Chess Skills: Life Lessons

Chess is a fun game. And I've seen the benefits of the game produce great results for high school students. Benefits such as improved concentration, problem-solving, and self-control.

Since joining chess.com and regularly playing staff and students at work, I've been thinking about the benefits of chess; some of which are mentioned in Josh Waitzkin's Academy from Chessmaster 10th Edition.

I'm no expert (in life or chess), but here are some lessons I've gleaned:

1. Look for a good move, look for a better move, look for the best move
• Chess example 61430328: 10. Bg5 attacks black Queen on d8, and threatens N fork on c7 and Q+ on f7. Then 14. Nf6+ could have also been 14. Nc7+; which was the original threat, but I hoped to use the N to clear a way for the Q to attack.
• Applicable when making life decisions; always consider your options, and seek wisdom and advice; take some time to consider the issue from a variety of perspectives, and make the best decision with the information you have.
2. See the whole board
• Chess example 51448389: 24. gxh4 is a bad move, clearing the g file for the black rooks to attack my king. While concentrating on the pawn count I wasn't thinking about a defensive structure.
• Don't "miss the forest for the trees"; sometimes I focus so much on one problem that I don't see an alternate solution, or miss another pending problem. I find it good to take a step back ("sleep on it") and approach the problem anew with a fresh mind.
3. Control the centre
• Chess example 60848416: The first 14 moves are primarily about controlling the centre of the board (d4-5; e4-5), and positioning pieces to attack the castled kings.
• In life this is about maintaining balanced self-control. Sometimes there are side problems which can distract from your primary issues and goals; but by maintaining a perspective of what's really important (your centre), things are more likely to work out in your favour.
4. Make each move count (aka develop your pieces)
• Chess example 56087480: The first 6 moves begin to develop Ns and Bs into the centre of the board. If possible you want to develop your pieces; each move honing your attack and strengthening your defense. A loss of tempo can result in an awkward situation.
• Make each day count: meet someone new, go somewhere new, learn something new. Look for patterns, and apply what you learn. Explore knowledge, and gain wisdom; take advantage of new situations and expand your mind and skills.
5. Own your blunders ...
• Chess example 62770100: After winning the first tournament match against this opponent I became over-confident and strutted the Queen out early. She was dead by the fifth move.
• ... and learn from your mistakes. It's OK to fail, to make mistakes. Remember those experiences and apply them to the next similar situation you encounter. 
6. Cost Benefit Analysis
• Chess example 61020202: We both made blunders in this game, and I lose a B for free at 15. Qxa2. But 17. ... Nf4 helps set up the Q for a back-line trap with R.
• One good decision can make the difference when the odds are against you.

And, as a former manager of a successful school chess team, I would add:

7. Play with Integrity; Resign with Dignity
• Chess example 56900152: After 26. ... bxc4 it turns into a pawn war. I lose tempo and black promotes to a Q. Once my pieces are captured it's time to admit defeat and gracefully resign. The greatest example of this in chess I know of is Fischer vs Spassky (1972 Worlds Game 6) where a stunned Spassky applauds Fischer's victory.
• Play according to your life principles, and accept the things you cannot change.

Smudge Attack: Residual Android Security

wikimedia.org

One problem with using pattern-lock to secure an Android device is that fingerprint residue on the screen can be used by an attacker to guess the pattern (AKA smudge attack).

So a really good idea would be for the unlock pattern to be different each time. By differentiating the matrix points as colours, numbers, or a mixture of other objects, the user needs to remember the sequence of points, and the pattern can be randomly created as required. (One interesting side-affect of the random matrix is that the pattern is device orientation independent, since it only depends on the order in which you join the dots.)

Discussing this with some work colleagues, they mentioned similar concepts implemented in door security panels, and other desktop software, but no mention of an Android security app. So I thought I might be onto something.

