Tuesday, 18 March 2014

[android-app] hiker-zen

Outline

Citizen hitch-hiker app: The app works with the google maps app to locate people on your path that share some or all of your journey.

How it works

The driver, (CHD) searches for their destination, (google maps called from hiker-zen) and indicates which vehicle they are using, (car, van, bus) and any variation, (one back seat is taken with a child.)

The app locates citizen-passenger-hikers, (CPH) that are located along the path, (the app 'rounds' your location to the nearest bus stop or other feature so that it does not leak your home-address.)

Preferences can be set by the driver, (height, weight, gender, age) for the CPH. (Or just people in your contact list or social-network.)

When the two mobile devices are brought into proximity the CHD and CPH pair their devices, (blue-tooth, wifi, Infrared). This then starts to tally the social capital, (two citizen-hiker currencies) of distance and time. (You may take someone quickly on a long motorway or slowly through inner-city traffic.)

The capitol can be used to verify a user, (dynamic web of trust) to suggest remuneration, (shared cost of shipowner or fuel costs) and eventually in other locations like parking fees.

Passengers can "fine" a driver for:
agressive driving;
Inconsiderate driving;
dangerous driving;
failing to indicate at a roundabout or junction.

The simplified interface would simply have a thumbs down for "I feel uncomfortable" and a thumbs up for "I'm impressed", when the CPD makes space to let another driver into the flow of traffic.

After the journey the users can vote, "I would do it again" for that journey with that, (those) people. If it is reciprocated then that connection would be weighted preferentially, (though there must be a 'break-up' function so that the user can manually veto a user at a later date, and 'make-up' to remove the veto.)

Abuse concerns

How do we prevent abduction?

  The past may be no indication of the future but as each bit of social capitol is part of a digital crypto-currency and each event is signed by the users instance of the app, users should be able to determine compatibility. Another attack would be for the app to automatically 'tweet' the other persons unique ID, and location - so the two citizens don't commence the shared portion of their journey until the public notification is acknowledged by the public forum/email server.

How do we prevent mining?

The two mobile devices should be able to verify that they are on the same journey from sensor data, (GPS, accelerometer, barometer). The real question is how do we digitally encode a users data into their app so that a malicious person can't simple purchase, (steal) ten devices, invent a bus and then drive the devices about on the back of a bicycle [0] to 'mine' social capitol? (Capitol that could later be used to fraudulently impersonate a good citizen with the intent to perform an unacceptable act.

Spot checks by curtain twitchers: A twitcher (CTW) could be notified of an alert [1]

If the CTW thinks that they have seen the event they can verify, (by pressing the confirm button) or by taking a picture.


Other consers?
Do you see any problems with this idea and how to solve them? How would you implement this?

Some versions already exist for real-time car-pooling.

[0] No reason why a CHD can't give give a lift to a CPH on a bicycle, but it would be unusual for a CHD to regularly lift ten CPH at the same time.
[1] Probably in JSON: {journey: { vehiclue: {type: "car", colour:"blue", make: "Bently"};  people: [adult: "2", child: "3"] };

The problem with perception is that people: [ men: "2", women: "2" ] is open to interpretation of gender expression, so the app will have to be flexible and as granular as the CHD and CPH want to express themselves that day. The app will have to take the simplest common denominator, so if a vehicle has {people: {men: "1", women: "3", adult: "2" } } then the app for the CTW would display, "6 adults?" as the question.
Infants are often not visible but the app should have them and pets as categories.

As with the people the vehicle details will have to be simplified and obfuscated, "A red sedan with license 41H ***?"

Wednesday, 5 March 2014

Tai Chi all of the muscles groups?

 Whether you divide the body into 8: {shoulders, arms, back, abdomen, chest, butt, thighs and calves.},  11: { arm:{fore,bi,tri,shoulder} core: {chest,trap,lat'dorci,abs} leg: {quad,ham,calf} } or more major muscle groups, we can probably agree that we use some muscles to exercise.

