Misc on keithrozario.com

Agents productivity vs. Quality

Mon, 12 Jan 2026 14:14:37 +0000

This year, I managed to complete the entire problem set of advent of code. Last year, I could only complete 43 out of 50 problems. So there was ... progress!

If you're unfamiliar, Advent of Code is a series of daily coding challenges released during the season of advent (the period just before Christmas). I encourage you to try these challenges for yourself. None of them are easy (at least to me), but all of them solvable with enough elbow grease and time.

The METR Study

Sun, 07 Dec 2025 15:55:36 +0000

The METR study is wild!

It's methodoloty is unlike any other. While previous studies went 'wide', the METR study went 'deep', focusing on 16 developers (instead of hundreds or thousands), but deeply analyzing the effect on AI on those 16 developers in a way 'wide' studies could not.

METR first identified 16 developers who were maintaining high quality open source repositories. These repositories had an average of 22k stars on Github, and ~1 million lines of code. 22k stars is probably 6-7 standard deviations above average on Github. To put a football perspective, these developers were maintaining the football equivalent of Real Madrid, while your average Enterprise app code base is Toa Payoh FC or Scunthorpe United.

Software 3.0

Mon, 11 Aug 2025 09:31:48 +0000

If you have 3 apples, you take away 2, how many apples do you have?

1 of course!

But then again, you took away 2, so therefore you should have 2. The question is ambiguous depends on how you interpret the words 'have' and 'take-away'.

Compare that to something like this:

Saying No.

Sun, 10 Aug 2025 10:34:12 +0000

I was "inspired"by this post.

In it, Philip Su, an E9 (Distinguished Engineer) from Facebook explains how he progressed in his career, which includes an impressive stint at Microsoft that saw him promoted every year for 8 years straight.

If you have that kind of accelerant so early in your career -- you're bound to be "Successful", or at least air-quotes successful.

Distinguished engineers at a FAANG company (Facebook, Amazon, Netflix, Google..etc) are the highest technical individual contributors in companies that value (and pay) their technical folks LOTS of money. There are fewer Distinguished Engineers at FAANGs than there are NBA players, that level of elite requires immense dedication.

I'm not as "successful" as Philip. I started my career as a Business Analyst in Shell, I was promoted (sort-of) twice in my 9 years there, then bounced around a bit, and joined Amazon as a L6. I left 4 years later at the very same level, promoted a grand total of ZERO times. Now I'm a partner engineer at Google -- a peon in the giant machinery that is Google Cloud. So I've worked at FAANG companies, but at more ground-level stuff, than in the stratosphere that Philip operating in.

But, I'm happy where I am, and pretty happy with my journey so far.

Good, fast, or Cheap?

Wed, 23 Jul 2025 12:59:06 +0000

In Software delivery there's a famous saying: Good, Fast, or Cheap -- pick 2.

There's always trade-offs.

Fast and cheap can be measured easily. How much money and how much time are very simple questions to answer. You might think it's expensive, or slow -- but the objective hours and dollars are easy measurements.

It's not the same for 'Good' though. How do you measure 'Good'?

What Challenge 13 taught me about LLMs.

Sun, 02 Mar 2025 17:32:37 +0000

While doing programming challenges in Advent of Code, I came across an interesting behavior of LLMs in coding assistants and decided to write about it to clear my thoughts.

First some background.

Advent of Code is a series of daily coding challenges released during the season of advent (the period just before Christmas). Each challenge has 2 parts, and you must solve part 1 before the part 2 is revealed. Part 2 is harder than Part 1, and usually requires re-writes to solve. Sometimes quite extensive rewrites, and others they are small incremental steps.

If you haven't done these challenges before, I encourage you to try. None of them are easy (at least to me), but all of them solvable with enough elbow grease and time.

That said, the challenges are still contrived. Firstly, the questions are much better written that what you'd see in a Jira ticket or requirements document,. They include a detailed description of what must be done, and sample inputs and outputs you can test. Secondly, the challenges extend beyond what most coders do on a daily basis, one challenge required writing a small program to 'defrag' a disk, another required building a tiny assembler that ran it's own program, and multiple questions involved you navigating a 2D maze with obstacles along the way. All fun things you will probably not do as a programmer in the real world.

I took on the challenges, both to improve my coding skills, and to learn how I could use coding assistants like in these close to real-world scenarios. The hope was I would gain some insight into how I could use these tools more effectively should I need to do something more than solving contrived programming challenges before Christmas.

OK. Background complete.

Let's move onto the challenge that changed the way I would look at LLMs forever.

Overcoming Setbacks = Progress

Sat, 04 Jan 2025 10:57:20 +0000

We've all seen the "tiny gains post". How if you get one percent better each day for one year, you’ll end up thirty-seven times better by the time you’re done."

Well......

First of all, 1% isn't 'tiny'. I know a few bankers who'd sacrifice their first born for a daily increment of 1% on their portfolio. After all, how many bankers do you know have a 37x return on anything over a year.

Secondly, getting 1% better everyday is not possible. Just getting better everyday is not possible.

If you train in cycling, improving your speed by 7% every week is a ridiculously impossible goal. In cycling we measure power output, so if you improve 1% everyday, no matter where you start from -- you'll be out-sprinting Mark Cavendish within a year.

So forget 1% everyday.

1% sounds small -- but doing it everyday puts is a fairy-tale. That said.... the idea that making small consistent gains instead of large but inconsistent improvements is a good idea.

The Tyranny of Best Practice

Mon, 12 Aug 2024 14:00:45 +0000

All architects know what's best practice, but only good architects know when to use them.

I've been in plenty conversations where someone goes "we should do X because it's best practice" -- and act that the discussion ended.

Best practice is what works for most people, most of the time. It isn't something that works for everyone all of the time -- otherwise we would mandate it across the board and architects would be out of their jobs.

Remembering Sayakenahack

Fri, 10 Nov 2023 13:37:59 +0000

It's been 6 years now since the big sayakenahack debacle. I won't go into details on what happened, but ... I thought it'd be nice to take a stroll down memory lane with some pictures :)

Investigating MYSPPL.com using OSINT

Tue, 08 Mar 2022 13:26:26 +0000

On September 2021, malaysiakini reported on a website called mysppl, that was selling personal data online. The site used previous breached data on Malaysians, and was selling it to anyone with a credit card (or Grabpay account).

Note to aspiring criminals.. the last thing you want when doing something illegal like selling personal data ,is to tie that back to Bank Account by accepting payments. But I guess, anything goes these days.

Anyway...

I decided to see whether I could use generic Open Source Intelligence (OSINT) techniques to try to find out who is behind the site, and this post is about my journey through that process.

Let's go...

Drifting vs. Deliberately improving

Sun, 07 Nov 2021 17:28:07 +0000

`I've been playing guitar for over 25 years -- but I still suck at it.

I spent my first ever bonus I got (~RM2,000) on a brand new Norman Guitar, and now I'm the proud owner of multiple expensive guitars and amps ... but all that expensive gear hasn't improved my playing one iota. Even though I used religiously change my guitar strings every month.

Sign you Git Commits to Github with A Yubikey

Fri, 08 Oct 2021 21:34:22 +0000

I found a few tutorials online to do this, but they're old and don't 100% work. So here's some quick steps on how you might sign your git commits with GPG keys stored on your Yubikey.

Since I'm a mac user, these steps are specifically for macOS, for Windows check out Scott Hanselman's great post here.

Ivermectin

Wed, 25 Aug 2021 09:10:28 +0000

So you think Ivermectin works.

You studied the data, you've read all the medical studies you could find, you've seen hours of YouTube videos where doctors swear by the drug, and you've even spent days (or weeks) researching on your on. Finally you conclude, that the data suggest Ivermectin is an effective treatment against COVID-19.

Missing .SO files in Lambda functions

Mon, 09 Aug 2021 11:14:28 +0000

Most of the time, adding a python package to a Lambda function is a simple task. You pip install to a directory, and then copy that directory to the function either directly or through a lambda layer.

But sometimes, there's extra work required.

Packages like opencv install additional files on your system that aren't available in the same directory you pip installed into. When you pip install opencv-python-headless, additional .so files are downloaded to special directories in your environment to provide the openCV functionality.

Learning VIM over a Weekend

Sun, 06 Jun 2021 18:18:59 +0000

This weekend, I decided to learn me some Vim.

According to it's website, "Vim is a highly configurable text editor built to make creating and changing any kind of text very efficient" -- to be honest, I only used vim when forced to from the command line, I wasn't sure why anyone would choose to do 'serious' editing in Vim.

The Future of work

Sun, 02 May 2021 21:45:47 +0000

As a father of 2 young children, I worry about how to prepare my children for the future of work. What will their careers look like? And am I preparing them the right way?

Amid the Pandemic, I look at hard-hit industries and imagine how different my career would be, had I been in one of those industries. Like being a pilot, at age 40, with years of experience -- living the high life in 2019, and looking desperately for a job in 2021.

Lucking out on life

Sun, 11 Apr 2021 18:35:06 +0000

Luck Out: (colloquial, idiomatic, US, Canada) To experience great luck; to be extremely fortunate or lucky.
https://en.wiktionary.org/wiki/luck_out

My life has been series of lucky breaks, a collection of events where I've 'failed upwards', and while my career isn't wildly successful, I'm smart enough to know and humble enough to realize the comforts I have are a distant hope for billions(!) of others on the planet.

The very Last time

Fri, 01 Jan 2021 17:39:19 +0000

I've been experimenting with meditation over the last few months, and I think it's great. Next to having a disciplined 8 hours of sleep everyday, I think meditation is the best thing you can do for your personal mental health.

I first started by reading headspace, and trying out his 10-minute meditation technique, but now I'm on the WakingUp app, which again starts a pretty reasonable 10 minutes per day. I'm by no means a guru, but just like exercise, 10 minutes a day beat 0 minutes a day -- by a lot!

MySejahtera privacy concerns

Sun, 06 Dec 2020 17:35:16 +0000

Last week, a friend sent me a video of viral video by 'Fat Bidin', highlighting privacy concerns of the MySejahtera app. The same author (a.k.a Zan Azlee) also wrote a comment piece in Malaysiakini explaining his concerns over the Government's contact tracing application.

Specifically, he was concerned that MySejahtera had a "slew of different capabilities that is very much of a concern, such as:"

Time vs. YouTube

Tue, 03 Nov 2020 08:08:40 +0000

I asked Emily, my 7 year old daughter, why she loved YouTube so much. Specifically, why she loved **watching** others play Roblox over actually **playing** Roblox herself?

It's a strange, but common thing among children her age, as my nephews and nieces do the same for other games.

No surprises then, that Google announced record profits yesterday, with YouTube alone bringing in more than $5 billion in advertising for the first time, gaining 32% over the same period last year.

Spreadsheets

Fri, 30 Oct 2020 07:02:00 +0000

Spreadsheets are the bedrock of the modern enterprise, they're ubiquitous, from small family business' to large multi-nationals, and you'd be surprised by the number of critical activities that run off them.

Pound-for-pound, Microsoft excel is the most valuable piece of software on the planet.

But are really that good?

The answer depends on what you mean by 'good'?

Stopping my Addiction

Sat, 17 Oct 2020 12:38:44 +0000

Hi, I'm Keith, and I'm a social media addict.

I know, because I've seen this before.

When I was around 8 years old, my father was a smoker, and I'd regularly see him leave family meals early to have a quick smoke, leaving us to finish our lunch or dinner without him. It was just something smokers did.

Today, I'm not physically leaving the table like my father, but my mind is just as disconnected, as my attention moves from eating to being fixated on my iPhone.

At least my father would finish his meal before he did his smoking routine, I typically pick up my phone mid-way through, and stay on it right to the end of dinner. Sometimes gobbling down unknown quantities of food while my eyes remained glued to some insufferable post on social media.

I could be talking to my wife, or asking my daughter how her day at school was. Instead I'm mindlessly scrolling the feeds and timelines hoping for something to catch my attention, while the two most important people in my life, remain neglected -- while they're right in front of me!

Clearly something was wrong.

I noticed this on airplanes too, at the end of a long flight, Smokers would make a bee-line for the smoking area to satisfy their craving. But phone-addicts immediately light up the cabin with the glow of their screens, the moment the pilot announces "you may now switch on your electronic devices".

At least smokers were denied their addiction for the entire duration of their flight, usually hours -- phone addicts (like me) had only to endure the 20 minutes of landing.

I saw this in myself a few months ago, late one night, I had binged on all my social media, YouTube, Reddit, Twitter, Facebook, and after completely exhausting all possible posts on all platforms, I'd cycle through them again, and again and again!

I should have been sleeping, it was late -- very late! I knew I should be dozing off, but instead my phone was firmly in my hand, with my finger scrolling through every last nook and cranny.

I was craving something (what exactly I didn't know). I knew there was nothing interesting left (I'd checked, multiple times!) -- but I was still scrolling, and scrolling...hoping for something interesting to magically pop into the feed. This activity gave me no joy, but I was doing it anyway.

I was addicted -- social media was my slot machine -- and though I was losing, I couldn't help but want to play more.

All hallmarks of addiction.

The Myth of the anti-social developer

Sun, 11 Oct 2020 12:03:41 +0000

What is the myth

There's a belief that people in IT, specifically software developers are generally anti-social, introverted, desk-loving curmudgeons who act like Sheldon from the Big Bang Theory.

What's more frustrating, is that this belief is prevalent even among those working in technology -- that somehow great coders are silent geniuses who shun people, while coding in a dark office corner wearing over-sized headphones playing death metal music. This is not just a myth, it's the anti-truth of what actually happens. The best developers (just like any other profession) are always people focused.

The Drudgery of Servers

Sat, 08 Aug 2020 12:13:56 +0000

As much as I love Serverless architectures, I find myself 'locked-in' to a server-ed WordPress blog. It's a mixture of too much legacy content to migrate, lack of easy migration tools, and just the fact that WordPress for all it's faults --- just works!

So rather than spend countless hours trying to migrate content, I decided to keep paying the $5/mo to DigitalOcean so that they can continue hosting a VM which PHP on it for my blog.

Keith's Adventures in DynamoDB Land

Sun, 28 Jun 2020 23:22:56 +0000

After reading the awesome DynamoDBBook from Alex DeBrie, I was prompted to fix a long running design issue with Klayers (a separate project I maintain).

Like everybody else that dives into DynamoDB headfirst, I made the mistake of using multiple tables, one for each data entity. After all, a single database consists of multiple tables -- so DynamoDB would logically involve multiple DynamoDB tables as well right?

Wrong!

It turns out, a DynamoDB table is equivalent to a database, and having multiple tables is like having multiple databases, The 'correct' approach, is to load all data into a single DynamoDB table which would allow us to "join" multiple data entities into a single query.

The word "join" is in quotations, as there is no concept of joining data in DynamoDB, all data has to be pre-joined in some way to achieve the performance that DynamoDB promises (sub 10ms response times for tables of any size). If you split your data across multiple tables, you lose the ability to pre-join this data.

So last month I decided to bite the bullet and began re-designing my application to use one table instead of two, and boy did it do my head-in, and wanted to write this post to capture my thoughts on the whole process.

First here's some background of the application.

Playing with files within the memory of Lambda function

Sat, 18 Apr 2020 11:40:14 +0000

A lambda function is a like a little island, surrounded by network. Unlike Fargate containers, of EC2 instances, they do not have EFS, EBS or some other fast storage support. Everything that goes into a lambda, goes in via the network interface (and network only).

Why?!

Sun, 05 Jan 2020 23:04:32 +0000

The system, which was introduced on the first day of the 2020 school session yesterday, takes only two seconds to scan a pupil’s face before his personal information, such as full name, pupil number and class, is stored into the school’s database
https://www.nst.com.my/news/nation/2020/01/552737/sk-taman-perling-1-uses-facial-recognition-scanners-mark-pupils

A school in Johor became the first in the country to introduce facial recognition scanners to take pupils attendance -- hopefully it'll be the last.

My 2020 resolution: Pay for news!

Wed, 01 Jan 2020 16:54:02 +0000

This year I resolve to support the media that I like, i.e start paying for content I've been consuming for free all this time.

I believe that if we want better media, we need to start paying for it, and it's not a matter of quality content, a free and fair media, is an absolute necessity for democracy to operate -- after all, people can't make informed choices if they aren't informed.

Multi-Accounts for AWS with Google '+' emails.

Sun, 15 Dec 2019 12:51:01 +0000

Last week, I launched a new pipeline for Klayers to build Python3.8 Lambda layers in addition to Python3.7. For this, I needed a separate pipeline because not only is it a new runtime, but under the hood this Lambda uses a new Operating System (Amazon Linux 2 vs. Amazon Linux 1)

So I took the opportunity to make things right from an account hierarchy perspective. Klayers for Python3.7 lived in it's own separate account from all my other hobby projects on AWS -- but I kept all stages in it (default, dev and production). [note:Default is an odd-name, but it ties to the Terraform nomenclature]. This afforded some flexibility, but the account felt bloated from the weight of the different deployments -- even though they existed in different regions.

It made no sense to have default and dev on the same account as production -- especially since accounts were free. Having entirely separate accounts for prod & non-prod incurred no cost, and came with the benefit of additional free-tiers and tidier accounts with fewer resources in them -- but the benefits don't stop there.

Android TV boxes

Mon, 04 Feb 2019 10:20:45 +0000

Android TV boxes, are computers that stream content from the internet onto your TV. The difference between them and your smart-phone is that it has a HDMI connector to your TV, and it usually comes pre-loaded with software to illegally stream content.

