Originally posted to Twitter[1] after seeing @ghuntley's post - below is a method of building a database of SVB account holders using a cleverly crafted Google query:
(121140399 OR 121145145 OR SVBKUS6S) AND 33**** filetype:xls | pdf | doc | txt -site:svb.com
The query[2] pulls back documents containing an SVB routing or swift number + SVB account number.
The name of the business tied to the SVB account number is usually within 100 characters of the account number and typically labeled "beneficiary" or "for credit of" (or some close variation on those themes).
In edge cases where a company name is not found near the account number, the account holder is often the source/author of the document[3].
Google only returns 1000 results for any given query - so retrieving the entire results set would require narrowing each query's scope and then iterating through the targets at a finer granularity.
For example, the current query looks for account numbers matching 33****. Replacing that with 33*NN**, where NN is 01-99 would let you iterate through ranges of account numbers (33*01**, 33*02**, and so on...).
Other approaches include geographically scoping the queries by adding "AND NJ" to queries (and iterating through each two-byte state code) or tacking on partial zip codes, etc...
It takes tweaking - but the goal is to build a query with elements that you can loop over to get your results into buckets of < 1000. Another option would be to use the
Bing Web Search API and paging through the json response.
These methods might complement the work you've already done on affectedbysvbornot.com - and help provide a more exhaustive list of companies impacted by the SVB collapse.
In the last 100 days, the MD Department of Information Technology (DoIT) has submitted $3,000,000 of ____emergency____ procurement requests for network monitoring, intrusion detection, and firewall assistance.
So...what do you think is going on at Maryland's Department of IT?
____TRULY SHAMEFUL INCIDENT COMMUNICATIONS____
Bad things happen in IT departments every day. Some can be anticipated, some even possibly prevented - but there will always exist the risk of data breach/attack.
“Public officials have no higher responsibility than keeping the American people safe, and there is no greater threat to their safety than the cyber vulnerabilities of the systems that support our daily lives,” said Governor Hogan in November 2021.
Secretary Leahy's commitment to the Governor and the people of Maryland is to lead the state's IT resources in taking all reasonable measures to protect against such risks.
I do not yet know if this situation could have been reasonably prevented or if it is due to MD DoIT negligence/oversight. The flurry of emergency procurement requests suggests awareness and good intentions. And yet - here we are...
What is clear to me, however, is that Secretary Leahy and his directs have ___failed to effectively manage communications___ throughout the response and remediation effort.
Most damning, in my opinion, is the use of the incident report as a venue for high-fiving and taking victory laps:
> Because of the state’s aggressive cybersecurity strategy, and the use of MD THINK and other cloud-based services, many of the department’s core functions were not affected.
Are you serious? It's been over two weeks. And it's clear from your report that you're nowhere close to understanding what happened, let alone fixing it.
____FUNDAMENTAL MISUNDERSTANDING OF INCIDENT IMPACT____
Whoever approved this for publication is oblivious to the downstream, rippling effects this incident continues to have:
- At the time of writing, MD's local public health departments have been ___fighting a war blindfolded___ for 16 days.
- The impact has rippled ___beyond MD's state borders___, impacting CDC data feeds as well. Hospitalizations (which are reported by each hospital network directly to the CDC) are trending upward while new cases (reported by each state's IIS to the CDC) have flatlined: https://imgur.com/gallery/k2gG5GS.
____AND WHAT THE HECK IS MD THINK?____
MD Think is Maryland's cloud application platform. The state, along with Deloitte and an army of subcontractors, has been working on migrating legacy applications to this new infrastructure since 2017.
The report points to the success of MD THINK in isolating the impact away from core MD Health Department services.
Is MD Think really a success? Is this a case of what happens when legacy applications are left outside to rot in the sun?
No.
It turns out that MD Think has been a nightmare since it's inception. A series of program failures that jeopardized open enrollment for medicaid recipients led to a full audit of the MD DoIT in 2020.
Here is what they had to say about MD THINK:
> "...for one project (MD THINK), the estimated $314.1 million cost of completion had increased by $141.1 million (81.5 percent)...an explanation was not provided for the increase..."
And on the topic of security:
> "We identified 55 firewall rules that allowed traffic from any source to 71 unique network destinations as well as a small network segment within DoIT’s internal network without IDPS coverage..."
> "...access to personally identifiable information (PII) for State vendors stored in the State’s Financial Management Information System (FMIS) was not adequately restricted, and the PII was accessible to thousands of State employees."
A question that begs an answer is why ImmuNet, the state's immunization registry, is not included under this "titanium umbrella of protection?"
And while there is a ton of publicly available paperwork about the scope of MD THINK, including the RFP, Deloitte's response, and transcripts of hearings to explore the audit report's findings, ImmuNet is not mentioned. Not once.
Please keep in mind - ImmuNet is not some podunk, state government hobby project. It is __law__ that Maryland retain vaccination records for its residents. School systems, employers, health providers, and the CDC all rely on Immunization Information Systems (IIS) for ground truth vaccination records. It is the public health equivalent of DMV.
