Sunday, August 13, 2017

Ride Share Boston

Ride Share Boston

Visit http://rideshareboston.blogspot.com/ to learn about become a driver for Lyft and Uber. Find some promo's there to sign up with.

Monday, May 11, 2015

DSC Construction - Haverhill, MA

Check out this new website about construction services in Haverhill, MA DSC Construction.

Monday, January 19, 2015

Bitcoin USD

I just launched a new website called Bitcoin USD. This website will talk about anything related to Bitcoin!

Wednesday, January 7, 2015

Wednesday, December 10, 2014

Web & Mobile Privacy

Web & Mobile Privacy

Adam Cox

University of Massachusetts Lowell
Lowell, MA 01854
Adam.Cox9@gmail.com

Abstract

Privacy on the web and on mobile devices is a growing concern. More people are sharing more aspects of their lives on their mobile device and the web without knowing exactly what can happen. This paper will identify the general “privacy” problem; provide some specific examples where the web & mobile users’ are at risk; and attempt to identify some potential solutions.

Introduction

“Privacy is considered a core value in democratic societies and is recognized either explicitly or implicitly as a fundamental human right by most constitutions of democratic societies. [2]” There is no clear definition of privacy. Several different sources have somewhat similar but different definitions of privacy. It is viewed by some researchers [7] as either “the right to be left alone” or “the right to control what information is known about them.” Further, other researchers state a similar definition by [2] defining privacy in two aspects, “informational privacy” and “spatial privacy”. One really good question was asked [7]: “Is privacy one of the unalienable rights to all citizens?” If it is, then there are mobile & web privacy related issues that need to be taken into deep consideration. It is, indeed, implied [2] that privacy is a core value in democratic societies.

There has been research [7] into the foundation of privacy rights. US laws are built upon the principles stated in the Constitution, Declaration of Independence & Bill of Rights. However, there was no direct mention of the term privacy in either the Constitution or Declaration of Independence [13]. The US Bill of Rights [16] states that “private property [should not] be taken for public use, without just compensation” in Amendment V.

The laws that do exist are considered a patchwork and some are not fit for the web and mobile devices [7]. Further, it is suggests that the laws will become too complex and possibly ineffective. There is an abundance of laws related to privacy, but no general law. Further, research suggests that a general law will not be effective either [7]. There is one solution put forth that will break up a general privacy law into realm levels with guidelines in each realm and that would be more effective [7]. Google’s new privacy policy has a one size fits all solution and a sub-privacy policy for specific services that either extend or overwrite the general policy [17]. Google’s method appears to be appropriate and the US in its’ entirety should make a general privacy policy with some policies that override it for specific situations. This is similar to the idea put forth by [7].

Current Privacy Laws

Most states have enacted laws to require companies to notify customers that their personal information has been breached. According to Anton, Earp, & Young [10], they concluded that it is plausible that these laws made it so more breaches were reported. This data can be visualized in [10].

The US has some privacy related laws [7]:

The US Constitution (Amendment IV) secures the right of the people to be secure against unreasonable search and seizures
Privacy Act of 1974
Computer Security Act of 1988

In 1998, the FTC recommends five Fair Information Principles [6]:

Notice/Awareness
Choice/Consent
Access/Participation
Integrity/Security
Enforcement/Redress

The EU has privacy protection laws [2]:

EU Data Protection Directive 95/46/EC - codifies general privacy principles
EU Directive 2002/58/EC - sets out specific rules for privacy protection in the electronic and mobile communications sector.

Security freeze laws were put into place allowing users to prevent any accounts being opened in their name. According to [11], Alabama, Michigan, and Missouri have not yet adapted a security freeze law, but since this paper was published, Missouri has passed such a law. However, the consumer agencies allow anybody from any state to set a security freeze on their account [10].

The HIPAA Privacy rule establishes national standards to protect individuals’ medical records and other personal health information [12]. There is no general law that forces companies to notify its’ customers of their privacy practices other than medical related information. There are many federal and state laws that are related to the privacy of users’ data [13].

User Concerns

A study performed [10] revealed issues in the following classifications - personalization, notice/awareness, information transfer, information collection, information storage, and access/participation.

The top concern was information transfer, followed by notice/awareness, then information storage and access/participation; the fifth top concern is information collection and finally the least concern is personalization [10].

