Author: mrkoot

Easter Egg on Dutch Govt Recruitment Website. Intended or Not?

Posted on by mrkoot

It’s almost Easter, and I stumbled upon an early Easter egg: the Dutch govt recruitment website http://www.werkenvoornederland.nl/ includes, at least on the homepage, /static_shared/pd/scripts/egg.js containing a Konami code. Visit the site and press Up, Up, Down, Down, Left, Right, Left, Right, B, A. The browser now fetches and executes remote javascript: http://kottke.org/plus/misc/asteroids.js. I don’t now whether this egg –which dates back to at least 2009– is known-and-intended to be at this government website or that its presence indicates sloppy Copy/Paste development. Fortunately it seems that egg.js is not included in the part of the website where applicants manage their resume and personal data, and the remote code stays remote unless the 10-key sequence is typed. But that would be a weak argument against the unnecessary exposure.

2012 = Year of Alan Turing! Kick-Off: EUR 100 Code-Breaking Challenge

Posted on by mrkoot
UPDATE 2013-12-24: today, Queen Elizabeth II pardoned Alan Turing and remitted Turing’s sentence! See the document here (.pdf).
UPDATE 2013-07-20: UK government has signaled its intent to support a bill that would issue a posthumous pardon to Alan Turing.
UPDATE 2012-02-25: this challenge is still up. Also: Nature News Special : Alan Turing at 100 
UPDATE 2012-01-03: this challenge is still up. Happy Alan Turing Year!
Statue of Alan Turing at Bletchley Park

This photo was taken on October 28th 2010 at Bletchley Park . You see the commemorating statue of Dick Berlijn Alan Mathison Turing (1912-1954) that was donated to Bletchley Park by an American billionaire/philantropist Sidney E. Frank and unveiled on June 19th 2007. Alan Turing’s 1st centennial is due at June 23rd 2012, and 2012 will be the “Year of Alan Turing” Why? Because of:

  1. his contributions to mathematics and logic, and as it turned out, philosophy; (excellent book: The Annotated Turing);
  2. his contributions to code-breaking Enigma during WW2, standing on the shoulders of these Polish mathematicians;
  3. the embarrassingly late apology, in 2009, by the British government for inhumane way Turing was treated by them for being gay.

As a small kick-off, I have a EUR 100 code-breaking challenge for you! In the above photo, I hid the IMEI of the iPhone used to take the photo using Niels Provosoutguess-0.2, which dates back to 2001. Stegdetect and stegbreak provide a starting point, but a simple stegbreak alanturing+imei.jpg won’t provide the answer… I will pay EUR 100 to the first successful code-breaker, provided you allow me to post your method on this blog. You get full credits (as well as EUR 100). Send your answer to mrkoot at gmail dot com, or leave a comment on this blog.

Consider celebrating 2012 as the “Year of Alan Turing”, e.g. by supporting the ongoing efforts by United Kingdom Mathematics Trust http://www.turingcentenary.eu/, already backed by ACM, Wolfram and others.

[Dutch] DigiD, mijn.overheid.nl en theoriereservering.cbr.nl: paar kleine privacy-devils in details?

Posted on by mrkoot

Als geïnteresseerde buitenstaander van DigiD(-gerelateerde) dingen op het web viel mij het volgende op. Ik weet niet of dit bekend en geaccepteerd restrisico is, of dat dit nog onbekend was.

  1. Ben ik geadopteerd? Log in op mijn.overheid.nl, kijk bij GBA > Meer persoonlijke gegevens > Familie > Meer ouder gegevens en kijk of “Ingangsdatum familiebetrekking” (GBA-kolom 2.62.10/3.62.10) gelijk is aan je geboortedatum. Zo nee? Misschien moet je eens met je ouders gaan praten. Zo ja: misschien ben je niet geadopteerd (of, evenwel mogelijk, een systeemfout of variaties in gegevensverwerking tussen gemeenten). De beschrijving van die kolom luidt:

    “Datum waarop uw officiële band (dit heet ook wel de familierechtelijke betrekking) met uw ouder is ontstaan. Meestal is de begindatum uw geboortedatum. Hebben uw ouders een geregistreerd partnerschap? Dan staat hier de datum waarop een van uw ouders u erkend heeft. Bent u geadopteerd? Dan staat hier de adoptiedatum.”

