All Things Techie With Huge, Unstructured, Intuitive Leaps

Ultra secure, Data Privacy and Secure Storage


This is a reprint from a White Paper about "My Privacy Tool".

Data privacy is a growing concern in this day and age. As the Internet evolved, it has become an incredibly important facet of our lives for communication, transacting business, socializing and entertainment.

Our electronic data and personal information is trapped every day in multiple locations through activities as signing up for a social network account, buying items online, or just surfing the web. We are tracked, recorded and analyzed continuously as we use the Internet.

Even more problematic in the privacy domain, is that various agencies, governments, businesses and media are quite interested in gaining access to our electronic data, documents and communications.

India and several countries in the Middle East have announced that they are banning Blackberry because their intelligence agencies cannot read the communications.

The United States, in its war on drugs and terrorism, has sweeping powers of electronic surveillance. The intelligence agencies currently archive every single email sent over the Internet, and automated software robots troll the emails for keywords.

In early September of 2010, the Obama administration announced that they were seeking to further the government’s ability to tap into communications, by having providers like Skype and Blackberry build a back door into their software so that the government could monitor communications.


The "My Privacy Tool" solution is a secure, encrypted paradigm that incorporates email, instant messaging, data storage in a document repository and hot back up for documents on a computer.

The way it works, is that the application creates an encrypted tunnel to a storage and server farm in a trusted offshore jurisdiction (You can have your own server hosted there, you can use it as a service and have it hosted on an application hosting service, or you can have the server on your own premises.)

The encryption in the "My Privacy Tool" system is twofold. The first level of encryption is the tunnel which uses SSH and SSL encryption. SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Secure Sockets Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. Then the documents are further encrypted by AES encryption. In cryptography, the Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government.

The company that provides the "My Privacy Tool" operating infrastructure has been providing gateway mail services over fifteen years to international clientele.

The secure tunnel over the internet is created when the user starts the application. The application cannot be started without a USB key, which contains the encryption tools necessary to connect and be validated. Each user is also provided with a panic password. If the user is forced to divulge his login credentials, he/she can provide a panic password that when used, insulate the data and the session is directed to an innocuous place with artificial data. Removing the USB key also causes the application to quit with no ill effects should the user require instant privacy.

Once the tunnel is set up, the user enters their password, and has access to secure communications and storage.

The email is not regular SMTP email, or email that is broadcast across the internet. When an email is sent from one person to another, it is merely put into an inbox behind the bastion server in the bunker that guards against intrusion.

Users wishing to check their email, must tunnel into the bunker and check their inbox. Nothing is ever broadcast over the internet like regular email.

The instant messaging (chat) works in the same manner as the email, in terms of security. Both users tunnel in, and if they are both connected, they can chat. Chats transcripts may be saved.

The communications (email & instant messaging) algorithm is based on the Swiss Trust paradigm that enables anonymous communication. Each user has three account numbers that he may give out to other "My Privacy Tool" users. These numbers all point back to the user. The other user then creates a contact nickname for this person using the given number. The nickname or alias can be nominal or random. Also, if the account number is disclosed by one party only, the person receiving the account number may communicate with that person without ever disclosing his/her identity. The system keeps track of the users while routing the messages.

The next piece of the solution is the secure document storage. It is a repository with the capability of created private and shared folders. Each user must be specifically assigned to a folder by an administrator before he or she has access to it.

There are various levels of access. The first is a data contributor. A person may create a document for the enterprise, and has the ability to upload it to a shared folder. But that person does not have the ability to download documents or delete documents.

The second level of trust is the data user, who has the ability to upload documents to shared folders, download them to edit them, and upload them again. This person has no delete privileges.

The next level of trust is the ordinary user who can create his/her own folders, and upload and download documents to them. They may also contribute or download documents to shared folders if they are authorized to do so by the administrator. They can delete documents as well.

The administrator is responsible for re-keying users that have lost their USB keys. He/she also locks out users who have been terminated by the organization, and keeps track of the organization through the contacts list.

The data storage area is a generous 100 GB per user. Not only is the tunnel encrypted, but the data is as well, as it is stored in a database. As a result, it is not readable to hackers, or to anyone else for that matter.

