Thejesh GN » security

RTPM – Real Time Productivity Monitor

Thejesh GN — Wed, 07 Jan 2009 08:34:09 +0000

RTPM^TM – Real Time Productivity Monitor^PP is productivity monitoring tool which runs on your resources computer to monitor the productivity. It helps your resources to see their RTPI^TM Real Time Productivity Index^PP so that they can increase their productivity index.It keeps track of the productive work and helps you in estimating cost, average RTPI etc. Below are some features of the application.
Features
1. It runs on all Windows Machines in background.
2. It keeps track of the software used by the resource
3. It categorizes the software used into productive and non productive software. Using this categorization we can calculate the effort.
4. It monitors the keyboard, mouse and hard disk usage while calculating the productive time.
5. It can distributed (auto installed) on your resources computer using any existing methods.
6. There is an option to Quarantine (
u need admin to unlock) if the RTPI goes below specific level and its real time.
7. It monitors the mails,IM messages, word, excel including your IDE contents. The system includes a centralized server with adequate AI to decide if the message/content is productive/non-productive. Hence the time spent on non productive messages will not be used in RTPI calculation.
8. When monitoring the browsers it can even log up to the level of websites. The centralized server determines if the website productive or non productive.
9. All the monitored data gets uploaded into centralized server for enterprise level calculation.
10. Comes with a powerful reporting engine for any kind of monitoring report you want.
11. It has a centralized server (web service) which has the software category information.

Technical Details:
1. Uses windows API and .Net for client side technologies
2. Uses webservices to communicate with centralized service
3. Server side components are built in Java and Other open source components. It will bring down the deployment costs.

Business Model:
1. License fee for each of the deployment ( $1 for a machine)
2. Access fee to the centralized sever ( similar to Amazon Web Services) $1/1000req
3. Maintenance and support

Next step:
1. Now start coding…
2. Find MBA to write business proposal and to find a VC.
3. Find a KPO or IP lawyer for patenting the algo
4. Find a sales guy to market
5. Find a banker to go IPO
6 Make an Exit plan
7. Sell the company

PP: Patent Pending

Trigger :

Recession. It looks like every company on earth wants to increase the productivity by hook or crook. If products like this can find a market then why not RTPM?

oAuth Explained With An Example

Thejesh GN — Wed, 02 Jul 2008 08:58:48 +0000

The problem with using more and more social networks is with every social network you join you need to create profile then invite friends. There is no way to carry your data from one network to another network with out a hitch. Few smart people have already started working on this issue of DataPortability in detail. So lets not worry about it.
In the mean time few web apps have given users an opportunity to share the data. Take an example of adding all your Gmail contacts into Orkut. Login to Orkut and then enter your gmail id/password to invite all your contacts. This seems OK since both Gmail and Orkut is owned by the same company. Your id/password *does not* leave Google.

Where as the same model is used by LinkedIn to add your professional contacts. You need to give your userid/pw details of gmail/hotmail to add the contacts. This doesn’t seem OK even with their promise of privacy and purpose.

Now how would you achieve this with out sharing the credentials?

oAuth
An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. oAuth is not not a new concept. It is similar to your Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, Amazon Web Services API but more open and not proprietary.

How is it more safe?
Think you are a couchsurfer and you have a guest at home. You feel good to have a guest at home and you want him to enjoy his stay. Since your and your guests timings are not matching you like to give him key of your home. So he can manage when you are not around.But this key is a special key and not your regular (master key) key. With this key your guest can enter your home and kitchen but not your bedroom. oAuth works on similar principles.

How does oAuth work ?
Lets not get into dry details of protocol. Lets see how the protocol works with an example flow. The case study includes social bookmarking sites magnolia and delicious. Their interaction with Nsyght.

Nsyght pulls your bookmarks from your delicious and magnolia accounts and creates a search engine out of it. To pull the bookmarks on daily basis it needs to log into your magnolia/delicious account. For which you either need to share the credentials or implement oAuth. Lets see how its done.