____PASSION DISCLAIMER____
The lion's share of my time this year has been spent working with state and local COVID vaccination programs within upstate New York. I have seen firsthand how important accurate, timely test and vaccination data is to how local public health departments coordinate response.
It was infuriating to see the MD DoIT downplay disruptions to COVID related data feeds. We are going into year three of a war that demands accurate, timely data to inform decision making. What the hell have you guys been doing for two weeks?!
The country's public health departments are filled with the true unsung heroes of the pandemic. They're underpaid, exhausted, afraid, and constantly under attack - yet they're our last (and in many ways, only) line of defense.
SO...
To the three people that made it all the way to the end of this post - I ask just one thing:
IF YOU EVER FIND YOURSELF INVOLVED IN A FUCKUP THAT IMPACTS THE DEPARTMENT OF PUBLIC HEALTH:
- RULE 1: Apologize and fix it. Now. With the kindness, urgency, and empathy a mission controller would show a stranded astronaut--Proceed to RULE 6.
- RULE 2: If the problem is not your fault--return to RULE 1.
- RULE 3: If the problem isn't even real--return to RULE 1.
- RULE 4: If they are blaming you for a problem they created on their own--return to RULE 1.
- RULE 5: If the problem is related to Microsoft Access, FoxPro, or any other technology you swore an oath to avoid--return to RULE 1.
- RULE 6: The final rule. Do not downplay the importance of data and tools public health resources rely upon. And NEVER, EVER respond to the problem by boasting about all the great technical achievements made everywhere BUT the underfunded, under-appreciated public health department.
Thank you for posting this. As a Maryland resident I found this really enlightening. I wasn't aware of this and I'm pretty curious now what's going on. It makes me wonder how or if I can help, as an ordinary citizen.
I read through those procurement requests. The reasons they cite in the remarks are interesting.
Sept 2021, Splunk:
> The staff providing the Splunk support services resigned as of March 31, 2021, and the contractor has been unable to replace them. The Department requested these support services through another contract vehicle, but that contractor was unable to source qualified and competent candidates in the appropriate labor categories and with the rates provided in the contract.
Dec 2021, Palo Alto Firewalls:
> Although the Department has two contract vehicles available to staff this need, neither contractor has been successful in staffing the role. One contractor who once provided the services lost three of their four resources in the past 12 months. The other contractor has been unable to source a candidate with the requisite skills and experience in the appropriate labor categories and rates provided in the contract.
So people are quitting, and they can't find replacements. Wow, that makes me think we're seeing effects from the "Great Resignation". I wonder what the "rates provided in the contract" are.
tl;dr: The recommendation is likely driven from you and the provider adding each other to a contacts app LinkedIn has been authorized to source connection data from.
The "People You May Know" feature on LinkedIn is powered by a combination of:
- network analysis (you know A, B, and C. they all know D. you may know D.)
- mining data from your mobile address book (you have A in your contacts, A has you in their contacts, you may know A.)
The recommendation likely occurred as a result of you and the provider adding each other as a contact in a contacts app each of you have authorized LinkedIn to access.
This is exactly it. LinkedIn harasses you to turn this on every time you launch the app on your mobile. If you have their number in your contact list and you enabled this setting.
I don’t know about Android, but in iOS you can see if you have enabled access to contacts. It’s also totally feasible your contact info is in their phone and they enabled it (email address).
SEEKING FREELANCER | Greater NY Area | Remote | Volunteer Stipend | Covid-19 Vaccine Related
Join a group of MDs, data junkies, and political gurus working on data-driven methods for managing equitable distribution of covid vaccine into some of the most vulnerable communities in the country.
YOU = AN ETL GOD :)
Looking specifically for journeyman-level expertise in building simple yet powerful DQ and ingestion pipelines. Data is a grab bag from sources like cdc, census, state immunization registries, community vulnerability indices, etc...
Approach we have in mind is heavily inspired by this:
We are also considering the possibility of making it a bit more easy to manage by using Airflow to keep track of the ongoing DAGs.
AND IF ETL ISN'T YOUR THING...
All of that said, if you're interested in working in data analysis tied to the distribution and management of vaccination opportunities but have different skill sets, I would love to hear from you.
Our work in this area continues to get visibility from leaders in the field and we have several publication-ready findings they could be directly applicable to any future mass vaccination challenges the world faces.
Help our small development team expand our use of Gitlab!
A few things about our work:
* Heavy user of AWS platform services (like RDS, Elasticsearch Service, S3, Cognito, API Gateway, Lambda etc...)
* Backend components are almost exclusively built in Python. Exceptions to this would be cases where we are relying on non-Python based platforms, such as Elasticsearch.
* Frontend components are almost exclusively built as React webapps.
Before shifting work to Gitlab, we experimented with using AWS Codestar (which has fully managed build service, automated continuous delivery and deployments, etc...). It was extremely useful to be able to commit code and have that automatically kickoff a deployment so we could examine the changes from within the context of the application.
