Monday, February 24, 2014

Stacked Histograms in gnuplot

I like to graph things out a lot. In some cases the actual values of the graph don't matter for the most part. I just need a quick view of a system that has been graphed to see if it's normal or not. Specifically in this case, I was looking for an evenly distributed load on some servers.

I chose a stacked histogram because it was easier to see distribution compared to something like a line chart. Likewise it needed to be stacked due to such a large set of data per polling interval. It took a bit of playing around but I finally got it to work how I wanted.

set term png
set output '/var/www/Graph.png'
set terminal png size 1500,400
set boxwidth 0.75 absolute
set style fill solid 1.00 border lt -1
set key outside # < I ended up doing an unset key later due to the size
set style histogram rowstacked
set style data histograms
set xtics norangelimit font ",8"
set xtics rotate by 270
set xlabel "  "
set autoscale
set grid
# The source file has many sections of data for other charts. This histogram was for 32-83 (1 was the time %H:%M). Server names removed.
plot 'gnuplotdata.dat' using 32:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 33:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 34:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 35:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 36:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 37:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 38:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 39:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 40:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 41:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 42:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 43:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 44:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 45:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 46:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 47:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 48:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 49:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 50:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 51:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 52:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 53:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 54:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 55:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 56:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 57:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 58:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 59:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 60:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 61:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 62:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 63:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 64:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 65:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 66:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 67:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 68:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 69:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 70:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 71:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 72:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 73:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 74:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 75:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 76:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 77:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 78:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 79:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 80:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 81:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 82:xtic(1) title 'serverX', \
'gnuplotdata.dat' using 83:xtic(1) title 'serverX'

You can't really use a key with this due to the large data set making many of the colors too similar. I decided to 'unset key' after the key was taking up half the image. Again, this wasn't for an exact reference. This was so I could glance and see something was wrong and then go to my not so friendly data file and see what server had what issue. So the below was the chart showing a pretty evenly distributed load. The 'load' itself constantly changes and there is no baseline or reference point due to the nature of the load. So the only reference they have is to each other. Yes there are simpler ways to determine if they are loaded nearly the same all around, but that's not as cool.

Monday, February 10, 2014

Asprox/Kuluoz modules crashing

I finally got a computer infected with Asprox/Kuluoz to monitor it. I had a lot of issues with it crashing. Well it's been running fine for a while but now a process called IenMeramkel Antibibus keeps crashing. In fact, when I checked it after letting it sit over the weekend I probably had about 20 different popups like that from various app names. I assume all of which are just Asprox/Kuluoz modules that may not be working their best on my computer. More annoyingly than all of those, explorer.exe keeps crashing every few seconds as well. Making exploring a pain.

Fortunately it seems like the core infection is still working since I still see it trying to send junk.However, this is not some quiet virus. This system is obviously infected. Constantly popping up with messages about things crashing, explorer.exe hasn't worked in days, and the thing runs like garbage. Subtlety seems like it would be important for most viruses so they can just go undetected. But any level of user would notice something is wrong at this point.

*Edit: A day later, the new process that's crashing is now  IonMeramkel Antibibus. I assume as variations come out, the name will continue to change.

*Edit2: How about I just make a list with some of the crashing programs I see. If for some reason you have stumbled across this page googling these, you very likely are infected with malware and should get that checked out. Some places online are mentioning zbot trojans. This may partially be the case, but the original infection was due to Asprox/Kuluoz . With Asprox/Kuluoz having it's modules, there's no telling what could have been installed later.
  • IenMeramkel Antibibus
  • IonMeramkel Antibibus
  • MapMark Microsoft
  • RobotView
  • JonMeramkul Antibibus
  • UpdateFlashPlayer_<alnum string>.exe
  • Apriori
  • JenMeramkel Antibibus
  • JenMeromkel Antibibus 
  • MyFtp 
Edit3: And I'm done. There's been nothing going on for a while so I have shut my infection down. I may start it back up again if I hear Kuluoz changes significantly again. There are already good writeups on the current one so I may bother with some actual effort if a new one releases. Stay safe.

Sunday, February 2, 2014

SuperBowl lightup beanie

I'm not a sports person and I didn't watch the superbowl. I did see something about some promotion Pepsi beanies that lite up to form a "display" at the half time show. This intrigued me. How do you get thousands of hat-lights synced? What sort of batteries does it have? How could they make so many disposable ones?

I had questions so of course I hopped on over to ebay to see if any were up yet (superbowl wasn't even done.). And yes of course there was one. I started pondering if it would be worth it since it might prove to be cool to hack in to something. After taking a closer look at the hats picture where you could see the LED's, I noticed one of the cutouts was not an LED. It was an IR receiver. Pretty much lost interest at that point since that explains it all. Everyone will be facing forward during the halftime show more than likely. So you get an IR blaster hitting them in the faces to get control. Batteries were probably some CR2032's or something. It only needed to last for the performance. I'm sure the designers tested everything to make sure it all came together. I was hoping for some RF or something. Oh well. Still kind of a cool idea.