Still chugging along

Thought better add a post as proof of life after not posting anything for a while. Still chugging along just don’t have much interesting to say at the moment. Things done over the last few weeks include:

  • Avoiding adding duplicate users to a system with very similar names, probably spelling mistakes, using soundex in mariadb and levenshtein distances.
  • Splitting chat over two servers for improved resilience.
  • Altering database storage when syncing after server nearly filled up its disk with logs.
  • Adding timings log to Coldfusion/Lucee site to try and identify whats causing occasional mystery slowdowns.
  • Rescuing an abandoned WordPress install that had been neglected and fallen over.
  • Hardening DMARC policies after someone tried to impersonate shop owners emails.
  • Adding customer feedback gathering to a site so they can gather customers views of them.

Chug, Chug, Chug

Network Theory

Been reading some books around network theory. The science of networks is interesting and applicable to many areas of society, organisations and nature. How do networks interact between fellow group members and between a closely linked network and a more distant one. How do diseases spread or not spread and how do they persist. Why do some products become a success and spread whereas others that seem equally valid disappear without trace.
Can you design a system to withstand attack more effectively. If you design it to resist the disruption of a major hub does that reduce its ability to cope with the loss of many smaller nodes. What patterns of distribution in sizes and density of links occur naturally in systems.
If we had a more complete understanding of how complex systems interact over time we could design more effective solutions to these real world problems.

How do diseases epidemics spread or not spread and how do they persist.

For a disease to spread it only needs to infect more than one neighbour before it kills its hosts or is killed.
If it can infect more hosts and lasts longer before it is killed off or its host is killed off then the disease has a better chance of spreading.
A disease that kills off its hosts very quickly can restrict its ability to spread as it kills off potential spreaders too quickly. A disease that is comparatively benign may persist a lot longer.
Its an interesting field to look at as an effective way of slowing the spread of diseases may not to be to look at the most connected person in the community but the marginal people who move between multiple groups and have more widespread connections as they are more likely to speed up the spread of the epidemic. A few people with longer distance ties may spread the disease much more quickly as they have the potential to infect many separate groups and are less likely to infect the already infected. As most peoples connections will be closer.

How best to design a system to withstand attack

If you can understand the structure of a network and how its nodes interact then it can help you make it more resilient. Duncan Watts talks about the structure of the Toyotas suppliers that allowed it to recover very quickly from the over night burning down of the major brake valve supplier. How the the other supplier companies rapidly adapted to producing valves they had never manufactured before.

You can see that if you have redundancy of telephone exchanges or power stations then the system as a whole can cope with one disappearing. But there is also the homogeneity of the population, if the many parts of the system all have a similar way of working or methods then the chances of them all being affected by the same adverse event are greatly increased. If ten banks all have the same sort of business model or use the same approach to estimating risks they are more likely to be affected by the same issues leading to system wide crisis rather than an individual bank crisis. This may however be counter intuitive, the vast majority of the time organisations tend to converge on what seems the most effective strategy for their competitors. If company A is using approach X and they are making 10% more profits its difficult for company B to see that their own strategy will cope much better with the crisis that will affect company A in two years time. They just see now and copy strategy X rather than see that if they had kept their original strategy they would be unaffected by the crisis that eventually blew up company A.
They have to be quite rational and long term and avoid the consensus but thats not how people and organisations naturally think.

Spiral of silence

This was an idea of Elisabeth Noelle-Neumann, a german political scientist and opinion pollster. If many of the people in a group profess on opinion, say as recently in the Scotland on leaving the UK. Then that can affect the opinions expressed by others, people are affected by what they perceive to be public opinion and moderate their expressed views to match. If you believe that everybody else is going to vote for Scotland leaving the UK, you are less likely to express your contrary opinion in public, which may help explain inaccuracy in recent election polling.
It may also have implications for political campaigns, if a member of the public can be convinced that the vast majority of the public are going to vote for candidate A then it may reduce the likelihood of them turning out for a alternative candidate or make then doubt their own decision. Most people fear isolation from the group. This can become self perpetuating.

Generally

Its interesting how little of this understood. It doesn’t seem that there are any absolute answers just more or less precisely fitting models and approximations. It seems like as with weather forecasting it gets beyond a certain point in the future and the system or group becomes too complicated to predict. Part of which seems to be because we don’t have the Maths.

There are lots of applications to this how best to design a social network, or an advertising campaign to spread quickly the optimum linking and grouping structure to aid the spread of ideas or in the case of diseases isolate or restrict transmission as much as possible. Many close links with occasional distant links between clusters may be more effective at spreading some thing than many things very closely linked as that is a inherently more stable structure with stronger links which harder to change.

Its an interesting set of things to read about though and definitely some food for thought.

Contributing to North Koreas economy

Fiddling with auto generating authentic text from sources. Using the speeches and writing of the North Korean Leaders, Kim Jong-Il and Kim Il-Sung leads to surprisingly realistic sounding stuff. I guess there speeches come off better in Korean before translation.