While the boxes themselves, are general purpose computers running Android (the most popular OS today), the real focus of any regulation should be on the software on the device and the internet-based streaming services that support them.

Which seems to be the case...

Today, TheStar reports that the MCMC will begin blocking these unauthorized streaming services, rendering the boxes that connect to them useless.

But, if the MCMC uses it's usual method of DNS filtering to implement the block, it'll be trivial for most folks to circumvent the issue, the boxes run Android after all. The government will very quickly find itself in a cat and mouse situation in trying to block them.

2018 in Review

Mon, 24 Dec 2018 16:56:12 +0000

2018 in review

I started the year building out govScan.info, a site that audits .gov.my websites for TLS implementation. Overall I curated a list of ~5000 Malaysian government domains through various OSINT and enumeration techniques and now use that list to scan them daily. The project stalled around Jun/July, and it's basically on auto-pilot till I figure out what to do. The scans still happen daily, and the API still returns useful data, but I've moved on, and might even shut it down mid next year. The project was my first attempt at some serious Python coding, which combined with the serverless framework really helped me improve.

Shutting down sayakenahack

Fri, 21 Dec 2018 16:29:06 +0000

Shutting Down!!

Sayakenahack was undoubtedly the highlight of my 2017.

If you've come from sayakenahack.com, I'm sorry but I've shutdown the site :(.

I learnt so much from it, and it was even my ticket for presenting at Hack In the Box Singapore ...

But all good things must come to an end, there's no point having a site that does nothing but consume my hosting charges on amazon. I'll still keep the domain, but over the next few days I'll redirect visitors to the site to this specific blogpost.

Introducing potassium-40

Thu, 20 Dec 2018 21:38:27 +0000

Over the past few weeks, I've been toying with lambda functions and thinking about using them for more than just APIs. I think people miss the most interesting aspect of serverless functions -- namely that they're massively parallel capability, which can do a lot more than just run APIs or respond to events.

There's 2-ways AWS let's you run lambdas, either via triggering them from some event (e.g. a new file in the S3 bucket) or invoking them directly from code. Invoking is a game-changer, because you can write code, that basically offloads processing to a lambda function directly from the code. Lambda is a giant machine, with huge potential.

What could you do with a 1000-core, 3TB machine, connected to a unlimited amount of bandwidth and large number of ip addresses?

Here's my answer. It's called potassium-40, I'll explain the name later

So what is potassium-40

Potassium-40 is an application-level scanner that's built for speed. It uses parallel lambda functions to do http scans on a specific domain.

Currently it does just one thing, which is to grab the robots.txt from all domains in the cisco umbrella 1 million, and store the data in the text file for download. (I only grab legitimate robots.txt file, and won't store 404 html pages etc)

This isn't a port-scanner like nmap or masscan, it's not just scanning the status of a port, it's actually creating a TCP connection to the domain, and performing all the required handshakes in order to get the robots.txtfile.

Scanning for the existence of ports requires just one SYN packet to be sent from your machine, even a typical banner grab would take 3-5 round trips, but a http connection is far more expensive in terms of resources, and requires state to be stored, it's even more expensive when TLS and redirects are involved!

Which is where lambda's come in. They're effectively parallel computers that can execute code for you -- plus AWS give you a large amount of free resources per month! So not only run 1000 parallel processes, but do so for free!

A scan of 1,000,000 websites will typically take less than 5 minutes.

But how do we scan 1 million urls in under 5 minutes? Well here's how.

GitHub webhooks with Serverless

Mon, 15 Oct 2018 22:37:54 +0000

GitHub Webhooks
with Serverless

Just because you have webhook, doesn't mean you need a webserver.

With serverless AWS Lambdas you've got a free (as in beer) and always on ability to receive webhooks callbacks without the need for pesky servers. In this post, I'll setup a serverless solution to accept incoming POST from a GitHub webhook.

govScan.info now has DNS records

Mon, 15 Oct 2018 01:36:30 +0000

DNS Queries on GovScan.Info

This post is a very quick brain-dump of stuff I did over the weekend, in the hopes that I don't forget it :). Will post more in-depth material if time permits over the weekend.

govScan.info, a site I created as a side hobby project to track TLS implementation across .gov.my websites -- now tracks DNS records as well. For now, I'm only tracking MX, NS, SOA and TXT records (mostly to check for dmarc) but I may put more record types to query.

DNS Records are queried daily at 9.05pm Malaysia Time (might be a minute or two later, depending on the domain name) and will be stored indefinitely. Historical records can be queried via the API, and documentation has been updated.

Supply Chain Woes

Sun, 07 Oct 2018 22:27:21 +0000

The security community has been abuzz with an absolutely shocker of story from Bloomberg. The piece reports that the Chinese Government had subverted the hardware supply chain of companies like Apple and Amazon, and installed a 'tiny chip' on motherboards manufactured by a company called Supermicro. What the chip did -- or how it did 'it' was left mostly to the readers imagination.

Supermicro's stock price is down a whooping 50%, which goes to show just how credible Bloomberg is as a news organization. But besides the Bloomberg story and the sources (all of which are un-named), no one else has come forward with any evidence to corroborate the piece. Instead, both Apple and Amazon have vehemently denied nearly every aspect of the story -- leaving us all bewildered.

But Bloomberg are sticking to their guns, and they do have credibility -- so let's wait and see. For now, let's put this in the bucket called definitely could happen, but probably didn't happen.

I can only imagine how hard it must be to secure a modern hardware supply chain, but the reason for this post is to share my experience in some supply chain conundrums that occurred to a recent project of mine.

I operate (for fun) a website called GovScan.info, a python based application that scans various gov.my websites for TLS implementation (or lack thereof). Every aspect of the architecture is written in Python 3.6, including a scanning script, and multiple lambda functions that are exposed via an API, with the entirety of the code available on github.

And thank God for GitHub, because in early August I got a notification from GitHub alerting me to a vulnerability in my code. But it wasn't a vulnerability in anything I wrote -- instead it was in a 3rd-party package my code depended on.

Hosting a static website on S3 and Cloudflare

Wed, 03 Oct 2018 23:34:57 +0000

Hosting an S3 site via Cloudflare

From my previous post, you can see that I hosted a slide show on a subdomain on hitbgsec.keithrozario.com. The site is just a keynote presentation exported to html format, which I then hosted on an S3 bucket.

The challenge I struggled with, was how to point the domain which I hosted on Cloudflare to the domain hosting the static content.

The recommended way is to just create a simple CNAME entry and point it to the S3 bucket, but that didn't work because the 'crypto' settings on Cloudflare apply to the entire domain -- and not individual subdomains.

And since my website at www.keithrozario.com had a crypto setting of 'Full', the regular CNAME entry kept failing. I could have downgraded to 'Flexible' but that would mean my blog would be downgraded as well -- which wasn't ideal.

Why downgrade my main blog to accommodate a relatively unimportant sub-domain.

Instead found that the solution is to overlay a CloudFront Distribution in front of S3 Bucket -- and then point a CNAME entry to the Distribution.

The solution looks something like this:

Keith's on #HITBGSEC

Mon, 01 Oct 2018 22:59:52 +0000

I haven’t blogged in a long while – but I have a good(ish!) excuse.

I spent most of August prepping for the #HITBGSEC conference in Singapore. It was my first time presenting at a security conference, and I had an absolute blast. The output of the countless hours I spent is in the embedded youtube video below, and the presentation material can downloaded here[.key] and a html version here (it’s very sluggish, as it’s hosted behind cloudflare + cloudfront + s3 – and it’s 100MB in size)

Why my people will never be Ministers

Tue, 03 Jul 2018 00:29:59 +0000

As Malaysians woke up today, to a brand new cabinet of Ministers, many have already begun expressing their dissatisfaction on the lineup. I know better than to wade into these politically charged discussions – but I will point out that my people have long been overlooked for Ministerial positions.

Who are ‘my people’ you ask…

Hackers.

Or if you prefer a less negative word – Geeks. But for the rest of this post, I’ll use the more accurate term of hacker to refer to technically savvy folks who subscribe to the hacker ethic.

Yes, we in the hacker community have long been overlooked for ministerial positions, and I for one, choose to speak out against this travesty. But before I delve into why I think we’ve not played a bigger part in politics, let me first make the case for why we need hackers in parliament.

Why we need hackers in parliament

As technology becomes more pervasive and ubiquitous in our lives, every policy decision becomes a technology decision, whether it's in education, finance or defence. Hence it becomes pertinent to ensure that the people making these decisions have the capacity to understand the technology that drives the issues. This is not something you get from a 2-week bootcamp, or a crash course in computers, it involves deep technical knowledge that can only be attain from years (even decades) of experience.

But it’s not enough that policy makers merely understand technology, they also need to subscribe to the hacker ethic , and bring that ethic into the decisions they make.

What is the hacker ethic? Well I’m glad you asked.

The ethic has no hard definition, but it incorporates things like Sharing, Openness, Decentralization and Free access to computers, etc. The ethic further includes attitudes, like pure meritocracy, the idea that hackers should be judged for their hacking (and nothing else), not age, gender, degrees or even position in a hierarchy. So anytime you see some poor sod who claims to be a hacker, but puts CISSP, PMP, CEH at the end of their LinkedIn profile – you know they’re not really hackers.

You can see ethic played out at hacker conferences throughout the world, hackers are ever willing to share what they’ve built with anyone who’ll listen, and they’re accepting of anyone willing to learn, at any age bracket, without any education or formal training.

The Hacker perspective is an interesting one, and like all perspectives, may not always be right or appropriate, but it’s important for it to be present at the decision making process, if nothing more than to add to the diversity of thought.

So why aren’t there more hackers in decision making levels? Well let’s see what it takes to reach the decision making level in the first place.

Gov TLS Audit has a website!

Fri, 27 Apr 2018 18:12:24 +0000

Gov TLS Audit finally has a website to complement the API.

I used the services of a guy from fiverr to code the site, it isn’t the best design in the world, but it’s good enough for now. The site allows you to query a site and view the historical details of a particular .gov.my website. The full list of .gov hostnames can be found here.

It also links to the full daily scan outputs (in csv, json and jsonl formats) if you wish to download and do more analysis. Please note, the csv output has some errors that I’ve not had time to fix, best you use the jsonl or json file, which don’t have errors, but also have much more details.

First I deleted my most popular tweet -- then I deleted 2000 more.

Sun, 22 Apr 2018 19:39:38 +0000

Two weeks ago, I rage-tweeted something regarding Malaysian politics that got a lot more viral than I liked (I’ve censored out the profanity for various reasons, most notably, there are teenagers who read this blog). It was a pointless collection of 200 characters, that somehow resonated with people enough to be shared across social media. Obviously, since it was me, the tweet was filled with a small collection of profanities, and laced with just the right amount of emotive content :)

But then things started getting bad.

Soon after I tweeted, I received messages from folks I hadn’t met in decades, showing me screenshots of their whatsapp group that had my tweet – my wife’s chinese speaking colleagues were showing it to her at work – I checked, and nearly 2,000 people retweeted it, which isn’t typical for me, and frankly speaking pretty scary.

As much as I’d like to have my content shared, the tweet in question is nothing but couple of crude words pieced together in a ‘rage-tweet’. And I understand that it emotionally resonates with folks who are angry, but if this the level of discourse we’re having on Malaysian social media, we should be alarmed. Completely pointless rants being viralled is not how we ubah, it is the absolute opposite of how we ubah!

Research on the virality of articles from the New York Times showed that ‘angry’ content was more viral than any other, beating out awe, surprise and even practical value. The angrier the content, the more likely it would be shared. A rage-tweet is more likely to go viral than something like fuel-saving tips, even though the latter clearly is more valuable to readers.

At this point, I’d rant about how the media has a responsibility to look beyond clicks and ads, and to think about the impact of their content on society, but since I owned the tweet, I simply deleted it. Of course, I can’t stop the screen-shots being shared across whatsapp, but we do what we can.

Deleting your tweets

That got me thinking, twitter is a cesspool of angry farts screaming at each other, and that has some value.

But while, what I tweet today, may be relevant and acceptable today, it may not be 2-3 years from now. Kinda like how Apu from the Simpsons was acceptable and non-offensive in the 90’s.

I’m ashamed to say it, but I once thought that Michael Learns to Rock was a great rock band, in context, thats acceptable for a 12 year old 2 decades ago, before even Napster or Limewire. Of course, as a adult in 2018, I’m thoroughly aware that AC/DC are the greatest rock band ever, and Michael Learns to Rock, well they’re not exactly Denmark’s best export.

And that’s the problem, twitter removes context – it’s very easy to take a 140 character tweet from 5 years ago out of context. Nobody cares about context on a platform that limits users to 140 characters (or 280 characters since end 2017). Maybe you quoted an article from TheMalaysianInsider, which, guess what, no longer exist. Context is rather fluid on twitter, and it changes rapidly over weeks, let alone the years from your first tweet.

For example, this tweet from Bersatu’s Wan Saiful:

No the internet shouldn't be censored. He doesn't know how to shut up. His views are old and racist. But freedom of speech is for everyone.
— Wan Saiful Wan Jan (@wansaiful) November 10, 2013

Gee, I wonder who he was talking about, a simple internet search will give you the answer, but that’s not the point.

Wan Saiful changed his opinion, and he’s explained why, people should be allowed to change their mind.Freedom to change your opinion not just perfectly fine, it’s a per-requisite for progress.If we allow our tweet history to be a ball-and-chain that ties us to our old idealogy, how could we ever progress? Everybody changes their mind – and that’s OK.

The point is twitter should not be a historical archive – it should be current. A great place to have an informed discussion of current affairs, but not a place to keep old, out-dated and out of context material floating around.

Hence, I decided to delete all my tweets that were older than 90 days old, and here’s how.

Why we need centralized breach notification

Wed, 28 Mar 2018 19:12:21 +0000

Let’s start with the basics. Data Breaches are common – and will continue to be the norm.

How the App Economy and Big Data ruined it

As we shifted towards the ‘App-Economy’ and ‘Big-Data’ (circa 3 years ago), consumers begun sharing more data with more apps. Everyone and their granny, wanted to create a new app, and everyone was told to collect as much data as possible. Then, because storage costs were low, they were encouraged to store as much data as they could first – and figure out how to use it later.

I scanned 1000 government sites, what I found will NOT shock you

Sun, 25 Feb 2018 09:03:22 +0000

Previously, I moaned about dermaorgan.gov.my, a site that was probably hacked but was still running without basic TLS. This is unacceptable, that in 2018, we have government run websites, that ask for personal information, running without TLS.

So I decided to check just how many .gov.my sites actually implemented TLS, and how many would start being labled ’not secure’ by Google in July. That’s right, Google will start naming and shaming sites without TLS, so I wanted to give .gov.my sites the heads up!

Why check for TLS?

TLS doesn't guarantee a site is secure (nothing does!), but a site without TLS signals lack of care from the administrator. The absence of TLS is an indicator of just how lightly the security of the servers has been taken.

Simply put, TLS is necessary for not sufficient for security – and since it’s the easiest thing to detect for, without running intrusive network scans, it seems like the best place to start.

How I checked for TLS?

But first I needed a list of .gov.my sites.

To do that, I wrote a web-crawler that started with a few .gov.my links, and stored the results. It then repeated the process for the links, the links of the links…and so forth. After 3 iterations, I ended with 20,000 links from 3,000+ individual hostnames (a word I wrongly use in place of FQDN, but since the code uses hostnames, I’m sticking to it for now – please forgive me networking nerds)

I then manually filtered the hostnames to those from a .gov.my or .mil.my domain and scanned them for a few things:

Does it have a https website ( if it doesn't redirect)
Does it redirect users from http to https
Does the https site have a valid certificate
- Does it match the hostname
- Does it have a fresh certificate (not expired)
- Can the certificate be validated -- this required all intermediary certs to be present
What is the IP of the site
What is the asn of the IP
What is the server & X-Powered-By headers returned by the host

Obviously, as I was coding this, my mind got distracted and I actually collected quite a bit more data, but those fields are in the csv for you the Excel the shit out off! The repository contains both a json and jsonl file that has more data.

Now onto the results

Another Day, Another breach

Sun, 04 Feb 2018 10:14:17 +0000

220,000 is a lot of people. It’s the population of a small town like Taiping, and roughly twice the capacity of Bukit Jalil Stadium.

Yet today, a data breach of this size, barely registers in the news-cycle. After all, the previous data breach was 200 times bigger, and occurred just 3 months ago. How could we take seriously something that occurs so frequently, and on a scale very few comprehend.

Individually, each breach is not particularly damaging, it’s a thin thread of data about victims, but they do add up. Criminals use multiple breaches, and stitch together a fabric of the victims identity, eventually being able to forge credit card applications in their name, or to perform typical scams.

But if you’re thinking of avoiding being in a breach, that’s an impossible task. The only Malaysians that weren’t part of the telco breach, were those without mobile phones. In the organ donor leak, the victims were kind-hearted souls who were innocent bystanders in the war between attackers and defenders on the internet.

The only specific advice that would work, would be to not subscribe to mobile phone accounts and don’t pledge your organs. That is not useful advice.

I wanted this post to be about encouraging people to stop worrying about data breaches, and move on with their lives. To accept that the price of living in a hyper-connected world, is that you’ll be data breach victim every now and then – I wanted to demonstrate this by actually going out and pledging my organs to show that we shouldn’t be afraid.

But when I went to the Malaysian organ donation website (demarorgan.gov.my), I was greeted by all too common “Connection is Not Secure” warning. Which just made my head spin!

