30 November 2014

Corporate smartphone monitoring

First, let me get you up-to-speed on some terminology:
  • Bring Your Own Device (BYOD) : It's a policy in a company or institution which allows people to bring personally owned mobile devices (phone/laptop/tablet) and to use it to access company/institute applications/information.
  • Corporate Owned Personally Enabled (COPE): It's a policy which companies use to give employees mobile devices (phone/laptop/tablet) and can monitor and control the employee's activity to a large extent. Employees are also allowed to use the device for their personal use.
  • SIM: It's basically just an IC embedded in a plastic card (which you call SIM card) and it stores data used to identify and authenticate those who subscribe to mobile telephony (that's why it's called Subscriber Identification Module).
  • IT: The department of brilliant & hard-working people in companies/institutions, who setup and monitor the electronic and software infrastructure while at the same time, quickly identifying and fixing hardware and software problems that are reported.

Smartphone monitoring

Long back (and even today), even the garbage a person threw out of their house was examined by detectives who wanted to find out personal details of someone they were investigating (don't believe it? Have a look at what you throw into the garbage everyday).
Then came GMail and Facebook which have their algorithms for monitoring and analyzing your pictures and data and finding out intimate details about you.
But even these technologies are no match for what your smart-phone can reveal about you. Even Blackberry phone technologies have been cracked by the government.


BYOD

People are worried about BYOD because they think the company can monitor them. But an article on CIO says that not everything can be monitored. An employer will have much more important things to do (such as running their business), than monitoring personal information of their employees. It's like how Dan Brown's Digital Fortress mentioned that women needn't be worried that the NSA is going to spy on their emails and discover their secret recipe for preparing fruit jam.
However, certain surveys as mentioned in CIO, say that employees would be more comfortable if the employer clearly specified what they can and cannot monitor, and why they need to view that information. Some want it in writing, that their employer won't look at personal information.

BYOD is said to have resulted in data breaches in cases where an employee loses a phone and someone else accesses company information stored in the phone or if the employee leaves and company data is still in the phone.

Intellectual Property loss, litigations from employees about their private data and reimbursements are some of the hidden costs that an organization might incur because of a BYOD policy.

A survey also says that 44% of job seekers are more positive about an organization if it supports their mobile device.


COPE
It's a more secure and flexible alternative to BYOD, because it's a nightmare for a usually under-staffed IT department to monitor, keep track of and protect the mobile devices of employees (it's easier to impose company-wide policies). It also allows them to specify a limited set of permitted devices, which makes management easier.
The device being company-owned, the company can impose any restriction on which apps are allowed and can wipe data from a phone.

EMM solutions for COPE introduces the concept of "containerization" which enables organizations to create a separate partition which keeps corporate data isolated from personal data on mobile devices. This way, a data-wipe can be focussed on only erasing corporate information.

An organization should have a catalogue of allowed devices and app's, since allowing just about any device into the company network can be catastrophic.


Spy softwares

With softwares like MobileSpy (compatible with Android, iOS and Blackberry) on the other hand, a lot more can be monitored:
  • Screen: Viewing the actual phone's screen with a 90 second update rate.
  • Location: Locate the phone's position with GPS (the use of this feature takes up a good amount of battery, so it's almost never used, except for example, in cases where a company needs to monitor its truck-driver locations).
  • SIM info: Retrieve latest SIM information if the device is stolen or lost.
  • Wipe data & lock device: Can be done just by sending an SMS to the phone.
  • Text and messenger message logging: Every message is logged, even if deleted from the phone.
  • Social networking logs: Activity from Facebook and WhatsApp can be logged.
  • Youtube videos: Log which videos are watched.
  • Apps installed: Lets you see which apps are installed.
  • Web activity: All website URL's are logged.
  • App blocking: Access to certain apps can be blocked.
  • Photo log: All photos taken by the phone are logged and viewable.
  • Phone call info: Incoming and outgoing numbers are logged with duration and timestamp.
  • Email: All incoming and outgoing emails are saved.
  • Alerts: The person monitoring the device will be alerted when prohibited actions happen.
  • Contacts: Every existing and new contact is logged and saved.
  • Calendar events: Every event, date, time and location is saved.
  • Keylogger: MobileSpy is said to have it.
Another software called MobiStealth spy (for Android, iOS, Blackberry and Nokia) software provides:
  • Location monitoring
  • Blackberry messenger log
  • Text message and email log
  • Contact details
  • Call details
The software is said to be completely un-detectable, so children or employees cannot tamper with it.