The last feature of the "My Privacy Tool" tool is the hot backup function. A user can list up to 50 documents, and the system automatically checks to see if they have been modified on the host computer. If so, they are automatically backed up without user intervention.

Benefit 1
"My Privacy Tool" is the most secure way to transfer a document electronically over the internet.

Benefit 2
"My Privacy Tool" is the most secure way to communicate electronically either with email or instant messaging.

Benefit 3
"My Privacy Tool" is a powerful enterprise tool, yet can be used by an individual as well, for privacy.

Benefit 4
"My Privacy Tool" permits travel with an empty laptop. When a document is required, it is downloaded from the Nassau bunker, edited, printed, and uploaded back to the server.

Benefit 5
Because there is no SMTP stack, multiple copies of emails or communications are not kept all over the system. There is no central place that keeps email and thus when an email is deleted, it is gone. An added feature is that "My Privacy Tool" is not susceptible to email and chat viruses, because it does not use the vulnerable Microsoft paradigm that viruses and Trojans exploit.

Benefit 6
"My Privacy Tool" can be used from anywhere in the world where there is an internet connection.

Benefit 7
"My Privacy Tool" can be used to deliver ultra-private monthly statements or other documents that require care, trust and privacy.

Benefit 8
"My Privacy Tool" can save hundreds of dollars in courier fees for the transmission of private documents.

Benefit 9
"My Privacy Tool" provides your clients with the knowledge that you are vigilant of their privacy needs, and have taken steps to insure their privacy.

Benefit 10
"My Privacy Tool" is a revenue center for your business. It can be marked up, or included with premium services which will generate an additional revenue stream.

Summary
"My Privacy Tool" is not meant to replace your regular document repository and communications systems. It is intended for private, sensitive documents. It enables travel with an empty laptop and protects against email & chat viruses, theft, loss of computer, or unwarranted seizure of your computer. "My Privacy Tool" is the first integrated tool to do this. It is a necessary tool for complaint privacy users.

This concept is an incarnation of the non-cloud cloud storage concept.

Note: This tool is supplied to bona fide entities and corporations after KYC is established, and is not open to individuals or the general public.


For further information, please send an email from a non-free corporate account to DataPrivacy-at-mail.com. (Replace "-at-" with "@")

Google Image Search With Image Test

This article deals with testing Google new image search using an image.


Google has a new feature in their image search where you can drag and drop an image and it will find like images. I decided to test it with an "average" image of an underwater shot of a brightly colored little fish as pictured above.

I dropped the image onto the search bar and waited a few seconds for it to upload. Then I got the following result.

Google thinks that the images are similar. Obviously it didn't recognize the fish or the coral reef or the fact that it was an underwater picture. Some of the results returned were of a flower, art, desserts and multi-colored mosaic things.

Obviously it picked up yellow as the primary search term and hoped that what it produced was also yellow. This somehow reminds me of a dumb blonde on a multiple choice test.

I decided to try it with something else. I downloaded a picture of Albert Einstein.

I then renamed it to something silly so that the name of the pic wouldn't give any clues. Google knew that it was Albert Einstein right away. They probably developed the algorithm using famous people and Einstein is one of them.

Then I change the image by altering the horizontal to vertical ratio, and used the eraser tool to erase the background. I used a Gimp filter to render lava designs.


In the web portion,it said best guess was Albert Einstein, so it was pretty good. Here is the visual results.



Winston Churchill is numbered among the results as well as Superman and George Bush. George Bush ain't no Einstein. However, Einstein does show up in the results.

The tool is getting there, but not quite there yet.

I was thinking of uploading my own pic to see what the results would be, but I am afraid that Google would keep it forever and use it as a test case. Even though there motto is "Do no evil", I still don't trust them with all of my information.

RugbyMetrics Queries

I have been getting some queries via comment postings about RugbyMetrics. Some people have even been trying to find a trial download. I will be posting some sample results and white papers here shortly. In the meantime, if you have any queries, please drop me a line at:

rugbymetrics-at-gmx.com (substitute "@" for "-at-").

Who Was At The Computer -- Solving a Whodunnit

I was idly watching some of the Casey Anthony murder trial being streamed on the Internet. She is charged with brutally disposing of her bothersome two-year-old child who was impinging on her party life.

