Monday, August 25, 2014

“No Fly Zone”

In general this hasn’t been a good year for the field of aviation. Starting from Flight 370, then Flight 17, then a couple of crashes in Brazil and Iraq, it’s been bad news one after the other. Causes of the afore-mentioned tragedies vary, with the exception of “MH370” which basically disappeared. Hence it’s rather coincidental that I came to hear an aviation-related mobile announcement in my neighborhood of Boralesgamuwa a fortnight ago. A van was airing a notice which gave a meaning similar to the following:

“We request you to avoid flying any kites in this area as it may cause a threat to aircrafts and passengers onboard.”

A fair enough request, given that the Ratmalana Airport is only about 2km away. But this was the first time I heard such a statement from the authorities. So I did some searching to see if kites are that hazardous as portrayed. And was surprised with the first article I stumbled upon. Apparently a nylon thread seemed to be the cause of a helicopter crash in the Philippines which killed two crew members and seven people on the ground! An important piece of information in that article is regarding the regulations and distance prohibiting kite-flying. I wondered if there were similar regulations in our country as well. Therefore I phoned the airport and inquired. According to the officer who answered me, there were no such specific laws or regulations which prohibited the leisure-time activity, but they will request the relevant local police stations to take action to clear the “sky paths” if needed. When I inquired of the height and distance from the airport that might be acceptable to fly a kite, he didn’t give any numbers. But explained to me how aeroplanes and low-flying helicopters encounter difficulties while approaching or departing the airport. August being the kite-season was a reason for the announcement to go out.

Further searching on regulations, I came across a couple: Hong Kong and the US. Notice the height/distance factors which are clearly mentioned and also the word “balloon” in the FAA page. The ATC of Netherlands has a more detailed page with maps highlighting prohibited areas in different colors along with a descriptive legend. May be our local authorities also should improve on this aspect. Enact regulations if there aren’t any and publish them on the official websites.

Still whatever the law may be, we as responsible and thoughtful citizens need to think of this stuff pretty seriously. And if you or your child needs to fly a kite, Galle Face Green is always there.☺

Monday, May 06, 2013

Volunteering in an Internet Age

As Wikipedia puts it (partly) volunteering is: “An altruistic activity and is intended to promote good or improve human quality of life. In return, this activity produces a feeling of self-worth and respect; however, there is no financial gain”. But the most fascinating thing about this definition is that it holds true for this age too. Many verbs have received different definitions in contemporary times, but some have adopted accordingly. “Volunteer” is one.

A couple or a decade ago, it was all about charity related work where you would offer your effort and/or skills for a social event. But now there are many other activities that one could perform on the internet, which upholds the same values. It’s mainly two-fold as skills & effort, but eventually the same thing. As with offline volunteering, these are mainly performed for proprietary entities or non-profit organisations. At the end of the day, the world benefits, the online community benefits.

Although the topmost activity in this sphere is devoted to the Open-source movement, I wish to focus on a few popular products/websites that rely on Crowdsourcing. Crowdsourcing itself is a new-age term, which could be broadly defined as, “obtaining the efforts of a crowd (volunteers)”.

Wikipedia is the best and most popular example. What more, even this article has a couple of hyperlinks to it already. This online encyclopaedia is almost totally built on the efforts of thousands of contributing volunteers. Not only the submissions, but moderations too are handled in a similar nature by ‘administrators’ who are chosen from the previously mentioned fervent contributors. That helps in maintaining the credibility, which is always a common question raised against crowd-sourced content.

My next focus is a company, and a popular one in Google Inc. Google’s products have now become necessary platforms for thousands of other products and services both online & offline. For example, Google Maps is one such platform. The fact that people are able to contribute to it has resulted in the rapid expansion and improvement of the product itself. Anyone could contribute to “GMaps” through the Map Maker tool which was launched about 5 years ago. Talking about maps, a special mention of a non-commercial/non-profit counterpart in OpenStreetMap also needs to be made. There may be differences in content and quality between the two, but they both acquire and deliver the same kind of service.

Apart from maps and among many others, there were other programmes such as (now suspended) “Google in Your Language”, where they obtained the contributions from volunteers in order to localize their products.

Even though there is no guarantee on the numerous types of ways your contributions could be used in a final output, the age old saying of “volunteer to make a better world” still stands, even in this day and age with a sense of self-satisfaction.

Tuesday, February 12, 2013

Base64 encoding and its proper use

A friend of mine recently unveiled a new version of his website. Given that I too had worked on it sometime back, I decided to check it out. The main points I looked out for was security holes, since there were numerous such flaws which I fixed years ago.  Rather unsurprisingly the password reset feature of the site had one such ‘vulnerability’. It was done anew and the method used was not the most recommended although many developers opt for it. It wasn’t a bug, but a bad implementation ready to be exploited.

