Menshn stats and where they came from.

You may have noticed, if you have been following my twitter feed, that I have been posting some Menshn statistics recently. You may also be wondering how I came by these numbers.

 

  Someone sent me a message on twitter pointing me to the URL: menshn.com/data/chat.php (which shall remain unclickable for reasons that will become apparent).  This web page basically dumps the last 20-30k “menshns” out in a semi-structured html data format.  In total (at time of writing) it dumps 31MB of data. So you can see why I’m not making it a link. I’ve no desire to overload their systems.

Upon looking at the “View source” on the menshn.com homepage, it seems that they use this to back end the automatically updating feed on their homepage.  

If you watch the traffic generated by your browser – you can see it making a request every 4 seconds for https://menshn.com/data/chat.php?roomid=*&lastid=73405

So, now we know where my source got the link from – seems if you don’t supply any arguments, it just dumps everything it has. And so, with such a dataset we are able to do some metrics.

First up, I parsed all the data out to produce a simple ID,Room,Name,Message text file – just to prove to myself that I had understood the data set and was parsing it correctly.

Next, I built into the parser, metric building. Count the unique users, count number of posts/menshns, count number of rooms/topics, etc.

From this I have the top line information: 

Number of active users: 218
Number of active rooms: 224

Breaking this down further to “Top 20” lists, I get:

20 Most prolific users:
 5752 janemcqueen
 3240 CosensV
 2019 Chriss
 2011 BlackAdder
 1569 PoliticsBlogorguk
 1520 Xlibris
 1106 DavidX
 783 JOSHBHJ
 782 Louise
 717 EdenFisher
 704 JayMcNeil
 666 Grist
 588 TinderWall
 401 RV
 384 Bozier
 373 jeanprytyskacz
 348 MikeARPowell
 285 Silaz
 251 Rabbs
 239 Europe

And

20 Busiest rooms:
 6361 //ukpolitics
 3216 //gaymarriage
 1252 //religion
 1014 //assangecase
 877 //olympics2012
 717 //judaism
 673 //uselection
 663 //atheism
 642 //mormonism
 585 //davidcameron
 527 //civilliberty
 479 //reshuffle
 474 //mittromney
 415 //corbyelectio
 394 //capitalism
 315 //twitter
 295 //falklands
 224 //louisemensch
 208 //philosophy
 204 //catholicism

Growth metrics are easily obtained by performing the same test at different times. In my case, they were 3.5 days apart. Leading to the conclusion posted on twitter:  

 

If you really want to see all the menshns, rather than overload the menshn server – you can obtain my parsed analysis of the dump at http://pgregg.com/test/menshn/menshnchat.txt

I’d welcome comments on this. For the record – none of this information was obtained via a “hack” and no illegal acts were committed in the gathering of this information.

 

 

Menshn DNS is a (technical thingy).

So Menshn changed their DNS and stopped their site working for a number of users.

Users pointed it out and Menshn did what Menshn does and blamed everyone else but themselves. I call it the Apple Defence. Or #You’reHoldingItWrong.

What Louise probably doesn’t know is that whoever is advising her*, plainly doesn’t know the first, or last, thing about DNS.

*assuming she has an advisor, perhaps Bozier, as no geek worth his (or her) salt will ever say “technical thingy”.

No Louise, DNS migration does not take 24 hours. It is not the fault of the other ISPs. It is your own fault.

Now Louise and Bozier have both blocked me on twitter, but I’m a magnanimous chap – in the words of Sid [Ice Age] “I’m too lazy to hold a grudge” – so I’ll tell them how to fix it next time.

DNS records have this little number attached to them called a TTL – or Time To Live. Normally the domain TTL is 86400 seconds, or, as you’ve found, 24 hours. This number is entirely within your control. It is the number *you* give to other ISPs when they ask for your zone information. So when their systems receive that data, they can, rightly, assume that the data is good for the next 24 hours.

Thus, when you are planning a domain/DNS change – what do you do? You lower the number to an acceptable outage window, e.g. 60 seconds on your original DNS zone(s) servers. Further, you need to do this at least 24 hours in advance of the change to allow the existing longer TTL records out there to expire.

Thus when you switch DNS servers, or server IPs, your maximum outage window is the new lower TTL.

Welcome to the Internet. It’s a technical thingy.

Louise Mensch, MP, brands me a spammer.

So after my latest round of tweets with Corby MP Louise Mensch nee. Bagshawe, she has effectively called me a spammer and forbade me from tweeting her any longer (or I’ll be blocked). So be it. I won’t tweet her any more.

She has invited me to email her – but why would I do that? That just makes everything private – and I can be more easily ignored in private.   I did highlight the latest copyright infringements on Menshn to her, however that has yet to be rectified on the site.

So, since I’m now apparently a spammer it is time to question Ms. Mensch’s understanding of a few words.

1. Democracy. You would think a Member of Parliament would get this one right. Apparently not.

We’ll take Wikipedia’s opening paragraph:

Democracy is an egalitarian form of government in which all the citizens of a nation together determine public policy, the laws and the actions of their state, requiring that all citizens (meeting certain qualifications) have an equal opportunity to express their opinion.