That long post about Data breaches (you never wanted to read!)

Wed, 20 Dec 2017 11:14:03 +0000

Part 1: An intro to Data Breaches

Let's start with some basics. What is a Data Breach?

According to Verizon, a data breach is when you’ve confirmed that data has been lost to an attacker, while a data incident is merely something that ‘may’ result in a breach.

An incident is when a laptop goes missing from your company’s office.

A breach is when the data on that laptop is published online.

Part 8: False prepaid registrations

Wed, 20 Dec 2017 11:00:08 +0000

Consider this a bonus piece from my long thoughts about data breaches. You might the older post before reading this. So let’s dive in.

The telco breach was a giant hairball of issues, and one of the strands in the hairball is false prepaid registrations.

Immediately after releasing sayakenahack, people reported that they were seeing additional numbers linked to their mykad numbers. From TheStar:

Malaysian Communications and Multimedia Commission (MCMC) network security and enforcement sector chief officer Zulkarnain Mohd Yassin said it would most likely be a case of other people using another person’s identity to register.
“We are serious about this. That’s why you see many compounds issued by the MCMC to service providers in respect of non-compliance with the guidelines of prepaid registrations,” he said.

He’s right, telcos have been issued summons for false registrations every year from 2014 to 2017, withTune Talk chief executive officer Jason Lo telling Digital News Asia (DNA):

Writing Millions of rows into DynamoDB

Sat, 09 Dec 2017 23:03:56 +0000

While designing sayakenahack, the biggest problem I faced was trying to write millions of rows efficiently into DynamoDB. I slowly worked my way up from 100 rows/second to around the 1500 rows/second range, and here’s how I got there.

Work with Batch Write Item

First mistake I did was a data modelling error. Sayakenahack was supposed to take a single field (IC Number) and return the results of all phone numbers in the breach. So I initially modeled the phone numbers as an array within an item (what you'd called a row in regular DB speak).

Strictly speaking this is fine, DynamoDB has an update command that allows you to update/insert an existing item. Problem is that you can’t batch an update command, each update command can only update/insert one item at a time.

Running a script that updated one row in DynamoDB (at a time) was painfully slow. Around 100 items/second on my machine, even if I copied that script to an EC2 instance in the same datacenter as the DynamoDB, I got no more than 150 items/second.

At that rate, a 10 million row file would take nearly 18 hours to insert. That wasn’t very efficient.

So I destroyed the old paradigm, and re-built.

Instead of phone numbers being arrays within an item, phone numbers were the item itself. I kept IC Number as the partition key (which isn’t what Amazon recommend), which allowed me to query for an IC Number and get an array of items.

This allowed me to use DynamoDB’s batch_write_item functionality, which does up to 25 request at once (up to a maximum of 16MB). Since my items weren’t anywhere 16MB, I would theoretically get a 25 fold increase in speed.

In practice though, I got ‘just’ a 10 fold increase, allowing me to write 1000 items/second, instead of 100. This meant I could push through a 10 million row file in under 3 hours.

First rule of thumb when trying to write lots of rows into DynamoDB – make sure the data is modeled so that you can batch insert, anything else is painfully slow.

Identity in a Post-Breach world (draft)

Sat, 02 Dec 2017 10:20:47 +0000

Posting this here first, my thoughts to follow. Random thoughts below are draft :).

Random thoughts on the matter

We still need a single identifier in Malaysia (IC Number), this is administrative necessity. LHDN needs to check your bank accounts, Election Commission needs to know you're not double-voting..etc.
But that single identifier should not be used as an authenticator. No one should ask me for my IC number as a means of authenticating myself. When I call the bank, they shouldn't be asking me for my IC number as a means of proving my identity to them.
There's too much info in the IC number (age, state, gender). Take all of that out, and replace with a random blob of numbers -- one that cannot be guessed as well. So something like 8 numbers and 4 letters large enough, so criminals can't guess.
We need 'identity-freezes' in Malaysia. In America you can freeze your credit, but in Malaysia we need to go a step further and put an Identity freeze, especially for internet services.
Check out section 114(a) of the evidence act, wrongly registered phone numbers are a thing, and they're bad. If someone registered a pre-paid account in your name, and posted something bad -- you'd be in trouble.
If you took a loan from Maybank to buy a house, and 1 year later defaulted on the loan, no other bank in the country would grant you a loan. This protects the banks from issuing credit to someone who can't pay back. So we have credit freezes.
Let's use the same mechanism to allow people to lock their identities, so no one can open bank accounts, telco accounts, not even Astro, TNB or Indah Water as long as the identity is locked. This way, the value of a stolen identity is tremendously reduced, and we protect breached victims.
Identities can be 'un-freezed', e.g. when you buy a house, but then re-freezed shortly after.
More thoughts to come.....

Sayakenahack architecture

Thu, 23 Nov 2017 07:23:19 +0000

I know the picture is a bit hard to read, but I wanted to make sure I had a detailed enough picture to understand the ‘innards’ of sayakenahack. Sometimes when you’re building stuff on the fly, and bottom-up, it’s good to take a step back, and have a top-down view.

I’ll be expanding this post over time, wanted to get my thoughts down quickly on paper before I moved on.

Sayakenahack.com answering the questions

Thu, 16 Nov 2017 23:50:35 +0000

OK, this is my last post on sayakenahack.com, and I’ve got a script scheduled to run at Sunday midnight to tear down the database. So if you wanna check, you better do it now, cause in 3 days time, it’ll be gone.

poof

But here are my thoughts on this whole debacle – and it’s going to get emotional, so don’t say I didn’t warn you.

So let’s start with the basics.

#PotongSteam

Wed, 20 Sep 2017 12:59:48 +0000

I haven’t blogged in a while because I’m busy studying (yes, studying) for my OSCP certification.

But what happened over the week, was just to mind-blowingly stupid to ignore.

Here's what happened....

A Taiwanese company released a game titled Fight of Gods, which as the name implies, has Gods fighting among themselves. But the developers didn't 'just' use Greek, Roman or Norse Gods -- they went a step further and used Jesus and Buddha (but not Muhammad or Allah). Gods fighting among themselves isn't anything new in videogames or comics, who do you think Thor from the Avengers is based on, or Hercules from Disney, or just watch any Justice League episode with Wonder Woman, the real difference here is that games don't typically use Jesus or Buddha.

Most gamers brushed off the game as a lousy game wrapped in a theatrical package, but the media picked up the story and the game garnered more publicity than was warranted. So much publicity, that the Malaysian government decided to take action, but how do you take action against a game developer in Taiwan?

JJPTR wasn't hacked

Mon, 01 May 2017 10:28:42 +0000

The fact that this RM2 company manage to raise RM500 million should be news enough, but claims that it lost all it’s money to ‘hackers’ is too hilarious for me to ignore.

If you haven’t heard, a get-rich-quick scheme called JJPTR, claimed it lost RM500 million to hackers, which even with today’s depreciating ringgit would exceed a value of USD100 million. For perspective, the hackers who hacked into the Bangladeshi central bank, pocketed ‘just’ over USD60 million.

Writing a Wordpress Restoration script

Thu, 02 Mar 2017 21:59:50 +0000

WordPress sites get hacked all the time, because the typical WordPress blogger install 100’s of shitty plugins and rarely updates their site. On the one hand, it’s great that WordPress has empowered so many people to begin blogging without requiring the ‘hard’ technical skills, on the other it just gives criminals a large number of potential victims.

Two years ago, when I studied the details of phishing attacks that targeted Maybank and RHB, I found that attackers use compromised WordPress sites to host their phishing content. They’d first hack into a seemingly random WordPress website, host their phishing content there, and then blast out emails to unsuspecting victims with links to pointing back to their hacked bounty. If the hack works they’d get free username and passwords, and if they were ever caught, most evidence would point to the unsuspecting Wordpress site owner.

So if you have a WordPress site (like me), chances are you’re in the cross-hairs of hackers already, and securing your site is the responsible thing to do.

In general Wordpress sites should be:

Updated Automatically
Use a minimal number of plugins
Use plugins only from reputable publishers
Use themes only from reputable publishers--and have only one theme in the install directory
Employ strong passwords for the admin & user
Have the permissions of the underlying folders set accordingly (i.e.CHMOD them all)

But even if you took all precautions to hardened your site, there's always a possibility of it getting hacked. No security is perfect, and you should look into backups--backup often and to a separate location. That way, a compromised site can be rebuilt, even if it were defaced. The last thing you want is to lose your precious design and data, because some one installed a shitty plugin over the weekend.

Today, I’ll walk through a short bash script I wrote to backup (and restore) a WordPress installation from scratch. It took me quite a while to write this (partly because I have no experience with Bash scripts), but I thought it would be good to walkthrough the details of the script and what it does.

The full script is available on github here, and the usage instructions will be maintained there. The write-up below describes code the first production release, linked here, even though I’ve since updated the scripts to include some modifications, and as we speak I’m just about the release version 1.2.

So here we go…

Special Thanks

The following 3 folks, were greatly influential in the writing of the script, listed in no particular order. No to mention, the wonderful folks at stackoverflow that helped tremendously as well.

Thanks to Andrea Fabrizi for the awesome DropboxUploader script Thanks to Ben Kulbertis for the awesome Cloudflare update script Thanks to Peteris.Rocks for inspiring me with his Unattended WordPress Installation script

Pre-Requisites

As a pre-requisite to all this, I made the following decisions.

The back ups would be stored in DropBox– Dropbox has free options (up to 2GB) and has versioning by default.All your backups are versioned and kept for 30 days (not just the latest upload, which gets destroyed if you’re hit by malware). Doing this on AWS requires extra work, which I wasn’t prepared to do, and AWS has no free tier for S3 storage.

Also, I use CloudFlare to maintain the DNS. It’s optional of course, but I needed a DNS provider that had an API, and they were the logical choice. This allowed the script to update your DNS as well.

Finally, the script assumes a standard LAMP stack, i.e. Linux (specifically Ubuntu 16.04), Apache , MySql and PHP. PHP is enforced by Wordpress itself so that’s fine.But the ’trend’ these days is to have NGINX instead of Apache, and MariaDB instead of MySQL. I kept things in ‘classic’ mode for now, I may revisit in the future.

Publishing Government Algorithms

Sat, 04 Feb 2017 23:44:31 +0000

On the 1st of February, Malaysians experienced yet another fuel price increase. Which was surprising because the price of oil and the ringgit conversion rate seemed to be favoring a drop. You see in Malaysia, the fuel prices are controlled and subsidized by the government, and it sets the price for petrol at the pump.

In the past, fuel price changes were few and far between, but since 2007, they’ve become a more common occurrence to help the government cope with the erratic pricing of oil. Eventually, a floating price mechanism was introduced, where the government would set the price of fuel on the 1st of every month, and only on the first of each month.

How the StarHub DDOS (possibly) happened

Thu, 27 Oct 2016 23:46:38 +0000

Customers of Singaporean ISP StarHub, suffered two major disruptions to their service over the past week, in what the telco said was a result of a “intentional and likely malicious distributed denial-of-service (DDoS) attacks”.

Oh the humanity!!

In what appears to be a copycat of the Dyn attack we saw (at roughly the same time), the attack signals the first local salvo in the war of IOT devices. But is it really that serious?

If you’re wondering what the hell happened, let’s walk this through step-by-step, from the attackers perspective.

Hotline Jais is a terrible idea!

Sat, 08 Oct 2016 14:40:06 +0000

Jais recently launched anew mobile app to allow the public to easily report any crimes that contravene syariah laws.

Obviously there’s social and legal implications here, which I won’t go into, but we need to understand just how stupid this idea is.

When you ask amateurs to give you security, what you eventually end up with is amateur security.

It’s the reason why Maths professors from Ivy league universities are wrongly profiled as terrorist, or why breast milk is incorrectly identified as explosive substances on planes, why it doesn’t take an evil genius to break into your gated and guarded housing project. Security is hard, and if you entrust into the hands of amateurs, things don’t end well.

All you eggs in one basket

Sun, 02 Oct 2016 20:45:49 +0000

Is it wise to use an online password manager? After all, putting your passwords on the cloud seems like a really dumb idea.

But I use password manager because while storing stuff on the cloud may present risk, it’s far riskier and dumber to re-use passwords.

Why you need a password manager?

Despite the sexiness of zero-day exploits and hardcore state-sponsored hacking groups we see on the news, the number one way the average person gets hacked is through password compromise (boring!). That's when hackers guess, or somehow figure out your passsword, and then use it to access the various online services you subscribe to.

Most people downplay the risk of this happening, ebcause they think they’re not rich enough, or famous enough to be the target of hackers. But in an era, where hacks compromise millions of accounts, and hackers can automate exploits to run on cheap cloud servers from Amazon–you’d be surprise what hackers consider a worthwhile target.

But how do hackers get your password?

On occassion they actually guess it, ala ‘the fappenning’, but more commonly they get your passwords by hacking other services. Shockingly, sometimes the easiest way to get your Google password is to hack dodgy forums, and insecure chat rooms that litter the internet.

Random thoughts

Sat, 20 Aug 2016 22:13:56 +0000

You’ve probably heard of the hackers who almost got away with $1 billion, only to be thwarted by a typo. (if it weren’t for those meddling keyboards!)

What you probably didn’t hear was that they had already wired $100 million to themselves, are assumed to have pocketed anywhere from $21 million to $81 million in cold hard cash.

Sure, Billions is more than millions, but one a single hack that returns $21 million is a good pay-day by anyone’s standards.

2600 article

Mon, 01 Aug 2016 08:00:39 +0000

A republication of my article on 2600, a hacker magazine

Greetings from Malaysia.

This is my first time writing to 2600, although I’ve been a kindle subscriber for more than 2 years now.

For my first article, I hoped to write about a little hacking expedition I embarked on a couple of months back to help me improve my coding skills as well as help me learn more about local internet users.

Just buy McDonalds

Sat, 23 Jul 2016 08:00:01 +0000

If you haven’t listened to it already, here’s a fantastic cut-down (no bullshit) version of Jim Comey’s testimony to congress, on why he recommended Hillary Clinton not be prosecuted for hosting her own e-mail servers.

For the uninitiated, while Hillary Clinton was US Secretary of State, she hosted her own official e-mail servers, and the contention was whether she was right in hosting a service that would handle classified e-mails in the basement of her house.

Security theater on KTM trains

Sun, 29 May 2016 16:20:34 +0000

The last time I took a public train in Malaysia was 10 years ago.

That’s a long time to be spoilt by the luxury of having a car to drive around. So it was a pleasant surprise to see this viral story, about a man on a KTM kommuter train who saved a women from a group of youths who “misbehaved and demanded cash and their valuables”.

But then I remembered that KTM had launched ‘women-only’ coaches on their train, and this event had me pondering the security and social implications of such coaches, and concluded that women-only coaches are a terrible idea!!

The ugly truth about Uber

Sat, 21 May 2016 09:07:02 +0000

Two weeks ago, I took my first ever Uber ride, and here’s what I think is The Good, the bad and the ugly of Uber.

The Good

The app worked perfectly out of the box, it was intuitive, and the drivers that fetched me from (and to) the Toyota service center were courteous and friendly. What was even more shocking was the price--Uber is freaking cheap.

Bukit Jalil to Bukit Bintang for RM20.20. I remember a time when taxi drivers would charge me Rm10 just to drive from Menara Citibank to KLCC, or RM20 to drive from the Kelana Jaya LRT station to Subang Parade–and that was after I haggled, begged and bargained the prices down.

The new media is powerless

Sat, 30 Apr 2016 16:23:16 +0000

People think of the media as the powerful behemoth that’s capable of swaying public perception.

On the contrary, I think public perception sways the media.

Companies like Facebook, Google and even Amazon, have gone all-in on the confirmation bias, the idea that people like and prefer information that confirms their existing ideas and biases. No one likes being told their wrong about religion, climate change or even smoke, you can a great Ted Talk by Eli Pariser here.

The relationship between surveillance and censorship

Sun, 27 Mar 2016 16:01:30 +0000

In the online world, surveillance and censorship are two sides of the same coin, you can’t have one without the other.

When the government moots a ‘blogger registration’ act , we automatically infer it to be part of a wider censorship initiative, an attempt to control the narrative by subtlety telling bloggers “we know who you are, so watch what you say”.

We intuitively get that putting a whole community under surveillance is a bid to control expression within that community, and if someone was even ‘potentially’ watching you–your behavior would change.

But the internet has made the connection between surveillance and censorship work in reverse, not only does surveillance lead to censorship, but censorship leads to surveillance as well.

Singapore Historical PSI Readings in Excel

Fri, 25 Mar 2016 08:00:51 +0000

Every now an again, I brush off the dust from an old laptop I have in the corner, and boot-up a couple of forgotten python scripts.

One of those scripts would scrap the DOE Malaysia website for API readings in Malaysia, unfortunately, those damn fools at the DOE now only publish 7-day data, and completely wipe off anything older–for some unknown reason.

I even contacted my ‘insider’ over at MDEC to help out, since she’s leading the open data initiative, but I’ve not had any response. So I’ve stopped work on the collating Malaysian API readings–for now. I suppose I could create a schedule job to scrape the website on a frequent basis, but that’s not something I’m interested in at the moment.

Anti-TPP Ideologies?

Sat, 19 Dec 2015 08:00:52 +0000

2 weeks ago, Wan Saiful Wan Jan. the chief executive of the Institute for Democracy and Economic Affairs (IDEAS) penned an opinion piece in thestar claiming that there was a prevalence of anti-TPP ideologies in Malaysia.