    FACT CHECK NEEDED. Zelf ben ik niet geadopteerd en bij mij komt dit veld overeen met mijn geboortedatum. Kan iemand die weet dat ie geadopteerd is dit ajb verifiëren? (Stuur me e-mail op koot[APENSTAARTJE]cyberwar[PUNT]nl –> ik vermeld geen namen op dit blog!)

  2. Ik blijk geadopteerd en nu ben ik boos op mijn ouders. Probeer identiteitsfraude! Log in op mijn.overheid.nl en ziedaar het BSN – en geboortedatum geboorteplaats, volledige naam maar die wist je zo ook wel – van je ouders, kinderen, partner en/of ex-partner.
  3. Ik weet alleen iemands BSN en geboortedatum. Hoe achterhaal ik meer? Via https://theoriereservering.cbr.nl/! Vul BSN en geboortedatum in, typ de CAPTCHA over en je krijg volledige persoonsnaam en geboorteplaats cadeau! Onvoldoende voorwaarde voor DigiD-fraude maar niettemin nuttig voor dat doel. Let wel, op zondagochtend even niet frauderen – op 10 april 10:30 stond deze mededeling op die website:

    “Het systeem is momenteel gesloten. De openingstijden zijn van maandag t/m zaterdag van 6:00 tot 23:30 uur en op zondag van 13:00 tot 23:30 uur.”

  4. Hoe weet ik of een BSN en DigiD-gebruikersnaam combinatie klopt? Via https://applicaties.digid.nl/wachtwoordherstel/instellen! Vul de te testen BSN en gebruikersnaam in, vul onzin in bij Herstelcode en klik Verder. Als de combinatie NIET klopt krijg je een andere melding dan wanneer ie WEL klopt. Handig toch?
  5. Tijdens registratie op mijn.overheid.nl wordt gevraagd naar mijn e-mailadres en GSM-nummer (optioneel), en worden die geverifieerd. Zijn mijn GSM-nummer en e-mailadres nu gekoppeld aan mijn BSN? Ja, goed gezien! Hoewel ongetwijfeld bedoeld voor goede dienstverlening, is het moeilijk ontkennen dat er een behoefte zal zijn die kwalitatief goede -want door de burger zelf geverifieerde- informatie (BSN + GSM-nummer + e-mailadres) te gebruiken bij zaak- en  fenomeenonderzoek zoals NFI’s Kecida-afdeling (KEnnisCentrum voor Intelligente DataAnalyse) dat uitvoert met methoden uit sociaal-netwerk analyse (.pdf) en data profiling (.pdf). Dat is niet per definitie slecht of goed, maar transparantie en democratische controle zijn dan geen luxe.

FWIW, zie een handmatige inventarisatie (.txt) van GBA-kolommen die ik onder mijn DigiD-account zie op mijn.overheid.nl (ik heb geen kinderen of officiële (ex-)partner). Verwijst ook naar GBA Logisch Ontwerp 3.7 (3.0MB .pdf) die de definities van alle GBA-kolommen bevat. Deze vraag (met een antwoord dat de vraag niet beantwoordt) is te vinden in de FAQ op mijn.overheid.nl :

“Waarom kan ik ook gegevens van mijn ouders/kinderen/(ex-)partner inzien?

In de Gemeentelijke Basisadministratie persoonsgegevens (GBA) wordt uw administratieve levensloop geregistreerd. Geboorte, verhuizing, huwelijk, vertrek naar het buitenland, overlijden: de GBA bevat alle algemene persoonsgegevens en wijzigingen daarop, van de wieg tot het graf. Hierbij horen ook de gegevens over met wie u getrouwd bent of hoe uw kinderen heten. Deze gegevens worden bijvoorbeeld gebruikt door gemeenten, pensioenfondsen of uitkeringsinstanties om hun beslissingen goed af te stemmen op uw situatie.”

Een verwijzing naar dit bericht is gepost in de Bits of Freedom en Platform voor Informatiebeveiliging groepen op LinkedIn.  