 

2. Censorship.

Again, lets take Wikipedia’s opening paragraph:

Censorship is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, or inconvenient as determined by a government, media outlet, or other controlling body.

3. spam. (using lowercase because Hormel trademark requests the capitalised version remain for the lunch meat product).

Again with Wikipedia:

Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media…

So, I’m not quite sure what the metaJesus thing is all about – but basically I’m a spammer.

All my messages (see previous blog posts), including *everything* on Menshn and tweets has been critical comment. Pointing our flaws in their web site, security, and actual Copyright Infringement. Not complaints; and most certainly not spam by any definition.

Is there a lesson here? Yes. If you talk about something that Mensch doesn’t want to talk about or hear, Louise will define your message as “spam”, delete, block or otherwise censor you. Thereby enabling Menshn to claim they do not censor (except when they want to).

Ironic however, that Louise doesn’t want me to tweet her, yet does invite me to comment via email – which is closer to the definition of spam!

Perhaps one of her Corby constituents will pass her a dictionary. It appears she may have use of one.

I will not be tweeting this message to Louise or I’ll be blocked from her twitter feed also, but please feel free to let her know yourself.

I’m also done with Menshn. I am obviously not welcome as my preferred topics of conversation are not catered for.

Menshn does not censor, Allegedly.

Officially:

40-menshn-loiuse-nocensorship.jpg
However, my messages on menshn.com do not appear to be visible to others. Compare this screenshot of the same “menshnabout” topic/room.
On the left is Firefox – not logged in. On the right is Chrome – my account logged in.
42-menshn-hidden-messages-thumb-500x230-41.jpg
My message is only visible to me when logged in.
And, I checked…. Private Mode is Off.
Am I being singled out or is there a more widespread censoring going on?

Menshn and another security issue

On June 19, menshn.com launched giving me a couple of days to have a look around, but not enough time to write up any serious thoughts before going on vacation.  The site launched only in the US and visitors from the UK and elsewhere were greeted with a holding page. However, like many technically aware individuals, geographic barriers are no match to those with VPNs, VPSes or just a simple web proxy.

Initially, only three “topics” were available, a (US) Election2012 topic and one each for Obama and Romney.

Menshn has taken a bit of a battering on Twitter over, I guess, pretty much every aspect of the site imaginable.

Some don’t like the owners, one UK Conservative Member of Parliament, Louise Mensch, and a former Labour advisor Luke Bozier. However, the primary focus of much of the complaints are the web site’s numerous and shocking security flaws.

I believe I was one of the first (if not the first) to highlight the Cross Site Scripting Security flaws. Though I did not actively demonstrate (exploit) it having previously burned in this area, others such as James Coglan have demonstrated the complete lack of data validation that abounds on Menshn.

The site launched without using a SSL Certificate allowing passwords to pass in plain text – a flaw I missed – but ably spotted by Suggy and Andrew White.

Also prior to going on vacation I highlighted two examples of Copyright Infringement to both Louise and Luke. The first was the alleged unauthorised use of the Obama HOPE poster which I screen captured here:

I was completely ignored.


Then Menshn created a new topic “Women” for which they used another image of a “thoughtful woman”:

Note – screen cap of Menshn is on left; the same image I found on Elite Dating Agency site (using Google image search, honest!).  I tweeted to Luke, who responded that the image was Creative Commons. However, this I doubted as I can generally spot a professional image and eventually found the real source as a Premium Stock Image that they could have paid just $9.99 to use. The image soon disappeared from Menshn without further comment from Menshn.

Edit: Just found another image on Menshn – the image for the UKPolitics topic – that does not adhere to the Copyright owner’s license:

The original image is owned by Kevin Shakespeare with the license of “Attribution, Non-Commercial, and No Derivative Works”. Another Menshn fail.

I like to think I’ve educated them a little on Copyright law.

And finally, the straw that breaks the camels back.

Back from vacation, try to login, but of course I forgot the password and so used the “forgot my password”.  Now all normal security conscious web sites will create an encrypted, time limited, one-time use token or URL that you can use to reset your password and email that to you.

No, not Menshn. Menshn will email your actual password in plain text.

The horror. Not only does this mean your password flying through the world’s email servers (making it available to all sorts of Government interception) it also means that Menshn is storing your password inside its database using at best a two-way reversible encryption, or at worst in plain text.

Either way – it is a security disaster,  A breach of the web site means all users and all passwords are exposed in plain text (with the reversal key available from the forgot password code). Luke should read http://www.phptherightway.com/#password_hashing_with_bcrypt .

An awesome coder he is not.

Post publication edit: This article has been mentioned in Business Insider –

We Speak To The British Politician Behind The Controversial 180-Character ‘Twitter-Killer’ Menshn

 

All content © Paul Gregg, 1994 - 2024
This site http://pgregg.com has been online since 5th October 2000
Previous websites live at various URLs since 1994