Back to squares 0 & 1: How a computer stores different types of data

Let us begin with the meaning of the term ‘compute’. The meaning of the word means ‘to calculate’. True to its meaning, the early computers were used to break down really complex calculations and solve them in a fraction of time. With developments in processing power and the shrinkage of the size of a basic computing unit, the term ‘computing’ has built upon its humble roots and now means a lot of things. ‘Computer’s are now everywhere, from the big monsters in the back offices of NASA to the sleek mobiles in your pocket to the tiny RFID readers inside your home’s door lock and railway station turnstiles. We even have devices with fantastic brains built on artificial intelligence like face recognisers, handwriting readers and trip & timetable planners.

Despite decades of advancement, some basics remain exactly the same. The oldest and time-tested basic is the way that a computer perceives and stores data. Today we may be able to calculate the distance to the sun (number), decide whether Donald Trump or Narendra Modi will win an election or not (yes/no), read and store e-books (text data), remember and get reminders for birthdays (date), set alarms (time) and enjoy sounds, photos and videos, but at the bottom of it all, the computer sees all of these data formats in only ONE universal format: a sequence of numbers. Continue reading “Back to squares 0 & 1: How a computer stores different types of data”

Understanding OAuth: Can I play in your garden?

We all face this situation many times. You have a standard 9-5 job, but you need to get things done at home. Maybe your house maid comes to clean up your home only at 10am. Maybe, you need our living room tiles redesigned and the mason is scheduled to come in at 2pm. You make the necessary arrangements to leave a copy of your house keys with your neighbour, who in turn allows the maid or mason into the house on your behalf.

However there are a few problems with this method. Firstly, you need a highly trustworthy neighbour who will not misuse your keys. Secondly, neither you, nor your neighbour knows if the maid or the mason can be entrusted with being in the house when you are not. It is unreasonable to ask the neighbour to stay in your house for hours to watch over.

However, consider the situation where you have broken up the security into multiple locks & keys, one pair to guard almost every aspect of our home, instead of one central lock & key for the entire home itself. You have a lock for every room. Every cabinet and shelf is locked. You also lock up each water faucet, such that only those you trust to use water wisely can open the faucets. Everything must be unlocked before use. The main door itself is either simply latched or maybe opened remotely (say via Internet) if the person requests you over the phone to open it. Before the person visits, you make sure that he/she is given the right keys to part of the house that he/she needs access to. E.g. the maid only needs access to the bathroom faucet to use the water and access to the janitor’s supply place for mops, brushes and the like. The mason needs access to the living room alone.

Such modular security seems complicated while setting up, but it prevents misuse by micro-managing the gateway to every resource. It seems largely difficult, even slightly ridiculous to achieve in the real world, but it can be done without a hassle in the digital world. And that exactly is the premise behind Open Authentication or OAuth.

Intro to OAuth-speak

Let us consider the example above and use some OAuth parlance / jargon and a widely used Internet service as a digital example.

003-why-oauth

  1. Your home is your resource. You are the ‘owner’ of the resource. Similarly, you own your Facebook profile.
  2. The maid is an ‘external app’ who wants to use/alter your resources. Ditto for the mason. We can also call them ‘resource clients’. Candy Crush and Instagram are external apps that can use your Facebook profile.
  3. External apps may simply ‘use’ your resources or ‘alter’ them. Let’s say that you give permission to your neighbour’s children to play in your garden. The children bring their own toys and simply use your garden as a playground. Unless they are mischievous brats, they’ll leave your garden and its lawn, flower-pots and trees alone. However, the maid is going to clean up the floor / carpet in your rooms and alter their state. The mason takes it a step further by ripping up the existing tiles and laying down new ones. Similarly, Candy Crush only needs to read your name from your profile and use your profile picture to show on its leader board. Instagram however is going to directly put photos into your Facebook timeline and albums every time you use the app to take pictures.
  4. Permissions are ‘scoped’ for every resource client. Your maid gets to walk on the floors in every room. She also gets to use the faucets in the bathroom to use the running water for cleaning. She gets access to the janitor’s supply room for the tools. However she cannot open the fridge and eat your special pastry. You have given her only those keys that enable her to unlock each room to swab their floors and to the rooms which hold the water and the supplies. The mason gets only the key to the living room. The children get the keys to the garden’s gate.
    Candy Crush only gets to read your name and profile picture. Instagram gets to read your name and profile picture, while also being allowed to post to your timeline and albums.

