A friend of mine got pulled over the other day, maybe a half mile behind me.  When I heard the officer gave him a ticket for 78mph, my first response was "no way in hell".  I'm good at math, so I decided to prove it with numbers.  Take notes, you can use this because its math.  Numbers don't lie (if you don't screw up).

Trig teaches us a couple useful things.  First, one of my favorite equations, A² + B² = C² - this tells you the length of sides of a 90' triangle, C being the hypontenuse.  What does this give us?  Everything we need, IDDQD, I win.

When the officer was tagging people, he was outside the far RIGHT lane, not the usual left lane, being head-on with normal, would-be speeders -- this is a fault of the officer I intend to prove with simple math.  There's also a fundamental flaw in lasers - they ONLY measure the velocity of an object realitive to the device, a perfectly straight line (ok, maybe off by a degree or two, but thats neglegable) -- that's why most officers sit in the left side.  I'm going to first establish the area, and some measurements thanks in part to Live Maps.  These are estimates, but a lot safer than actually going out there and measuring

5pm on I71 south bound on the north end is a bit of a mad-house and usually lasts until 6-6:30 (duh, normal rush hour).  People coming out of Polaris heading home, hitting 270/161/etc makes it a bit on the heavy side if you can't get out before 5.  I'd call it modertate traffic - you aren't changing lanes much and when you do, it might take a few seconds to get over.  Not exactly high-speed territory.  More over, the officer isn't going to get a good clean shot to someone that's floating down the highway in the left lane, especially during this time which doesn't play into his favor.

Here's the area.  The officer sits on the far right, he's in the left lane.  He estimates he was about 100yrds ("about a football field") when he got tagged, which considering the traffic volume, I'd say thats possible.  He also estimates he was going around 70, not 78.  Lanes of traffic in that area are about 30 yards wide.  We have our math.  So let's start with using a perfect triangle (which, as you can tell, its not, we'll get to that).

Using our simple math of 100² + 30² = x², our math comes out to 105 for X.  So how fast was he going realtive to the 100yard side?  Easy - 78mph / 105 = X / 100.  This number comes out to about 74mph which is a huge thing.  In Columbus (maybe even the entire state), 10 over is two points on your license, under that is only 1 point and that turns out to a difference on your insurance -- they frown on tickets.  Now you could argue he said he was 100 yards away from the officer, and you'd be right, but comes out to about the same, the lower end of 74mph.

But there's a problem.  The road curves off to the left (east) meaning it isn't 30 yards at the base of the triangle.  By my guess, conservatively, it's 50 yards.

100² + 50² = X² comes out to 111.  78 / 111 = X / 100 comes to ~70mph.  Hmm, that's barely over the limit.  And if you again say "well, he said 100 yards" -- comes out to 67.1mph so by my basic, easy math, from where the officer was and the speed he recorded it COULD be anywhere from 74mph to 67.1mph - granted, yes still technically speeding, but NOT 78mph. You could also argue the officer tried to line up the left lane with where he was, which is plasuable, BUT with the heavier traffic ...I don't think that's realisticly possible to aquire a car though the traffic of that volume.  Hmm, maybe I should send this off to mythbusters?

If the custom module wasn't enough, I'm now wondering off into encryption land.  A quick scouting of the System.Security.Cryptography namespace shows me a ton of stuff to play with.

Ooo, AES.  I like AES.  It runs on my router(s) @ home and is viciously annoying to crack (TKIP f0r t3h w1n!!!11).  Cool, let's use that, its good enough for top secret docs for the gov so it should be good enough for me.  But, as with anything else, there's a catch or ...20.  Here's some basic considerations.

Will this data be searched? 

Searching encrypted data is a royal PITA and a huge overhead.  Example : saving data to a db with encryption happening in the business layer.  A perfectly viable user says to the application "hey, find this" -- you cannot directly ask the database to find it, it is impossible, so every search that happens comes across, ALL OF IT (say 2 million records), decrypts, the search happens, find the records necessary and passes that on.  Not very reasonable nor scalable.  2nd option for this is do it on the sql server itself.  Fundamentally I have a problem with this for 2 reasons.  1, a purely architecture standpoint, this should never be passed off to the data source.  In the real world, it's probably ok to offload some of that overhead, but still, using the OSI model alone says "no no" -- encryption happens in the presentation level and offloading it means you pass though all 7 layers ONCE before you encrypt -- bad bad bad.  2nd, unless the data connection between app/server is encrypted to hell and back itself, your encryption is trumped and effectively worthless.

How much protection is necessary?

The question of the ages.  Understanding the CISSP-ism of protection and risk management: the amount of protection spent on it should be equal to the amount of total loss of one breach by the inverse of the possibility of recurrence.  So say the data is worth 10 million dollars for ONE loss.  The probability of loss is once every 5 years.  10m/5y = 2 million a year should be spent to protect it.  No really.  Now, if there's no REAL value to the data, ie, its personal junk you keep at home for giggles, then whatever the server can handle works fine.  Otherwise, use reasonable + 1.

I'll stop there.  Other questions can range from "Who needs access to it?" to "Where will the server be physically housed" -- but thats somewhat outside of the scope of this post.  Not saying they're unimportant, just "too much" for this post.  I think my first task will be working on getting something simple to encrypt, like a file or a string and work up from there to see how much overhead this thing creates.