Personalization is when a website changes based on the users behavior. Even though this is the least of users’ concerns, users were concerned about personalization in 2002 and even more in 2008 [10]. This could be from the users’ perceived feeling of being a victim of the websites targeting.

It was stated [2] that “privacy can only be effectively protected by a holistic approach comprising both legal and technical means of protection.”

Common Threats

“New users of the Internet generally do not realize that every post they make to a newsgroup, every piece of email they send, every [WWW] page they access, and every item they purchase online could be monitored or logged by some unseen third party. [1]”. Whether it will be from their mobile device or their desktop computer, it is evident that users are at risk.

“Long-term databases threaten your ability to choose what you would like to disclose from your past. [1]” A post that you made after a few drinks when you were 21, could come back to haunt you at your job when you are 30. Further, advanced search technology could turn up a post or picture of you that maybe a family member or friend posted in the past without your knowledge or permission. This may cause harm at your place of work or in a relationship. Other problems include sites that allow anybody to locate another person’s address online. This could allow stalkers or an ex to identify and locate their victims.

There have been many specific examples of government employees abusing government databases of information [1]:

IRS employees making illegal queries
SSA employees making illegal queries
AIDS patients records have been leaked
The FBI has been known to spy on politicians
The NSA has been known to spy on other domestic targets
Bill Clinton’s Democratic administration was found to have unauthorized secret dossiers on Republican opponents

Vulnerabilities

Mulliner [9] found that private information would be sent to the websites that the user visited through the HTTP proxy headers. They concluded that the mobile network carriers appended this information instead of it getting sent directly from the phone. They showed a detailed example of how the MSISDN number is getting sent out which contains the user’s phone number. They showed that a website could collect this information and, in some cases, perform a reverse phone number look up. The “reverse phone number look up” reveals information such as first & last name and sometimes the users’ address. The solution presented [9] is for the mobile network operators to not inject this data into the headers. Alternatively, the data would only be included in the mobile carrier network and only be sent to currently authorized third parties. The user has no way to prevent this from happening.

Some security vulnerabilities were presented [8] in accessing social networks from mobile phones in which private information can be accessed by a third party. Three classes of privacy and security problems associated with mobile social networks were identified:

Direct anonymity issues
Indirect or k-anonymity issues
Eavesdropping, spoofing, replay, and wormhole attacks.

Further, [2] stated that “the current development of technologies has neglected to maintain the protection of individuals’ sovereignty over his/her private sphere and particularly individuals control over personal data that the real non-electronic world naturally and culturally provides.” Users are more vulnerable using web & mobile technologies and the laws have not adapted properly.


Tools & Solutions

The Platform for Privacy Preferences (P3P) [3] protocol would allow websites to publish their privacy policies in a machine readable format. The browser of the visitor could then read this and compare it to the user’s settings. The drawback to this method is that there are no laws or regulations forcing websites to adhere to this policy if they use it [2].

Other tools, such as PiML would control the dissemination of a User Agent profile. The User Agent profile includes information such as location. PiML could be run as a proxy-based solution or browser built-in solution [2].

There is also a PRIME project, which is working on solutions that will provide users control over their personal data. It will also allow users to trace where the data about them is being sent [2].

Conclusion

Through the research presented in this paper, it is shown that privacy threats exist on the Web and on Mobile Devices. These threats were identified and a summary of them was presented. It was also shown that there are some ways to potentially prevent some of these threats either through individual or collective means.

References

[1] I. Goldberg, D. Wagner, E. Brewer. “Privacy-enhancing technologies for the Internet” http://www.cs.berkeley.edu/~daw/papers/privacy-compcon97-www/privacy-html.html

[2] S. Fischer-Huebner. “Privacy Risks and Challenges for the Mobile Internet”

[3] W3C, Platform for Privacy Preferences (P3P) Project, http://www.w3.org/P3P/

[4] The Privacy Act of 1974 http://www.justice.gov/opcl/privstat.htm

[5] The Computer Security Act of 1987
http://www.cio.gov/documents/computer_security_act_jan_1998.html

[6] FTC, Fair Information Practice Principles
http://www.ftc.gov/reports/privacy3/fairinfo.shtm

[7] C. Purchell, J. Zhan. “Adapting US Privacy Laws to the Internet: Is Patching Enough?”