Mentally, as I exercise, I observe internally, (if I pay attention):
  • face: eyes, jaw
  • neck
  • upper back and shoulders
  • biceps
  • triceps
  • lower back
  • lats (Obliques)
  • core
  • gluteus
  • hands/forearm
  • thigh (anterior extensor)
  • medial adductor (inner-thigh)
  • hamstring (posterior flexor)
  • calves
and eight areas of articulation: ankles, knees, hips, waist, shoulders, elbows, wrists, neck.
 
Each of these 'groups' are used in one or more of the sports that I have actively participated in. Without getting distracted by my incorrect list lets assume that it is correct and look at the Beijing 24/ Yang style short-form Tai chi. Specifically what does each movement focus upon physically, (other than balance and breathing.)

[Make your list and then notice which groups are worked upon the least.]

This is obviously the wrong way to look at Tai Chi or any 'Eastern medicine' as it is intended to be holistic. (Each movement may work on multiple major groups, and subtly upon many of them.) But if you take the Yang style long form and reduce it to 24 movements, are you sacrificing one of the muscle groups in my list?

Why does this matter? Well I was doing some exercise research that worked on my core and then did my Tai Chi, (short-form.) I realised that only in "kick with the heel" did I flex my sore lower abdomen.

This made me go through the eight pieces of brocade to check muscle groups and articulation points and found that it seemed to cover more groups in fewer movements. Also I could engage my abs or not in some of the movements. Hardly conclusive, but if Tai Chi were to be a supplement to the 8PB, which Tai Chi movements would have the least overlap with those eight movements?

Thursday, 23 January 2014

How deep is your FUD?

When as executive from Microsoft said, "You can just google me, ah um Bing me." There was much chuckling. At the time it was said that Bing was not making money and it was suggested in some publications that they would be happy for someone else to take it off their hands.

Was this a natural slip of the tongue?

If you don't have enough material for your conspiracy theories then try this idea on for size:

"It was a corporate equivalent of a military surgical strike. If Google becomes google in law then their trademark becomes worthless."

Just a moment? What are you on about? (Would be a reasonable question.)

Well, (I would say with deliberate pause) if it can be shown that a trademark has become part of the normal term of a man-in-the-street then it is watered down like a sandcastle on a beach. Just as band-aid, in the USA become the default term for a self-adhesive medical strip and  Hoover, (the vacuum cleaner manufacturer) became the standard word for that item in the UK, if google replaces the word search on the Web and for those that use the Internet, then Google will have hit that interesting point in law that creates a sort of they-should-have-already-made-enough-money point in its corporate life cycle.

If you want to season that plate with some cynicism, (and it is Monday after all) are mistakes and apologies the current state-of-the-art in the corporate PR arsenal?

Monday, 13 January 2014

Outlook 2013 vs Exim 4

I had problems getting Outlook 2013 to play TLS with my exim servers. The solution seemed to be to set Outlook's encryption to 'Auto' and use port 587 (a NON TLS port).  I have both PLAIN and LOGIN auth but Outlook uses the latter. If you are still using a flat auth file that uses the CRYPT hash then there is an example line for you, but I mostly authenticate against a database,
(so that changes don't have to be rolled out in batches.)


exim config snippit:

tls_advertise_hosts = *
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465 : 6465
# some ISPs filter 25 and 465 to their own SMTP servers for 'simplicity' hence I have  6465 for customers with that affliction.