Requirements

For the app to be useful I'd want three things before it could replace my current (default) lock screen app:

1. App locks the Android device on user action (timer or event), including internal storage
2. At user unlock request display a randomly generated pattern
3. If pattern is correct, unlock the device, else device remains locked

Sounds simple, but as of yet, I can't find an app that meets all three points. There are a couple that seem close:

Orbie Lock Screen

Orbie Lock Screen

This is a free Android app, which looked promising, but didn't actually lock the device's internal storage.

• The Good: Free, random unlock patterns; default matrix points are colours, but these can be upgraded to include sets of numbers, flags etc.; space for Owner Information
• The Ugly: Kind of looks like a 1980s Japanese game show, no clock format customisation
• The Bad:
• It doesn't lock the device; sure it looks locked, but plug it into a computer with a USB cable, and the device's internal storage is wide open
• The lock screen also leaks notification information; if you swipe down on the lock screen you can temporarily see the phone's notifications
• Also, since the app takes over for the default Launcher, double-tap of the Home button does not function correctly, and some apps seem slow to load

Number Track Lock

Number Track Lock

Since I now knew what to look for, I specifically downloaded this AU$3.99 app with the idea of checking it out, and cancelling within the 15 minute refund period if it wasn't satisfactory. Once again, it seemed to work well, but did not lock the device's internal storage.

• The Good: Looks stylish, and works very smoothly; space for Owner Information
• The Ugly: No clock format customisation
• The Bad:
• Once again the app does not lock the internal storage, an attacker can access the storage contents by simply connecting with a USB cable
• The lock screen also leaks notification information; when you swipe down, all notifications appear indefinitely as if the device was not locked at all
• Also, in the 15 minutes that I used the app, every time I unlocked, it always took me to the Number Track Lock options screen

Summary

Although they both seem to have the right idea on preventing smudge attacks, neither of them locked the device internal storage.

I couldn't find any other apps that attempted to prevent smudge attacks. So the best solution at the moment is to install one of these (Orbie Lock Screen is free and works OK), AND keep the default security on as well (contrary to the instructions provided with both Orbie Lock Screen and Number Track Lock). This means swiping two patterns in order to unlock the device, which is acceptable (until something better comes along).

So:

1. Do you know of a good Android lock screen that uses random patterns and actually works?
2. If not, can you build one? (I only ask for 10% of sales :-)
3. If not, are you willing to be a tester if I ever get around to learning how to build Android apps?

Update: 18-Feb-2014

I wish I had a happy update, but unfortunately things are worse than outlined above. I've continued to use Orbie with the Default pattern-lock; i.e. requiring two swipe patterns to unlock my Nexus 4. However, Orbie is not very stable, and can sometimes cause launcher lag.

The worst part is that when the phone is rebooted,it takes several seconds before Orbie to load. Without the Default pattern-lock the phone is wide open. The skill required to circumvent Orbie is "Reboot phone".

So, until pattern-lock is updated in the OS to include random patterns, be sure to include the Default lock as well. Sure it requires two unlocks, but at least you minimise smudge attack.

Powershell: FTP Module

I've been learning Windows Powershell over the past year, and developing scripts for scheduled tasks to perform administrative functions. One of the tasks requires data retrieval from an FTP server, waits for the data to be processed, and then puts the results back to the FTP server.

Lot's of FTP functions have been written and are freely available, but I've found Michal Gajda's PSFTP client module the easiest and most efficient method. It has functions to set multiple connections, and list, get, put, and remove files and folders.

Import-Module

The PSFTP module is not native to Powershell. To use the module, download and install, then import to access it's functions and perform FTP processes.