Delioious doesn’t implement oAuth hence for Nsyght to pull your bookmarks it needs your userid/pw. Nsyght stores your userid/pw for future use.

Lets see how ma.gnolia does this. Magnolia has oAuth implemented. At Nsyght just click authorize.

Here magnolia is the service provider and Nsyght is the consumer. Nsyght sends a request to magnolia to authorize the request.

Magnolia will force you to login. Ma.gnolia uses another standard OpenId for login feature. Once you login to magnolia using correct userid/pw then it will take you to authorize page.

Where you can authorize Nsyght to access the your magnolia bookmarks. Once done it returns to Nsyght.
Now at Nsyght you can see that your Nysght account as been authorized to access your magnolia bookmarks. And your Nsyght account doesnt need any other details for accessing your magnolia accounts.

For a developer this is more complex. The oAuth protocol exchanges oAuth keys for authorization between the service provider and consumer. Where consumer can have limited access to the resources using oAuth access keys. If you are a developer you need to read oAuth Spec to get more details or wait for my next blog post.

What is open id?

Thejesh GN — Thu, 21 Jun 2007 08:08:00 +0000

Here is very good presentation by Simon about OpenId. It explains everything about OpenId a common user should know. Its big but very simple and direct.

How to erase sensitive files or delete files permanently

Thejesh GN — Mon, 18 Jun 2007 08:29:00 +0000

If you want to delete files permanently from your computer. What do you do ? Do you use shift + del? Well shift delete does not erase the file from your hard disk. It just removes the file from file table hence your OS can’t find it. But the data is still there on the disk. The best method to remove sensitive data is to erase using eraser.

What is eraser?
Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP, Windows 2003 Server and DOS.Eraser is Free software and its source code is released under GNU General Public License.
The patterns used for overwriting are based on Peter Gutmann’s paper “Secure Deletion of Data from Magnetic and Solid-State Memory” and they are selected to effectively remove magnetic remnants from the hard drive.
Other methods include the one defined in the National Industrial Security Program Operating Manual of the US Department of Defence and overwriting with pseudorandom data. You can also define your own overwriting methods.

Download Eraser | FAQ on Eraser

Openid problem with delegation

Thejesh GN — Fri, 15 Jun 2007 04:37:59 +0000

I have openid from myopenid.com . The open id url is thejeshgn.myopenid.com. I use delegation and use thejeshgn.com as the open id url. But something going wrong today. I am not able to login to few of my regular services like
http://www.dopplr.com/openid
http://ma.gnolia.com/signin
http://jyte.com/auth/login

But I am able to login to some other services like
livejournal.com
productwiki, and few self hosted wordpress blogs.

When I try to login to first set of sites. It does not even take me to myopenid.com login page. The error usually I get is timeout or open idserver does not exist. Which means the consumer is failing to read the delegation info. Is anybody facing the same problem?

Example error from Jyte ” Connection timed out attempting to contact your OpenID server”
There are more updates below:

Update1: Since morning it was not working. Strangely it started working now. Any idea?
Update2: Logged off and tried to login to Jyte again. Now I am not able to. Its very strange.
Update3: I got replies from all (jyte,ma.gnolia,claimid). It was problem with my header setting. One of the setting earlier as said by myopenid help section was
content="http://www.myopenid.com/xrds?username=youraccount.myopenid.com" /> Changed now to
Thanks to Brain from Jainrain for this help. Probaly they need to update that help section.
Update4 [Thursday, June 14, 2007 at 05:42:05 GMT]: No its something beyond that. As usual the new solution works with live journal and doesnot always work with other sites like Jyte or ma.gnolia.
Update5: Sometime in the after noon I was able to login. But now I am not able to. But I am still able to login to livejournal and wikitravel. Is it because they have a different type of implementation?
Updare6 [Thursday, June 14, 2007 at 10:26:05 GMT]: Is it the problem with my wordpress implementation? the same meta and link headers I have on techmag.biz ; from there I am able to login in. my wordpress could be the problem?
Updare8 [Thursday, June 14, 2007 at 11:00:05 GMT]: A little debugging tells me that its actually problem with the wordpress but the problem with my Theme. When I use the default theme it works well. But when I use SouthRiver theme. It does not work. So I will continue taking that as my starting point.