MYSQL_AUTHPLAIN=SELECT  im_server FROM imap,domains WHERE imap.im_doid = domains.do_id and concat(imap.im_userid,'@',domains.do_name) = '$2' ) AND ( im_auth='${hmac{md5}{$3}{$3}}' || im_auth=encrypt('$3',im_auth) || im_auth='${sha1:$3}' )
# transitioning from encrypt to sha1 and merging in an hmac_md5 config

MYSQL_AUTHLOGIN=SELECT  im_server FROM imap,domains WHERE imap.im_doid = domains.do_id and concat(imap.im_userid,'@',domains.do_name) = '$1' AND (  im_auth=encrypt('$2',im_auth) || im_auth='${sha1:$2}' )

begin authenticators
# $1 is the old string for $auth1; $2 = $auth2; $auth3 = $3

plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = ${lookup mysql{MYSQL_AUTHPLAIN}{1}fail}
  server_advertise_condition = ${if def:tls_cipher }
  server_set_id = $2
 
login:
 driver = plaintext
 public_name = LOGIN
 server_prompts = "Username:: : Password::"
 #  server_condition = ${lookup mysql{MYSQL_AUTHLOGIN}{1}fail}
 server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{/etc/exim/passwd}{$value}{*:*}}}}}{1}{0}}"
 server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
 server_set_id = $1

 

Example mysql schema, with domains in one table and imap, (and smtp authentication in im_auth) in another:

CREATE TABLE `domains` (
  `do_id` int(255) NOT NULL AUTO_INCREMENT,
  `do_name` varchar(255) NOT NULL,
  `do_status` enum('disabled','suspended','enabled','migrating out','migrating in','registering','desired','disputed','remote') NOT NULL DEFAULT 'remote',
  `do_added` datetime NOT NULL,
  `do_acid` int(255) NOT NULL COMMENT "account id - other table",
  `do_group` int(255) DEFAULT NULL,
  `do_peid` int(255) DEFAULT '0' COMMENT "people ID",
  `do_location` varchar(255) DEFAULT NULL,
  `do_masters` varchar(255) DEFAULT NULL COMMENT 'a ; delimited list of ip addresses',
  PRIMARY KEY (`do_id`)
) ENGINE=MyISAM AUTO_INCREMENT=16 DEFAULT CHARSET=latin1 COMMENT='Domains'


CREATE TABLE `imap` (
  `im_id` int(255) NOT NULL AUTO_INCREMENT,
  `im_userid` varchar(128) NOT NULL COMMENT 'the bit before the at sign',
  `im_doid` int(255) NOT NULL COMMENT 'link to domains.do_id',
  `im_passwd` varchar(74) DEFAULT NULL COMMENT '{HASH}string e.g. {SHA1}shy75adsgf=',
  `im_home` varchar(255) NOT NULL COMMENT 'explicit path on im_server',
  `im_uid` int(11) NOT NULL COMMENT 'probably 8 (mail) though for shell users set it to their uid',
  `im_gid` int(11) NOT NULL COMMENT 'probably 12 (mail) or 8 on some systems',
  `im_server` varchar(128) DEFAULT NULL COMMENT 'mostly this will be the localhost or hostname',
  `im_quota` int(255) DEFAULT NULL COMMENT 'In Megs: 2 petabyte limit',
  `im_peid` int(255) DEFAULT NULL COMMENT 'links to people table',
  `im_auth` varchar(255) DEFAULT NULL COMMENT 'exim authenticates from this if it does not understand im_passwd - useful for migrating from MD5 to SHA256',
  `im_mode` char(4) DEFAULT '0640' COMMENT 'smallint seems wrong',
  `im_dir_mode` char(4) DEFAULT NULL COMMENT 'exim file and dir modes',
  `im_last_seen` datetime DEFAULT '0000-00-00 00:00:00' COMMENT 'the last SMTP,IMAP',
  PRIMARY KEY (`im_id`),
  UNIQUE KEY `im_row` (`im_userid`,`im_doid`)
) ENGINE=MyISAM AUTO_INCREMENT=8 DEFAULT CHARSET=latin1 COMMENT='imap account'

# I've never had to add a NULL imap row to enable SMTP, but that is perfectly possible.

Tuesday, 7 January 2014

SFR is rubbish at IP networks

That title should get someone's attention. Why such a deliberately childish title? Because I could not easily find a "Network Status" page or a "report network problems" page. One would have been able to reassure me that the issue is being dealt with and the other would have let me, (someone that knows a little about IP networks) to provide useful information.

