A Better Title

Singapore bloggers: Go find yourself. I can’t seem to find myself though.

[via lancerlord, in response to Straits Times’s The Great ST People Search]

bcc

“There are only 10 types of people in the world: Those who understand binary, and those who don’t”
- From a a T-shirt in ThinkGeek

bcc

Spotted in Andamo’s blog.

Jolly good, wot! Anyone for tennis? That’ll be ten ponies, guv. You’re the epitome of everything that is english. Yey Hoist that Union Jack!
How British are you?
this quiz was made by alanna

bcc

The Hitchhiker’s Guide to the Galaxy had an entry on Earth. The entry said: Mostly harmless.

I have doubts that The Hitchhiker’s Guide to the Galaxy would have any entries on this little island country on the planet Earth that its inhabitants call Singapore. If I were the editor, and I was required to write an entry as concise as the one on the planet, I would have written three words: Hot and humid.

Given a couple more room to elaborate, I would also add that air-conditioning in this nation is not cheap.

It is for these reasons that the residents of the country would appreciate this home-made air-conditioner which a student at the University of Waterloo has invented.

For less than CAD 25 (~ SGD 34) the student has made a device powerful enough to cool down a house to a comfortable level in 15-20 minutes.

I suspect that you’ll need more time to cool down a house in Singapore, but it does seem to be better than nothing.

bcc

It is an important and popular fact that I’m a bit biased against Microsoft.

Okay, so it’s not as important and not so popular. But this entry has nothing to do with the importance, nor the popularity of my bias.

After reading this ZDNet Asia article, I was appalled to learn that Microsoft won’t be giving IE a patch to cover the dialog origin vulnerability I mentioned a couple of days ago, instead saying that it is a feature, not a vulnerability and that “[t]his is an example of how current standard Web browser functionality could be used in phishing attempts”.

Standard functionality or not, it is still an attempt for phishing confidential information.

To say that it’s-a-standard-functionality-so-it-doesn’t-need-a-patch is like saying that because metal fork-and-knife set is standard cutlery, there is no need to change it to plastic ones in a commercial airplane, even though it is known that the metal set can be used in a hijacking attempt.

After all, metal cutlery is a feature, not a vulnerability and this is just an example of how current standard cutlery could be used in hijacking attempts.

Right?

Wrong.

Standard cutlery or not, they can still be used for hijacking, and that is, in fact, still a vulnerability to address.

Even when metal cutlery and sharp household items are finally allowed on board again as of April this year (at least on UK-based airlines) it is only because these airlines have upgraded the security of the airplanes, such as using “sealed cockpits, closed-circuit TV cameras and sky marshals” (source: The Sun Daily). In a way, these airlines have ‘patched’ their vulnerability before allowing such items on board again.

To Microsoft’s credit, it is mentioned in its security advisory that “[c]ustomers who already follow our general guidance about avoiding spoofing and phishing attacks are at reduced risk of being affected by this issue.”

Unfortunately, not everyone follows Microsoft’s “general guidance” (those who do, please put your hands up) and the least that Microsoft can do for these people is to update their softwares automatically. At least the number of people who do Automatic Updates are, hopefully, more than those who bother to read security guidelines.

Okay, so I’m biased against Microsoft.

But think about it. And let me know what you think of the issue.

bcc

It is an important and popular fact that at times, there are songs which, through some sort of chemical reactions of close-to-infinite improbability in the brain, get stuck in one’s mind. It is quite possible that these songs are of importance to the person because it reminds the person of something special. Or, it could be simply that the person finds the song catchy or nice.

When this happens to me, I usually have these songs played on repeat mode in Winamp (or Rhythmbox or whatever multimedia player I happen to have open at the time). This typically lasts for about a week, before the songs are ultimately downgraded and soon forgotten in the legion of the typical songs.

I have an obsession in two songs currently: Counting Crows’s Accidentally In Love, and Bed & Breakfast’s If You Were Mine.

I found that myself found that the two songs are catchy or nice, because unlike Bulldog Mansion’s Happy Birthday To Me which got stuck during the weeks following my birthday, or Anthony Way’s For The Beauty of the Earth, which remained in my mind for a couple of days after one incident which I shall not disclose here, I am not accidentally in love, and neither am I currently wishing anyone were mine.

bcc

PS: It is also an important and popular fact that it is often difficult to duplicate another person’s style of writing. A good example of this can readily be seen in this entry, in which I try to duplicate Douglas Adam’s style of writing in The Hitchhiker’s Guide to the Galaxy, with kind of unsatisfactory result. The Hitchhiker’s Guide to the Galaxy itself is a trilogy of five books of insane randomness and utter nonsense, which, through some sort of chemical reactions of close-to-infinite improbability in the brain, actually has this uncanny ability to captivate the readers.

It sticks out pretty badly among the other grades that I’ve received thus far in university.

But the bottom line is…

I PASSED EE0062 FINANCIAL & MANAGEMENT ACCOUNTING!!!

Mwahahahahaha…

bcc

Two interesting technology articles caught my eyes in today’s issue of ZDNet Asia magazine.