Remotely controlling the phone

The person monitoring your phone won't be able to remotely activate the phone's microphone or camera. They won't be able to remotely switch-on your phone either, so nothing to be concerned about on this front. Your phone getting hacked or having a virus in it is a totally different situation though, where the hacker can control your phone. An employer obviously won't do such things, but an organization's IT department has to be on its toes when it comes to security updates and anti-viruses for the employee's phones.


Privacy

If you're concerned about privacy, the better and simpler option is to use the company smartphone only when you're working, and use a dual-SIM personal phone when you're not working. The dual-SIM feature will help you take work-related calls too, by transferring your company SIM to your personal phone temporarily.
Be aware though, that even though your company isn't able to track your personal information because you're not using the company phone, there are plenty of other companies that monitor your personal phone to collect details about you. If you don't want them to track you, turn off WiFi on your phone.

23 November 2014

Ophthalmology has a long way to go


Disclaimer: I'm not a doctor, and these are my own opinions. Don't consider this as medical advice.
 
During the past three years, I've suffered from chronic eye strain and during this time, been to more than twelve ophthalmologists and got a much closer look at the business of corrective vision.


Some insights

  • Random advice: People will always have their recommendation of which hospital and ophthalmologist is best. Remember that most people just repeat what they've heard from others. Ask them specifically what is it about the ophthalmologist or hospital that is so good that they recommend it. Consider it only if you get good reasons.
  • Which is clearer? This or this?: Refractionists and ophthalmologists ask the wrong questions. If your eye power is -4.5, they'll place a -4.5 lens in front of your eye and if you can read the letters, they'll try -4.75 and ask you which is better. Obviously -4.75 will be better, and that's what you'll say. Then they'll prescribe -4.75. What's wrong with this process is, that your eye power is actually -4.5. The right question to ask is "Which was the minimum power with which you could read the letters?".
  • The specialist myth: It's not always necessary to see a specialist. A dermatology specialist once charged me Rs.400 for a consultation and prescribed Rs.300 worth of medicines for a tiny infection which when it happened the next time, a general physician at another hospital charged Rs.25 as his fee and prescribed a Rs.75 worth medicine which cured the problem. Same with the eyes. Remember that an eye speciality hospital has no other way of making money other than by treating eye problems. When I went to one, I was charged Rs.300 for registration, the ophthalmologist barely even checked my eye, prescribed an incorrect lens power and his speciality being dry eyes, he asked me to go to a nearby diagnostic center (which I'm quite sure they have a tie-up with) and get my vitamin B12 levels checked, and to come back for another assessment within a week. When I went to a general hospital instead, I was charged Rs.25 for registration, the ophthalmologist examined my eyes thoroughly and prescribed an eye gel that gave me instant relief (as opposed to prescribing a new lens). I like it when I meet a doctor who really cares about the patient. People speak of how eye speciality hospitals offer a free check-up the next time you visit, but think of this: At a general hospital, for two visits you spend Rs.25 + 25 = Rs.50. That's already six times cheaper than what you spend at the eye speciality hospital, so what's the point of the free visit?
  • Rest is necessary: Make sure your eyes feel rested and comfortable before you get your eye power checked. The best way to ensure this is to get eight hour uninterrupted sleep at night and to get your eyes checked in the morning. Strain can make a difference of 0.25 if mild, and 1 if severe.
