A couple of months ago I read the novel Digital Fortress by Dan Brown the celebrated author of Da Vinci Code. The novel is about a system built by National Security Agency (NSA), the top security agency of US government, how they gather intelligence in the internet world and the effort and resources put by NSA in doing all this. They built a system so powerful that it was able to monitor all the packets going from one device to another device on the internet in USA and use data mining tools that can lead to cops arriving at your home if you have sent a mail to a friend of yours which might be a joke that says "Lets kill George W. Bush on next Thursday". The processing power and tools required to do this kind of stuff is unimaginable by a normal citizen. But then the government has access to the largest funds in the country and it can source talent.
I was wondering if they really do something like this. If yes, are other governments doing this as well?
The answer to this is a big Yes. A few days ago I happened to attend a conference in Mumbai organized by Indian Banking Association on Banking security. I listened to a good set of speakers on various topics. One of the speakers was from Indian government Ministry of Home affairs, Directorate of Forensic science. He talked about the usual things in forensics, some steganography and then about the real thrilling and chilling stuff.
Here's the story:
Indian Government has the infrastructure that actually collects all the data from all the 8 ISPs in the state of Andhra Pradesh (may be other ISPs in all other states as well) in real time and send it to them. They have the capability of mining the data and taking decisions on the basis of that. So if you thought that you are at your office or home, sending mail to your business partner or girlfriend in total privacy with sufficient measures at your end like updated antivirus, updated anti-spyware, well configured firewall and very good security practices then you cannot be more wrong. Of course you knew that ISPs have all the data and law enforcement agencies could make use of that data any day but there is a difference in getting that data on demand and on need basis and getting it in real time. What would happen if there is no restriction on access to this data? Won't it be abused? One of my favorite lines to describe the situation is "Who will watch the watchers?".
When asked about use of tools like Tor to circumvent this kind of stuff he did not really respond. NSA also does this kind of stuff and uses softwares like carnival and magic yantra for the purpose.
Sunday, July 15, 2007
Saturday, March 24, 2007
Super Rapid Application Development
Many a times I have felt that development of applications takes a hell lot of time and by the time the development is over some requirements change. Most of the times requirements are not clear and neither the end user nor you can help it.
You would like to deliver as soon as possible with the best quality but you need to do all the due diligence and follow the processes and that eats up a lot of time. Agile methodologies like SCRUM and Extreme Programming appear to solve this to an extent but again not very good.
I have tried using small time code generators and found them to be of some help. Unfortunately they fail when requirements are little complex. I have used PHP Maker in few cases and found it to be good.
During my college days I read about Model Driven Architecture (MDA) from Object Management Group (OMG). Applications conforming to MDA specifications should be able to take UML diagrams as input and give the source code as output. What I am talking of here is not the skeletal code but the complete application with all the logic built into it at the lowest level. There are many implementations from may companies that promise this. I have not seen any of them in action. Some open source tools are also available in this area where you can get your hands dirty. Some of them are StarUML and AndroMDA (pronounced as Andromeda). These tools require that you have good understanding of UML. Unfortunately I am not very strong in UML and have not been able to test these tools to the extent I would have liked to. I need to read more of UML. I will try to give a review on StarUML in some time.
There are many companies who have built their own tool conforming to MDA specifications but do not share/sell it to others. One of the tools I know of is Solution Blueprint (SBP) that is used by Zensar technologies.
I am trying to learn more on this topic. Will post more when I have something good to share.
You would like to deliver as soon as possible with the best quality but you need to do all the due diligence and follow the processes and that eats up a lot of time. Agile methodologies like SCRUM and Extreme Programming appear to solve this to an extent but again not very good.
I have tried using small time code generators and found them to be of some help. Unfortunately they fail when requirements are little complex. I have used PHP Maker in few cases and found it to be good.
During my college days I read about Model Driven Architecture (MDA) from Object Management Group (OMG). Applications conforming to MDA specifications should be able to take UML diagrams as input and give the source code as output. What I am talking of here is not the skeletal code but the complete application with all the logic built into it at the lowest level. There are many implementations from may companies that promise this. I have not seen any of them in action. Some open source tools are also available in this area where you can get your hands dirty. Some of them are StarUML and AndroMDA (pronounced as Andromeda). These tools require that you have good understanding of UML. Unfortunately I am not very strong in UML and have not been able to test these tools to the extent I would have liked to. I need to read more of UML. I will try to give a review on StarUML in some time.
There are many companies who have built their own tool conforming to MDA specifications but do not share/sell it to others. One of the tools I know of is Solution Blueprint (SBP) that is used by Zensar technologies.
I am trying to learn more on this topic. Will post more when I have something good to share.
Thursday, March 22, 2007
Replication of Visual SourceSafe
I wondered on how we can have a mutisite configuration for Visual sourcesafe (VSS) like clearcase or CVS. If not multisite capability then how can I have atleast one way replication of the VSS repository.
Thought of multiple methodologies and tools. One of the tools was source offsite that allows remote access for VSS repositories but nevertheless does not replicate the repository for disaster recovery purpose.
Then I realized that since VSS repository is not accessed via any special service, if the VSS files can be copied remotely it should do well. With this idea, I began searching for file replication tools. Found a lot of tools like rsync, double take, EMC replistor, ....
We tested a couple of tools and then decided on EMC replistor. It is robust, esay to use and advanced. Today we are able to replicate source code on a realtime basis.
Thought of multiple methodologies and tools. One of the tools was source offsite that allows remote access for VSS repositories but nevertheless does not replicate the repository for disaster recovery purpose.
Then I realized that since VSS repository is not accessed via any special service, if the VSS files can be copied remotely it should do well. With this idea, I began searching for file replication tools. Found a lot of tools like rsync, double take, EMC replistor, ....
We tested a couple of tools and then decided on EMC replistor. It is robust, esay to use and advanced. Today we are able to replicate source code on a realtime basis.
Wednesday, March 21, 2007
Trekking (Kind of...) at Belapur and Kharghar
We went for a small trek on last Saturday. Some photos below.
Subscribe to:
Posts (Atom)