Applied Intelligence: “Why Intelligent People Fail (Too Often)”

Posted on by mrkoot

In Chapter 14 of their book Applied Intelligence (2008) (not to be confused with the International Journal of Applied Intelligence) on psychometrics and cognitive processes in education, learning and creativity, psychology academics Robert Sternberg, James C. Kaufman and Elena C. Grigorenko describe twenty “stumbling blocks” in attempt to explain “Why Intelligent People Fail (Too Often)”. I list them below and, while endeavoring to get my PhD-thesis wrapped up before 2012, keep this list nearby – alongside my not-so-pretty-but-very-useful-to-me desktop wallpaper (.png, Dutch-only). I added my own preferred (amateur) way of overcoming each one in parentheses:

  1. Lack of motivation (choose a task that you think is important)
  2. Lack of impulse control (always check your outcome; don’t blindly accept the first result)
  3. Lack of perseverance and excessive perseverance (balance work and play)
  4. Using the wrong abilities (leverage what you’re good at)
  5. Inability to translate thought into action (split the problem into tiny Specific, Measurable, Attainable, Relevant and Time-bound steps)
  6. Lack of product orientation (focus on outcome, not only on the process. ISO 9001-compliance could in practice mean that you _reliably_ produce rubbish.)
  7. Inability to complete tasks and to follow through (consciously commit to a task, work diligently)
  8. Failure to initiate (decide NOW on what to do first, simply re-adjust as needed)
  9. Fear of failure (challenge your thoughts for irrationality and fallacies)
  10. Procrastination (act NOW and you feel more self-confident. “It is the job that is never started that takes longest to finish” – J.R.R. Tolkien)
  11. Misattribution of blame (take responsibility and accept what’s beyond your influence)
  12. Excessive self-pity (focus on solving your problem)
  13. Excessive dependency (decide yourself, accept uncertainty and incomplete information)
  14. Wallowing in personal difficulties (see 12)
  15. Distractibility (maintain a small daily todo list, keep a clean desk, don’t answer personal communication)
  16. Being spread too thin or too thick (do one thing and do it well; self-apply Doug McIlroy’s Unix philosophy)
  17. Inability to delay gratification (work according to plan, cutting corners undermines self-confidence)
  18. Inability or unwillingness to see the forest for the trees (remind yourself of the larger picture)
  19. Lack of balance between critical, analytic thinking and creative, synthetic thinking (self-apply the Six Thinking Hats)
  20. Too little or too much self-confidence (work diligently, be kind to yourself, know your limitations and weaknesses)

I hope this is useful.

UPDATE 2011-03-19: ….and I also hope that a single blogpost on productivity isn’t a telltale of being a slacker like in this funny XKCD entitled “Time Management” 🙂

Wiki Government in the Netherlands?

Posted on by mrkoot

UPDATE 2012-01-18: related news, found via @LiberationTech: U.S. Congress May Soon Take Questions From The Great State Of Social Media

Disclaimer: I have not been educated in public policy or politics.
In Wiki Government (2009), author Beth Simone Noveck discusses how technology can benefit democracy when used for citizen participation, working toward a more open model of decision-making. The Dutch government is currently running a two-year pilot program at www.internetconsultatie.nl in which all ministries (are said to) consult the public about at least 10% of their legislative proposals (I don’t know how they measure the “10%”). Although I highly appreciate this pilot as a step toward a (more) participatory democracy, I hope its successors at the level of both Dutch ministries and Dutch municipalities will make sure to take into account Noveck’s lessons-learned described in chapter 8 (citation):

  1. Ask the right questions: The more specific the question, the better targeted and more relevant the responses will be. Open-ended: “What do you think of x?” questions only lead to unmanageable and irrelevant feedback.
  2. Ask the right people: Creating opportunities for self-selection allows expertise to find the problem. Self-selection can be combined with baseline participation requirements.
  3. Design the process for the desired end: The choice of methodology and tools will depend on the results. But the process should be designed to achieve a goal. That goal should be communicated up front.
  4. Design for groups, not individuals: “Chunk” the work into smaller problems, which can easily be distributed to members of a team. Working in groups makes it easier to participate in short bursts of time and is demonstrated to produce more effective results.
  5. Use the screen to show the group back to itself: If people perceive themselves to be part of a minimovement, they will work more effectively together across a distance.
  6. Divide the work into roles and tasks: Collaboration requires parceling out assignments into smaller tasks. Visualizations can make it possible for people to perceive the available roles and choose their own. Wikipedia works because people know what to do.
  7. Harness the power of reputation: Organizations are increasingly using bubbling-up techniques to solicit information in response to specific questions and allowing people to rate the submissions.
  8. Make policies, not websites: Improved practices cannot be created through technology alone. Instead, look at the problem as a whole, focusing on how to redesign internal processes in response to opportunities for collaboration.
  9. Pilot new ideas: Use pilot programs, competitions, and prizes to generate innovation. 
  10. Focus on outcomes, not inputs: Design practices to achieve performance goals and metrics. Measure success.

In addition: could anything be learned from www.derdekamer.net and www.democratiespel.nl ? I’d be very happy to read your comments!