[8] A. Beach, M Gartrell, R. Han. “Solutions to Security and Privacy Issues in Mobile Social Networking”

[9] C. Mulliner. “Privacy Leaks in Mobile Phone Internet Access”

[10] A. I. Anton, J. B. Earp, J. D. Young. “How Internet Users’ Privacy Concerns Have Evolved since 2002”

[11] Missouri Attorney General. http://ago.mo.gov/ConsumerCorner/blog/10407/Credit_freeze_may_become_law_and_cheaper_in_Missouri/

[12] US Department of Health & Human Services, HIPAA Privacy Rule. http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html

[13] Information Shield, United States privacy Laws. http://www.informationshield.com/usprivacylaws.html

[14] US Constitution, http://www.house.gov/house/Constitution/Constitution.html

[15] Declaration of Independence, http://www.archives.gov/exhibits/charters/declaration_transcript.html

[16] Bill of Rights, http://www.archives.gov/exhibits/charters/bill_of_rights_transcript.html

[17] Google, Policies & Principles. http://www.google.com/policies/privacy/preview/

Tuesday, November 18, 2014

Longest Related Keywords

I saw this list of keywords for a single job post on Craigslist. It is so exciting, that I had to copy and paste it here: web developer, front end, Ember.js, Angular.js, Batman.js, ExtJS, front-end, frontend, User Experience, UX Developer, UX, Java, UI developer, User Interface, HTML, XHTML, HTML5, JS, JavaScript, CSS3, SASS, CSS, AJAX, DHTML, Front End, Web, JQuery, Jekyll, Middleman, model-view-controller, Node.JS, JS, JavaScript, Java Script, web developer, inheritance, OO, object oriented, object-oriented, Backbone.js, SproutCore 1.x, Sammy.js, Spine.js, Cappuccino, Knockout.js, Jackrabbit, Javascript MVC, Google Web Toolkit, Google Closure, Scriptaculous, mootools, front end, front-end, UI developer, User Interface, HTML, XHTML, HTML5, JS, JavaScript, CSS, AJAX, DHTML, Front End, Web, JQuery, oracle, Python, Django, Ajax, MVC, Backbone.js, programmed, programmer, developer, development, developed, engineer, engineering, engineered, coder, web, web app, web application, Java, .NET, C#, ASP.NET, Oracle, PHP, software engineer, developer, principal, lead, architect, architecture, inheritance, OO, object oriented, object-oriented, HTML, XHTML, HTML5, JS, JavaScript, CSS, AJAX, iOS, Objective-C, Linux, Unix, JavaScript, HTML, CSS, Java, J2EE, ipad, iphone, android, DHTML, Front End, Web, JQuery, contract, contractor, consultant, java server pages, oracle, ATG, ecommerce, e-commerce, Python, Django, MySQL, JS, JavaScript, Java Script, web developer, XML, Desktop, Web, WPF, Windows Presentation Foundation, SQL Server, SQL, Silverlight, programmed, programmer, developer, development, developed, engineer, engineering, engineered, coder, web, web app, web application, client server, source code control, ASP, ASP.NET, VS, Visual Studio, software engineer, WCF, windows communication foundation, SSRS, SQL Server Reporting Services, j2ee, java, java, pojo, spring, springs, plsql, pl-sql, pl/sql, database, oracle, Sql server, hibernate, seam, programmed, programmer, developer, development, back-end, backend, server side, server-side, stored procedures, developed, engineer, engineering, engineered, triggers, data, database engineer, coder, java developer, j2ee developer, java engineer, j2ee engineer, software engineer, eclipse, struts, struts2, seam, SVN, python, opensource, open-source, perl, ror, django, ruby on rails, subversion, JDK, JBoss, Oracle, PLSQL, PL/SQL, PL-SQL, web, web app, web application, PL/SQL, Cognos, AJAX, Cognos ReportNet, EJB 3, Oracle, UNIX, Flash, HTML 5, CSS, JavaScript, JSF, JSON, XML, Java Server Faces, Eclipse, JBoss, Facelets, Saas, software as a services, Coherence, JUnit, TestNG, REST, BlazeDS, Maven, SOAP, PHP, PHP5, CodeIgniter, CakePHP, Cake.PHP, MVC, Web Developer, Web App, Web Application, ajax, phpTransformer, LAMP, architect, architecture, lead, principal engineer, lead engineer, software architect, C#, .Net WPF, WCF, C#, .NET, JS, JavaScript, ASP, ASP.NET, MVC, .NET 4.0, analytics, database developer, database engineer, SQLServer, SQL Server, database, Analytics Server, SQL Server Developer, middle tier, middle-tier, backend, back-end, informatica, ActiveReports, Actuate, Business Objects, Cognos, Crystal Reports, MicroStrategy, Oracle Reports, QlikView, Stimulsoft Reports Telerik Reporting, Computer Science, Computer Engineer, MIS, Web, Web-based, Oracle, SQL Server, Object Oriented, Software, C#, .Net WPF, WCF, C#, .NET, JS, JavaScript, ASP, ASP.NET, MVC, .NET 4.0, brio, hyperion, cognos, crystal reports, crystal reporting, Cognos, Crystal, MicroStrategry, Crystal Reports, JQuery, Stored procedures, Triggers, Functions, Triggers, ETL, T-SQL, VS, Visual Studio, SQL Server, programmed, programmer, developer, development, developed, engineer, engineering, engineered, coder, web app, web application, SQL Server 2008, WCF, Windows Communication Foundation, HTML, CSS. ASP.NET, ADO.NET, webforms, winforms, software engineer, software engineering, SSIS, SSRS, sql server reporting services, sql server integration services, HTML5, HTML 5, NHibernate, ORM, Ajax, MVC, Backbone.js, IOC Containers, StructureMap, ninject, entity framework, SQL Server Reporting Services, SSRS, SSIS, SQL Server Integration Services, ssps, sharepoint, moss, SSI