1. Download from http://gallery.technet.microsoft.com/scriptcenter/PowerShell-FTP-Client-db6fe0cb
2. Extract the module to your PS Module folder (found at $env:PSModulePath)
3. Import-Module using Import-Module PSFTP

Local Variables

Now for the administrative task I was working on. Some local variables are declared for use throughout the script:

$ftp_server = "ftp://example.server.com"
$ftp_path = "$ftp_server/folder1/subfolder2"
$local = "\\localserver\sharedfolder1\subfolder2\"
$local_in = Join-Path $local "In"
$local_out = Join-Path $local "Out"
$session = "my_ftp_session"

Credentials

The connection credentials should not be stored in clear-text, but loaded from a SecureString file (which has been created using the appropriate account on the appropriate server). To establish the credentials:

# set up credentials object
$username = "username"
$password = Get-Content "pscredentials_$username.txt" | 
ConvertTo-SecureString
$cred = New-Object `
-TypeName System.Management.Automation.PSCredential `
-ArgumentList $username, $password

Get Items

To input the files from FTP to local folder:

# establish connection
# get *.REQ files
# copy *.REQ files to local In folder
# remove *.REQ files from FTP server
Set-FTPConnection -Server $ftp_server -Credentials $cred `
-Session $session -KeepAlive -UseBinary
Get-FTPChildItem -Path $ftp_path -Filter *.REQ -Session $session | 
% {

$ftp_file = "$ftp_path/$($_.Name)" # determine item fullname
Get-FTPItem -Path $ftp_file -LocalPath $local_in `
-Session $session -Overwrite
Remove-FTPItem -Path $ftp_file -Session $session
}

Put Items

After the data arrives at the local In folder it is processed by a separate application, which returns output to the local Out folder. It can then be put to the FTP server with:

# get all files in local Out folder
# put all files to FTP server
Get-ChildItem -Path $local_out |
% {

$ftp_file = "$ftp_path/$($_.Name)" # determine item fullname
Add-FTPItem -Path $ftp_file -LocalPath $_.FullName -Session $session
}

Notes

1. The Get and Put actions have been performed within foreach loops ( % {} ) for logging purposes, such that action results are recorded to a text file for later reference. It would be more efficient to pipe the ChildItem results directly, but logging is important for historical tracing and action confirmation.
2. The code lines could be shorter with the use of aliases, for example, by replacing Get-ChildItem with ls, and Copy-Item with cp. I don't use aliases (except foreach loops) for a couple of reasons:

• using aliases doesn't make code production faster (due to Tab completion)
• using full commands makes code more readable

Powershell is a great tool for Windows administration. I hope to continue learning thanks to the Scripting Guy, and shared script resources. How have you used Powershell?

Vote Compass: Direct Democracy and WikiLaws

Australia will hold a federal election on Sat 07-Sep-2013. Until then political parties promise what they will do if granted power. The policies and promises come as a package; all from Party A or all from Party B (or Party C). But with modern information and communication technology every voter could have input on every policy; rather than the collective package. This would require replacing representative democracy with direct democracy.

Direct Democracy

The ABC (Australia's national public broadcaster) is currently polling the populace via Vote Compass. To date 887,998 results have been submitted; more than 5% of enrolled voters. In this online poll people can express their views on a number of policies and examine where they stand in the Australian political landscape.

Extending this idea further, the online poll could become THE election. Policies could be voted on directly by all voters throughout the year as required. This would eliminate the need for elected representatives. (Similar to Democratising Football.)

The following diagrams demonstrate the different policy outcomes between representative and direct democracy for the same number of voters. Red, green, and blue represent different political persuasions. The type of democracy employed influences the power of each persuasion.

Representative Democracy

Direct Democracy

Without representatives voters do not need to decide between packages of policies, but can vote on each policy independently. And direct democracy gives each vote equal value. An entire layer of government could be removed, and the technology exists today to compensate for it.

So how would laws be written and passed?

WikiLaws

WikiLaws

Laws are basically a collection of documents which are displayed, evaluated, edited, accepted, and reviewed. A wiki is an excellent method for compiling, editing, and displaying documents. Actually, laws can be considered as a collection of instructions (actions/consequences), and could follow a software development model.