  • Careful of cliches: The textbooks and the internet will tell you that one of the reasons for eye strain is astigmatism. Every ophthalmologist I went to, prescribed lenses for astigmatism. Even the computerised eye test and pupil dilation test showed astigmatism, although I couldn't tolerate lenses with astigmatism correction for more than 10 minutes. Only one experienced ophthalmologist listened to the symptoms I narrated and prescribed an eye gel which reduced the strain a bit and recommended proper sleep (which reduced the strain over a course of many months). It's not only sleep you need, but also at least 5 minutes of rest at least every 45 minutes. If you still feel strain, get more rest. Keeping your eyes closed is best while resting. Although eye exercises are good, I haven't found them to help in strain-related cases (Think: what are you supposed to do when your muscles are tired? Take rest or exercise them more?). Only rest helps.
  • Computerised eye tests are inaccurate: Each and every one of the computerised eye tests I've undergone at five hospitals, have given an incorrect and different reading (even at times I didn't suffer from strain). I still don't understand why people depend on those machines. It's best to get your eyes checked at at least three to five different places before deciding what your eye power is, and purchasing spectacles. Do it during a single day and see the difference in prescriptions you get from various hospitals. If you don't want to spend too much money, go to a medical college where these checkups are done for free or at a low cost. My most accurate diagnosis of eye power was obtained at a medical college, and it was done by a refractioninst, without a computerised eye test.
  • If uncomfortable, don't wear the spectacles: Take this very very seriously. If wearing spectacles gives you a headache, strain or burning in the eye, stop using it immediately. Once when one part of the lens frame of my spectacles got twisted a bit, putting the lenses at different angles (like in a pantoscopic tilt), I told the optician to fix it and he couldn't do it completely, as it could break the frame or lens. He said "Try it for a week and see". It only got worse from then on. Lesson: don't wear spectacles that make you uncomfortable. Find out the problem and get a new pair. There are medical colleges where you can get spectacles made for less than half of what will be charged at a store.
  • You may not have a pore in your retina: I was in the waiting hall of a hospital one day, when a nurse frightened me saying that I might have pores in my retina if I use the computer too much. This, even before my eyes were examined. Turned out to be nonsense.
  • Proper sleep is necessary: Modern life has encouraged children to wake up very early for school and during exam days to study, or for working professionals to get stressed out and subject themselves to a lack of exercise and sleep deprivation. You'll see many of these people having red eyes, feeling sleepy many times during the day and losing their general lack of concentration. Many of these people could have unknowingly entered into the cycle of  polyphasic sleep, where even if they try, they won't get an eight hour sleep at night. Some just get four hours of sleep and wake up feeling refreshed. Then they feel sleepy again multiple times during the day. This is a dangerous situation for the eyes. It builds up strain slowly, and can become chronic.

Polyphasic sleep. Images from Wikipedia
 
Apart from the usual advice on getting proper sleep that you'll find on the internet (which didn't help me at all), there's this one I offer (which might help only some of you): Cold weather can be a problem. Keep yourself warm enough to get a full night's sleep. The other is to eat food that is properly cooked and has no burnt particles. Curd/yoghurt (especially probiotic curd) also seems to help, probably due to Tryptophan. Eating almonds also helps with deep sleep, but poor food can ruin sleep.

The field of ophthalmology has a very long way to go before being able to cure people of vision related problems. Right now the best they can do is offer you pair of crutches for your eyes (the spectacles or contact lenses).

Use your discretion when you receive recommendations. Search for doctors who care about patients health. Your eyes are important.


15 November 2014

Posting HTML, CSS and Javascript code in Blogger or WordPress posts

Something that surprises me is that although Blogger.com has extremely good tools to create blog posts, they still haven't catered to the need of web-developers who'd want to post code on their blog. A simple code tag, similar to the blockquote tag would have helped.