Solution of marxism-leninism and at the party is called revolutionaries who revived our times and help each country, which are freed from exploitation and heroic anti-japanese revolutionary outlook on building communism. In order to serve them by marx is not merely a stronger and knew that a society advances towards social democracy is the interests of the relationship of the reactionary, between comrades can be correctly combines the master of the masses are appeasing them to the ideological consciousness is inconceivable to achieve the relations of adaptation of the right to free of society and construction work style, and cultural needs.

By applying the people vigorously pushing forward by improving man’s cognitive activities of social democracy that can understand the people’s government bodies.

If Kim Jong-Un wants me to auto generate some speeches for him…

Encryption

Reading about cryptography as its getting talked about quite a lot at the moment with even politicians talking about strong encryption. Also I’m working out how best to go ahead with some encryption in a project.

Cyphers

What recipe you use to encrypt the data examples being One Time Pad, Vigenère, Rot13.

Whats interesting is that mostly they are crackable its just how much time, computers and the access to Mathematicians/Cryptographers you have. So its really a matter of making something as hard and resource intensive as possible. AES / Rijndael is probably a good common one which succeeded DES in terms of standards.

Security / Strength

It is difficult to tell for sure what is ‘secure’ given that many past developments have taken place within agencies that don’t have incentives to publicise there discoveries. If someone has made big strides in designing more efficient cracking algorithms we might not find out until 20 years later.

Comparatively small changes in implementation (block cypher modes ) and algorithms can make a huge difference in terms of security. So creating your own cypher is usually a bad plan and choosing carefully is important.

Keys and key lengths

Then there is how long a key you are using generally the longer the key the stronger the encryption.

How long a key?

Start off from greater than 128 ideally 256 bits and what is that equivalent to when generating key pairs with ssh-keygen, RSA 15360 is equivalent to 256 according to more in US National Institute of Standards and Technology here (page 64).

How secure do you need something to be? (and given what situation)

Commonly you think of encrypting the message during transmission from A to B. In order to prevent someone reading the message in between. There are a lot more, places, stages and levels though. If you encrypt information in a database you have made that information difficult to read if the attacker only has the database. But if they also have the code or keys that encrypted that data then they have also the means to retrieve it.

Does it need to be secure if the attacker has access to lots of decrypted messages, pairs of past encrypted/decrypted items or has knowledge of the texts sent. Can the attacker intercept an encrypted message and alter it and that alteration be undetectable.

So mostly your using layers of security to make access more awkward each layer being an additional level of difficulty.

Perhaps the more layers the better so for a web application the layers could be

  • SSL/TLS to encrypt the traffic then encrypting information in the database
  • Architecture of the code
  • Security of the user accounts on the server
  • Security of the underlying server,
  • Security practices of the users and administrators of the system
  • Browsers and operating systems that the legitimate users might use,
  • How keys are managed and shared.

How important is it?

If your keeping peoples credits cards then you need to act differently to just publishing a blog that you can just restore from an earlier database dump.
How long would it take to recover from a breach and how much would that cost you in money and reputation. This makes you consider your backups and your policies on communication with users.

Are you merely deterring automatic attacks from script kiddies on you so they move on to easier targets. Or are likely to be a focus of attacks because of some sort of political or financial cause.

Security is complicated its not just a matter of I use this language, we use TLS version X or we only use such and such servers.

Writing a Firefox addon

Just written the first version of my Firefox add on stat-o-matic. It lists the number of pages viewed in your browser over the last 4 months. Graphs the top 7 sites visited and the pages viewed by Month and Hour.

Its currently been reviewed preliminary, it should be listed publicly on the addons site as experimental. Which is probably correct for now as its a bit of stub and rough around the edges. Or minimal viable prototype as the developer said to the investor. In the future I’ll probably extend it to do more and tidy it up but I wanted to get through the review process before I spent more time on it.

Have been trying it out on my Firefox on a mac so I know it works under load. It revealed my rather to heavy internet usage. 13000 pages viewed in April, 33300 in last 4 months which seems excessive.

Writing an Firefox addon turns out to be mostly writing JavaScript so that was interesting. You never really know what these things entail fully until you do them.

You can try it out here

If your interested in writing your own Firefox/Thunderbird extension the documentation is here.

Why I hate ticketing systems

I hate ticketing systems. Here is why.
Me: Could you add feature X
Robot: Thank you for you request we have received it.

Bob: Would you like that with bells on
Me: Yes
Robot: Thank you for you request we have received it. One of our skilled technicians will…

Trevor: I’ve added feature X
Me: Hi Trevor, It has no bells, could you install feature X with bells
Robot: Thank you for you request we have received it. One of our skilled technicians will…

Colin: Feature X is already installed
Me: Hi Colin, Trevor added feature X but without the bells could you add the bells in
Robot: Thank you for you request we have received it. One of our skilled technicians will…

Bob: Do you want feature X installed.
Me: Aaaaargggghhhhh! can I not just talk to one person so they can remember stuff.
Robot: Thank you for you request we have received it. One of our skilled technicians will…

I think its because ticketing systems promote a culture where no one accepts responsibility for anything because its someone else problem. It seems much more effective if you can call up a person and then go through the whole process with them.