The Gist of his piece centered on 4 key points:

The Anti-TPP ideologues opposed the bill before knowing what it was, and therefore must be stupid (or bomohs)
Opponents of the TPP oppose trade liberalisation
TPP like any other free trade agreement was negotiated in secret and not exceptional
That the government was doing a bad job communication the TPP to the rakyat

Apart from point 4, all his other points are either red-herrings, or completely wrong.

Let’s go through them one by one:

The price of freedom

Fri, 18 Dec 2015 08:00:54 +0000

The price of freedom is the possibility of crime, and if you’re unwilling to pay that price, don’t be surprised when your freedom is taken away from you.

In a free country, it’s impossible to prevent a mad lunatic from getting a knife and stabbing people on a train, you might prevent some lunatics but you can’t prevent them all. The best you can hope for is that rescue comes fast enough before anything serious occurs.

Keith on BFM

Thu, 26 Nov 2015 22:44:45 +0000

3-4 weeks ago, I pimped myself an interview on BFM, and yesterday it finally aired. Woohoo!!

Here’s the audio, and below are some show-notes you might be interested in if you want to learn more. I searched for these links AFTER the show, so they may not be 100% in step, but good place to start.

Your browser does not support native audio, but you can download this MP3 to listen on your device.

Show notes:

My post on how to change Unifi WiFi password and a bonus note, here's how to hack them.
Windows Tech Support Scam , here's another and here's how some pros respond
Why Anti-Virus is dead from Brian Krebs
Russian Business Network (I wrongly called them the Russian Business Alliance on the podcast): Wikipedia Link is here, but I suggest buying Spam Nation by Brian Krebs, easily the best book on the subject.
Target hacked through their HVAC supplier, while their supplier was using anti-virus
Kevin Mitnick on social engineering and corporate inoculation.
Cybersecurity professional shortage...trust me, IT is the way to go.
Security frameworks like PCI-DSS, I should have mentioned it.
My favorite password manager: Lastpass
The Fappening (if you don't know what it is, please click the link NOW)
Ashley Madison password, rights and wrongs.
Why I don't like bio-metrics
OPM Hack : you need to know this
TheStar reporting on teen winning award from Google (fake report)
Google Malaysia was hacked--and my explanation on why it wasn't.
My take on our view of hackers and specifically anonymous
Tech Journalism in Malaysia
Ahmed didn't build his clock and now he's suing for $15 Million--damn.
Tony Stark asking to boost ISDN by 15%.
Hacker who claimed he could hack a plane avionics from the seat.

I really enjoyed the interview, and felt it came out really well.

Shout out to Jeff Sandhu for the brilliant work, and let me know if you enjoyed the show.

PSI vs. API, Malaysia vs. Singapore air quality readings

Fri, 23 Oct 2015 13:50:12 +0000

There’s been some controversy recently regarding the Air Pollutant Index (API) readings in Malaysia, with some even accusing the government of intentionally downplaying the readings.

I intended to find out exactly how the readings were different, and as a glorified techie come wannabe programmer I decide to use a data approach to this as opposed to a theoretical one. In case you’re wondering what the theoretical differences are, check out this cool article from cilisos, otherwise keep on reading.

At the crux of this issue, we first have to appreciate how API or PSI readings are calculated. Both take measurements of pollutants in the air, but only take the highest concentrated pollutant to give you the reading value. It’s hard trying to consolidate something as complex as air quality into a single number, and as a result a certain amount of ‘simplification’ is required.

Theoretically, PM2.5 measures particulate matter up to 2.5 micrometers in diameter, while PM10 measures particulate matter of up to 10 micrometers in diameter, the Singaporean Government claims that PM2.5 is the main pollutant of concern during periods of smoke haze, and hence you’d expect PM2.5 readings to be higher than Pm10.

But that’s theoretically, what about empirically?

Is Uni-tasking underrated?

Wed, 07 Oct 2015 00:19:52 +0000

Google reported that 91 per cent of its Malaysian respondents are “multi-screening” with their smartphones, meaning that while watching TV, or working a laptop, Malaysians were at the VERY SAME TIME, using their phones.

The Malay Mail reported this as Malaysians being champion multi-taskers, but I look at it as a negative, and instead view it as indication of just how easily distracted we are.

It used to be that multi-tasking was a prized asset in an employee, but as a regular cari-makan working adult, I have to say that trying NOT to multi-task is getting harder by the day. A brief boring moment in a call, a e-mail alert while you’re writing a document, a phone call in the middle of a presentation–trying to focus on ONE thing at ONE time is HARD.

Using the internet anonymously

Fri, 11 Sep 2015 12:25:53 +0000

While anonymity on the internet is slowly dying, there remain legitimate reasons for wanting to keep your online identity a secret from ~~those meddling kids,~~ governments or snooping criminals. From e-mailing leaked documents to commenting on blogs using pseudonyms or even just casual online chatting, utilizing the internet without leaving digital bread-crumbs behind you is a task that is getting more difficult over time, particularly when the big bad wolf that’s chasing you down is a rich and powerful government agency.

But to secure yourself online, you first need to understand whose attacking you, and what techniques they’re using. Adjusting your defense to suit your attacker is not just common sense, it is the only practical way to achieve a semblance of security and anonymity online without losing your mind and going into tin-foil hat wearing paranoia.

For example, if your adversary is the NSA, there’s nothing much you can do. This is a Federal agency so well resourced, they’re building a data-center in Utah that’s bigger than 5 Ikeas.Add to all this, the fact that it hires the cream of the crop from the Ivy-league maths programs, and you have brains and brawn that are orders of magnitude higher than the average person. If the NSA wants to target you, it’s game over. The only reason you’re not targeted by the NSA is that you didn’t factor high enough on the wanted list to merit their attention and taxpayer dollars.

But how about the Malaysian Government? How sophisticated are they and is it Game-over if the Malaysian government were targeting you?

Fortunately, our Governmen isn’t building a Utah data-center, or a Great Firewall and they’re no where close to the NSA, but they’re still a well-resourced organization that has the technical capability and financial muscle to do some serious harm against an ordinary citizen. And in order to secure yourself against them, you’d need to understand their techniques and tools.

Malaysian Government Surveillance 101

Firstly, the government controls the ISP and Telcos, and hence the Government controls the network. The prevention of terrorism act (POTA) permits a Police Officer to waltz into any ISP or Telco and compel them to grant him your communication details without the need for any kind of judicial warrant, it also allows for the Police to place a digital wiretap on your communications (again without a warrant), but also without ever having to reveal the status of that wiretap to any court of law even if they convict of something. So anytime you’re using a Malaysian internet connection, you have to assume that the connection is compromised.

Thankfully, whenever I go into a starbucks, or use the WiFi at KLIA, I already assume the network is compromised–and there’s many ways to secure yourselves over a hostile network.

Secondly, the government has a record of purchasing surveillance spyware (twice!), These are specialized software designed to infiltrate your laptop or smartphone, and start sending all your communication data direct from source. Again, one has to assume there is no judicial oversight over the use of these things.

If your end-device is compromised, and the Government has already installed spyware on your phone, laptop, tablet or even smart TV, there’s nothing you can do on the network end to secure things. So it’s wise to start securing the device before you think about the network, and that’s where we’ll begin.

But there’s a last and final attack-vector that a government can employ. Simply breaking into your home, and taking your laptop and smartphone away from you. Which means that you don’t just need to secure your device and network when you’re using it, but also when you’re NOT using it. In computer-geek circles we call this securing your data at rest, which protects your data while it’s just idling somewhere, and it turns out that’s not entirely easy to do either.

Change WiFi password on Maxis home fiber router

Sat, 05 Sep 2015 15:33:16 +0000

Got Maxis Fiber to your home, but want to change your WiFi passwords, then here’s how you do it.

First you need to logon to your router. You can do so by opening your Web-Browser and type http://192.168.1.254 (where you’d normally type google.com), or just click here.

You should either see a picture like the above, then you’d need to enter the username and password, or if you haven’t setup a router password, then you’d see this:

A dumb-pipe and Net Neutrality

Wed, 02 Sep 2015 09:56:05 +0000

The pipe that brings water into your home is a pretty un-sexy thing, just like the electrical cables that deliver electricity. Your internet connection though, has gotten sexier and sexier–from being used to deliver paid content like hyppTV and Astro to other more interesting services, resulting in a triple play (internet, tv and phone) of services, all piped into your home on a fibre optic cable no thicker than a strand of your hair.

But should you internet connection be sexy or should it be a dumb-pipe? The telcos of course want to deliver more services and hence fatten the bottom-line, but the problem I have is that in their zeal to do this, they’ve violated the principles of net neutrality, and I fear that we’re going down a rabbit-hole of ‘favored’ content, that sooner or later we’re not going to be able to reverse this trend.

A quick example is Maxis, it’s the only player out that can stream Astro content over the Fibre cable. That gives Maxis an un-fair advantage over TM.

We need a change in Government

Wed, 12 Aug 2015 22:44:52 +0000

I need to take this blog to somewhere it hasn’t been. To boldly go where every other Malaysian blog has already gone–into politics.

This is my blog, it’s my hobby, I don’t depend on it for my survival, I don’t rely on it for anything other than the satisfaction it provides me. Therefore, I get to do with it what I want, and today I want to talk about politics.

For the FINAL time, Malaysian internet speeds are NOT slow.

Wed, 01 Jul 2015 23:09:54 +0000

First off, apologies for the lack of content on the blog. I’ve been really busy at work these past few months, and content is slow moving. For instance, the previous post was a review of a router, that I tested for 4 weeks, and returned to the supplier more than a week ago–and the post only went up yesterday. To that end, my decision is to churn out my thoughts just ‘straight from the gut’ and not give this posts the usual research I typically do. Hope my regular readers will forgive the tardiness.

EnGenius Wireless Router ESR600 Review

Wed, 01 Jul 2015 08:00:46 +0000

A couple of weeks back, the guys over at infoversal loaned me a Engenius ESR600 router for a review, at first I was a bit hesitant, but my overall unhappiness with my TP-link router made me think twice. So I gave it a shot, and boy was it worth it.

The router looks pretty normal, nothing to shout about here. While its competitors like Asus and TP-Link opted to go for black exteriors, Engenius chose to stick to white-ish color, this thing doesn’t look good near modern TV sets or home theatre systems (which is where my router is), but the fact that it doesn’t have antennas seems to be a saving grace.

That being said, the Engenius is a pretty slick device, I’m not sure how it does it, but the antenna-less design Engenius has more signal strength than my TP-Link router over both the 2.4Ghz and 5Ghz range. Yes, the router is dual-band and one that actually works well over both bands. So great points for Engenius in that category.

The one reason you should oppose the TPP

Thu, 07 May 2015 18:25:08 +0000

Today I attended an Institute for Democracy and Economic Affairs (IDEAS) event about the TPP. Among the panel members, included Michael Froman, the US trade representative and chief advisor to President Obama on issues of International Trade and Investment. (big shot!!)

For those you don’t know, the Trans-Pacific Partnership(TPP) agreement is a trade deal between 12 countries including Malaysia and America whose main objective is to balance out the power and influence China has over the region. But the TPP has been opposed by many NGOs and special interest groups, for good reason–it’s secret. The TPP has garnered such a bad reputation, it’s sort of like the Justin Bieber of trade agreements, everyone knows about it, but nobody likes it.

The event went on for a good 40 minutes, before your friendly neighbourhood tech blogger got a hold of the mic to ask about the secrecy of the trade agreement.Prior to that everyone was talking about Bumi Policies,Price of Medicine and impacts to SMEs. I really didn’t understand why no one spoke about the tremendous secrecy surrounding the talks and how the secrecy itself is fundamentally undemocratic and bad enough for Malaysians to reject the agreement.

This secrecy is the one reason every Malaysian should oppose the TPP. Everything else is moot, because we can’t confirm the documents we’ve seen until it’s made publicly available to the citizens of the countries negotiating the deal. Would you sign a housing loan agreement without the ability to first read the contract? Yet, here with the TPP we have a legally binding 29-chapter multi-lateral agreement that very few people have seen, but will impact all Malaysians once signed. How do we know the prices of medicines are going up? Oh that’s right, we read it from Wikileaks …. must definitely be true then. Sorry let’s move on.

Why you have to pay GST on your Prepaid Top-Ups

Mon, 04 May 2015 16:51:21 +0000

I strongly believe the Goods and Service Tax is a good idea.

Yes, it will impact the poor more than the rich. Yes, it will cause the cost of living to increase at a time when most Malaysians are struggling to pay the bills.

But the people who will suffer the most aren’t the poor, it’s the tax-evaders. Tax evasion and illicit flows are a big problem for Malaysia, and the Goods and Service Tax is a straightforward and effective solution to that problem. GST is a closed loop sort of tax, which makes tax evasion much harder.

So enough of the GST choir, I’m sure you don’t agree, but that’s fine. In this great country of ours there should be room for dissent, except with Maslan, cause he’s so smart he must be right.

Output - Input

Let's start with some basics on GST.

Imagine a top-up of RM10.Let’s assume that in a pre-GST Malaysia, the telco sold the top-up card to the retailer for RM9. The retailer sold it to the end customer for RM10, making a profit of RM1 per card.

In a post-GST world, the telco still sells the top-up card to the retailer for Rm9, but now adds 6% GST, making the total sale price from Telco to Retailer RM9.54. This additional Rm0.54 is called the input tax.

The retailer then sells the card to a customer at Rm10 plus 6% GST, making the final price Rm10.60. The additional Rm0.60 is called the output tax.

His Gross profit is Rm10.60 - Rm9.54 = Rm1.06. (stay with me here folks)

Now here’s the bit many don’t understand, the retailer doesn’t pay Rm0.60 to the government (even though that’s what he charges you), rather the retailer pays his output - input, or Rm0.60 - Rm0.54 = Rm0.06 . His gross profit of Rm1.06 becomes of nett profit of Rm1.00 after you deduct GST, which is exactly the same profit he had pre-GST.

[caption id=“attachment_5004” align=“aligncenter” width=“650”]

Post-GST implementation as it is today[/caption]

The way this works is that the Telco pays Rm0.54 to the government (from their sale to the retailer), and the retailer then pays Rm0.06 to the government (from their sale to the customer). The end result is that the governments still gets Rm0.60 from the sale, but from two different entities at two different points of the supply chain.

This all lines up nicely, the problem is that customers are now paying Rm10.60 instead of Rm10. Let’s call this the RM10-Gross Model.

Tech Journalism in Malaysia is disappointing

Tue, 21 Apr 2015 02:08:12 +0000

Last week visitors browsing to Google’s Malaysia website were greeted with a big bold image stating the website was hacked. The media had a field day proudly proclaiming that Google’s website was hacked, because that was exactly what the page they visited said….Google Hacked!!

Only, Google wasn’t hacked.

MyNic was hacked.

They’re the agency in charge of managing all internet addresses ending with the .my suffix. Hackers had infiltrated MyNic, and reconfigured the systems to point www.google.com.my to their own servers instead of Google’s. Then they simply pasted a silly looking screen that boldly proclaimed their ‘hack’ to the world, claiming to hack Google rather than MyNic—which is what you’d expect from hackers. But the media, took that to mean Google was comprimised, and boldly proclaimed that Google Malaysia was hacked, going so far as to ask if ‘user data was compromised’.

The analogy is that if someone hacked Waze, and took all unsuspecting tourist who were trying to get to KLCC, and re-directed their route to an abandoned warehouse in Klang, the headline for that story should read “Waze hacked” instead of “KLCC destroyed”. Everyone knows how absurd a headline like the latter would be, but very few people would think the same thing the moment ‘internet things’ get involved–if the website says Google hacked, surely it must be true, in the same way that if Waze says this dilapidated factory lot is KLCC, surely it is, because Waze is never wrong right?!

Keith's PGP Key

Sat, 18 Apr 2015 07:06:40 +0000

In case anyone needs my PGP key to send me encrypted e-mails. Here it is.

e-mails should be sent to keith@keithrozario.com, which is hosted on Gmail, if you’re uncomfortable with that, drop me an encrypted e-mail there, and I’ll respond with a privately hosted e-mail you can connect with me on.

Regards,

Keith

The new and improved keithRozario.com

Fri, 27 Mar 2015 16:07:21 +0000

Welcome!!

keithRozario.com has a new look, and I can hardly contain my excitement.

The blog still retains all its previous content and more glorious content will be on its way, for now take a moment to savour the brand new theme which hopefully is cleaner and easier on the eyes than my previous blogs design. Also enjoy my complementary TLS connection (notice the httpS connection instead of just http) which means you now have a fully encrypted tunnel from your browser all the way to my new server in Singapore, and to round things up, the blog should be much faster now that its hosted it's own dedicated server.

Why you must ALWAYS question government

Sat, 14 Mar 2015 22:38:56 +0000

Today I read that our beloved Education Minister is ‘SHOCKED’ that Malaysian students are not on par with their foreign counterparts.

Shocked? Really?

Just 2 years ago, the good Minister was proudly proclaiming that “The Malaysian education system is on track to becoming among the world’s best”, and this was backed up by a Government Transformation Project (GTP) report.

The WhiteHouse Petition, and what it means

Fri, 13 Mar 2015 09:25:12 +0000

The US Government host a really cool website called “We the People”, that let’s users petition the US Government for various things. It’s a cool website, because you get really cool request on it.