The first article is about a security advisory by Secunia. In the advisory, Secunia warns about the possibility of malicious sites redirecting users to a trusted site, and then waiting a couple of seconds (presumably to wait for the said trusted site to load) before showing a Javascript prompt for users to fill.

As most likely at this time the user has the trusted site on his browser window, it might appear to him that the said trusted site is the one generating the pop up. Note that I said appear, because in fact that prompt is from the malicious site I mentioned above.

A scenario to this is having this blog you’re reading (note that I said this is a scenario; I don’t want to trick people into doing it anyway). Imagine that you’re following a seemingly innocent link like this. What you see is the log-in page of DBS Internet Banking. Out of a sudden, there’s a pop up asking you to type out your Internet Banking PIN. (I said imagine! Stop staring blankly at the screen waiting for the pop-up!) You might think that this pop-up window actually originates from DBS. In fact, after clicking OK, the PIN you have just entered is sent back to me!

I feel that this is a smart move by the phishers (phishing is a term for spoofing a legitimate site, usually to get an innocent user’s log-in ID and password). Imagine what someone with no sense of his own security on the world wide web would do when prompted with such a prompt.

So now that you’ve found out about it, you have no excuse when facing this situation, ok?
By the way, Secunia has this nice illustration on its advisory page, which I shall reproduce here.

I’m even more interested in the second article. After reading the article, I can sort of feel the arrogance of Microsoft.

In the world of email, there’s this thing called Sender ID, a technology originally developed by Microsoft which basically says “oh, the sender of this email is really this so-and-so guy and not anyone else”. The concept is supposedly good, because it filters most spoofed spam messages (those spam emails that claims that it was sent by, for example, DBS when the actual sender is some unknown company trying to sell their products by riding on DBS’s name).

Here’s the catch: Most email service providers, especially the smaller ones, don’t support Sender ID, in the sense that they don’t automatically attach the Sender ID in messages sent from these providers.

Moreover, Sender ID has some other flaws. For example, mail forwarding services will render Sender ID unusable because the Sender ID will then be from this mail forwarding service instead of the original sender as the email says.

In fact, the technology was not popular such that the Internet Engineering Task Force (IETF), a body setting standards for the Internet, last year decided to scrap a special group made to develop Sender ID.

Guess what Microsoft did with its Hotmail service.

It goes on with implementing Sender ID verification for incoming emails.

So starting this November, Hotmail will ask every single email “Is your Sender ID valid? If it’s not valid or if it doesn’t exist, go to the Junk Mail folder”.

It’s basically threatening every single email provider in the world to comply with their standards, or risk getting emails they send to Hotmail put into the Junk Mail folder.

Remember what I said 7 paragraphs ago?

That’s right, most email service providers, especially the smaller ones, don’t support Sender ID.

So if Microsoft insists on implementing this, and you happen to use one of these smaller email service providers, and you try to send an email to your friend, who happens to have a Hotmail account, your email will be dumped into the Junk Mail folder!

If even the IETF scraps the idea, I don’t think Microsoft has the right to force the entire email community into this implementation of Sender ID.

Instead, as I said, that’s what I call arrogance.

bcc

I received an invitation to SMS.ac a while ago, allegedly sent by a friend of mine. I ignored it, knowing that I wouldn’t make much use of the ‘free SMS service’ anyway. I gladly configured POPFile, my anti-spam program to redirect any emails from SMS.ac directly to the Junk Mail folder.

Then there was a second invitation. It was promptly dumped into the Junk Mail folder.

And then there was the third. The Junk Mail folder was its resting place.

When finally the same friend asked me personally on MSN to join SMS.ac, I finally relented.

I started the sign up process.

But when the registration page asked me to invite other friends, I refused to, even when the process was supposedly very easy–I simply had to give them my MSN address and password. Anyway, I would never give any of my online data and its password to anyone or in any form on the world wide web.

I’m glad I did.

As Inoki pointed out in the IndoSingBlogger Yahoo! Group, there was a blog entry by Russell Beattie saying that SMS.ac is, in fact, a scam service. After signing up, SMS.ac sent spam to his mobile for days, and even charged $25 for these spam.

Then following a link on the article, I found that Joi Ito also had a problem with SMS.ac. After giving his MSN IM information, SMS.ac automatically sent spam to his friends–even though Joi in the end did not complete the registration process for himself.

Unregistering and deleting your data seem to be a pain too, and even when you’ve done so, SMS.ac will keep on using your credentials to mail your friends inviting them to join the free service.

Even until now, I still receive emails from SMS.ac–all safely received in the Junk Mail folder.

So, please be careful the next time someone asked you to join SMS.ac. If you really have to try it out, create a disposable email account (Jetable.org seems like a good choice) and use fake credentials. Never give SMS.ac any of your friends’ details for their sake.

bcc

From a comment on Joi Ito’s entry:

Fortunately for me, i’m one who is inclined to suspect ‘free’ services… they usually have some caveats somewhere… and a friend warned me about SMS spams that she has received and mysterious calls that always ring and cut off. something that has never happened before, until after she subscribed to this service.

I am worth $1,975,788 on HumanForSale.com

bcc