The culprit was an incorrect use of base64 encoding. For me, the main uses of base64 are storage and transmission of non-secret data. Although in the case of storage it’s something like hashing binary data etc. The last part ‘non-secret’ is very important. Because if one was to use the same for ‘secret’ information, then again it’s a non-recommended use. In the above scenario that was the exact thing that happened. A piece of data which was meant to be secret and easily non-readable was sent publicly after encoding with base64. And as most developers know, it’s just a jiffy to decode base64. So what I did was decode the string value, only to find out that two values were concatenated. One value was the victim’s email and the other a randomly generated string which wasn’t that hard to identify. Then it was merely to modify the above value with a known user’s email. And voila! I could reset his/her password.

Mentioned above was how a badly implemented encoding could make your web application vulnerable. And this is not something associated with low-profile companies, but even Facebook had a similar situation which was revealed in this article at 'Hacker News'.

The remedies are many, depending on how far you’d be content with given that security isn’t a 100% achievable thing. One solution is to make the random ‘salt’ a highly cryptic value. Another is to use a well-recognized encryption mechanism. Or you could even develop your own encrypt function although security experts warn against this. A rather straightforward and often used method is to implement one-way hashing such as MD5. All this methods have their advantages and perils. It’s up to the developer to decide which is best depending on factors such as performance, importance, accessibility, etc.

Wednesday, December 05, 2012

Floating for lifesaving

I’m sure most of you would have read/heard/watched the story of four divers getting swept away by a current in the sea off Mount Lavinia recently. Rather miraculously, all four were found nearly after 24 hours. When interviewed, the divers told the media how they kept floating for more than a day at sea.

There are few important lessons that could be learned thanks to these individuals' endurance. One, don’t swim against a current. It’s a waste of energy and you’ll ultimately end up tiring yourself and get cramped (and eventually drown, if no help arrives). Two, stay calm. Because you are in the middle of nowhere and panicking will not help. Three, float. Don’t swim. Why? Again because you’re in unknown territory and not sure whether you’ll reach a land or a safe place. Hopefully, your endurance holds-up and help arrives. But since it’s not a very energy-consuming exercise, you may even swim slowly towards a marked direction.

What do they mean by float? Do we just float like that? Answer is no. You’ve got to learn, relax & practice it. Technique-wise you’ll need to master the kicks and build-up endurance. This is where basic lifesaving lessons could help. I often see swimming classes advertised in papers, websites etc., stating all the strokes in the world. But in a scenario as above, all the swimming in the world may not be the most needed or appropriate. So I propose that every coach should stress on teaching floating techniques to their students. I’m not rejecting the need of actual swimming. But lifesaving methods should be treated as a life skill as far as I’m concerned.

Tuesday, July 24, 2012

A layered Transport Model

Traffic seems to be growing in the country, especially in the capital and suburbs. Increasing number of vehicles and roads that are unable to accommodate them are the main reasons. The inevitable factor of undisciplined drivers & pedestrians does exist too. But the lack of infrastructure stands out. There ought to be short-term and long-term policy brainstorming being performed somewhere out there, but with unseen results. So, I have visualised a transport model, if anyone's interested in taking my 'five cents'.

The best way is to study how some countries have successfully curbed traffic congestion. Once, I met a person who worked in Italy, and he was telling me that they had planned their cities a long time ago as a 'layered' plan. I don't know whether this is correct as a fact, but some evidence can be seen. What I propose is something on the same lines, because widening existing roads or building new ones aren't always feasible, given that we are a developing nation and rely highly on foreign monetary assistance. Not to mention the scarcity of available lands. Well, we do need financial assistance, but whatever infrastructure built needs to be sustainable or else we'll end up in a similar situation a few years down the line.

When the Dutch built a canal system in Colombo, it couldn't have been a part of a long-term plan, but may be because they thought of it as the most viable transportation system suitable for the geography of the area. After all this was an era with no fuel-driven vehicles. In my plan I propose these existing waterways be utilised for transport. A project was kicked-off two years ago, but hasn't lasted long. I think the publicity and popularity it received was not enough, for otherwise the system was a very low-cost transportation method. Mind you, safety and health matters need to be taken care of too. But these type of waterways are utilised immensely in developed countries.

The other issues are with roads and railroads. I propose a merge. How? There are two ways: subways under the existing roads or elevated railway lines over the existing roads. This provides for maximum utilisation of land and infrastructure since what we are talking is a 'vertical' approach as opposed to the orthodox 'horizontal' approach.

 A subway

 An overhead (elevated) railway

This of course has been implemented in many countries as seen in the pictures above. If all three layers (subway, highway, overhead) could be implemented in one alignment that would be an ultimate solution. I even propose that overhead railways or roads be built over existing waterways, thereby making use of them both. If the costs involved are deemed to be high, still it is much sustainable than our current solutions. My point is a layered approach and not necessarily everything what I've highlighted here. But if any decision-maker is willing to extract something of this that seems to be practical and feasible, be my guest.

The model - illustrated