Laws could be:

1. developed in a staging wiki (red)
2. tested by online discussion (orange)
3. accepted by general vote (yellow)
4. and if accepted put into the production wiki (green)

See diagram for data-flow. Click to enlarge.

Someone would still require the authority to enact the laws, and implement policy. The Head of State could continue in this role, with an appropriately selected Executive Council.

Change Management

The technology to implement direct democracy exists. It would need to be ubiquitous, and all voters would need to be informed and aware of how to utilise it.

A much bigger change would the cultural and power shift. Voters would require a knowledge and understanding of the legal framework in which they live, rather than an opinion of a three-word-slogan policy. And they would need to engage enough to consider each policy, evaluate it, and cast a vote.

This amount of change may take generations to implement.

Summary

1. The use of information and communication technology to implement direct democracy could remove the need for several layers of government.
2. Implementing direct democracy would require an educated populace, a neutral broadcast media, and a massive shift in power structures.

Distracting Education: Social Media vs Deep Knowledge

Life, Stan Wayman, 1964

I never got to see The Beatles live in concert, but my Mum did. And apparently they were loud; well, the screaming was - she didn't hear much of the music, but she never forgot the experience.

Today, I can listen to The Beatles or watch a performance. I can join an online group to discuss which Beatle was more talented, or better looking. But I can never see them perform live; never enjoy Beatlemania.

Applying this to education; I believe virtual teaching, and embedded social media, are beneficial in some circumstances, but they are inferior substitutes for discussions in a real-world space with an expert mentor and a group of peers. They may in fact distract from a deep learning experience.

Video Conference and shared Interactive Whiteboard

Virtual Classroom

Just like the difference between watching a concert on TV and actually attending the concert, the emotional and sensory difference of watching a lecture online and actually being in the room may be measurable.

There are certain circumstances where virtual is the best you can get. For example taking a virtual excursion through the Powerhouse Museum, and asking the curator about the Enigma machine as he describes it's purpose and function. Much more viable than loading the class on a plane!

But as a learning experience I would argue that it's more memorable and valuable to actually be in the Museum, speaking face-to-face with the curator, and seeing the Enigma in real-space.

After teaching an HSC course via a virtual classroom for two years, virtual may be the best-effort when circumstances prevent real-world interaction; but when possible, real-world experience provides better sensory and memory learning.

laurenmacewen.com/category/socialmedia/

Social media

My understanding of the purpose of social media in education is to improve student engagement; to promote shared experiences. I have seen how shared experiences such as in-class debates, performances, brainstorming sessions, and group projects have helped students explore personal qualities in a safe environment which they may have never attempted otherwise.

I've run classroom blogs and forums, and these can engage students (particularly the quiet/shy); but I think a teacher understands the needs of the class far better via direct contact; when you can "see the whites of their eyes".

In general, the "social" classroom (particularly for high-school students), is less about engagement of ideas, and more about discussion of things (e.g. cars), or people (e.g. celebrities).

And, due to the Dunning-Kruger effect, students can not be expected to evaluate their own learning needs, or that of their peers. Consequently, they are unlikely to independently commit time and resources in order to focus on the details and conceptual applications of a new idea; and therefore never acquire deep knowledge or understanding.

In fact, social media may inhibit or distract from real discussions about the core concepts.

Neuroplasticity

Deep Knowledge

Having an expert mentor to guide you through a field of study is essential.

Deep knowledge and understanding in any subject requires focused time and energy:

1. to establish links to previous knowledge
2. to explain, comprehend, and reinforce concepts
3. to examine conceptual application in familiar and unfamiliar settings

The expert mentor can guide students through the concepts, and peers may contribute additional linking material, but if the social media conversation does not contribute to the depth of knowledge, it might distract and/or detract from the train of thought, drawing focus away from the subject, and disengaging the neural pathways that are required for deep knowledge.