One of the expert witnesses was an ex-police officer turned geek who wrote the program called "Cache Back". What the program does, is recover the browser cache of the web history after it has been deleted. He discovered that the browsing history contained terms like "chloroform" and how to kill people.

The defense lawyer stands up and tells the computer expert that there is no way that he could tell who was at the keyboard when the queries were made. The computer expert had to agree. Well, if they had geekazoids like me, there is away to state the probability of who was sitting at the computer.

Consider the following equation:



This equation is the basis of Bayesian inference. It is one of the keystones of data analysis and artificial intelligence. A quick explanation of the terms is as follows:

  • H represents a specific hypothesis, which may or may not be some null hypothesis.
  • E represents the evidence that has been observed.
  • P(H) is called the prior probability of H that was inferred before new evidence became available.
  • P(E | H) is called the conditional probability of seeing the evidence E if the hypothesis H happens to be true. It is also called a likelihood function when it is considered as a function of H for fixed E.
  • P(E) is called the marginal probability of E: the a priori probability of witnessing the new evidence E under all possible hypotheses.
The theory behind this concept is the idea of querencia. When people log onto a computer, they usually follow a core of usual, habitual persistent URLs. They check their email, Twitter and Facebook page, and then perhaps check the weather or news or such.

So in this methodology to determine who was sitting behind the computer for a particular history, one examines the whole history. One finds the sequences where there is no doubt of the supposed user in question. This could be determined by the URL of a Facebook page or email.

Then one assembles a statistical model of the URL web pages visited, and calculate the variance from the Venn set of URLs as well as the deviation from the usual pattern.

By calculating probabilities from the browsing model, one can then take an unidentified set and using Bayesian inference, determine whether that user had the probability of being the unidentified user.

This is by no means a smoking gun of proof, but it can add one more piece to a circumstantial change of evidence. It can answer the question of "Who was using the computer" with a degree of probability.

This would also be a useful system in a corporate environment to determine what users had breached company policy in visiting banned websites.

A Standard For Twitter Hashtags

I follow Bath Rugby players on Twitter, among other things. I notice that some of the team are avid users of Twitter. They are also quite inventive with hashtags. Hashtags are much more than search tools. They can be cleverly used to create innuendo, a wry comment, a joke, or a commentary all under the guise of just being a hashtag.

However, I do propose a standard for hashtags. It is quite simple, and one that we use in computer programming for variable names. The standard is this: Every time that you come to a new world, use a capital letter. It vastly enhanced the readability. It could also change the meaning:

#psychotherapist

or

#PsychoTheRapist

So if everyone would adopt this readability standard for Twitter hashtags, the world would become a slightly less confusing place, and we would be doing our part to fight chaos and entropy.

Lately Skype is a piece of Crap -- Skype virus???

I am having serious issues with Skype. I travel back and forth between the tropics, and I have an XP desktop in the tropics. Until a day before yesterday (June 14, 2011), the platform was quite stable. I was using Skype with a cheap webcam with no issues.

Then all of a sudden, the machine would crash. It would start to reboot in black DOS mode, and sometimes just hang until I had to remove the power cord. After repeated tries, I got it to boot in Safe Mode with networking. It still crashed at startup. I once got a blue screen.

I let the computer sit for a few hours and it started. I downloaded xrepairpro.exe and regressed the machine to a stable version of two weeks ago. Everything worked fine. The machine was stable.

Then overnight, an automatic updater must have fired. Skype crashed the machine again after it working perfectly the day before. When the machine rebooted xrepairpro was gone from the machine. Mind you it was a trial version but the weirdness persists.

I am wondering if there is such a thing as a Skype virus. I will download an earlier version of Skype, turn off automatic updater and report back. Please leave a comment if you know what is going on.

Want a Software Job? Finish This Test .... Part 3


For the last two entries, I detailed how a candidate for a software job was sent a coding test before he was personally contacted.

Coding tests are quite common, and can be quite onerous. A web design company sends this one out. This is quite a test, requiring a database, OAUTH to Twitter, and creates a marketable app. Here are the instructions to this test:






This test was created in an effort to gauge a candidate’s capability as an ASP.NET developer. The primary skills we are reviewing are: knowledge of C#/ASP.NET, MVC, knowledge of database design and implementation, usability, attention to detail and ability to interface with public APIs.