For instance, in 2013, more than 34,000 people petitioned the US government to “Secure resources and funding, and begin construction of a Death Star by 2016″, which triggered a response from the Government that was one part Star Wars Fanboy-ism, and one part Science lesson.

Those were exceptions though, the vast majority of petitions are political in nature, with the most popular petition requesting the US Government to formally press charges against 47 Members of Congress for their role in under-mining a nuclear agreement with Iran.

So it was natural that the former US Ambassador to Malaysia, John Malott create a petition to "make the release Anwar Ibrahim a top priority for US policy towards Malaysia". This Petition was then picked up by the likes of Lim Kit Siang and begun garnering significant attention from the Malaysian online community.

All Air Pollutant Index (API) readings in Malaysia for 2014

Sun, 08 Feb 2015 00:24:16 +0000

I've stopped scrapping the API readings for Malaysia, as the MET department have stopped publishing historical readings on their website.
The data has been updated to include all API readings up to 01-Sept-2015, and then from 28-Sep-2015 to 03-Oct-2015. The ‘gap’ in the dataset is because the MET department changed their webpage and removed the legacy data before I could get my hands on them. I’ve written to them for it, hopefully we get a useful response. For now though, there’s 24 months of data from Aug-2013 to Oct-2015 in the dataset. enjoy!

To get all the readings by region in a single delimited file, click this link, I apologize for the messiness of the data and the files, I should tidy them up by the end of the month. Contact me directly for anything specific.

Keith

Once again, your friendly neighbourhood techie has used this powers for the good of the country.

Last September, I scrapped all the procurement data from the Malaysian’s Government MyProcurement website, this time I scrapped all the Air Pollutant Index (API) readings from the Department of Environment (DOE) website.

First off, Kudos to the DOE for keeping such great tabs on the data–overall the DOE publishes one API reading for every hour or every day across 52 locations in Malaysians. Just to put the sheer volume of data into perspective, for just one year that’s:

52 locations x 1 reading/hour x 24 hours/day x 365 days/year = 455,520 readings.

Watch SuperBowl in Malaysia

Wed, 28 Jan 2015 13:55:11 +0000

Got this email from the people over at Unotelly:

I want to inform you that UnoTelly will allow people stream the NFL Super Bowl for free on Sunday, February 1, regardless of where they live or whether they are UnoTelly subscribers.

We are offering free access to media stations (NBC Sports, Channel 4 and more) that will be broadcasting the Super Bowl for free. Visitors will not be required to sign up for a subscription, but simply need to submit their e-mail address. Please feel free to visit our Super Bowl page for more information:https://www2.unotelly.com/superbowl

I trust UnoTelly---so if you're an American stuck in Malaysia, this is a free way to watch the SuperBowl--otherwise move along, there's nothing to see here.

Phishing by the Bank--Maybank that is

Fri, 31 Oct 2014 23:30:30 +0000

Recently I received a phishing email from konzie2@usm.edu telling me that Maybank had installed new security features and that I need to validate my details on the Maybank2u web portal. The email was marked as SPAM by Gmail, and trying to visit the site further sparked more warnings from Firefox AND my anti-virus.

But I was curious as to what the link would entail, in much the same way I was curious about the RHB phishing emails I received some months back.

Hopefully this post gives you an indication of just how sophisticated these attacks are, and manages to educate you on the one true way to establish if the site you’re visiting is genuine.

The fake login page for Maybank2u looks exactly like the REAL login page of Maybank2u, there really is no difference from the victims perspective. What’s more interesting is when you go deeper, by just enter in ‘a’ username and a password you get to the following page (please don’t enter ‘your’ username and password, just ‘a’ username and password)

Censoring bomb making websites: NO

Tue, 14 Oct 2014 20:45:33 +0000

The Star reports that :

Malaysia Crime Prevention Foundation vice-chairman Tan Sri Lee Lam Thye called on the Malaysian Communication and Multimedia Commission (MCMC) to block bomb-making websites.

“We live in a troubled age. Previously, it was unimaginable, but now even from your home, you can make a bomb. The MCMC must do a comprehensive check to see how we can block sites that are harmful to the nation,” he said.

Now, apart from the fact, that there aren't any dangerous substances used for bomb-making today, that wasn't around in the 1970's, the entire statement is one made from ignorance.

The Anarchist Cookbook, one of the most famous manuals for making home-made bombs, was written in the 1970's and improvised in the 1980's--stuff that was flammable 20 years ago, is still flammable today. It's not like as though, the atmosphere has changed and petrol no longer burns.

But calling for the MCMC to 'comprehensively' block sites that are 'harmful' to the nation is something no one, especially a Vice-chairman of an NGO should ever do. We can't allow for the MCMC to be given a rein on the internet, even if the intentions are good--after all, we know what the road to hell is paved with--we can't allow good intentions to create bad consequences such as internet censorship.

Anyone that calls for the blocking of websites needs to understand the reasons I don't condone blocking of websites.

Malaysia vs. America : Who has the biggest IT fuck-ups?

Mon, 13 Oct 2014 11:17:06 +0000

A while back, I wrote about how the Government blew nearly RM 1 Billion ringgit on the MERS 999 system. A system that soaked up nearly Rm30 Million in consultancy cost alone–yet failed. The biggest issue I had with the MERS 999 system was that the government had a similar system called MyDistress, which not only worked well in the Klang Valley, but was given to the government free of charge by a company who was doing it as part of their CSR activities.

Why the 3-D printed gun is an overblown concern

Mon, 13 Oct 2014 11:14:36 +0000

Unless you’ve been living under a rock for the past couple of years, you’ve heard about the 3-d printing. 3-D printing is supposed to be the next ‘big’ thing in technology, it allows anyone the ability to physically ‘print’ 3-dimensional objects like cups, toy models, even car parts from ABS plastic (that’s the same plastic used to make Lego pieces), in much the same way you print documents on pieces of paper. The great thing about 3-D printing of course is that it’s digital, the files that instruct the printer what to print is a digital file, similar to the word or powerpoint documents you’re probably used to. With that comes all the advantages of digital files, which mean they can be replicated ad infinitum and distributed across the internet for free.

The 3-D printing revolution has already begun, websites have sprouted up online hosting the digital files for printing things like citrus juicers and wine glass holders, all the way to replica models of sports cars and Star Wars spaceships.

But there is one concern. A concern so over-whelming, governments around the world, including ours are looking at 3-D printing with some suspicion. The ability to 3-D print a GUN!

A 3-D printable gun would allow any criminal (or child) to download a file off the internet and print a working weapon all from the comfort of their home. What do we do when technology starts to allow people to endanger lives? Well the answer is, technology has always made it easier to kill people, take your car for example. If you really wanted to kill someone, the best most reasonable way to do it would be to run them down with your car–and then reverse over them just to make sure, do we ban cars just because they can (and often do) kill people?

What’s more this idea that a 3-D printed gun is a clear and present danger is completely over-blown.

If you understood the physics of a gun, you’d know that a fully functional gun isn’t all that likely.

Why the ban on Uber means more than just Taxis

Sat, 30 Aug 2014 20:58:06 +0000

Uber, a company that connect passengers with drivers of vehicles for hire and ridesharing services–is now banned in Malaysia. The Uber service was viewed as a god-send by citizens of KL simply because the existing taxi service in the city–is Shit!

So why did the Government choose to ban a service, that was improving public transport in KL? For the small matter that it violated a couple of laws–no big deal really. Laws are made to be broken aren’t they?

There’s no need to go into the details of whether Uber is legal or illegal, that’s an irrelevant point. Even though the cars Uber offered were far safer and more comfortable than any other Taxi on the roads in KL–it probably couldn’t get the necessary licenses if it tried. In other words–it couldn’t legalize itself. But that’s a mere side-note to this whole debacle, the real problem is how Malaysia handles disruption.

Uber is a disruptive service that was on the verge of changing the way Malaysians view public transport–but some people in high places may not have liked that. To me as a techie I can’t understand the reason for any of these laws–in fact at its core ‘The Law’ is a piece of technology. But the people drafting the law, MPs in Parliment aren’t even well versed in things like the internet, let alone these disruptive technologies which requires new laws to regulate.

If we are to be a developed nation, we need to embrace disruptive technologies, because that’s how we innovate, and at some point all innovation requires someone to break the law, because the law can’t foresee disruptive technology–that’s almost by definition. We can’t realistically expect the politicians to keep up with technology, let alone draft legislation to regulate them. And every new piece of legislature put out by politicians very quickly reaches the boundaries of it’s effectiveness the moment new technology becomes available.

Consider the following:

What do ISIS and Genghis Khan have in common?

Sun, 17 Aug 2014 17:17:55 +0000

[caption id=“attachment_4535” align=“aligncenter” width=“475”]

Image courtesy of www.breitbart.com[/caption]

I thought I’d take a break from writing about Tech this week, to focus on where the worlds attention should be–Iraq and Syria, and the existential threat that is besieging the middle-east, a threat we’ve come to call The Islamic State of Iraq and Syria (ISIS).

ISIS may have started of an off-shoot of Al-Qaeda, but they’ve evolved to be much more, they’re so far removed from the Al-Qaeda of Osama Bin Laden they’re starting to look like an reincarnation of an much for terrifying ancient enemy. An enemy that 700 years ago threatened the very existence of Islam in the Middle East more than Israel ever could today. ISIS might be just be the next–Genghis Khan.

You might scoff and laugh, but there are many things strategically and tactically that make ISIS look like a direct descendant of Genghis Khan, and there were many contextual similarities between what’s happening now in the Middle East, and what was happening 700 years ago when the Mongol Horde descended upon it.

The Mongols are the exception to all of history, for example they’re the only people to have invaded Russia in the Winter–and WON!, and they invaded Afghanistan on horseback–and WON!

Historians will glorify them, but we know better. At its peak the Mongol armies controlled more land than anyone before them , but they won their battles in vile, vicious and cunning ways and what they did to their captives is unspeakable. Truthfully the Mongols (and specifically Genghis Khan) were Assholes of the highest order–but they weren’t the only Assholes in history. Alexander, Napoleon, Attila–these were all assholes, it’s just that the Mongols won more wars giving them more opportunities demonstrate their asshole-ness.

Of course the Mongols weren’t just assholes, they were phenomenally great Military Tacticians and Strategist. Almost everything they did (apart from binge drinking) was for the sole purpose of winning wars and battles–even their rapes and terrorizing served to aid them in victory over the enemy (and we’ll soon see how).

But when you dissect as to why the Mongols were so successful–you’ll soon realize it’s the same reason ISIS is so successful, and the similarities between ISIS and the Mongols are too shocking to ignore.

Who are you trusting online?

Sun, 20 Jul 2014 22:44:53 +0000

When you get behind the wheel of your car, and hit the road–you’re implicitly trusting ever other road user to play by the rules. You trust no one will go out of their way to crash into you, or that no one would swerve into you for an insurance claim, you even trust that pedestrians won’t hijack your car as you stop at the red light.

Sometimes you mitigate these risk, by locking your doors and keeping your distance, but fundamentally you’re placing a lot of trust on your fellow road-user. You have no way of knowing for sure that they’ll be good boys and girls–but you go about your daily car ride trusting that they’ll do what is right. In cases where you don’t trust anyone, you don’t use the road. I know a lot of people who won’t drive in India because they don’t trust road users there–and some foreigners refuse to drive in Malaysia for the same reason.

Society works on trust, and without it–society just wouldn’t work.

Think about it–you might not trust the restaurant waiter with your credit card–but you just ate at the restaurant without viewing the kitchen. Dying from poisoned food is far more serious than credit card fraud, yet you’ve trusted the restaurant not to poison you, but not with 16 digits from your bank. Sometimes you’re trusting people without even knowing it.

And the same is true for the internet, The Internet Protocol(IP) that governs the whole internet till this day, is a highly ’trusting’ protocol that prioritizes speed and simplicity over security and privacy. In much the same way that it’s faster and simpler just to trust the restaurant not to poison you than it is to inspect the kitchen and verify the ingredients–the Internet Protocol accepts everything as true and routes data accordingly. Other protocols like SMTP and POP3 that are used for email employ the same levels of trust, that’s why you can never trust an email–it’s just too easy to spoof.

Essentially everyone on the internet trust everyone else to play by the rules. For example when Pakistan decided to block youtube in their borders, a mistake made by their local telecoms managed to take youtube down for several hours worldwide simply because everyone trusted the information Pakistan was sending them. Nowhere else in the world does such a high level of trust exist as on the internet–and nowhere else is it more dangerous.

Youtube Video flagged as inappropriate

Thu, 26 Jun 2014 08:00:37 +0000

Last week one of my most popular videos detailing how I hacked Unifi accounts was ‘flagged’ as inappropriate in YouTube–apparently it was in violation of their community guidelines.

As such my video was made unavailable and essentially deleted from Youtube.

I was upset.

The email I received from YouTube, gave no indication as to what I did wrong, and even though it states that someone have viewed my video, the language used suggest this was just an automated message sent to my inbox. Nowhere does it suggest an actual human viewed my video and made a judgement, and even worse no justification was given for the removal of the video other than it was ‘flagged’.

Regarding your account: Keith Rozario

The YouTube Community has flagged one or more of your videos as inappropriate. Once a video is flagged, it is reviewed by the YouTube Team against our Community Guidelines. Upon review, we have determined that the following video(s) contain content in violation of these guidelines, and have been disabled:

"How I hacked 4 unifi accounts in 5 minutes" (http://youtu.be/MGWMFur2Pek)

Everyone hates spam. Misleading descriptions, tags, titles or thumbnails designed to increase views are not allowed. It's also not okay to post large amounts of untargeted, unwanted or repetitive content, including comments and private messages.

Your account has received one Community Guidelines warning strike, which will expire in six months. Additional violations may result in the temporary disabling of your ability to post content to YouTube and/or the permanent termination of your account.

For more information on YouTube's Community Guidelines and how they are enforced, please visit the help center.

Please note that deleting this video will not resolve the strike on your account. For more information about how to appeal a strike, please visit thispage in the help center.
Sincerely,

The YouTube Team

Powerline adapter for better networking at home

Tue, 17 Jun 2014 09:00:30 +0000

A popular question I get, is how to boost a WiFi signal. Folks struggle to get good WiFi connections on the 2nd (or 3rd) floors of their homes because the routers they have don’t pump enough ‘juice’ to go around. This is particularly true for those that work from home, having poor WiFi while trying to have a teleconference– just sucks. While other applications like YouTube and Facebook could use buffering or caching, a real-time conversation with someone over skype relies on good connectivity all the way from one party to the other, and it doesn’t matter if you have Unifi 20Mbps, if your WiFi is laggy.

I thought I could fix this by buying a more powerful router–but that didn’t work. The signal strength increased, but the quality was still below par.

The best solution is to skip WiFi and get a Powerline Adapter instead. A powerline adapter uses your home electricity wiring to transmit the data, and because it uses wires, it’ll beat any wireless connection you have. The adapters fit nicely into your 3-Pin wall sockets, and all you need is Ethernet cables to plug into them to hook up your laptop or PC to your router located somewhere else in your home.

The premise is quite interesting and the results are even better.

The Monty Hall Problem in Excel

Sat, 07 Jun 2014 17:06:05 +0000

I remember this problem from watching an episode of numbers. You’re a contestant on a game show–and you’re given 3 doors to choose from.

Behind one door is a shiny new sports car–behind the other 2 are goats. Your goal is to get the sportscar, by choosing a door. But after you choose a door the host reveals one of doors with the goats. Leaving you with you just two doors, instead of your initial 3.

DNA in chocolates, not in your blood

Wed, 28 May 2014 11:15:35 +0000

A Coalition of Muslim NGOs have asked for Cadbury to pay for the ‘cleansing’ of the blood of Muslims to remove any traces of Pig DNA they might have consumed from having eaten Cadbury chocolates.

I’m not going to debate the religious and legal implications, just the scientific aspect. The aspect which says that the DNA of what you eat doesn’t enter your blood–and cleansing your bloodstream is an absolute waste of time, not to mention precious blood.

How many samples are enough to build the Kidex highway?

Sun, 18 May 2014 22:04:10 +0000

There’s a highway they want to build from Damansara to Puchong–called Kidex, and just like any other highway before, people are understandably worried about the construction. This excerpt from the KL-Chronicle details the causes of anxiety:

[box icon=“chat”]Kidex will be constructed over heavily built-up residential areas in Petaling Jaya and will pass very close to schools, houses and places of worship. It will pass just 5m away from two schools – Bukit Bintang Boys Secondary School and Sri Petaling Primary School. Its distance from the Tun Abdul Aziz Mosque in Section 14 is listed as 7m and from St Paul’s Church as 18m. Houses in parts of Sections 2, 4, 7 and 8 will be just 10m from the highway

And so, when Kidex had their townhall last week, a group of protesters showed up to voice their displeasure–as should be allowed in a democratic society. Kidex claimed they had conducted a survey that proved that the majority of the people wanted the highway, this was hotly contested by the Say No to Kidex committee, who contended that the survey wasn’t ‘authentic’.

The video below (from Malaysiakini) has a great interview with the secretary of the Say No to Kidex committee outlining their points of contention on the survey by Kidex. (starts at 1:10)

Here's the seven points raised by the Say No to Kidex committee.

1. The initial Kidex survey of 300 respondents--of which 73.4% were agreeable to the building of the highway. 2. The Say No to Kidex committee did their own survey on 20 different locations, including the Mosque, Schools, and the resident associations of the areas affected by the highway. 3. Say No to Kidex can't comment on how many people they've engaged but can confirm it was more than 300. 4.Hence the public perception of the initial Kidex survey is negative. 5.The list of the initial 300 respondents has not been shared--as it was confidential. 6.The survey was conducted by a Ph.D in statistics, but this survey itself was funded by Kidex. 7.The next survey as planned by Kidex would have 2000 respondents.