Talking of which: (notice the huge jump between hop 04 and 05.

03. 82.186.96.84.rev.sfr.net        24.0%   146   27.2  57.2  24.6 640.1  88.5
04. 84.96.179.142                   25.5%   146   25.6  72.8  24.4 585.3 100.4
05. 37.244.5.109.rev.sfr.net        26.9%   146  5608. 969.8  26.3 7250. 2008.
06. 106.61.6.109.rev.sfr.net        30.3%   146  5768. 868.6  28.6 7180. 1863.
07. 70.61.6.109.rev.sfr.net         28.3%   146  6026. 866.7  33.2 7364. 1866.
08. 237.29.3.109.rev.sfr.net        26.4%   145  5782. 1018.  34.5 7118. 2045.
09. ix-28-0.tcore1.PVU-Paris.as6453 28.5%   145  5506. 726.2  32.2 7155. 1693.
10. 80.231.154.69                   29.2%   145  5745. 734.4  32.6 6676. 1685.

I'm on a friends ADSL line and this has been happening on and off for at least a week. I'll add more traceroutes each time I remember. I can say that the last time I was here the house was using Darty, (which used someone else's network) and that was much better. SFR seems to be good at mobile but crap at home networks, (from one data point between 2013 and the start of 2014).

UPDATE:  2014-01-16 After reporting the problem, (they seemed to be able to instantly fix it) and mentioning it to a cold-caller trying to sell anti-virus on behalf of SFR the core problem is still showing:

2. 129.144.16.109.rev.sfr.net     31.1%   212   24.4  56.9  22.9 344.7  67.7
 3. 82.186.96.84.rev.sfr.net        28.8%   212   25.8  51.0  22.4 288.1  52.7
 4.142.179.96.84.rev.sfr.net       30.2%   212   43.1  51.9  22.5 359.4  56.7
 5. 37.244.5.109.rev.sfr.net        29.2%   212   28.2 2573.  23.5 6441. 2508.
 6. 106.61.6.109.rev.sfr.net        29.2%   212   28.1 2696.  25.4 6866. 2512.
 7. 70.61.6.109.rev.sfr.net          34.4%   212   35.3 2555.  31.6 6737. 2509.
 8. 237.29.3.109.rev.sfr.net        34.4%   212  137.3 2659.  32.3 6719. 2508.
 9. ix-28-0.tcore1.PVUParis.as6453.net  32.5%   212   85.3 2630.  44.6 6745. 2512.
10. if-12-2.tcore1.PYE-Paris.as6453.net 35.8%   212   38.5 2506.  30.2 6729. 2530.


and the same evening:

 Host                               Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. box                              4.4%   479    2.3  39.3   0.8 1399. 132.4
 2. 129.144.16.109.rev.sfr.net      28.9%   479   24.6  73.5  22.8 1360. 157.6
 3. 82.186.96.84.rev.sfr.net        26.6%   479   26.1  72.1  22.7 1303. 150.6
 4. 142.179.96.84.rev.sfr.net       25.9%   479   39.9  67.6  22.6 1253. 140.2
 5. 37.244.5.109.rev.sfr.net        32.8%   479  5242. 2126.  23.2 10878 2510.
 6. 106.61.6.109.rev.sfr.net        28.5%   479  5427. 2293.  25.3 11725 2617.
 7. 70.61.6.109.rev.sfr.net         28.9%   479  5129. 2300.  30.3 11147 2569.
 8. 237.29.3.109.rev.sfr.net        29.7%   479  5075. 2242.  31.6 12060 2648.
 9. ix-28-0.tcore1.PVU-Paris.as6453 31.0%   478  5412. 2312.  43.3 11581 2566.
10. if-12-2.tcore1.PYE-Paris.as6453 31.4%   478  4962. 2217.  30.2 13397 2593.

(Feel free to add your own traceroutes as I am still unable to locate where in their website you can report problems to them - OR even find network status.)