Updare7[Thursday, June 14, 2007 at 13:00:05 GMT]:I did some debugging. Now I am almost confirmed that SouthRiver theme is responsible for it. But I love this theme. I am keeping it. I need to run this theme locally on my laptop to see what exactly is wrong

openid openid problem myopenid SouthRiver wordpress

How to store passwords

Thejesh GN — Thu, 14 Jun 2007 08:30:00 +0000

Chris talks about storing the passwords. He introduces to online password service called passpack. The passpack service is free. It uses AES encryption algorithm to store your passwords on their server.It has many other features like anti phishing etc.If you want to store your passwords online then this could be a good place.Follow their blog to get more info on passpak and in general secure passwords.

How to choose passwords

Thejesh GN — Mon, 16 Apr 2007 15:52:00 +0000

Nowadays people are more online than ever before. Internet is as important as your mobile phone today. We are the “connected humans” of the 21st century. One of the basic aspects of being online is the ‘username’ & ‘password’ funda. This aspect has been around almost as long as computers themselves. So I decided to start my blog by talking about passwords. I’ll be talk about passwords in general, how to create strong passwords (ones that can’t be easily cracked), and most important of all, remembering them.

Lets face it, most of the time in the name of creating a uncrackable password, we create something that looks straight out of some script from a forgotten civilization. We easily forget such passwords in a couple of days. Finally to avoid going through the “forgot password” process, we more or less settle down for simple passwords.

Although nowadays we have alternate ways of logging into our computers (fingerprints, iris scan, etc. ) , getting online still needs a username & password. Websites typically recommend passwords of minimum 8 characters long and contain atleast one upper case letter, one number and one punctuation character. With all this I typically go around creating my passwords are as follows -

Pick up some words that have some unique memory associated with it. For example, I have a friend who had named her cat “Tan Thita” after the mathematical symbol “tanθ”. The fact that a cat was given such a name is what made that memory unique. That’s one word. Next I pick some word that’s associated to the first one, like “feline”. Notice how I selected a word that’s strongly attached to the first word. Something like “purr” can also e selected but then you have to link “tan thita” to “cat” to “purr” which is a bit longer linkage for me. Now you can again go ahead and select a third word, say, “dog”, or we can go ahead with only two words we just selected.
Pick 3 – 4 characters from each word – “Tan” “Thi”, “Fel” or “Feli”, “dog”. Now just concatenate 3 of these words while keeping the starting of each part in uppercase – “TanThiFel” or “TanFelDog”…. the list can go on. If you see the final word that’s created is already exceeding the minumum size of 8 characters.
Add a number and a punctuation to this word. Or alternately, replace one or two characters with a number and a punctuation. For example “TanThiFel” can be changed to “Tan1ThiFel+” or “Ta1ThiFel!”. If you carefully notice the number and punctuation are somewhat related. In the first word “Tan1ThiFel+” the key for number “1″ is the lefthand-most number in the keyboard and the “+” sign is the righthand-most key in the same row. If you take the second word, “Ta1Thifel!”, instead of adding “1″ I replaced “n” with “1″ and added a punctuation character at the last that’s from the same key as “1″.

There are a gazillion ways to create strong passwords using simple ideas like these. For me the main motive is that I must be able to remember my passwords while keeping them strong enough to avoid them getting cracked. I typically use 16 character passwords since it is much more difficult to crack them than 8 character ones. If you too want to use 16 character passwords, just extend the password rules to 2 upper case, 2 numbers and 2 punctuation marks instead of one of each.

Happy passwording ;) :D

- Vinay.V