The OAuth flow at work

Let us get behind the scenes and see how the OAuth flow works. OAuth has three players.

  1. The resource owner is the person who owns a resource, e.g. You own your Facebook profile, albums, etc.
  2. The resource client is the person who wants access to one of the owner’s resources.
  3. The authentication server is responsible for checking if the resource owner is okay with handing out access to the client. If yes, then the server hands out a token (keys) to the client. The client uses this token in all further communication. The token can be called the keys to the resources.

Let us imagine that you have just opened a piece of software (either an app or a website) called XYZ (resource client) and it has an option to use your Twitter account for authentication and other features (resources) such as posting to your timeline. Here is how the OAuth flow works in this case.

002-twitter-authorize

  1. You choose to use your Twitter account for authentication in XYZ.
  2. XYZ approaches Twitter and requests it to speak to you regarding access to various parts of your profile. Namely it needs access to your read your profile name, handle and display picture and also to write to your timeline. In more precise words, XYZ approaches Twitter for permission to access a certain ‘scope’ in your Twitter profile.
  3. Armed with this information, Twitter’s permission system now approaches you to ask for those rights. This manifest itselfs in the form of a permission dialog that you generally see when apps and websites ask for your permission for certain rights in your Twitter, Google or Facebook accounts. If you happen to be signed out of your Twitter account at that moment, Twitter also asks you to first log in, before presenting the permissions dialog.
  4. Once you have approved, Twitter’s permission system returns a temporary entity called a ‘grant’ to XYZ. This is like a small receipt that Twitter hands to XYZ, stating that you have given permission for certain scope of usage. However, this is still not the key to your account.
  5. With the grant in possession, XYZ now approaches another big system in Twitter, named the authorisation server. XYZ gives the grant to the authorisation server, which quickly checks with the permission system to check if the grant is genuine.
  6. Once the authorisation server is pleased, it provides XYZ with a ‘token’, which is indeed the key to unlock your Twitter resources, that you have permitted XYZ to use.
  7. Whenever XYZ needs something from your Twitter account, it approaches Twitter along with the token. Twitter quickly verifies the authenticity of the token with its authorisation server and once satisfied, gives XYZ the resource, e.g. the handle, profile name, profile picture, etc.

Conclusion

OAuth seems very complicated to understand at first, but in reality is quite simple and has a lot of moving parts. In the end it all boils down to tokens to selectively access certain resources from a large pool, just like keys to various rooms / tools inside your house. By micro-managing authorisation, OAuth has made Internet a lot more possible to maintain your privacy among the crowd.

Analysing Analytics

You may have started your dream app, launched your much wanted app or set up your e-Commerce site. But once that is done, you will want to measure how well you site / app does. This is what analytics helps achieve. Analytics have now been around for a really long time, but of late they have grown really complicated and beginners are struggling to understand what to measure and what to make of all the gathered data.

Companies like Google, Flurry, Countly and several others have been investing millions to make their analytics as accurate and insightful as possible. In this post, I shall explain to you what you need to know about analytics in a nutshell and what are the basic measurements that are minimum necessities to know how well your website / app is doing. Continue reading “Analysing Analytics”

Staying secure in the crowded Internet: SSL

Imagine that you are standing in a rather long queue to buy a ticket for your train. It has been 10 minutes and the head count ahead of you shows no signs of reducing fast. A nice gentleman walks upto you and says that he is an agent sent out by the ticket counter to speed up the ticketing process for the people who are way back in the queue. If you could give him the fare, he would give you a ticket. One of the following two things can happen. You realise that this is a con-man and try to alert the authorities, but before anyone can do anything, the man has slipped away and melted into the crowd. Another possibility is that you give him the money and he suddenly makes a dash for it. What happens next is the same. You alerting the authorities, but the man melting into the crowd. Either way, before anything can be done by the authorities, the man is nowhere to be seen.