As with all code, there is no single correct way to build this web application. We will be looking at your submission to better understand your thought process when writing an application. Although this test must be written without any other person’s help, any standard reference material that is used during a normal programming cycle may be used (such as online help or books). No third party class libraries or code snippets may be used.

Overview

The purpose of the application is to allow end-users to search Twitter for topics of interest and
determine which users they might want to follow based upon the number of times tweets by that user appear in search results.

The Task

Create an MVC ASP.NET web application written in C#.

Required Features

1. Connection to Twitter (uses OAUTH)
2. Perform search against keywords supplied by end-user
a. Display tweets matching results, with profile photos
3. Collect profile data on everyone sending those tweets
a. Store in database, relate to tweets by that profile
4. Rank users whose tweets appear in search results most often – sort by # of matching tweets

descending
a. Tweet counts persist across multiple searches
b. If the same tweet appears in two separate searches, it is count as a single hit against its
author, not as two
c. Every time a tweet is recorded, the search terms should also be recorded
5. Click on the list of twitter users to display all tweets that have appeared in search; for each tweet, indicate which search terms caused it to appear

General Information

Make any modifications/additions you feel are necessary to enhance the usability of this application. Keep the code clean, well organized and well commented. The quality of the application should be at the same level that you would create for a paying client/employer. If you have any questions about the description of the application please feel free to ask.

Submission

Your submission must be in the form of a zip file containing a fully working solution that can be compiled and run without any further external requirements aside from those listed below:

External Requirements

Include a script file that can be run to generate the required SQL data store.


Now, isn't that quite the task to get a job.

In the previous example where the applicant complained about the impersonal test, he received the following reply:

I'm a member of development team. I was forwarded me your comments about our hiring process. I want to thank you for your feedback, because I've been thinking something along those lines myself and have been pushing for some change here recently. Your response is the first concrete evidence I have that our process is flawed. I'm not officially in any kind of HR position, I just stepped in very recently due to my own personal concerns about how it is being done.

We do get a lot of coding exercise responses doing it this way, including from each of us when we were hired, so I guess that makes us think it is an appropriate process. My primary concern was that the best people are probably a) already employed, so don't have a ton of free time to put into the exercise, and b) likely have numerous offers on the table, and so putting the time into the exercise just to possibly get another interview is just not worth it to them. But beyond that, you're right, it's not a very person-oriented approach.

What I have just recently started doing (unfortunately a few days after we asked Tara to send you the coding exercise), is reach out via email to candidates and offer to answer any questions they might have about the company.

If you are still interested, please fire questions my way. Either way, please accept my apology for the way we have approached you. I will be sharing your comments with the team and will hopefully affect change as a result.

So, there you have it. I think that coding exercises are here to stay for developers, but the way that they are administered has to change.

Want a Software Job? Finish This Test .... Part 2

In yesterday's blog entry, I detailed a new paradigm where developers and coders who applied for a job, were sent back a programming test by email, without any personal contact at all. One developer that I know, took umbrage to the system and sent back the following response:

I was dismayed at your hiring process. I don't think that I am interested in your company based on this approach. It reminds me of outsourcing to India, where software tests are sent to coding monkeys without any personal contact first to determine if the person is a fit.

I submitted a resume that was incredibly deep in rich, eclectic experience and was asked to submit a trivial poker game example of code before any face-to-face discussions ever take place. So much for putting the personal element first.

Based on this formulaic, lazy way of recruiting, I don't think that your company culture is for me. It reminds me of a burn and churn outfit.


He didn't think that he would get a response. He was truly surprised that he did get a response. Here it is:


Thank you for your reply and your candid comments. We apologize for the impression that we have given you by sending you a coding exercise before contacting you. We understand that the personal element is important and this is why we contact candidates after they have submitted the coding exercise, however I can certainly see your excellent point of engaging candidates before that step.

Just this week one of our developers - Allan - said that he thinks it might be best for us to contact impressive candidates directly prior to the coding exercise to add in a more personal element (and to allow the candidate the chance to ask technical questions right off the bat). You have proven that Allan is right and that candidates need to have that personal contact before committing to a coding exercise.