The other thing I hate is when I ask an organisation and say is it possible to do X with your technology? for example and they send me a link to a page on their documentation site that doesn’t answer the question and I’ve already read. If the information was on their website I wouldn’t be going though the painful experience of talking to them. They cleared my ticket, presumably ticking the boxes at their end but annoyed a customer in the process.

I don’t see why it has to be so difficult.
</rant>

Geeks, Gonks and DB2

Just picked up my Geek gonk, Triton who do DB2 consultancy wanted a 3d representation of a geek that I drew for them ages ago for http://db2geek.triton.co.uk/ when I worked for someone else. They are using for publicity at conferences and similar. Triton do seem to know everything there is to know about DB2 but they don’t all look quite so geeky in reality.
Heroic geek
I just picked up a sample gonk one its pretty weird having your scribble turned into a real world 3d thing. He looks happy guarding my hard drive and he is squeezable so I can push any stress I suffer on to him. Perhaps some of his SQL genius will rub off.

Round up the usual suspects

Round up the usual suspects?

How to make Spotted Paint

In a guest post our senior monkey Lobsang Polka reveals the state of his research….

We spend most of or time monitoring the flashing LEDS and maintaining websites for the ‘tailess ones’ but we are alloted 13.5% of our time to spend on research. In this research time we have been studying the creation of advanced paints.

spotted paint in action

Outside of the very valuable research done by the Acme company on behalf of, the very litigious, Mr Wylie Coyote in the 1940’s the development of spotted paint has been disapointing slow, the development of elbow grease and long weights has surged by in comparison. In the last 6 months we have made some progress. Building on the early research by Solomon Joseph Solomon into camouflage and using our chemistry knowledge. We looked in the development of emulsions on a large scale. This together with information from fluid dynamics in the russian space program has allowed us to make a prototype paint. We have been experimenting in order to make a longer lasting and brush friendly paint. Unfortunately spotted paint is very unstable and may fall apart at at any moment it is also very flammable. This has led to much singeing, something we aren’t sure the ‘tailess ones’ appreciate. Currently we can only keep the paint stable for 12 hrs after which the spots lose their cohesion.
We will endeavour to develop our work in this area and look forward to sharing our progress with you the public. Hopefully if the tailess ones provide more peanuts we can make faster progress.

Interesting Blogs

I spend quite a lot of time reading other peoples blogs. Here are some of the recent posts I’ve been reading which I found interesting or useful. Some of these might have been around for while before I came across them but they are new to me.

  1. If php had a flux capicitor  – Distilled wiseness from Matt, but no pictures of DeLoreans or Doc Brown :).
  2. The MicroPHP Manifesto – An interesting idea I can see sense in it.
  3. Grumpy Programmer – opiniated, but some useful stuff in there. He also does a podcast with Ed Finkler at dev/hell
  4. Lorna Jane did a series of posts on how she builds a RESTful PHP Server at Understanding the request, Routing the request and Output handlers.
  5. Derick Rethans on spatial indexes from open street map. You too can find out where the nearest pubs to you are (or more useful stuff).
  6. Roger Johansson is always worth reading at 456bereastreet.com about web development with a special focus on accessibly. I found this one visited link styling, about what css styles you can use to signify visited links taking into account recent browser privacy settings, useful.

Whats working on my website – getting useful info from Google Analytics

If you have had a site for a while you probably have google analytics tracking code on it. You may get a monthly report emailed to you with a summary of whats happened on your site. The interface is a bit complex though and if its not what you do all day its a bit of a chore. You can get a lot of useful information out though, to use when judging what you are doing right and wrong with your site. Its also a good factor to use when thinking about future plans.

Analytics executive summaries

I’ve been playing with their api and generating some custom reports for a client so he doesn’t have to bother with the means, he just gets the facts he wants in a executive summary.

  • The pages where most people enter your site?
  • Are they the same as the pages that are most popular?
  • Which pages do people leave your site on?
  • Which pages do people spend the most time reading?
  • What are the referrers who refer you the most sticky viewers.

The answers to those questions can be pretty valuable you could write more about that popular subject, provide links across to similar content from the post that people spend all that time on, or talk to your seo company on why people keep finding you under ‘monkey wrangler’, weird. Those successful pages could point you at where your site could be improved.

Failing page designs

Also the info has design implications are some pages or sections of your site failing to engage readers? or are lots of people entering your site on some obscure post that’s the equivalent of a back door and then leaving again because they can’t figure out whats going on here. Perhaps a custom report could help you identify that.