The Conclusion:

SFR happened to set one of their 'would you like to buy anti-virus' sales men on us - which didn't go as he had hoped, but was probably the most effective way to inject a complaint into their company. On top of that SFR were informed at each end of the week, (you can call them on 1023 in France or 0033 6 1000 1023 from the UK.)

The first time they were able to almost instantly drop the latency from ~4000ms to 32ms within their backbone. (Daily and sometimes hourly cold-reboots of the router in the house all week), lead to Thursday where the problem was reported again. A very frustrated, (and a little bit angry) tech support bloke rebooted the house router remotely, (killing the crackly phone conversation stone dead); though it did fix the problem - and since then it has been a lot better. Still not perfect but actually useable. So what was the problem? What can we guess. Is their backbone capacity too heavily over subscribed? (My first guess, but this isn't 1998.) No, I'm almost certain that it is entirely down to some complicated rate-limiting withing their network somewhere between hop 4 and 5:

4. 84.96.xxx.xxx   <= no visable problems from users end 
5. 109.5.xxx.xxx   <= 50 times as long for packets to return (if they bother.)




At the time of this problem I was in the habit of starting with a trace to one of google's public caching name servers. The problem here is that SFR seem to have a direct peering with google via an address in 72.14.192.0/18 and probably have different rules for that connection, (after all SFR would just be shooting themselves in the head - as opposed to the other foot - if they slowed down their customers connection to google.)
 

Thursday, 24 October 2013

What the micro-framework?

I'm impressed by flask. I'm not a great pythonista so you will have to make up your own mind, but when I found Flask Bone my first thought was, . o O ( What is the perl equivalent to fbone? )

I've spent many years hacking Notice together, but it is far from web 2.0, (which is probably why it gets used for internal sites more than external sites, but with HTML5 Boilerplate and bootstrap it scrubs up nicely.)

So how did I find fbone? I was considering porting Notice, (which is mostly perl + jQuery ) to pyNotice, (a proposed python + jQuery.) I didn't want to re-invent the wheel, (though sometimes that can be a good thing), so I did a quick poke to see what was already out there.

Not all websites are created equal, but here are a few things that almost every site, (larger than a blog) need:
  • Login
    • Sign-up
    • Remember me
    • Forgotten password
  • Logout
  • Sessions
    • Client side data
    • Server side data
  • User data
  • File upload
  • Ajax of some sort to improve user experience
  • CSS control, (let the use change this as then need
All of this and we have not even got to the actual functionality of the site. Notice, (which is, at this time, one big perl module) splits its functionality into groups, (that are also called modules, but are not individual modules... yet.)

If you are a web developer that used perl or python, (keep your gems and php to yourself please) what do you use to jumpstart a website? Do you have a stock core code that you use? Is it open-source? Would Richard Stallman or Rev K rage at your code or rate it?

How far does this scale horizontally and vertically? Should we all be moving to happstack?

Wednesday, 16 October 2013

Haskell Data.Map.Lazy

TL;DR:  
cabal install containers # import Data.Map.Lazy

I have been enjoying the Haskell from Scratch series from Jekor over on youtube.

After checking out his example code from github I have been able to compile along with the music... until ep07

./redo redo
redo.do: 1: redo.do: redo-ifchange: not found

redo.hs:5:8:
    Could not find module `Data.Map.Lazy'
    Use -v to see a list of the files searched for.
Redo script exited with non-zero exit code: 1


"Ah ha!" I thought to myself

cabal install Data.Map.Lazy

Nope. Off to Hoogle I go and after a while I worked out that what I needed was:

cabal install containers


but it was not Hoogle, but Google that clued me in.

cabal list|grep -i Map|grep -i Lazy

didn't help. Now that I know the answer it is quite easy to find:

hoogle --info Data.Map.Lazy|grep 'From package'|awk '{print $NF}'

and even create a general Haskell module installer:

#!/bin/sh
#cabalModuleInstall
cabal install $(hoogle --info $1 | grep 'From package'|awk '{print $NF}')

About this blog

Sort of a test blog... until it isn't