I am going to pass this along to Allan for follow up and I want to thank you again for your valuable insight.

Thanks again,

And the head of programming did send back a response, which I will post tomorrow. I will also post a solution of testing programmer applicants that truly exercises their thinking ability, not their ability to remember syntax.

It may be that skilled knowledge workers have more power over the hiring process than they think.

Want a Software Job? Finish This Test .... Part 1

There is a relatively new paradigm for hiring software developers and coders. It consists of an applicant sending in his resume online. Before there is any initial contact at all, the applicant is sent a coding exercise. Reprinted below is one such:


We have reviewed your resume and would like to move forward in our interview process with you! In order for us to understand how you approach your work and to move to the next level of our process, please complete the following coding exercise.

Using Java/Python, please design and implement the classes for a card game (pick any game, Poker for example), which uses an ordered deck of cards, containing 52 cards divided in 13 ranks (A, 2, 3, 4, 5, 6, 7, 8, 9, 10, J, Q, K) with four suits: spades, hearts, diamonds and clubs. The cards can be, at a minimum, shuffled, cut, and dealt (feel free to implement additional ones that are required by the game).

* You do not have to model the gameplay, but include code required for the different stages of the game (e.g., evaluating player hands)
* You do not have to model any player bidding
* List any assumptions you make

Thanks again for your help in streamlining this process and we look forward to reviewing your code!


The Engineering Team

This seems rather cold to me, but that is the way software development companies are operating these days.

I will examine this phenomena in three parts. This is the introductory part. Would you do this to get a job? Do you think that this is a fair thing to do before being contacted by a human being and evaluated personally? This is a lazy, shotgun approach to recruiting where the applicants do all of the work. It is rather Darwinian, but I will have more on this in part 2.

Crime-Solving Website for Mothers Who Kill Their Children

The news tonight (or I guess that it is morning now) is full of news of mothers or step mothers who kill children and dump the bodies.

We have the Casey Anthony case in Florida where 25 year old Casey was tired of having her two year old daughter Caylee as a drag on her life, and killed her child, left it in a car, and then dumped the body in a field near the grandparents home.

Another item in the news is missing Kyron Horman who was supposedly taken to school by his step mother, Terri Horman, on June 4th of last year (a year ago today), and has never been seen since. Police have information that Terri Horman is involved and tried to hire a hit man to off Kyron's father.

And then we have the case of Julianne McCrery who drove from Texas with her six year old gifted boy, Camden Hughes and killed him in the North. He was found under a blanket May 14 alongside a remote road in South Berwick, Maine, near the New Hampshire border, sparking a massive tri-state manhunt.

The last case is different from the first two, where the mother tried to take the body as far away as possible to hide her actions. What ties the cases together, is that none of these women have ever shown any inclination or tendencies to take a human life.

The biggest problem when these children disappear, is finding the body. Searches take a lot of man hours and are expensive when they involve helicopters and mobilization of police units. There should be a way for technology to help. And there is.

With the invention of the internet, we have discovered a new principle of human behavior -- the crowd is always right. The second principle is based on human psychology. Humans when stressed tend to follow predictable patterns. A good example is prostitution. It has been discovered that when men are in search of a prostitute and cruise the roadways, they hate making left hand turns. They always want to turn right as they search out a streetwalker.

Human beings have the concept of querencia embedded in them. It is a bullfighting term. When a bull is in the ring, he finds and always goes to his querencia or safe place where he feels empowered. Casey Anthony dumped her daughter's body near her home, in her querencia, where she felt safe.

So, the website that I propose would be quite radical. And it might be offensive to some. What the website would do, would be to solicit essays from normal people on crime. Much in the manner of the OJ Simpson book entitled "If I Did It", the website would get people to write an essay on where they would stash the body if they killed a child.

Going on the principle that the crowd is always right, one could data mine the essays and determine the common denominators to use technology to help find possible areas to search.

If the idea of soliciting this kind of information from the general public is too offensive, one could use existing crime data, but it would have to be collected and digitized. It would be much easier, and one could get a much more specific mass if it were collected on a pro forma basis from the public when needed. I think that this kind of website would get an incredible amount of traffic. I just checked, and www.IfIDidIt.com is taken, but www.IfIDidIt.info is not.