Continue reading “Staying secure in the crowded Internet: SSL”

Honey, I shrunk the data: an introduction to data compression

We all know the dilemma. We take our suitcase and pack for our upcoming trip. The suitcase looks huge when we start packing. But soon, we start filling it up. The suitcase suddenly looks full and crammed. There are still a few things that we would like to carry, but there seems to be no space. We need to do two things now: pack the existing things compactly so that they take up less space and creates more space for new additions, or take out some of the existing things which we can do without and create space for new additions. We face a similar dilemma in computing. We encounter low disk space or are stuck with low bandwidth and have huge files to transfer. How do we solve the problem? The answer is data compression. Continue reading “Honey, I shrunk the data: an introduction to data compression”

Computers and Images: Part 1

Throughout the Internet, we consume millions of images per day. Photos, cartoons, animations, icons, logos, infographics and diagrams to name a few. As the saying goes, pictures are worth a thousand words and that explains why the world is a big fan of images as a content. Photos capture moments & memories, logos build brands, cartoons entertain, infographics provide information in a rich way, icons and diagrams make it easier to understand the meaning and the impact of numbers in data. In this two-part series of articles, we look at how exactly a digital device stores and works with images in part 1 and we look at why there are so many different formats of images such as JPEG, PNG, SVG, GIF, TIFF and so on in part 2. Continue reading “Computers and Images: Part 1”

How Email works

Email is obviously the most common thing that you do on the Internet besides using your browser to read / post content on websites. Making it a snap to communicate 1-on-1 or in a group, Email has been around even before the existence of the World Wide Web or the browser based Internet that we see and love today. Companies and individuals have been using Email using software like Outlook well before the era of browser surfing. The union of browser and the Email using Webmail was what gave a huge boost to the adoption of Email by the average Internet user though and the first movers to the market in that regard were Hotmail and AOL. Google’s Gmail is now the most commonly used Email platform. I explained how browser based Internet works in a two part series (Part 1, Part 2). In this post, I will explain how Email works. Exactly what happens when you click the Send button and how does the Email find its way to the recipient?

Continue reading “How Email works”

Journey with the World Wide Web: Part 2

In part 1 of this series, we saw how a browser breaks down your requests, finds out which remote server to connect to, how a connection between the browser and server is established and how a browser uses HTTP instructions to request for a web page.

In this part, we shall see how the server prepares its response and returns it to the browser. We will also see how the browser interprets the response and renders the page on the screen.

We assume that the browser has already requested the server for a web page. The response from the server involves the following steps.

Step 1: The server tries to recognise the resource requested by the URL

As soon as the server gets the request from the browser, it starts looking for a valid resource represented by the URL, in our case /journey-with-the-world-wide-web-part-2. Depending on the configuration made in the server, the URL may point to one of several things. It may be a file residing on the disk of the server, it may be a record in a database, a program or a file loaded in memory and so on. If the server finds a valid resource at the end of the URL, then it continues further. Otherwise, you now know why you sometimes get the infamous 404 Not Found error. But what exactly is the number 404?

002-page-not-found-default 003-page-not-found-custom

A note on response codes

HTTP is a request-response based communication. The browser requests for something and the server obliges with a response. But the server has impeccable manners and always begins its response with a polite greeting, apology or offer for help! Let us use the analogy of a shop whenever we discuss the server’s response. Let us say that you walk into a bakery and ask the shopkeeper for a chocolate muffin. If the shopkeeper says, ‘Sorry you cannot get muffins right now.’, you know that you don’t stand a chance of getting any muffins from this shop. However, you may probe the shopkeeper further for which he / she may say that they are out of muffins, out of ingredients or have a broken oven. But once you have heard ‘sorry’, you know that you have to leave the shop without muffins. The reason may be something of not much interest to you. Similarly the web server always responds with a polite response code everytime it responds to a request. Based on the initial response, the browser may decide whether or not to press this communication further. A 404 is the equivalent of, ‘Sorry, but we do not have what you are asking for’. Some servers may go on to send a ‘Not Found’ page specific to that website, otherwise the browser can show its own.

Response code ranges

A response code of 200 is used to signal success. This is the equivalent of, “Here you go”, usually followed by a more meaningful response such as, “One chocolate muffin coming up”.

All the response codes in the range of 400 and 500 are reserved for errors or ‘Sorry, we can give you this because …’.

website redirection #2

Redirections

Let us also take some time to discuss the 300 range response codes. These are called ‘redirections’ and are used mainly for the following reasons.

  1. An old URL is not valid temporarily and the server wants to play traffic cop / diversion sign. E.g. “Sorry, this road is closed for carnival. Please take that diversion sir / ma’am. Please bear with us for today.”.
  2. An old URL is no longer valid and the server wants to intercept those going to that URL to direct them to the new location and then tell them that the old URL is no longer valid. E.g. “Sorry, but we shifted the dry fruits shelf to that aisle. Please remember that dry fruits will always be in that aisle from now on and not here”.
  3. An ISP uses redirects to land the user at the login page and have him / her sign up before using Internet further. E.g. “Excuse me, please come here and get your baggage scanned before proceeding further”.

Step 2: The server builds the response

Once the server is satisfied with the request and it has data ready to send back, there is a specific format in which the server should build the response. The format is called HTML or HyperText Markup Language. This is the format which is understood by browsers and instructs the browser how to layout content in a specific design. E.g. where the header goes, how many columns of text should be there, colour of text, images, tables, etc. Along with the response, the server also sends out some instructions, such as ‘the data I am sending you is 1000 bytes long, so please stop listening to me as soon as you receive that much and show the data to the user’. Other instructions it can send are, “This user’s profile image that I am sending you is valid for another 100 days or until I tell you that the image has changed. Until such a thing happens, please keep a copy of this image on your end and use it instead of downloading again and again.”

Step 3: The server sends out the data

The server sends out the data and it follows more or less the reverse of the same path that was used during the request phase. The system of routers help the response find the way back to the original browser.

Step 4: The browser renders the page to the screen

Finally, sometime after the browser has requested the page and waited, the response makes its way back and the browser is ready to use the response to show the user a nicely designed webpage. The browser has a built-in HTML parser using which it is able to understand HTML instructions to layout text, images, tables and columns. The results are out there for the user to see.

Conclusion

Over two blog posts, we have hopped on an insightful return-ticket journey between the browser and the web server to understand what goes on behind the scenes as a user looks for and gets to an informative webpage. Very much like a public transit system’s dedicated officers, the world wide web is kept running smooth by a system of network engineers, administrators, domain registrars, data storage scientist and programmers. Looking for information on the Internet has been made as easy as hopping onto a bus or a train, knowing fully well that the system will eventually get you where you want to be.

Journey with the World Wide Web: Part 1

Every day, we intuitively type addresses of websites into our browser and within seconds get a nicely informative and designed webpage as we learn more, achieve more and get better at our life with the power of the World Wide Web.

But what exactly happens between the time that you type an address into your browser and the browser showing you the contents of a webpage. Turns out that hundreds of machines work together with clockwork co-ordination to understand what you requested, bring back the relevant information and show it to you on a page. The World Wide Web is a complex ecosystem of machines of different types that run around the clock to ensure that the website that you love so much is available to you 24/7.

Let us hop on a journey that takes you from the moment you request the URL of this page (http://www.tech101.in/journey-with-the-world-wide-web-part-1 ) in your browser to the moment when this blog post shows up on your browser.

Continue reading “Journey with the World Wide Web: Part 1”

Getting Started with the Internet of Things: Enlightening the world one device at a time

Introduction to Internet of Things

As more and more devices are released in the market with the attempt at automating and improving our lives, one of the biggest buzzwords that has seized the world by storm is the Internet of Things or IoT for short. Continue reading “Getting Started with the Internet of Things: Enlightening the world one device at a time”