the EC2 instance before giving into my blog's new commander.

Check out some of these logs from streaming the Apache logs:

$ tail -1000f /opt/bitnami/apache2/logs/access_log

185.188.204.7 - - [21/Nov/2017:08:07:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:18 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:17 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:20 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:18 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:21 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:19 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:20 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370
185.188.204.7 - - [21/Nov/2017:08:07:22 +0000] "POST /xmlrpc.php HTTP/1.0" 200 370

Great, my server is being spammed by a Russian bot every few milliseconds. WordPress, why the hell are these requests succeeding from an external source? At least this explains why my site has been unresponsive - someone else is using its resources.

Let's block his ass. The best way to do this is on the intermediary Apache server. We're going to write an Apache policy to prevent access to the xmlrpc.php file.

One thing to note before we continue here is that Bitnami automatically disables .htaccess files by default for performance reasons. So to write any Apache configurations at all, we'll have to edit the customized .conf file under:

$ vi /opt/bitnami/apps/wordpress/conf/htaccess.conf

// Now add these lines at the end of the file, please learn VIM to complete the edit

<FilesMatch "xmlrpc.php">
  Order Deny,Allow
  Deny from all
  Allow from 192.0.64.0/18
  Satisfy All
  ErrorDocument 403 http://127.0.0.1/
</FilesMatch>

Once we have edited the htaccess.conf file, we are going to restart the Apache server for the changes to take place:

$ sudo /opt/bitnami/ctlscript.sh restart apache

We can verify this works by trying to access the file via GET or POST on the file, http://dasun.us/xmlrpc.php, it should redirect. The policy above effectively redirects all external users to their localhost, while allowing traffic internally from WordPress. This allows certain plugins, such as JetPack, to correctly function. Let's look at the access logs now:

185.188.204.7 - - [21/Nov/2017:08:41:24 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:24 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:25 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:29 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:31 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:31 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201
185.188.204.7 - - [21/Nov/2017:08:41:31 +0000] "POST /xmlrpc.php HTTP/1.0" 302 201

Ahhh success, and a breath of go annoy someone else now. The 302 is a redirection status which means they are now trying to access their own localhost rather than wasting resources on your WordPress website. Cheers, hope this helps!

Standard
Design

UI Design Fundamentals

I'm going to start doing a new thing where I start using my blog as a note taking resource from all of the books I read! Currently, I'm reading The Design of Everyday Things - Don Norman. I highly recommend this book for anyone looking for a scientific and psychological approach to design. Creativity is important, but there are definitely fundamental steps to help improve your designs.

Let's start with the Fundamental Principles of Interaction. This is for all of the user interfaces people out there :).

  1. Affordances - All of the possible interactions between the people and the environment. Some affordances are perceiveable, others are not. Affordances are relationships between properties of an object and the capabilities of the actor. For example, glass affords transparency - this is a relationship between the glass and the actor's sight. When affordances aren't perceivable, they will need some...
  2. Signifiers - Signals things. Lol, but seriously, signifiers indicate what actions are possible and how they should be done. Signifiers are more important than affordances for they communicate how to use the design. Suppose our glass example were a transparent glass door, we will need to know which way the door rotates right? Push/Pull signs, curved handle bars for a pull, and a large depressable exit door button are some ways to signify how an actor might use this door.
  3. Mapping - The relationship between the elements of two sets of things. In our door example, suppose we had a smart door which could be controlled from a mobile application. Mapping is an important concept in the design and layout of this mobile application's controls and display. We must establish a mapping of the phone display to UI elements which indicate whether to open or close the door. These mappings must be both logical and visible. Once we establish a mapping and press the buttons, we will need...
  4. Feedback - A communication of the results of an action. Feedback must be immediate and informative, any delays will cause reason for concern. In our internet of things smart door example, most feedback from the mobile application will be a touchable opacity to indicate the button was pressed. In addition, the door would have to move right? Feedback from a mobile application to a physical device is awesome and brings us into the Internet of Things (Tesla makes amazing cars and batteries with this capability).
  5. Conceptual Models - An explanation, usually highly simplified of how something works. Think of icons and folders as conceptual models. Would a normal user be able to understand the tree directory structure of the file system?? Hell fucking no. Give them something way easier to digest.

I hope you enjoyed this post! Keep track of all of these basic interactions when starting any of your designs and applications, they are fundamental human understanding. It is my dream to work on some cooler graphical design projects (AR/VR, Unreal Engine, Visualizers) in the future, so stay tuned Internet. (Note: That all projects started by me are never finished by me either hahaha)

Standard
Design, Programming

Montserrat Font and Legacy Support

See the ongoing GitHub discussion.

Without going into too much detail, Google updated the Montserrat font and its weights remotely, affecting millions of designs across the world wide web which integrate with Google fonts. This affected me personally, as I use Montserrat for my blog titles.

I absolutely despise API's which introduce breaking changes. All of these breaking changes destroy any legacy applications which are using the API's. Google in particular has a penchant for deprecating, breaking, or removing their API's: remember when the internet of shit's favorite Samsung smart fridge couldn't connect to its dumb calendar? Lol. This time, millions of websites across the web were forcing shitty text overflows down everyone's throats.. Who wants that???

I'm not sure who's in charge of these decisions, but developers - the best rule of thumb to go by is once an API is deployed to production, everything in that API spec cannot change. LEAVE IT BE! The end consumer is always expecting things to abide by the status quo. The majority of users will not update their application, and they will immediately complain about anything that doesn't work at a prolific scale.

It's an awful user experience. All designers and programmers should consider these legacy customers and find creative solutions to scale and expand their API's rather than forcing major upgrades.

Before I sign off here, I'd like to talk about one of my nightmares. I can hear it now...

what about Internet Explorer??

If you don't want to deal with an awful browser or device (Windows phone I'm looking at you), do not build applications for these devices in the first place. Once you decide to start supporting anything at all, you will have to support it for all its technological life.

Standard