For the scope of this project, I would like your help with the following:
- Installation and configuration of Gitlab Enterprise on AWS, Including any integration required to enable automated deployments. This would include configuration of the AWS kubernetes service, etc...
- Guidance on how to best handle projects with heavy AWS dependencies - for example, would deploying a review app standup an entirely separate environment via CloudFormation? Or would we have dev/test/prod AWS assets setup ahead of time that the review apps would depend on (for example, if we were building an app atop the AWS Elasticsearch service).
- Guidance on how we can build application templates that may facilitate the process of beginning work on a new project. For example, CodeStar had several project templates to choose from (https://docs.aws.amazon.com/codestar/latest/userguide/templa...).
- Any other expertise you can provide to help our team move through projects in a more efficient manner (across project management, development, testing, deployment, etc...).
This is a useful post. I'm also currently looking for a computer vision resource to provide expertise in a project centered on visually identifying anomalies in video of industrial machines. In other words, watching a robot and firing an alert when he misbehaves or breaks down :-)
Similar to what I believe your approach is, I'm looking for someone comfortable working in iterations. So much of this type of work is experimentation and trial and error.
A ton of people recommended Scrapy - and I am always looking for senior Scrapy resources that have experience scraping at scale. Please feel free to reach out - contact info is in my profile.
Technologies: Focuses on leveraging emerging technologies and how they can enable new, profound enhancements to user experiences as well as improvements to technical operations. This includes computer vision, machine learning, cloud computing (in terms of operating at a scale that otherwise would have been impossible), location-aware technology, graph databases like neo4j and titan, and large-scale information retrieval.
I am looking for opportunities that leverage my passion for building great products and services, value a hands-on approach to design and use of emerging technology, and build upon my success in helping teams embrace and foster innovation and creativity.
I have over fifteen years of hands-on experience in driving design-driven innovation, delivery of large-scale technology initiatives, and identification of new opportunities for growth and sustainable value. I have been regarded as a thought leader in enterprise technology, product innovation, problem solving, and design thinking.
I think search is much harder than browsing. I think what you're seeing on Amazon (and other sites) is that both search and browse is driven off the same set of data. In other words, navigation is created on the fly based on the products within each section. It doesn't matter whether you start by browsing and then search or vice versa - you'll get the same navigational experience.
BestBuy does a bit better job with this - but they too are employing the same strategy - they just don't expose the facets until you're two levels down in the taxonomy. Which makes sense - because usually facets are going to be too much if the user is too high in the taxonomy or brings back too diverse of a results set.
For each department, they have a nice landing page to facilitate discovery of their most popular sub-departments as well as a page that lists all the sub-departments:
(as a note, I would wager that sitemap/appliances.html is purely an SEO tactic)
Not integrated with the navigation is also the search results page for the same data that drives all of the navigation throughout the appliances department:
Home Depot has followed the same design approach - showing a level of detail in the facets that tries to match whether the user is in discovery mode or has the intent to purchase something specific.
As you can tell, I have spent way too much time thinking about and building search results pages. Feel free to reach out to me - I'm @thegrif on Twitter or linkedin.com/in/tomgriffin on LinkedIn.
Background: Most recently held the position of Director of Innovation for IEEE (Institute of Electrical and Electronics Engineers). Ran the company's skunkworks program. Career progression is a blend of business analysis, enterprise architecture, user experience design, and innovation/r&d management. Often cast as a utility player.
Looking For: Full-time and freelance assignments focused on product design, prototype development, UX, and experimentation with emerging tech.
(121140399 OR 121145145 OR SVBKUS6S) AND 33**** filetype:xls | pdf | doc | txt -site:svb.com
The query[2] pulls back documents containing an SVB routing or swift number + SVB account number.
The name of the business tied to the SVB account number is usually within 100 characters of the account number and typically labeled "beneficiary" or "for credit of" (or some close variation on those themes).
In edge cases where a company name is not found near the account number, the account holder is often the source/author of the document[3].
Google only returns 1000 results for any given query - so retrieving the entire results set would require narrowing each query's scope and then iterating through the targets at a finer granularity.
For example, the current query looks for account numbers matching 33****. Replacing that with 33*NN**, where NN is 01-99 would let you iterate through ranges of account numbers (33*01**, 33*02**, and so on...).
Other approaches include geographically scoping the queries by adding "AND NJ" to queries (and iterating through each two-byte state code) or tacking on partial zip codes, etc...
It takes tweaking - but the goal is to build a query with elements that you can loop over to get your results into buckets of < 1000. Another option would be to use the Bing Web Search API and paging through the json response.
These methods might complement the work you've already done on affectedbysvbornot.com - and help provide a more exhaustive list of companies impacted by the SVB collapse.
1: https://twitter.com/thegrif/status/1634841498876272641
2: https://bit.ly/svb-account-holders
3: http://bit.ly/svb-invoice-example