For those of you who don't know me very well, over the past few years I have come to appreciate the right to bear arms.  I had a friend of mine who grew up with them teach me how to clean them, how to shoot them, how to handle them propertly, how to "check a weapon", shoot safely (I'm not the best shot though...) etc.  I learned how to do things by the book since it -IS- a clearly dangerous device.  Today while at a gun shop, I witnessed something that made me VERY uneasy.  A little background, this place I was at is NOT a dive, not shady, not on any level a place you couldn't take anyone.  It's a general hunting/fishing place.  Also another disclaimer, if you don't care about any of the following topics, ignore this post - guns, laws, government, politics.  Still reading?  Good, I think you'll find this interesting.

In order to obtain a firearm, a background check must be done, and they check for the obvious stuff -- no felony convictions, no mental problems, no domestic violence cases outstanding, no illegal drug use, etc.  This can be done VERY quickly, usually within a few minutes with a call in to the feds.  I use to work closely with the "other end" of law enforcement with my time at the Attorney's Office and I was lucky enough to understand and detect (although this isn't rocket science) those that are under the influence of various controlled substences (crack/cocaine, LSD, X, marijuana, etc) and immediately noticed that one such symptom was being broadcasted by someone across the counter.  No, I'm not kidding, at all.

The person in question had bloodshot eyes, pupils the size of golfballs and slightly ...I wouldn't say frantic but very "switchy" -- he'd been doing crack/cocaine at best 24 hrs ago (probably earlier that morning).  I watched this guy intently, listening to his conversation.  He says his son had taken his other gun, got arrested (hu?) and the police took it and wouldn't give it back until he proved it was purchased legally.  Ok, at this point, if EVERY SINGLE red flag in your head isn't goin off, I can't help you.  He then explains to the clerk, and I can't believe this, that he was serious about buying another gun as well as getting his proof of purchase.  The guy behind the counter showed him a good, well made weapon, at a cost around 600$.  If you've ever looked, 600-800 is right around what you'd expect for a good, quality gun (in this case a brand new Beretta 92 9mm) -- I paid 600 for my first gun (not a Beretta), USED -- he didn't want that.  Then he was shown another, a nice Glock with a price tag around 500-550.  He didn't want that either.  The ...um, clerk pulls out the cheaper gun (I'll refrain from saying what kind, I don't like 'em, I think they're crap) for 350 in a 9mm.  He was more interested. 

Now mind you, during this entire exchange, the clerk is NOT handing the person the gun, at all, he WILL NOT let him touch it which is a clear indication that he (the clerk) has noticed "somethin' aint right" -- every time I, joe citizen, go in and ask to see one, I am presented the piece, regardless of cost, checked (verified no bullets in the gun) and handed over as if it were a priceless piece of jewlery, typically with some discussion of the given clerk's experience or the other clerks in general, safety features, etc.

At this point, I'm very much "not cool" with this particular person.  Even idiot me can pick up this guy is on something and the questionare you MUST fill out asks specifically if you have used something he clearly has (which is a felony!).  I motion one of the other clerks over and express my concern.  Almost unbelieveably, he says "Oh I know, happens all the time, but we can't stop them from buying any gun they want, it's their right just as much as it is yours, and we aren't cops -- we just can't do anything about it, we'd get the pants sued off of us".

-long pause-

<Sigh> He's right.  So on monday I'm thinkin' I need to make a few phone calls, most noteably my friend thats a judge, see what she thinks.  I know there's some circumstances where this guy could've had a good reason for it.  Regardless, I, joe citizen, don't completely believe he'd be honest on that questionare.

** Update ** 4/13/2008

Got a comment on my blog from "The F.B.I." with the address given of info@fbi.gov but there's a problem with it -- 1, the IP comes back to France ...sorry, that doesn't make me feel its more authentic (using the onion aren't ya?), 2nd, it refers to internet crime and not ...um, real crime so for now, I'm going to leave it in the comment bin until I get a bit more info on this.  So if you're reading this, use the contact page (link's up top) and drop me a line, let's talk.

One often overlooked aspect of programming is that evil legal side.  Case in point, you are keeping user records of some kind.  Now, I'm not talking about SSN, Health Records (HIPPA) or bank info.  No, I'm speaking of retaining a users home phone, address, first name, last name, etc.  At what point does this fall into the legal consideration category?  The answer is "check your local codes".  Yea, it sucks, but there's hope.

Within 5 minutes I was able to find the state of Ohio's code regarding (legalese warning!) Private disclosure of security breach of computerized personal information data which is a fancy way of saying if someone steals enough stuff to grant the ability to steal someones ID or other non-public records.  The Federal govt has a law(s) for it, but local laws usually reach further and are more clear (as clear as a law can be) as to the actions necessary for this (typically notification and credit monitoring).  In this case, here's what the Ohio Law says "Private" information would be... Article 1349.19 section 7 chapter B items 1-4 (I don't make this stuff up)

(b) “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records or any of the following media that are widely distributed:

(i) Any news, editorial, or advertising statement published in any bona fide newspaper, journal, or magazine, or broadcast over radio or television;

(ii) Any gathering or furnishing of information or news by any bona fide reporter, correspondent, or news bureau to news media described in division (A)(7)(b)(i) of this section;

(iii) Any publication designed for and distributed to members of any bona fide association or charitable or fraternal nonprofit corporation;

(iv) Any type of media similar in nature to any item, entity, or activity identified in division (A)(7)(b)(i), (ii), or (iii) of this section.

If you can't get it though normal means (public records, mass media or publication), its considered private information.  Still leaves room for "what is public" but something to consider.