Now let's take this apart one by one, because there is some maths here is quite foreign to most--this is the world of probability and statistics.

My teachers day tribute to Mr. Vijay: Summing every number 1 to 100

Sat, 17 May 2014 22:38:04 +0000

Teachers day was last Friday, and I thought it would be good to make a small post in tribute to an interesting teacher I had in form 4.

Imagine a 200 pound man, with a thick moustache, carrying intimidating rotan, and wore nothing but Chairman Mao style Bush-coats everyday–that’s Mr. Vijay, and he thought me Additional Mathematics.

Mr. Vijay was interesting in many ways, including the wrestling stories he’d tell in class, but for all my years in school I only remember a handful of lessons, and none more vividly than the time he thought me the story of Carl Friedrich Gauss during us lesson on arithmetic sequences.

The story is certainly fiction, similar to that of Newton discovering gravity by watching an apple fall from a tree–but that is irrelevant, what’s relevant is how I remember it, and as my tribute to one of my teachers, I’d re-tell the story here.

Here goes.

Once upon a time, there lived a boy named Carl Friedrich Gauss.

Even while still in elementary school, Carl was already a maths genius, and like all other geniuses was a bit of a nuisance in class. So one day to shut Carl up, his teacher gave him an ‘important assignment’–he was to calculate the sum of all numbers from 1 to 100. i.e. 1+ 2+ +3 +4….+100. The idea was that this would keep Carl busy for the remainder of the lesson

However, Carl came back very quickly with an answer of 5,050!!

How did Carl do this?!!

What we all share?

Sun, 04 May 2014 11:17:46 +0000

We are all a single species, all of us share a common DNA, so common that if yours changed by a mere 2% you’d be a chimpanzee.

We share one atmosphere, from which we breath the same air–not just with other humans alive today, but those of past times as well. In fact, every breath you take contains a slither of air from the breadth of everyone else–who has ever lived. I stand in awe, when I realize the air in my lungs now was also in the lungs of Julius Caesar as he was stabbed to death.

Tun Dr M supports Israel via his website

Mon, 10 Feb 2014 20:54:13 +0000

Tun Dr M, our beloved former Prime Minister, openly supports Israel–well sort off.

Today on his blog chedet.cc, he called on everyone to boycott Israel, stating quite clearly in his latest post that;

I think the whole world in the interest of justice should boycott doing business with Israel. This is truly a pariah state which is immoral and beyond the pale of human laws.

Now of course, you’re wondering if Tun Dr M supports Israel or not? Well in actual fact it’s both, because while his words say he opposes Israel, his actions, specifically those of his website suggest otherwise.

Proton has a Volvo like obsession with SAFETY? NO.

Tue, 17 Dec 2013 11:14:47 +0000

I don’t agree with most of Rockys opinions, but I still subscribe to his blog to ensure I have at least a different view of politics. However, a post he made on the ’new’ Perdana really sent my blood curling. Rocky was defending the proton re-badging exercise, something I felt was completely unacceptable. Proton is a company that for years has thrived under government regulations and policies that were designed specifically protect it–and part of that protection included raising the price of all other cars in the market giving proton an un-fair advantage.

Why Malaysians shouldn't buy Coin--yet

Sat, 30 Nov 2013 11:20:10 +0000

There's a lot of talk about COIN, the aptly named card replacement device that promises to end the bulge in your wallet--literally. Basically this handy device is meant to replace all your cards in your wallet, and saving you space in a secure yet convenient way. It's oversold its pre-order a thousand times over, and it's taking the internet by storm in a way we thought was only possible by horse riding koreans.

However, I’m here to tell you, that as a Malaysian–you want to hold off your pre-order. Now if you want to buy coin to show-off to your less tech-literate friends, then go ahead, but if you’re buying COIN thinking that it’ll simplify your wallet, you’ll be sadly mistaken.

Johor Weekend: Good or bad?

Mon, 25 Nov 2013 10:04:20 +0000

Over the weekend, I saw the following tweet from the star, which I attributed to be either a badly timed April Fools joke, or a typo error:

Friday and Saturday are weekend rest days for Johor from Jan 1. What's your view? #Johornewweekend
— The Star (@staronline) November 23, 2013

Surely, a state like Johor that was trying to attract investment for the Iskandar region from companies like Frost and Sullivan, would not make such a catastrophic error. Alas, upon further checking, I found the information to be true.

Open letter to Tun Dr. M on internet censorship

Mon, 18 Nov 2013 12:49:12 +0000

Dear Tun,

First and foremost, let me start by telling you that I truly admire and respect your contribution to Malaysia. I remember shaking your hand when you attended my Convocation quite some many years ago. It was quite odd to see that while you were present, you didn’t give a speech, simply because you attended the function not as former Prime Minister of Malaysia, but rather as the spouse of the Chancellor–your wife Tun Dr. Siti Hasmah.

So it saddens me deeply, that at another convocation–this time where you were giving a speech, you suggested that it is time to censor the internet to counter “distribution of pornography, questionable news and slanders”.

If I may be so bold Tun–censoring the internet is the single most destructive thing that can happen to modern day Malaysia, and something that must be opposed at every turn, even if it involves publicly correcting a senior leader such as yourself. As a citizen of Malaysia, I find it not just my right, but my duty to inform the Emperor when he has no clothes on.

Bricks to Brains: The evolution of the cell phone

Tue, 05 Nov 2013 20:51:50 +0000

Really cool infographic of the evolution of cell phone to smart phone and how the major players evolved over time.

A couple of things that stood out for me were:

Nokia gave up such a dominant position and never came back
Just the sheer speed at which Nokia went from Hero to Zero is astounding, it’s like as though Nokia died from a gunshot, as compared to Kodak which died a slow painful death from cancer.
Samsung comes on the scene in 1997, but doesn’t make an iota of change, up until Google decide to launch Android almost a decade later. That truly was a game changer.
Nokia and Samsung still sell more than twice Apple’s volume in phones, but Apple makes more profit simply due to it’s pricing scheme (a cut from the telcos) as well as the fact that Apple only sells higher-end models with higher margins (5C being the exception).
Motorola started it all–but then somehow disappeared. Being first to market counts for naught in this industry, neither Samsung nor Apple were first movers.

PropertyPlus: Groupon for properties

Sun, 13 Oct 2013 20:27:34 +0000

Do you know a Groupon Junkie?

It's those people that start and end everyday checking out what sort of 'deals' they can get online, the sort of people who'd buy completely unnecessary items purely because they were on sale. These people literally stalk websites like Groupon or livingsocial to see if they can get a iPhone powerbank for 40% off, or if the Japanese restaurant in Subang Jaya had a deal on Salmon Sashimi.

I was a Groupon Junkie once. I used to religiously subscribe to the mailing list of these group discount websites, and what I found was that I was actually spending more than I was saving. Sure I was trying out new places to eat, but in the end I felt I was spending a lot of money on things I never wanted in the first place--and the things that I actually wanted, were never on Groupon.

To me, the dream was always if I could get Groupon to pick out the items I actually wanted--rather than a random haphazard items that no one knew existed in the first place.

A friend of mine, might have stumbled upon the answer. You see Groupon is a random collection of deals--and the only thing that ties them together is that there's a deal on them. Visiting Groupon is like windows shopping at the 5 dollar store, sure you might find something useful, but most of the time you just bought yourself a bunch of nonsense just because it was on sale. The only thing in common the items in the 5 dollar store have--is that they're 5 dollars, other than that they range from cooking to gardening to stationary and even car care.

The solution to the problem is to have a specialized website. One that didn't sell everything under the sun, but a very specific niche offering, so that people don't feel they're in a 5 dollar store, but a store that was offering a deal on something they ACTUALLY wanted to buy.

But what sort of niche market would that be? What niche market is in high demand--but also would benefit from the concept of group buying.

Say it with me now people-- THE PROPERTY MARKET!

It's a great idea, because not only are properties in high demand, Property buyers are looking for discounts (after all what buyers aren't), and from that came the idea of Propertyplus.

My Lazada buying experience

Sat, 24 Aug 2013 08:00:26 +0000

About a year back, I wrote about how excited I was that Lazada was finally coming to Malaysian shores, however I never really got around to buying anything from Lazada until recently. As you know, I was in the market for a new Unifi router and after some online shopping I decided to settle for a Asus router from Lazada, not only was the price cheaper, Lazada promised free delivery and even an RM10 discount if I subscribed to the newsletter.

So I created and account, subscribed to the newsletter and purchase an Asus router from the website–thinking all I had to do was sit and wait, and the router would be at my doorstep within 3 days.

WRONG!

Payment under Review

At the end of making the purchase, Lazada sent me an email claiming my payment was 'in review'. I'm not sure what that meant, but a quick call to my credit card company confirmed that the funds were already deducted from my card. To me this was unacceptable, but thinking it could be a problem with my card, I decided to try the purchase again but with my regular credit card this time--alas the router was already out of stock.

What I suspect happened was that my payment was successful BUT Lazada ran out of stock, hence placing the order under review. The wording of the email was poor, and the whole experience left me unimpressed.

Maxis agent attacking a Unifi customer?

Thu, 22 Aug 2013 23:13:54 +0000

Just yesterday, I received a rather odd comment on my post about a Unifi downtime. It read:

[box icon=“chat”]

Those maroons and stupid who complaining customer service should work before as customer service first you bastard!!! if you in thier postion than only u know thier pain… they can give you promise u asshole but who want to fullfill it???? if u want complaint complaint to higher management . dont try your bullshit by spoke with supervsior can resolve your problem. they cannot do anything there coz they have barriers asshole. pls go work as customer service before talk regarding them

Can you view Netflix in HD on Unifi

Thu, 08 Aug 2013 15:05:51 +0000

A lot of people have asked me if indeed you can view Netflix or Hulu or any other streaming service in HD on a regular 5Mbps Unifi connection (that’s the slowest possible Unifi connection).

Yes you can! Check out the “Now Playing HD” bit on the bottom right hand of the image below.

To learn how to watch Netflix or Hulu from Malaysia, check out my previous post here.

Guest Post: Keyboards on Smartphones and the Future of Buttons

Mon, 29 Jul 2013 08:00:00 +0000

When a new phone hits the market, we tend to get terribly excited about its new features. And rightly so: what are boundaries for, if not to push frantically? But with the release of the latest BlackBerry 10 handsets, perhaps the most important contribution to the future of the smartphone might come in the form of the continuing inclusion of an actual QWERTY keyboard.

While the iPhone has been holding steady at four buttons, and Android handsets are caught in a strange limbo between buttons and always-on touch-screen style soft keys, BlackBerry has held fast with its products’ trademark keyboards while also offering touchscreen options.

Illegal numbers?

Thu, 16 May 2013 07:00:51 +0000

Great video from the guys at Numberphile talking about illegal numbers. It always amazes to think that your money in the bank isn't protected by steel doors or guards with guns anymore--it's protected by numbers. (more specifically it's protected by one VERY VERY large number).

The encryption key that is responsible for keeping your sensitive bank details secret, is nothing more than a very very long number, and that number protects your money more than any steel door or armed guard ever could.

Boycott or self-imposed embargo?

Tue, 14 May 2013 00:46:31 +0000

Quick post for today. I need to start writing even though, I’m still depressed from LAST sundays election results.

However, I’m keeping myself abreast with all the hate going around, including the latest ‘Buy Chinese Last Movement’ or BCLM. If you don’t know what it is, just Google it and you’ll find out, it’s the latest in a string of racist movements that have spawned since Pru-13, and it probably won’t be the last.

10 Tech tips you didn't know about

Tue, 30 Apr 2013 07:00:42 +0000

Tech columnist David Pogue shares 10 simple, clever tips for computer, web, smartphone and camera users. And yes, you may know a few of these already – but there’s probably at least one you don’t. Some however, didn’t work for me, like the double-space on my Samsung s3 just gave me a –double space.

F-Secure hackathon result

Sun, 28 Apr 2013 07:00:41 +0000

F-Secure recently had a Hackathon in Malaysia, with the grand prize being a dinner with Miko Hyppönen. Miko is sort of like the Mick Jagger of Computer Security, Miko also made international news in 2011, when he tracked down and visited the authors of the first PC virus in history, Brain.A. Hyppönen produced a documentary of the event. The documentary was published on YouTube.

The winner of the Hackathon was Tan Kok Boon (pic) who stole the spotlight with his groundbreaking application which allows users to monitor and prevent threats using F-Secure’s World Map Interface. Tan won the award for ‘ The Most Innovative Application’ and the award for ‘The Best Overall Performance’. Also notice from the picture, what device was the winner of the Hackathon using to code? It’s a MAC!

Which just goes to show, the OS of your laptop is almost irrelevant now–and pretty soon the OS of your phone will go the same way.

Anwar may have changed Malaysia, but Mark, Larry and Sergey changed the world

Thu, 18 Apr 2013 08:00:26 +0000

If Pakatan win the next election, I would recommend that they award the title of Tan Sri or at least Dato' to the following:

Larry Page and Sergey Brin:

Co-founders of Google, who own both the video sharing site Youtube, and the blogging service Blogger.com. Without these two free services the message from the opposition would not have reached so many Malaysians, so effectively in such a short time-span. 12 years ago, before broadband or Google, the opposition were forced to resort to pamphlets and flyers, most of which was ineffective and expensive. Without Larry and Sergey, the Opposition would have not technology to spread their message to the masses. Anwar and Co' owe more to the technology of Sergey and Larry than any amount of funds they may have obtained from any other party (foreign or domestic)

Mark Zuckerberg:

Founder of Facebook, the de-facto social network for Malaysian. Facebook is so famous even my mother uses it--and I recently received a friend invite from my mother-in-law!!

Facebook allowed the youtube videos and blog post from various opposition parties to be spread from friend to friend, without Facebook videos wouldn’t have gone ‘viral’. Together Facebook and Google were instrumental in allowing the opposition a platform to preach their good news in 2008–in 2013 they might just allow them to form a new government.

Can the internet go down?

Tue, 09 Apr 2013 07:00:18 +0000

Danny Hillis talks about a backup plan for the internet, and on the face of it -- the idea sounds absurd. Why would anyone have a backup plan for the internet? There isn't a single IT project worth it's salt that would register the entire internet failing as a risk, the internet after all was built as a decentralized communications medium that couldn't be taken down with a single hit on a command center--the internet can sure take a pounding and so far no single act of nature has manage to make a dent--no earthquake, no tsunami, no nothing!

I’m not just talking about just Google failing here, I’m talking about the ENTIRE INTERNET failing!

Digi begins April Fools day a bit early

Sat, 30 Mar 2013 13:57:59 +0000

Everybody's favourite yellow Malaysian telco decided to start April Fools day a bit early today--either that or somebody in Digi went a bit crazy, and who can blame them with all those yellow men running around the office an' all.

Anyway, they offered a ‘vintage’ phone offer that includes phones like the Nokia 3310, that comes with interchangeable covers, clock and alarm and best of all–an awesome snake game!! For the low low price of just Rm1499, you get the phone and 30GB of data–although that may a bit of challenge to use the Data, given that the phones pre-date not just 3G or LTE–but EDGE as well.

TOGAF Certification : Finally I'm TOGAF certified

Mon, 25 Mar 2013 07:00:12 +0000

Finally after a year of procrastinating I finally sat for my TOGAF exam. I’m glad I finally did it, but I should have done it much earlier.

A lot of people wonder what TOGAF really is, TOGAF is an acronym that stands for the The Open Group Architecture Framework–yes it’s a mouthful and you’ve probably never heard of it before, but I personally believe architecture is a great place to be in these days, and ever since I moved into solution architecture (slightly more than a year ago) I’ve never regretted it.

Studying for the exam was straightforward enough, and the entire exam takes about 2.5 hours, not bad in comparison for the 4 hour PMP exam or the 3.5 hours for the CCBA. However, where TOGAF slightly differs is the fact that the certification involves two exams, aptly called part 1 and part 2.

Part 1 consist of 40 multiple choice questions, and unlike most other examinations this one has 5 possible options. In my opinion this is actually the harder of the two exams, but this one is a pre-requisite for part 2. If you fail part 1, you go home.

Part 2 consist of 8 ‘complex scenario questions’, which unlike the straightforward questions in part 1 consist of a complex scenario and 4 possible answers. However, the scenarios are quite elaborate AND take time just to digest and read –let alone answer. Once you’ve digested and truly understood the question, there’s still a matter of choosing an answer from a list of 4 possible answers–the only catch is that the answers aren’t right or wrong–there is a gradient to the answers and only the ‘fully right’ answer scores you full marks, the other ‘partially right’ answer score you fewer points. The last thing to note about part 2 is that it’s open book, which is helpful only if you know where to find the information from the 700 page TOGAF documentation.

Charities at the scale of Apple, Google or Amazon

Tue, 19 Mar 2013 08:00:58 +0000

We often talk about how where the next Apple, Google or Amazon will come from, rarely do we ask ourselves where the next Red Cross or Salvation Army would come from.

What’s even rarer is the question of how we can get our local NGO and charities to stop being Jaguh Kampungs and start being real world-changers that affect change in the areas of their focus.

Dan Pallotta thinks he has the answer, but it involves giving up some of the deeply entrenched notions we have around charities are start looking at charity in a more holistic way.