Summary

I believe the best learning environment is with an expert mentor (and maybe some curious peers). Students can interact in real-time, grow as people, and grow in knowledge and understanding, without the filter and delay of intermediary technology. Virtual classrooms and social media are great substitutes if you can't engage in real-world activities due to distance or other circumstances; but they are only substitutes.

Online learning, virtual classrooms, and social media might be best-effort pedagogy, but not best-practice pedagogy. There's nothing like seeing the band perform live.

PRISM: Anti-Trust, Chrome and Tor, and Media Avoidance

Sneakers (1992) is one of my fav movies. In it Robert Redford leads an ethical hack team (played by Sidney Poitier, David Strathairn, Dan Aykroyd, and River Phoenix) down a rabbit hole of cryptography, government espionage, and too many secrets. Ever since, I've always assumed there is state-sponsored network monitoring, especially after the FBI implemented Carnivore in 1997, and ECHELON was reported in 2001.

On 06-Jun-2013 news broke of state-sponsored surveillance known as PRISM, which reportedly utilises corporate collected data to monitor customer online activities and communications.

+Steve Gibson explained PRISM as an industrial-scale implementation of big-data (Security Now #408), and TWIET #46 discussed the inherent lack of trust in government. It is apparent that the state believes it's citizens are guilty unless proven data-less.

The issue isn't whether or not secret state surveillance is happening. The issue is, why is it secret at all? And how will the captured data be stored and used?

Anti-Trust

Supporters of state-sponsored surveillance argue "If you're not doing anything wrong, you have nothing to hide." Unfortunately this reasoning is not applied to PRISM itself; if it's so good, why was it secret?

An intelligence official released a declassified document on 15-Jun-2013 to "show Americans the value of the program" according to AP. However the program had previously been too good for public recognition.

During times of war, civil mail has been intercepted and even censored. In those cases, the public was notified that their communications  had been observed by a state-sponsored agency. The state looked at (and sometimes removed) data, but everybody knew, and understood it was for the greater good of the nation.

PRISM looks at far more than mail meta-data, but currently the public (and the senate) is not permitted to know about it.

Sheriff Analogy

Let's devolve the technology and consider a real-world analogy.

Imagine you live in a small rural town, where everyone knows everyone else, and the Sheriff  Alice cares for and looks after the citizens. While sitting on her porch she watches over Main Street, and notes when something seems out-of-place. With this knowledge she solves and prevents crime.

Unfortunately Sheriff Alice can't watch every street at once, so she gets Deputy Bob and Dylan on patrol, and they take note of everything they see. They report their observances to Sheriff Alice, and prevent crime.

The deputies also record and/or read the mail as it passes through the towns mail sorting centre. This helps them determine who is talking to whom, and what the topic of conversation is.

Unfortunately when criminal Eve sees the deputies, she doesn't commit crime, and she sends her mail in a unknown language. So the Sheriff appoints his deputies as undercover agents, to observe while concealed, and interpret the unknown language. Now they're getting better at preventing crime. Especially when they can keep all of their notes for an unlimited length of time.

So far, all of the deputies notes are of events occurring on public streets in plain view, and all of the mail is passing through a public service.

As far as we know PRISM is only capturing public digital traffic meta-data; looking for communication links and trends. So why is it so secret if it's doing nothing wrong?

What happens to the 5 zettabytes of captured data? If Citizen Carol decides to run for Mayor, and Sheriff Alice doesn't like the Carol (or the incumbent Mayor tells Alice not to like Carol), the deputies can troll through year's worth of historical notes of Carol's actions, often without context, with the purpose of smearing her public-image, or persuading Carol to withdraw from the race.

The surveillance program becomes a mechanism to maintain power with the incumbent powerful. Particularly useful if you wish to dictate policy over a small rural town.

