Anonymous Traffic Survey Cameras

Anonymous Traffic Survey Cameras

Manual Traffic Surveys

Many peo­ple in the UK may be famil­iar with see­ing groups of peo­ple, or some­times a parked vechi­cle, clear­ly dis­play­ing a sign say­ing ‘Traf­fic Sur­vey.’ These peo­ple are employed to keep a tal­ly of the num­ber of vehi­cles using a road, and the types of vehi­cles. This infor­ma­tion is impor­tant for plan­ning infra­struc­ture, help­ing more effi­cient pro­vi­sion of trans­port capac­i­ty for cars, trucks/lorries and buses.

Pressure Sensors

Pressure-sensitive Traffic Data Collection System (from www.surveymarketing.co.uk)
Pres­sure-sen­si­tive Traf­fic Data Col­lec­tion Sys­tem (from www.surveymarketing.co.uk)

Many will also have seen tem­po­rary pres­sure sen­sors across roads, linked to a data col­lec­tion box attached to a street lamp. This sys­tem also pro­vides use­ful data on the num­ber of vehi­cles using a road.

By using two pres­sure sen­sors, its pos­si­ble to fair­ly accu­rate­ly record the num­bers of vehi­cles pass­ing in two direc­tions. How­ev­er, there may be some inac­cu­ra­cies when vehi­cles pass simul­ta­ne­ous­ly or almost simul­ta­ne­ous­ly. A 15-minute time peri­od may have an inac­cu­ra­cy of 10% (http://www.windmill.co.uk/vehicle-sensing.html). For roads with more than two lanes, accu­ra­cy would be even less and the sys­tem prob­a­bly would­n’t be feasible.

Electronic Sensors

Piezoelectric Sensor Dug into Road
Piezo­elec­tric Sen­sor Dug into Road

There are also elec­tron­ic solu­tions dug into roads, which I’ve noticed on approach­es to traf­fic lights. These may be used to alter tim­ings of traf­fic lights depend­ing on traf­fic, and it seems they could also be used for traf­fic sur­vey data col­lec­tion. You may have noticed traf­fic lights chang­ing as you approach them, and a sys­tem like this may be detect­ing the mechan­i­cal ener­gy of your vehi­cle pass­ing over sen­sors. I expect there are also mag­net­ic ver­sions of these sen­sors, that sense the metal­lic body of a vehi­cle. Some­times motor­cy­cles in the US do not trig­ger these sys­tems at auto­mat­ed inter­sec­tions, caus­ing prob­lems, and some state laws allow­ing vehi­cles to pass if a sen­sor fails to detect a vehi­cle’s presence.

Video Surveys

Scout Pole­mount Traf­fic Sur­vey Camera

I’ve noticed what seems like a new tech­nol­o­gy recent­ly, with a video cam­era mount­ed on a street light, and a data col­lec­tion box attached to it. After research­ing it, these are video cam­eras that record con­ven­tion­al HD video for a peri­od of 3 to 7 days. The mod­el I saw in use also has advanced fea­tures like remote man­age­ment and event alerts sent via mobile cel­lu­lar net­works (LTE), allow­ing set­tings to be changed and noti­fi­ca­tions of prob­lems with­out hav­ing to trav­el back to where the unit is deployed.

Computer Vision (CV)

I expect com­put­er vision tech­niques (e.g. OpenCV) are lat­er used to analyse the num­bers and types of vehi­cles passing:

Anonymity and Privacy

I expect there are strict rules in place to pre­vent ANPR (Auto­mat­ic Num­ber Plate Recog­ni­tion) being used, as this may vio­late the pri­va­cy of dri­vers. How­ev­er, if there are not, I expect trav­el time sur­veys could be made by cal­cu­lat­ing how long a com­mute takes for indi­vid­ual dri­vers, and how they change over time. Per­haps if this was cal­cu­lat­ed anony­mous­ly, it would be a usable technique.

While there have been com­pa­nies that have mon­i­tored cell­phones with Blue­tooth and Wi-Fi ser­i­al num­bers, often the gen­er­al pub­lic have expressed con­cerns over pri­va­cy. An exam­ple hard­ware provider for this is http://www.libelium.com.

In con­clu­sion, I found it inter­est­ing to research what these cam­eras and oth­er equip­ment I see are used for, and expect it is an inter­est­ing field analysing queues of videos for traf­fic data.