Wednesday, October 22, 2014

Two (more) Problems with Bitcoin

Bitcoin has huge potential. The biggest benefit is getting rid of the banks fees on transactions. A lot of the problems that are talked about are not really problems. Two problems that I see with it is the lack of bitcoin spending getting reported on credit reports and being able to spend borrowed bitcoin like people spend with borrowed money on credit cards. These two issues are never spoken of. I have not heard anybody mention these two problems and therefore nobody has coined :) a possible solution. These are the two barriers that prevent me from using bitcoin from all of my purchases. Well, that and most places do not (yet) accept bitcoin. If I could get a Bitcoin credit line that reports my spending to the credit bureaus, I would use it all of the time. Having a spending history on your credit report is important when you go to apply for new credit. Creditors want to see that you have borrowed money and successfully paid it back. Being able to borrow money is very important. For some, it is the only way to get ahead and start a business of their own.

Bitcoin

Saturday, September 6, 2014

Multi-touch System that I Have Known and Loved

Overview

This paper presents answers from Bill Buxton to some general questions that people asked him. Further, it goes into the history of multi-touch systems dating back to the early 1980’s. A lot of interested parties asked Bill Buxton questions about multi-touch since he has been involved in the topic for a number of years.

Chronology of Systems

There were many interactive devices listed in this paper that were multi-touch systems, but not a standard flat screen device that most people think of when they hear “multi-touch”. One good example is the electroacoustic music device they listed. It was not well implemented, but a device could be created where the input affords the sounds better than a standard keyboard.

Physical vs. Virtual

Bill Buxton was discussing that the virtual devices may not be ideal compared to real physical devices. This is definitely a con when thinking in terms of a flat multi-touch screen. For example, if a user was to play a race car game, a real physical steering wheel, like they have on the Wii would probably be superior than a virtual steering wheel on the flat screen. Another example is an MP3 player that can be paused or volume changed with one hand while the device is still in a pocket. A pure touch screen would prevent such a thing. A pure touch screen MP3 player may cause some problems for someone at the gym versus them having one with physical controls that they can interact with one hand while the device is strapped to their arm.

Discussion
  • Physical vs Virtual
  • Something more than just visual feedback
  • “Everything is best for something, but worst for something else”
  • A screen that can move up & down so that the screen was not flat
    • could get feedback with your eyes closed.

Wednesday, March 13, 2013

Random Thoughts

Random Thoughts: If everyone wanted to be an individual then would everyone be conforming to that idea.

Thursday, June 14, 2012

Android Google Checkout Error

Logging into my Google Checkout account has been giving me an error for the past hour or so.

Tuesday, June 12, 2012

Pandora Public Profile

This is interesting: Pandora Public Profile for Adam Cox.

I would like to see more social networking features on Pandora. I would spend more time on there than Facebook!

Monday, June 11, 2012

WebGL: INVALID_VALUE: enableVertexAttribArray: index out of range

Google Chrome Warning: WebGL: INVALID_VALUE: enableVertexAttribArray: index out of range I was not using the normals in my WebGL application, so I removed these lines and the warning went away:
shaderProgram.vertexNormalAttribute = gl.getAttribLocation(shaderProgram, "aVertexNormal"); gl.enableVertexAttribArray(shaderProgram.vertexNormalAttribute);

Tuesday, June 5, 2012

Rap Beats Pro

The Rap Beats Pro application can now be found on Amazon:

Tuesday, May 29, 2012

WebGL Examples

Here is a new blog with WebGL Examples. It has a list of most of the best sites on the web that were written with WebGL.

Sunday, May 27, 2012

Updating Eclipse Android ADT

An error occurred while collecting items to be installed
session context was:(profile=epp.package.java, phase=org.eclipse.equinox.internal.p2.engine.phases.Collect, operand=, action=).
Multiple problems occurred while downloading.
HTTP Server 'Service Unavailable': http://ftp.ussg.iu.edu/eclipse/releases/indigo/201202240900/aggregate/plugins/org.eclipse.wst.common.frameworks_1.2.102.v201201190400.jar.pack.gz
HttpClient connection error response code 503.
HTTP Server 'Service Unavailable': http://ftp.ussg.iu.edu/eclipse/releases/indigo/201202240900/aggregate/plugins/org.eclipse.wst.common.frameworks_1.2.102.v201201190400.jar
HttpClient connection error response code 503.
Multiple problems occurred while downloading.
HTTP Server 'Service Unavailable': http://ftp.ussg.iu.edu/eclipse/releases/indigo/201202240900/aggregate/plugins/org.jboss.netty_3.2.4.Final-201112281337.jar.pack.gz
HttpClient connection error response code 503.
HTTP Server 'Service Unavailable': http://ftp.ussg.iu.edu/eclipse/releases/indigo/201202240900/aggregate/plugins/org.jboss.netty_3.2.4.Final-201112281337.jar
HttpClient connection error response code 503.
HTTP Server 'Service Unavailable': http://ftp.ussg.iu.edu/eclipse/releases/indigo/201202240900/aggregate/features/org.eclipse.egit_1.3.0.201202151440-r.jar
HttpClient connection error response code 503.
HTTP Server 'Service Unavailable': http://ftp.ussg.iu.edu/eclipse/releases/indigo/201202240900/aggregate/features/org.eclipse.wb.layout.group.feature_1.3.0.r37x201202060028.jar
HttpClient connection error response code 503.

Thursday, May 3, 2012

Multi-touch: Final Presentation

Original Goal for the Application

The original goal for the application was to have a realistic bow and arrow that will shoot at a moving target.

Related Work

This application is a pretty straightforward game where a user has a ship that will shoot at a target out in space. There are several classic space shooter type games and some more modern games that are similar.

There is one game called “Gridwars” that is an interesting game. It has moving targets moving around a grid and when the bomb button is pressed, the grid moves in 3D destroying nearby objects.

There is a multi-touch “space wars” game where users are shooting things at each other (http://www.youtube.com/watch?v=U2NIZV8xqnY). There is a galaxy spinning in the background.

Lessons Learned During Project Implementation

It is time-consuming to get a project working appropriately with MS Visual Studio and C# for the MS Surface. This is the first time I worked with MS languages and tools, but it was similar to Java. Still, I mostly work with web programming languages and this is different.

It is time-consuming to get objects to appear to look like they are getting shot in 3D into a wormhole or black hole type structure. This version of the game is just making the shooting bullets move (kind of) towards the center and shrinking as they are moving away from the ship that is shooting them. It is extremely generic, but it would be a difficult task to implement the actual physics that I was looking for. This gives the general idea, however.

A good simple solution that would solve the problem of shooting missiles into a wormhole and look realistic would be to make a grid of missile sizes and directions that would map to the coordinates of the screen. Then, each update of the screen, the missiles would move and adjust size and that would make it more realistic. I’m sure there is also some algorithmic formula to move the missiles according to the physics of a wormhole.

Application Designed for the Surface

The application that I designed for the Surface is a simple two player game where the user controls their ship by moving it back and forth. The ship will automatically shoot bullets into a wormhole at a moving target. I tried to make it look like the bullets were falling into the wormhole and the target was moving around the wormhole.

The object of the game is for the two players to hit the target as many times as possible in a chosen time frame. There is a high score board so that the players can try to beat their past scores.