Can Malaysia produce the next Facebook or Google?

Sun, 10 Mar 2013 22:17:21 +0000

Can Malaysia produce the next Facebook or Google?

The short answer is NO.

The longer answer is HELL NO!

One of the things that pushes my buttons is when people talk about how Malaysia can produce the next Google or Facebook like as though creating a world renowned tech brand is like winning a lottery–submit enough entries and you’re bound to win it sooner or later. These people dream, and they dream a lot, from reaching 1% of the global cloud market, developing 5 companies with revenues of at least USD100 million or the most usual dream of them all–for Malaysia to produce the next Google or Facebook.

While all of the nice plushy dreams sound good to a lot of people, the reality is that Malaysia as a far away from realizing this dream as we are from winning the Football world cup–technically it is possible, but no one would be betting money on it (except possibly the Singaporean bookies).

In order to understand how a multi-billion dollar company is created, we can easily re-visit the creation stories of these companies and try to find some similarities that are common across them. So that’s what we’ll do…

Big data in sports

Sat, 23 Feb 2013 07:00:00 +0000

I came across a really cool youtube video from the amazing numberphile series that detailed how companies are already analyzing sports and farming huge amounts of data from sport events like football matches. In fact, these guys are basically farming data from events like the world cup, and then hoping that among that mountain of data lies some insights that could prove useful to football clubs–or football bookies :).

This of course reminds me of the my first glimpse of big data in sports from Moneyball. It was a classic underdog true story that was soon made into a movie starring Brad Pitt (just like every other great true story). I wonder if Football clubs like Manchester United and Real Madrid are using these big data farms to enable some useful analysis.

LGBT Movies Ban in Malaysia

Mon, 11 Feb 2013 07:00:22 +0000

This is a bit of old and stale news, but in April of 2012, the Information Ministry released a 'directive' to ban all movies or films that featured gay characters. In their defence, the Ministry did later clarify that their facebook post wasn't a directive, but a topic for debate. Of course, there can't be much defending when the post itself starts with "Berkuatkuasa serta merta, stesen radio dan televisyen diminta menghentikan.." which effectively translates to "With immediate effect, all radio and television stations are requested to stop..".

However, this little directive provoked my thoughts, because I’ve always been intrigued by the ‘weeding’ effect of censorship. The ‘weeding’ effect is a simple analogy I came up with while I was –you guessed it– weeding my garden. You see I’ve got a small garden in my home, and every now and then I put a pair of pink rubber gloves and go weeding around by hand, it’s a tough job, but someone has to do it. Now for those of you who’ve weeded anything before you know those nasty little weeds tend to grow in between the grass, and it’s really difficult to pick them up without plucking a fair bit of non-weeds with them. In fact, if you’ve got a lawn like mine–it’s almost impossible to get rid of the weeds without getting rid of the lawn grass as well. You most definitely want to avoid plucking out that expensive lawn grass you laid down.

The same goes with censorship, every time you try to censor something like the word ‘Breast’, you may inadvertently censor out something entirely innocent and useful–like Breast Milk, or Breast cancer, or Breast feeding. So while I really doubt the keyword Breast would lead to anything other than porn for the first 10,000 entries on Google, censoring the word Breast is really an ineffective solution because it could censor out a lot of really useful and relevant information.

Amazon Shipping to Malaysia

Wed, 02 Jan 2013 08:00:31 +0000

A couple of days back, I decided to buy a Christmas present for my wife. In my usual lackadaisical procrastinating style however–I only decided to buy on the 21st of December, which is barely 4 days from Christmas.

In my defense, I already had a great Christmas present in mind–it was something called the fitbit, a full fledge pedometer that not just records your steps everyday, but also your sleep time and tracks your daily activity. The best part is that the fitbit stores your data on the cloud, where you can analyze it to your hearts content. Not a bad present for a wife whose far more physically active than me :). (does blogging while standing count as a physical activity??)

There was however one problem–the fitbit isn’t available in Malaysia. I tried and I tried, but I couldn’t even find a lowyat seller who had it in stock. Now we really did have a problem.

Fortunately, I found one on Amazon–and Amazon did ship to Malaysia. So after a couple of credit card details were punched in (and a full USD30 for shipping) I manage to place my order on Amazon. The Amazon website promised 2-4 day delivery time-frame but stipulated in no uncertain terms that the order would not reach me before Christmas.

Auditor-General report 2011 : When can Malaysians expect Transparency in IT spend

Mon, 29 Oct 2012 08:00:49 +0000

As a tech blog in Malaysia, I thought it’d be interesting to see the latest Auditor-General’s report faired in terms of IT spend from the government. IT spend is a tricky thing, and most don’t understand just how tricky it is, particularly around big IT spend by governments–they often fail. In fact, one of my favorite blogs is dedicated solely to IT failures, aptly titled–IT Project failures.

However, even the Synopsis report of the AG report is a harrowing 87 pages long. It’s not just the length that puts of me off, but rather the sheer dry-ness of the language that is used. Interestingly, not a single diagram exist in the documentation filled with enough monotone text to put even the most ardent auditor to sleep, and I’m no auditor so I nearly dozed off after the 2nd page. I had to take a different approach if I was to get a synopsis of the synopsis, fortunately I work in IT (not auditing or law), and I know of function in Adobe Acrobat that let’s you quickly search a document–it’s called the FIND function, and I was a deadly ninja in the art of the FIND.

So, armed with the FIND function on Adobe Reader, I combed through the document looking for the word ‘system’ and where it tied with an actual IT system too see just how well our government was in delivering IT systems in 2011. Below are just a few paragraphs pertaining to the AG’s report and below are 2 prime examples of the the magnitude of IT failures from Putrajaya.

Cyberbullying in Malaysia

Tue, 16 Oct 2012 07:00:11 +0000

Tributes are pouring in for Amanda Todd, a teenager who committed suicide after posting the video above describing how she was tormented by bullies and struggling with depression. Amanda's story was told little by little via post-it notes and it full detail about the extent of the bullying and torment and just how this poor 15-year old girl had experienced her version of hell on earth.

The story isn’t a typical one, but one that exist in a nuance variety even in Malaysia. Amanda was tricked into exposing herself in front of a webcam by an unknown person. Soon she was blackmailed and finally, photos or her were circulated to her entire school. What followed next was every bit as predictable as it is sad, she was ostracized by her friends and tormented by bullies, she even tells of how she switch schools–multiple times–even moving to a school in a different city!!

Yet, the bullies and torments followed here (aided and enabled by social networks), and Amanda must have reached her limit and at some point she eventually chose to take her own life.

Youtube has taken down the videos, but I felt Amanda’s story should be left for the world to see, as a stark reminder to all of us to look after our children, and I just hope you get to watch the embedded video before even this gets removed. I believe out of respect for Amanda–we should listen to the story she so desperately wanted to tell.

Answering the tough questions: Watson vs. Humans

Thu, 30 Aug 2012 08:05:19 +0000

IBM have always been on the cutting edge of innovation, they’ve moved more becoming merely a computer company to what is probably the first truly all encompassing technology company, they don’t just make fancy gadgets or shiny tinga-ma-jigs, they make actual solutions for real-world problems.

In 1996, IBM introduced the world to Deep Blue. Kasparov met Deep Blue and wasn’t impressed, he had no reason to be, he defeated Deep Blue 4-2, and walked away comfortably.

However, in 1997, IBM re-introduced the world to the 2nd version of Deep Blue (unofficially named Deeper Blue), and this time Kasparov was beaten –but not by much. Kasparov is the Tiger Woods, Pele and Michael Jordan of the Chess world, and he was beaten by a super computer with 11.38 GFLOPs of power.

In turns out though, we had nothing to be afraid off, Chess is after all a pretty simple game when you break it down, the number of possible moves are finite, together with the number of possible scenarios to play out. It’s not an easy game to master, but as it turns out playing chess is infinitely easier than just plain talking.

In fact, of all the talking games, Jeopardy seems the most difficult. At the end of this post, I will make an argument to show that Jeopardy – a simple talking game – is about 6,500 times more difficult than Chess (a game we often associate with genius). Turns out Kasparov has to bow to Ken Jennings.

How SSL works: A presentation on Slideshare

Fri, 10 Aug 2012 12:27:51 +0000

Slideshare.net is a great tool to share presentations on the web. Think of it as the youtube of powerpoint presentations. I was toying around with my preview version of Microsoft Office 2013, specifically Powerpoint 2013, and I thought I'd create a new powerpoint to illustrate what I described earlier this week about How SSL works. Hope you guys like the powerpoint presentation, I was just toying around, using simple block diagrams and icons borrowed from Amazon Simple Icons for AWS.

Just like youtube, slideshare is a free service. However for larger presentations (with Hi-Def Photos) or even videos, you may need to buy the Pro Version which enables up to 100MB uploads per presentation.

HTTP vs. HTTPs : Why SSL and TLS are important

Mon, 06 Aug 2012 12:24:33 +0000

I was looking for some detail on Maxis Fibre to Home service until I came across this while trying to to access the Maxis Customer Forum online:

In the early days of the internet, all the data flowing through was done in plaintext, this meant that everything flowing on the internet was fair-game for anyone to hijack and view. It was akin to sending postcards all around, all the post-men and intermediaries could view the entire contents of your messages because it was out there in the open, no need to open sealed envelopes. So everything from your letters to your uncle Bob or your resume for a new job or even your most intimate personal letters could only be sent via postcard–anyone could read it.

There was a strong requirement however to design a mechanism to encrypt data flowing through the internet, because unless you could encrypt data, personal and credit information couldn’t (or rather shouldn’t) have been trasmitted across the internet. So it was important that someone somewhere figure out how data on the internet could be encrypted to enable things like online shopping, social networking, even simple email. So sometime in the mid-90s Netscape (the default browser at the time was Netscape Navigator), took up the gauntlet and invented SSL.

At this point, I’m also reminiscing the days when browsers were actually pay-ware rather than freeware. Remember when Netscape Navigator Gold used to cost money?

Google bigquery

Tue, 17 Jul 2012 07:00:16 +0000

There are other more popular tools for big data, but today we’ll focus on Google BigQuery for a very good reason. It’s the only one I know how to use.

Google BigQuery is a full fledge big data tool developed by google and stored on the cloud. There’s a lot more information you can glean from their presentation here. The short story is that Google created this tool online where you can analyze your bigdata for a per use fee, similar to other cloud offerings. Google currently charges $0.035 per GB of data processed or $35 per TB of data. That seems like a small fee, but it adds up pretty quickly, so for the moment bigdata and bigquery aren’t exactly end-user offerings.

I’m just going to quickly jump into a worked example of Google BigQuery before making some remarks. To use BigQuery, you’re first going to have to create an API project in Google and then go to https://bigquery.cloud.google.com

What is big data

Mon, 16 Jul 2012 07:00:13 +0000

It’s obvious that people have gotten bigger these past few decades, what’s less obvious is how data has grown bigger in the past few years. In fact, 90% of the digital data we have today, was created in the last 2 years. Put another way, in 2010 we had just 10% of the digital data we have today.

In 2011, an estimated 1.2 TRILLION Gigabytes of data was created. That’s roughly 200GB for every man women and child in the world–In just one year. That’s every person in the world watching almost 300 feature length films every day, and this is the average.

The reason is simple, we now keep digital records of our transactions (e-banking and credit cards), our running patterns, our spending habits and even our wedding photos–and that’s just commercial end user applications.

What about corporations who track thousands of data points per second for their manufacturing plants and supermarkets tracking the purchases of customers. We’re creating and gobbling far more data than before, and the trend doesn’t look to be stopping. Every day, we create 2.5 quintillion bytes of data — so much that 90% of the data in the world today has been created in the last two years alone.

How to change your Unifi password

Sat, 14 Jul 2012 23:00:56 +0000

Now It’s quite clear from a previous post I did how about easy it was to hack a Unifi Dlink DIR-615 Wi-Fi router, that the least you should do is change your standard router password to something that’s more than the regular 8 digit Pin Unifi gives you by default.

Let’s take a look at how to change your unifi password, or how to find it in case you’ve forgotten.

Step 1: Login to your router

First you’ll need to login to your router. For this open up Internet Explorer or Firefox or Chrome to access the internet. Then instead of typing something like http://www.google.com in the address bar to visit google, type http://192.168.0.1 in the address bar to visit your routers web server. Your router actually has a webpage that allows you configure you, but this web page is only visible from within your home network so don’t worry.

You can just click the link here to take your there as well.

Once you see the page look something like the picture above, enter admin for the username. For the password, use the default password Unifi has given you, when in doubt, look at the bottom of your router (that’s the orange color device with the 2 antennas) and look for an 8 digit PIN. That’s your default password. It’s printed there in big bold letters–you can’t miss it.

Now don’t be confused, this is merely the password to access the router, not your Wi-Fi password, for now their the same password, but they could be different. That’s what we’re going to do.

If the password at the bottom of your router doesn’t work, try the following. Depending on your router firmware, one of them is bound to work:

Username: Management Password: TestingR2

Username : operator Password : h566UniFi

Username : operator Password : telekom

How to enable VPN connectivity on Maxis Mobile

Wed, 11 Jul 2012 14:37:58 +0000

[caption id=“attachment_2505” align=“aligncenter” width=“271”]

Maxis VPN Setting[/caption]

Just a quick post for a Wednesday, as most of you know I just recently purchased my Samsung Galaxy S3 courtesy of the Maxis One Club. With that S3, I also purchased a RM68/month mobile data plan for 3G.

Now for those of you with an Android phone that tethering on the Phone is super easy. Tethering is when I use my phone as a wireless router for my laptop (or any other device). So I’m connecting my laptop to the internet via my phone and the Maxis network.

Finally got my Samsung Galaxy S3

Mon, 18 Jun 2012 08:14:46 +0000

Finally after a long long wait, I managed to get my Samsung Galaxy S3 from Maxis. I got the phone last Wednesday and now after just 5 days with it, I have to say – best Rm999 spent EVER!

For those of you still curious as to how I got it for Rm999 when I recently complained about Maxis advertising a “while stocks last promotion” as a “4 day long promotion”, here’s a nifty little piece of information that isn’t widely shared, Maxis is STILL offering the Samsung Galaxy S3 for Rm999 but only to Maxis One Club subscribers, you’d still need to subscribe to the Rm68 data plan which brings with it a good ol’ 3GB of mobile data, but any smartphone needs a data plan anyway. The maths is simple, you’d need a minimum Rm48 data plan which is for 1GB/month, so the difference between the Rm68 and RM48 is Rm20/month. Over the 2 year contract, that’s a Rm480 difference, the phone price itself is nearly Rm400 cheaper. So might as well, if you ask me.

10 Strange things about the ICANN Generic Top Level Domains (gTLD)

Thu, 14 Jun 2012 17:51:43 +0000

I wrote a very long time ago, about cool Top Level domains you could buy. For instance I wanted to buy the .TH top level domain so that my website could be http://kei.th . Unfortunately, I found out that the .TH domain name belongs to Thailand and they’ve pretty made it very difficult for a non-Thai to get a hold of their domain names. You’re probably also familiar with the .TV top level domain belonging to a private enterprise and the country of Tuvalu. Or the .FM top level domain used by most radio stations including Hitz.FM and Mix.FM, this domain belongs to the Federation of Micronesian Islands. However, as cool as Top Level Domains are, they’re pretty limited, the UN list out just 190 member nations, and all in all, we’re looking at no more than 250 Top Level Domains in existence. *my guess

THANK YOU: keiths.blog won the #DigiWWWOW awards

Sun, 10 Jun 2012 00:05:25 +0000

Some of you might have heard, but if you haven’t then brace yourself– I won the #DigiWWWOW awards!! WOO HOO!!

I’m still trying to come to grips on how I manage to beat out competitors like Amanz, MrPiratz.Com, Droid.my and of course Technology, Design,Inspiration. All of whom garner more hits than me, and are far more popular. Mr.Piratz was the first person to congratulate me in the backstage room.

Get 2 passes to the Digi WWWOW awards

Fri, 08 Jun 2012 16:23:03 +0000

Hey all, as many of you know I submitted my blog to the Digi WWWOW awards, and a couple of weeks back I received confirmation that my blog was top 10–woo hoo!!

Being nominated for the top 10 meant that I was invited for the awards night, and I got to bring as many as 3 guest. However, at the last minute 2 of my guest had to cancel and now I’m looking at possibly 2 empty seats at my table.

Samsung Galaxy S3: I don't have one

Mon, 04 Jun 2012 09:18:45 +0000

First off, let me come clean and say that I’m not really to please with Maxis today. I drove all the way to my local Maxis store on Friday to get an S3 at the offer price of Rm999, the phone was out of stock (which was acceptable for the hype around the phone) but I was told I couldn’t even pre-order or book the phone. Meaning, that when if I eventually get the phone – probably only after this weekend, I would have to pay the regular price of RM1399.

CPU Wars: Why didn't I think of this #damnit

Sun, 03 Jun 2012 08:24:41 +0000

I remember playing with a plane cards and car cards. It’s a deck of cards where they list out certain specific traits of airplanes or cars like speed, weight, acceleration etc etc. The objective of the game was to get all the cards in the deck by trumping the other based on a trait called out.

This little kickstarter project though, took that particular game play and layered on it a CPUs. Here’s the cool story:

Happy Birthday Wordpress!! Why Khairy won't be the next PM

Mon, 28 May 2012 15:17:52 +0000

Everyone who knows me, knows that I’m a passionate fan of 3 things.

Manchester United.