Page Speed Load Time Optimizations

Page Speed Load Time Optimizations

Here are a few impor­tant ways to speed up page load­ing times, togeth­er with the improved record­ed times for com­par­i­son on a typ­i­cal Word­Press web site. While Word­Press is hard­ly an opti­mized web appli­ca­tion, it does ben­e­fit from the same speedup meth­ods as most web applications.

I used Google Chrome Devel­op­er Tools to time net­work trans­fers and page load times. There are var­i­ous web-based tools avail­able as well:

Initial speed — 1.412 sec (TTFB 0.12 sec)

This was the speed on a fresh install of a Word­Press web site on a small VPS run­ning Nginx and PHP-FPM.

Enabling GZip compression — 1.326 sec (TTFB 0.13 sec)

Using com­pres­sion on net­work trans­fers can great­ly reduce file sizes, espe­cial­ly for text-based files such as HTML, CSS and JavaScript. The CPU over­head on mod­ern servers is neg­li­gi­ble, and can be cached if required.

PHP Opcode cache — 1.299 sec (TTFB 0.124 sec)

PHP scripts are typ­i­cal­ly com­piled to byte­code on demand. By caching this com­pli­ca­tion with OPcache or APC, page load times and serv­er load can be sig­nif­i­cant­ly reduced. APC did include a fast key/value cache, which has now been replaced by APCu.

WordPress Cache — 0.733 sec (TTFB 0.122 sec)

There are many Word­Press cache plu­g­ins avail­able, which reduce the amount of PHP code that has to be run on every request. Some caches can gen­er­ate flat files, which are sig­nif­i­cant­ly faster, and can be used with Nginx.

Nginx FastCGI Cache — 0.731 sec (TTFB 0.119 sec)

Nginx is able to use a fast memory/disk cache to cache requests to PHP-FPM, fur­ther reduc­ing page load times and serv­er loads. This can be very ben­e­fi­cial on web sites with high load.

There are many oth­er ways to speed up page load times, includ­ing depen­den­cy con­cate­na­tion and mini­fi­ca­tion and image opti­miza­tion. It is also impor­tant to opti­mize client-side JavaScript to allow the user’s web brows­er to dis­play con­tent quickly.

AnyCast DNS

An ini­tial vis­it to a web site requires a DNS lookup. Tra­di­tion­al­ly DNS has no way to send requests to the geo­graph­i­cal­ly clos­est serv­er, but this is pos­si­ble with Any­Cast DNS. This fea­ture is avail­able on many providers includ­ing Ama­zon’s Route 53, Google’s Cloud Plat­form and Microsoft Azure. It func­tions by allow­ing mul­ti­ple servers dis­trib­uted through­out the world to have the same IP address.

By using Any­Cast DNS, I was able to reduce an ini­tial DNS request from 93 mil­lisec­onds to 18 mil­lisec­onds. Com­bined with hav­ing an opti­mized web serv­er geo­graph­i­cal­ly close, even an ini­tial vis­it to a web page can be dis­played instantaneously.

Before Any­castDNS
After Any­castDNS

Conclusion

Sub­tract­ing the round trip time to the serv­er of 0.116 sec­onds, these opti­miza­tions reduced the effec­tive Time To First Byte to 3 mil­lisec­onds. On a busy serv­er, these opti­miza­tions will make a sig­nif­i­cant dif­fer­ence to the capac­i­ty of the server.

 

SSL/HTTPS Mixed Content Warnings — How to Automatically Report Errors

SSL/HTTPS Mixed Content Warnings — How to Automatically Report Errors

The gen­er­al push to use SSL/HTTPS for every web site is improv­ing secu­ri­ty and pri­va­cy on the Inter­net. How­ev­er, every request a web site makes will need to be secure, or browsers can remove the ‘Secure’ indi­ca­tor, show a warn­ing sym­bol, and some­times pop up errors.

You can add a sim­ple head­er that will tell browsers to report back to your serv­er if any inse­cure requests are made. I com­bined this with a sim­ple PHP script that logs to the server’s error log.  This alerts me to sites I host and devel­op that have inse­cure con­tent, so I can fix them.

Step 1 — Add the Content Security Policy reporting header

add_header Content-Security-Policy-Report-Only "report-uri /csp-report-endpoint.php";

Step 2 — Add PHP Script

Add this sim­ple PHP script as csp-report-endpoint.php:

<?php
error_log(file_get_contents("php://input"));

Now, when a site attempts to load an inse­cure resource, you will get a mes­sage in your error log, and you can use this infor­ma­tion to fix your site.