Chrome and Tor

How To: Google Chrome and Tor was published on 08-Jan-2013, primarily after a query from a friend. It outlines how to use Tor to anonymise Google Chrome browsing. This would impede meta-data capture and big-data analysis of web-traffic, because the traffic would appear as originating from the Tor cloud, rather than a personal IP address. However, Tor only anonymises traffic, it does not encrypt it once it's outside the Tor cloud.

Pageviews increased around the time of PRISM disclosure on 06-Jun-2013.



Pageviews jump up in May, before the disclosure (I'm not really sure why). The traffic in May and June is almost exclusively new visitors (91%), spending an average of 3:30 on the post.

For a comprehensive list of PRISM prevention technology, including web-traffic encryption, see PRISM-BREAK.

Media Avoidance

Mainstream media has been focusing primarily on the messenger, and not the message. There are daily updates of the whereabouts of the  leaker, and opinions of whether he is a traitor or patriot. Not much attention has been paid to the PRISM program itself.

This could be because of confusion and misunderstanding of what PRISM is, how it works,  future ramifications, and what it implies about state-policy. As with most mainstream reporting, whether discussing politics, finance, pandas, or motor vehicle accidents,  if it can't be told in 30 seconds, it can't be told.

Media avoidance could also be considered a trust issue; between news producers and the viewing/reading public. Even if media executives understood the security and privacy issues of PRISM, maybe they don't trust their audience to comprehend (or care), and so they choose not to try to discuss so as not to confuse. Unfortunately the lowest-common-denominator wins, and the dumbening continues.

Conclusion

Please let me know what you think.

• Do you anonymise or encrypt your web-traffic?
• Should the media be explaining this better to the public?
• Have you seen Sneakers?

Update

14-Jul-2013

Cameron Murphy (President of NSW Council Of Civil Liberties) spoke on ABC News24 at 13-Jul-2013 10:10AM about similar issues raised by Telstra surveillance. 

How To: Google Chrome and Tor

Tor (The Onion Router) is free software and an open network intended to enable online anonymity. The default browser bundle is the ESR version of Mozilla Firefox, which is good for privacy, but restricts functionality.

Security expert +Steve Gibson describes the benefits and structure of Tor in Security Now 70. The official Overview also outlines Why We Need Tor, and How It Works. And Wikipeida has a good summary or it's history, weaknesses, and legal issues.

The Tor Project strongly encourages the use of the Tor Browser Bundle instead of configuring your own browser. But, if you really want to use Chrome the following steps should help.

1. Installation
1. Follow standard procedure to install Tor
2. Follow standard procedure to install Google Chrome (if you haven't installed already)
2. Setup Tor
1. Find the Vidalia application inside program folder Tor Browser / App
2. Create a desktop or taskbar shortcut for the application (so you can start it easily or on startup; Vidalia is the Tor client GUI)
3. Start Vidalia and ensure it can connect to the Tor network 
• 
3. Setup Chrome
1. Start Chrome and add the Proxy SwitchySharp extension (or similar Proxy Switching extension; this will allow you to easily enable/disable Tor proxy)

click to enlarge
• 
  
2. Go to Proxy SwitchySharp Options and setup a Tor proxy profile using:
• Note: this is where this post differs from some others. You can confirm the settings required by reading Tor's configuration documentation, or by checking either Vidalia (Advanced Settings), or the Tor Browser (Firefox ESR) proxy settings.
4. Operation
1. Start Vidalia (using your shortcut from Step 2b)
2. Start Chrome and enable your Tor Proxy profile (and possibly go Incognito)
3. Check that Google Chrome is using Tor: https://check.torproject.org/

• 
  
4. Browse with anonymity (just a bit slower)

If you appreciate or benefit from The Tor Project then maybe consider volunteering or donating. :-)

ADDENDUM

You can configure your Tor client to select which nodes it uses to enter and exit the Tor network. This is useful if you want your IP address to appear to be from a particular country; enabling you to stream content which is restricted to (or excluded from) certain locations. An outline of this configuration process can be found at the official Tor Project FAQ, or for more detail search for "tor exit country".