AC/DC.

and Wordpress!!
Wordpress, that awesome blogging platform that powers everything in the world and gives you that warm gooey feeling everytime you see it, turns 9 today. That's 9 years of internet awesome-ness.
It’s time to take a step back and contemplate the meaning of wordpress, this is an immensely popular blogging platforms that powers nearly every blog on the planet (and a lot of non-blogs as well) was created by Matt Mullenweg on May 27th 2003 as a ‘project’ , and now wordpress powers 15% of the web–for FREE!!

Facebook goes public : How it compares to Malaysian companies

Fri, 18 May 2012 16:44:26 +0000

The big FB goes public today, making a lot of people very happy and few people very very rich, including one Eduardo Saverin – who will probably be barred from ever entering the US –EVER AGAIN!

However, that’s a story for another day, today Facebook is the hottest bit of tech news you can get your hands on, the last time an IPO this exciting occurred it was for a search engine named Google. Google IPO-ed at around $80, today it shares hover between $550 - $650. Just saying.

So it’s really awe inspiring to look at the numbers, 845 million active users (just slightly smaller than India) 2.7 Billion likes/comments everday, 250 million photos every single day and 100 Billion friendship. You my dear readers could own a small –make that VERY small- part of the company for the $38 share price tag people are talking about.

So how does the $38 price tag for Facebook Shares compare to Malaysian companies?A quick calculation puts Facebooks market cap at USD100 Billion, or roughly RM300 Billion. Malaysia doesn’t have a RM300 Billion dollar company (or at least one that is public listed), so in order to give you an idea of the magnitude of Facebook, I had to combine a few Malaysian companies to reach Rm300 Billion. With the Rm300 Billion Facebook is worth, you could buy outright:

How come the ads you see look like your previous searches?

Thu, 03 May 2012 10:38:19 +0000

Ever wonder how come the ads you see on Facebook or Malaysiakini reflect the searches you just recently made. Ever felt freaked out about it, there really is nothing to freak out about, unless of course you’re worried that a Multi-Billion dollar company may be keeping information about your searches and sharing them with ad sites that build profiles to uniquely identify you. Or that your personal search isn’t really private data, yet it can reveal very private details about yourself including your religious beliefs, sexual inclinations, medical conditions and even credit rating.

This is a blog about technology, but as of late it’s becoming increasingly difficult to focus only on technology without looking into copyright, censorship and privacy. I can’t blog about technology while ignoring these aspects, anymore than financial analyst you look at Apple ignore the technology around their products.

Maxis Launches ebook portal

Mon, 23 Apr 2012 18:03:24 +0000

So Maxis launched their new ebook portal aptly title www.ebuuk.com.my, far be it from me to point out that an ebook portal should at least have the word book spelled correctly (don’t you think so Maxis), also judging by the SSL certificate it appears wanted to go for a more generic myebooks.com.my domain name before switching to ebuuk.com.my.

I’m an avid reader and was excited when I heard the news, so I headed over to the Maxis ebuuk page, and noticed that it wasn’t up to my expectations. I was completely annoyed by the fact that in some cases the prices for ebooks via the ebuuk page was about twice the price of books you could download from Amazon. And the proof is below, it includes a book I’m about to purchase called The Progress Principle, retailing for USD9.99 on the Kindle for Amazon, while Maxis ebuuk retails it for Rm68.99. Now USD9.99 is about Rm30 or RM32, and Maxis is retailing it for about twice the price, that’s ridiculous. This is an ebook we’re talking about.

Proton Preve breaksdown in the middle of the road. FAIL!

Fri, 20 Apr 2012 21:42:41 +0000

The Lowyat.net forum is abuzz with news and photos of a broken down Proton Preve. Not good news for a car Dr. Mahathir called the best proton ever. The rumour mill is abuzz with the reasons for the breakdown, but as of now it looks clear that the Proton in question didn't crash, but rather than some part 'lower arm assembly' gave way, or something like that.

Tickets to Russell Peters Live in KL: Here's how you can get them

Thu, 19 Apr 2012 17:37:55 +0000

*update: there’s been an announcement that the organizers are setting up a second show due to the huge demand. I’d recommend waiting for that before you start buying 2nd hand tickets.

Dissapointed you didn’t get your hands on Russell Peters tickets for the KL show?

Upset because you spent the whole night waiting for it, only to find out that the 7000+ tickets were sold almost instantly?

4 Reasons you need an RSS feed

Thu, 12 Apr 2012 14:49:43 +0000

If you don’t know what RSS is, prepare to have your mind blown. If you’ve never used RSS, chances are you’re still bookmarking your favorite websites and blogs and visiting them on a regular basis painfully one at a time. RSS feeds allow you to magically consolidate all the content you read online, into one platform where you can get your daily dose of information all at one go.

RSS stands for really simple syndication, and it was designed as a simple way for web authors to syndicate their content across the internet. Conversely (and more importantly), it also provides a way for web users to consolidate all their favorites blogs, searches and forum threads onto one single platform.

So what is it really? Well I’m not too sure of the technical specifications to be honest, but here’s how I think it operates.

Lazada : The Amazon clone (and Samwer brothers) finally land in Malaysia

Mon, 09 Apr 2012 23:49:41 +0000

This blog is about Technology, but in these past few years it’s become impossible to talk about technology without touching on the subjects of copyright and censorship. Very few people have a clear cut definition of what is acceptable copyright infringement and what isn’t. Not too long ago I wrote about how a wordpress theme designer was being sued because he created a facebook theme, did you also know that facebook has already trademarked the term ‘face’ and is looking to trademark ‘book’ as well. Most readers of this blog know where I stand on copyrights, patents and intellectual property, where I draw the line however is trademark violations. A trademark is part of a brand, and usually trademark violations are a clear-cut attempt to fraud consumers by passing off a product or service as something it’s not.

So what about business ideas and business models. Is it OK to make a clone of Facebook, and call it mukabuku– maybe. Is it OK to use the blue and white hues that we’ve come to associate only to Facebook– that’s a bit uncomfortable as you may be tricking users to sign up for mukabuku by misleading them into believing mukabuku is a Facebook product. Well how about if you deploying mukabuku to a country that doesn’t have Facebook?

So what about the Samwer brothers and their new online retail site Lazada, that was just launched in Malaysia? It’s got all the hall marks of Amazon, is that OK?

YTL has the most ridiculous Acceptable Use Policy

Sun, 11 Mar 2012 15:10:36 +0000

YTL Communications has been doing a pretty good job recently. The Star even went as far as claim that “YTL Comms to Break Even” until of course you read the article in which case it mentions that YTL require an additional 500,000 subscribers on top of it’s current 300,000 to achieve that. However, it did offer a post-paid plan which was pretty decent, and who can forget the tie-up with Proton to offer a a 4G car. Why in the world would anyone buy a car because it has 4G, on the other hand why would anyone buy a Proton? (disclaimer: I still drive a 2004 Proton Waja which has served me well)

However, with Yes latest postpaid offerings I imagine it’s moving away from it’s niche position into more competitive environments, people may use Yes as a fallback, but post-paid is where the real money is and Yes is moving in. Yes Data plans come in various price points, from RM48 for 1.5GB up to RM168 for 10GB, the left-over credits don’t roll over to next month but there’s no extra charge for using over your quota just a speed throttle to 128kbps. (note to YES: 128Kbps is not broadband)

Pinterest + Martin Luther King =

Thu, 23 Feb 2012 13:51:27 +0000

A couple of days back, I wrote about how copyright law was preventing a lot of us from listening the entire Martin Luther King “I have a dream” speech because it was protected by copyright, and in order to listen to it you had to pay Martin Luther Kings family royalty. Today I did some searching on pinterest, and found some rather remarkable works of art around Martin Luther King that were pinned in pinterest, these works of art would not be possible if the family had further copyrighted other aspects of MLKs life, and with newer stricter copyright laws that could very well be the case.

Remember for a pinterest invite, just leave a comment on the post and I’ll send one to you as soon as I have the time. For now, enjoy!

Source: google.it via Francesca Rufina on Pinterest

From pinterest User Effeluna

More reasons Copyright sucks

Wed, 22 Feb 2012 09:07:13 +0000

Now for an artist to copyright a song or a piece of work, for that artist to then legally make a living of is fine.

It’s not fine if you need to pay royalties to use Martin Luther King Jr’s “I have a dream speech”, because his family own the copyright to a speech that is a part of US history. They later sold those rights to EMI, and now a recording company owns the rights to the speech that encapsulates the civil rights movement, and that same recording company is patrolling the online alleys to catch the copyright infringers.

What happens when Google goes down?

Mon, 20 Feb 2012 18:35:07 +0000

Yesterday, I was over at a friends house fixing up a PC that was ridiculously infected with malware. The only complaint they had however was that they couldn’t access malaysiakini, a local news site that they subscribe too. True enough the page wasn’t loading completely, and it was frighteningly slow even when it did. Now, this sort of symptom usually doesn’t lead to much, maybe bad browser plugin or something like, but browsing from all 3 browsers on the machine (Chrome, Firefox and IE) yielded the same results.

So I decided to do what I always do and perform a Google search, and Google wasn’t loading…gasp!!

Then I thought, I’d try bing instead…and it wasn’t working either.

Finally I did a simple netstat -a on the command prompt and I was horrified.

Using the crowd to predict the future

Thu, 09 Feb 2012 20:45:45 +0000

I just finished Crowdsourcing by Jeff Howe, the definitive book on crowdsourcing, and although it was written nearly 4 years ago, I was really bowled over by key insights throughout the book. Crowdsourcing is more than just the design work or iStockphoto, there’s also an offshoot into the world of Crowd-predicting. Utilizing the wisdom of the crowds to predict anything from sports results, Hollywood sales or even Presidential elections, and it appears these prediction markets actually do a pretty good job of predicting the correct outcome. They’re not right 100% of the time (then again neither are the experts), but overall the Crowds can –and do–predict with great accuracy.

The premise of crowd-predicting is simple. Get a whole bunch of people together and then ask them to predict the outcome of a particular event, once each individual prediction comes through you then aggregate that information to get the final result. Proponents of crowd-predicting say this result often beats the ’experts’, and they have some data to back it up.

When only the best would do: Organics

Mon, 06 Feb 2012 23:19:56 +0000

I used to be a strong believer of organics, until I saw the prices of organic foods at my local Jusco. Needless to say, I stopped believing in organics pretty quickly. Of course, I understand the premise, which is that organic food is 100% natural, without added chemicals or fertilizers, no herbicides or pesticides leaving your food 100% wholesome. There is strong justification for this, although limited scientific proof.

The way to think about organic is that, mankind evolved to consume certain types of food and nutrition, but with the advent of ‘industrialized agriculture’ things changed. We now consume tomatoes all year round, although it’s a seasonal fruit, the concept is simple–pluck the tomatoes when they’re ripe and then spray them with chemicals just before they hit supermarket shelves, that way nobody needs to worry about seasons. This is true for nearly all your seasonal fruits that appear ‘all year round’. All this makes the fruit un-natural or at least–less nutritious than it’s purely organic counterpart.

Unauthorized withdrawals hit DBS and POSB customers, withdrawals done in Malaysia

Fri, 27 Jan 2012 18:47:12 +0000

According to a report from Channel News Asia, a total of nearly 200 DBS and POSB customers in Singapore have been hit by unauthorized withdrawals averaging S$1000 each. The withdrawals were done in Malaysia “while the ATM cards were with them safely in Singapore”. Which begs the question what does ‘safely in Singapore’ mean?

Channel News Asia goes on to report that withdrawals were made in Kuala Lumpur (not neighboring Johor Bahru) and done approximately the same time as ‘valid’ withdrawals. ZDNet has reported DBS is working together with its IT vendor, NCR to understand the issue and investigate further. It’s also suspended all suspected cards and are contacting customers to give them what it says would be a full refund. NCR also happen to make almost 90% of all ATMs in Malaysia, and according to Yahoo! news, this was “a security breach to its anti-skimming devices installed on ATM machines”, so I’m just wondering why this wasn’t done to Malaysian accounts of local banks?

Censorship in Malaysia: SOPA told through Malaysian Eyes

Tue, 24 Jan 2012 10:15:53 +0000

There’s been a recent surge of Anti-SOPA and Anti-PIPA sentiment over in the Unites States, Wikipedia blacked out it’s entire webpage and Google, Twitter and Facebook all joined in the fray. I’ve even received multiple emails from the Mozilla foundation on how to combat SOPA and recent a congratulatory cum Thank you note from Mozilla for joining the fight. Make no mistake, SOPA isn’t dead, it’s just been shelved for the time being, get ready people round2 starts soon.

In Malaysia though there has been little reporting on the issue, while some local blogs did mention SOPA, and a few newspapers briefly covered it, not much has been discussed on either of the laws. It’s typical of the Malaysian media to report less on matters that actually matter, and more on frivolous material like this article from the New Straits Times that read “Unity is Priceless: PM”. Really? Cause the rest of us thought Unity was worth around about Rm2.75 . I mean apart from pointing out the obvious, the article has absolutely no content, apart from the big picture with the “We Love the PM” nonsense.

That being said, there were a few articles on SOPA and PIPA, however those articles for censored to a certain degree, and here’s how.

New year resolutions: Are they worth it?

Sat, 21 Jan 2012 18:21:11 +0000

Back in 2007, I had a n

ew year resolution to run 5km in 25 minutes, or more specifically to get my body in good enough shape to run 5km in 25 minutes. That was my aim, it was partly driven by some research I read that it’s better to have just 1 resolution and making that resolution specific rather than generic. So rather than, ‘I’ll exercise’, I needed a goal or a target to reach–and I chose the target of being able to run 5km in 25 minutes, because about 14 years ago, I ran 8km in 40 minutes at my high-schools cross country, and I thought 5km in 25 minutes was a pretty reasonable number to me.

Unfortunately, I didn’t accomplish my resolution in 2007, nor in 2008 or 2009, not even in 2010 and finally didn’t even jog in 2011.

So for the last 5 years, I’ve made just one new-year resolution and failed to accomplish it. That is a big FAILURE!!

or is it…..

Kampung Wi-Fi: What's going on?

Sat, 07 Jan 2012 11:35:27 +0000

Late last year the Government announced the Kampung Wi-Fi (or Village Wi-Fi initiative). The initiative was mooted by The Information, Communications and Culture Minister, Datuk Seri Dr. Rais Yatim. Currently there are already 1,400 villages with Wi-Fi access and the Government hopes to increase that to 4,000 by year end.

That’s good news to a lot of villagers, broadband penetration is considered a right in certain countries, and bring internet access to rural Malaysia is a moved to be applauded. However, there doesn’t seem to be much on the technical aspect of the project available to the public.

According to this report from the Borneo Post, the Kampung Wi-Fi is a public-private sector initiative that involved expertise from Pernec Paypoint Sdn Bhd, so that’s an unknown company to me. The cost of the Kampung Wi-Fi initiative is anywhere from Rm25,000 to Rm32,000 per village, which for the additional 2,600 villages we plan to deploy to brings total cost of the project to RM65 million (onwards).

Tricubes gets new RM6million contract

Wed, 04 Jan 2012 13:21:33 +0000

Sounds surprising and

quite convenient, that a company that reports a loss of Rm17 million, goes on to report that they have a lifeline, in the form of a Rm6 million dollar contract from the police to “maintain the Royal Malaysian Police’s (PDRM) mobile systems for two years starting January 1”.

Quoting this Malaysian Insider Report :

“In a filing to Bursa Malaysia today, the company said TricubesNCR JV Sdn Bhd bagged the deal to maintain the Enhanced Mobile Management System (EMMS) and Mobile Card Acceptance Device (MCAD) on December 30, 2011.

TricubesNCR JV Sdn Bhd is 70 per cent owned by Tricubes.”

PPSMI:Where's the Science?

Sun, 01 Jan 2012 16:30:32 +0000

A couple of hundred years ago, if you wanted to find out what was inside a horses mouth, you’d go to a quite corner and sit for a while and contemplate what was in a horses mouth. This sounds anathema to anyone reading a blog in the 21st century, but it was quite common in the days of Aristotle. Our brains are hard-wired for imagination, in fact happiness expert Daniel Gilbert actually goes further and says we’re the only species that can imagine our future selves. It’s the reason he says, why Ben and Jerrys doesn’t have Liver and Onion flavored ice-cream. It isn’t because someone actually made Liver and Onion flavored ice-cream it’s because we can predict that Liver and Onion flavored ice cream is probably not a good idea.

Tricubes reports Rm17million lose, typo in Annual Report

Thu, 29 Dec 2011 16:34:28 +0000

About 2 years ago

if you typed “miserable failure” on Google the first listed webpage would be the wikipedia entry for President George W. Bush, apparently a few guys found out how Google ranks their pages and decided (with a little help from friends) to push up the GWBs Wikipedia page for the search entry “miserable failure”. Google has since changed it’s algorithm to prevent a few kiddie hackers from being able to control the page ranks of sites which have dire consequences of a pages visibility online.

I wonder if we could get miserable failure to point to the Tricubes website instead.

Tricubes is in the news again, this time for a ’typo’. Apparently the public listed company that was awarded the 1Malaysia email program and was also appointed the traffic fines collection agent by the police last month, can’t get their annual report in order. You would think that if there is just one document a public listed company would get absolutely correct it would be it’s financial report, Tricubes however is bucking the trend and inserting typos in their Annual Reportin what could be the shrewdest move ever to gain public attention. It’s probably a good thing, considering the ‘surprisingly low’ take up rate for the 1Malaysia email project. