An Open Standard for Large Event COVID Passports?

The POX Algorithm RFC. How to show an auth token when you have privacy but no booking or other door duty. The phone occluded xenomorph algorithm. A complex cypher to protect data at all points in transmission. What really gets shown is an event-specific checksum verify on some encrypted data with can be further queried by a provider (such as the NHS) to obtain validity and scope for event purpose on a statistical check basis to reduce server traffic load and focus on hot areas.

At 2953 bytes of data capacity in a QR barcode (23624 bits) there is enough scope for a double signature and some relevant data in escrow for falsification auditing. The following data layers are relevant with keys in between.

  • Verify credential entry VCE (the blind of public record customs inquiries)
    • validity decrypt key (event private key part) VDK QR
  • Door event transit DET (the over the shoulder mutable) QR
    • event encrypt key (event public key) EEK QR
  • Phone independent ephemeral PIE (the for me check)
  • A public blockchain signed hashed issue SHI (the public record) QR
    • authority signature keys (the body responsible for a trace of falsifications)
    • hashed phone number key (symmetric cypher)
    • record blind key (when combined with the event private key part makes the effective private key. Kept secret from the event)
    • confidentiality key (database to publication network security layer)
  • Actual data record ADR (the medical facts)

Various keys are required but covering the QR codes needed is perhaps better.

  • The manager VDK QR (given to the door manager)
  • The issue SHI QR (given by the provider)
  • The event EEK QR (posted online or outside the event)
  • The entry DET QR (made for the bouncer to scan)

At the point of issue, there may be a required pseudo-event to check that all is working well. The audit provider or provider (such as the NHS) has enough data on a valid VCE to call the user and the event in a conference call. Does the credential holder answer to speak to an echoing bouncer? Does the provider send a text?

Node.js Destroys Raspbian Desktop

So the attempt to install node.js from the repository (version 13), just goes mental and wants to destroy the Raspbian desktop. Very useless. So I’ve demoted to a Mint 18.1, and I am in the process of building the system up with a windows 10 VirtualBox and some tools I will be needing.

I think I’ll even have to make a test bed system for software I don’t trust enough. Apart from some long standing tools which work, I like trying some other ones. I wonder if I can get some development tools to build windows binaries on Linux? There is the fabulous MinGW (which may be useful for some fast C building without needing all the Visual Studio weight and hence bloat), but what else is available?

So far I’ve put VSCode (good for a Microsoft initiative), Visual Studio Community Edition (also quite good on the windows in virtual), FPC/Lazarus (a good generic compiler) and IntelliJ (a nice Android/Java tool with some good Flutter and dart). This should be enough to get on with some of the things I was getting on with before the Windows hypervisor issue. It reminds me of that time virtual box had to disable the microsoft virtual hypervisor, and I think they have been fighting since.

This is no excuse for not testing such a popular product with the windows core system. I don’t think the use of the disk clean up wizard to gain the space could have been involved, with more options selected, not this far down the windows time line. The only other options are few, and include a botchy “security services” spyware which has no good intent and isn’t that secret, or the fabulous industrial espionage giggle, with the laugh a minute goal of finding out something juicy.

Current Contracts

My current contract is interesting work, and only spoiled by the accounting trend of pay everybody as late as possible. It looks as though I’ll up my rates to account and manage invoice factorization. It does no good to act as a credit source to a company which has limited status, and yet either has the resources to pay in time, or is miserly in the period before receivership. Either way such companies are not my friend, and no good to be associated with. Credit control …

Well a bit delayed, but payments are arriving, and I’m investing in some electronic product design.

Tax in a Technological Economy

I decided to produce this free work covering a subject certain to almost all, as the saying goes death and taxes. As director of this company I have to hold an opinion on such things, be sure the government does. I thought it best to open the internal decision stream to customers and subcontractors and the wider public, so that such issues such as am I buying services from the latest tax haven, or is there and extra 20% effective going to the cause of central. So this company will pay all taxes due, and perform no self manufactured tax breaks by diverting funds into holding companies with surprisingly opaque financials. As to the issuance of dividend, it’s only an issue of the differential between personal income tax and corporation tax. Hence if one is higher or lower, the government intent is to suggest that (well depending on it being a break or a punitive), one or another should be done. To comply with this differential all profit be either corporation tax or full issue to dividend the same effective amount, to the effect of fulfilling the intentional supra directive of governance. As a maximal to government policy can have no detriment beyond the sense of the government option to issue rebate, a matter of two sums and a max holds the basis for the return. This will be issued into the record as a short form expression of this intent is formed.

The arguments against this are not relevant for small companies, but are interesting to me. The financial weight of a company in a sense votes on the validity of government policy, and also via the central limit theorem can, but not always does add some stability to the bumps of government policy input at very specific points such as the budget. Weather this share based meta vote is valid in ideal is not the point. It is fact. In a way, I felt the need to inject situation as with a very large company implementation of a maximal extreme policy would lead to potential PLC stock instability, and more critical divergence and resulting accountability of government policy.

In the days where director’s bread runs thin, the prices really could be justified to be higher, but in the situation of capital demand, the lower but liveable introductory offer is the sale, sale, sale of it all. The capital buffer of a large company will always outperform in a sale negative cost battle. The only option in such a situation is quality contract delivery at a reasonable cost. This is innately a consequence of pay by the hour systems. All known good clients know this. Optimization efficiency, and automation are exemplified by the phone in your pocket. Robots, robots, robots. Some estimates place 20% redundancy through automation in lifetime as conservative. The effective replacement of pay by the hour occupational replacement is yet not an automated provider. Robot living allowance is not a joke, Although darkly funny.

As a digital business, with surprisingly analog books, many computer based Americanisms and longer term goals of electrical production, KRT has to be aware of future customers, and not just marketing for now. Holding of risk based on past operational equipment when the economic model is to design and sell services for the future deficit load, and not a present credit bubble, is the game of the future. At present KRT has on occasion used contractors, as employee costs are difficult to justify. Not the work risk, but the contract risk. Continuous jobs, even technology based ones, need a steady supply of work contracts coming in. The larger the contract the more unstable it is to renegotiation, and need of a cash buffer. Contractors are much easier. They are on in effect though zero hour contracts as the lingo goes, although this is more like at least some hours but no repeat business guarantee. This then leads on to the obvious development of customer service, to achieve a conversion and repeat business rate. At KRT, the model is for quality contract service. This does not involve a cold call sales pitch, as I receive enough of those already. They are good for occupying the time of those who do not need the service, with an occasional contract win. Delivering services to people who are in need of the service, without harassment for further business, is part of the service. Good customers will always know where to look again, and are good at recommendation. The most effective strategy then from the KRT point of view is the development of R&D rigs and insight concept projects. Interesting technology becomes worth looking in on.

The updates will continue where relevant.

The Inquiry Forms Emailing Now Works

Just set up sendmail on the server using these instructions. Now it’s possible to send inquiries. There will also be other forms as and when relevant. The configuration had an extra step of using a cloud file which behaves as a master for, but this was no big deal. It all took less than ten minutes. A minor complexity is now to forward the response email to somewhere useful to tie up that loose end for later.