On pasting code about d3.js, and publishing the post, the code disappeared. After a lot of searching I found SimpleCode, created by Dan Cederholm. This nifty form allows you to paste your HTML code into it and it converts parts of the HTML syntax into their corresponding character codes which Blogger's parsers recognize. Try it out!




There are more such software


Getting your head around d3.js [part1]

Most people don't know that D3 stands for the three D's: Data Driven Documents (same way that C4ISR means Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance in our defence architecture).

Even to an experienced programmer, d3.js syntax can be very complex. But this complexity can also simplify a lot for us. We've been too accustomed to using for and while loops in programming. d3 offers a more elegant solution, in the same way that MATLAB offered matrix operations with a very clean and intuitive syntax, free of loops.

I had a hard time with d3, and decided to create a d3 tutorial for newbies.


The usual HTML, JavaScript and SVG
First, you should know that it's possible to draw on a web page, using SVG (Internet Explorer 8 and below don't support svg. Use Firefox or Chrome instead).

This code will draw a circle:

<html>
<body>
<svg height="100" width="100">
<circle cx="50" cy="50" fill="red" r="40" stroke-width="3" stroke="black">
</circle>

</svg>
</body>
</html>




Notice that some properties have been given to the circle. There's cx, cy, r, stroke, stroke-width and fill. The svg tag itself has been given a width and height, and the svg tag is within the body tag of html.

You should also know that JavaScript allows you to select elements in your DOM and apply properties to them. You can add "some text" dynamically in the tag, with this code: 

<html>
<body>
<p id="someID"></p>
<script>
var b = document.getElementById("someID");
b.innerHTML = "some text";
</script>
</body>
</html>



Now have a look at some d3 code which does pretty much the same thing:

<html>
<head>
<script type="text/javascript" src="http://d3js.org/d3.v3.min.js"></script>
</head>
<body>
<p id="someID"></p>
<script>
var abc = d3.select("body") //select the body tag
                .append("svg") //add an svg tag to body
                    .attr("width", 100) //specify the svg tag properties
                    .attr("height", 100)
                .append("circle") //add an svg circle
                    .attr("cx", 50) //specify properties of the circle
                    .attr("cy", 50)
                    .attr("r", 40)
                    .attr("stroke", "black")
                    .attr("stroke-width", "3")
                    .attr("fill", "red");

//If there's a tag with an id (see the top of this code), you can select it like this:          
var xyz = d3.select("#someID").text("some text");
             
</script>
</body>
</html>




If someID was specified as <p class="someID"></p>,you'd have to select it using d3.select(".someID");

Instead of statically creating an html tag for <p>, you can also dynamically create it like this:
var efg = d3.select("body")
                .append("p")
                    .text("some more text");


Simple enough?
All that "attr" syntax may look un-necessary at first, but I'll soon show you why it's helpful to have it that way, and I'll explain the concept of enter(), data() and exit() which bring in the real power of the d3 syntax.

 Continued in part2.


Say thank you or donate

08 November 2014

NRecursions stats

Crossed ten thousand page views already!


The major traffic appears to be from people who need some help with technology and the answers are provided here. Bot visits also get counted, apparently. Considered going for Google Analytics, but the terms and conditions mentions:

"...the Service is provided without charge to You for up to 10 million Hits per month per account. Google may change its fees and payment policies for the Service from time to time...Any outstanding balance becomes immediately due and payable upon termination of this Agreement"

Although ten million hits seems far-fetched, the policy changes are scary.

I had installed ClustrMaps on May 2010, and it seems to provide a more accurate statistic.


Two thousand four hundred plus visitors. Other counters will even take into account the 'hits' to a page via RSS feeds etc. But ClustrMaps counts a visit only when a person actually visits NRecursions and the ClustrMaps icon gets rendered. So bots aren't counted. Only real visitors including myself.
If someone visiting from a specific IP address reloads the NRecursions page 20 times in one day, they will be counted as just 1 visit. This is more representative of the overall flow of visitors to the site. That's why I named it "Recursors". Real people recursively visit this blog :-)

03 November 2014