Improving SSL/HTTPS Security to an A+

Improving SSL/HTTPS Security to an A+

These sim­ple steps can improve your Qualys SSL Report to an A+:

Step 1: Getting my initial report (B):

You can get a Qualys SSL Report on any site. My rat­ing start­ed as a B with a rea­son­ably good setup:

Step 2: Improving Ciphers List

SSL v2 is inse­cure, so it need­ed to be dis­abled, and SSLv3 also need­ed to be dis­abled as TLS 1.0 suf­fers a down­grade attack, allow­ing an attack­er to force SSLv3 dis­abling for­ward secre­cy. I updat­ed my nginx con­fig to use:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

I opt­ed to con­fig­ure this in the main nginx.conf file, rather than each domain, as I saw now rea­son I would make indi­vid­ual changes on a domain basis.

I also enabled ssl_prefer_server_ciphers and ssl_session_cache:

ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

And used this cipher suite which main­tains max­i­mum back­wards com­pat­i­bil­i­ty. Although I’m using SNI which isn’t sup­port­ed by IE6, I pre­fer my sites to be as back­wards com­pat­i­ble as possible.

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

I also added these lines:

ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:10m;

I retest­ed the site, and improved to an A rating:

Step 3: Deffie Hellman Ephemeral Parameters

Diffie-Hell­man ensures that pre-mas­ter keys can­not be inter­cept­ed by Man In The Mid­dle attacks, and it is easy to enable in Nginx.

First gen­er­ate a stronger DHE para­me­ter… be pre­pared to wait around 15 min­utes for OpenSSL to gen­er­ate this certificate:

cd /etc/ssl/certs
openssl dhparam -out dhparam.pem 4096

Then con­fig­ure Nginx to use it:

ssl_dhparam /etc/ssl/certs/dhparam.pem;

On retest­ing, I achieved the A+ grade!

Step 4: Add a DNS CAA record

The Cer­ti­fi­ca­tion Author­i­ty Autho­riza­tion (CAA) DNS record allows you to use your DNS records as a mech­a­nism to whitelist cer­tifi­cate author­i­ties that are allowed to issue cer­tifi­cates for their hostnames.

To imple­ment this, I had to change from Ama­zon AWS Route 53, to Google Cloud DNS, as AWS shame­ful­ly does­n’t pro­vide CAA report.

I use Let’s Encrypt, and added this DNS record:

0 issue "letsencrypt.org"

Cur­rent­ly this is option­al, but it will be manda­to­ry from Sep­tem­ber 2017.

Step 5: Add HTTP Strict Transport Security (HSTS) Header

A head­er can be sent from your serv­er which will inform browsers to only make HTTPS requests. Browsers will no longer make HTTP requests until the head­er expires. This has two main ben­e­fits: a spoofed site with­out your SSL cer­tifi­cate will not be effec­tive, and sub­se­quent vis­its to your site will go straight to your HTTPS ver­sion with­out a redi­rect, mak­ing page load­ing faster.

Be sure to use a low expiry time while devel­op­ing your site, as once a brows­er caches the head­er, it is not pos­si­ble to clear it. Once you’ve sent this head­er, expect your site to be HTTPS in the long term, with no going back.

add_header Strict-Transport-Security "max-age=31536000; preload" always;

For devel­op­ment, use this short­er time:

add_header Strict-Transport-Security "max-age=360;" always;

There is a push to have browsers have a pre­loaded list of HTTPS/HSTS enabled sites, but the strict require­ments for sub­mis­sion require sev­er­al sub-domain redi­rects, which in my opin­ion would reduce over­all per­for­mance. I don’t see the harm in still send­ing the ‘pre­load’ parameter.

 

Further reading:

BioCity’s Discovery Building with Corona display — 360 Video and Photographs

BioCity’s Discovery Building with Corona display — 360 Video and Photographs

BioC­i­ty’s new Dis­cov­ery build­ing was unveiled a few days ago, with a unique solar instal­la­tion, titled Coro­na, designed by Not­ting­ham artist Wolf­gang But­tress in part­ner­ship with Not­ting­ham Trent Uni­ver­si­ty physi­cist Dr Mar­tin Benc­sik. Fibre-optic lights and alu­minum tubes use real-time solar data from NASA, cre­at­ing a light dis­play which is always unique.

My 360 video with spa­tial audio (uses a dif­fer­ent mix of sur­round sound micro­phones as you spin your vir­tu­al head to sim­u­late reality):

360 still images with audio:

360 Image of BioCity Discovery Building

360 Image of BioCity Discovery Building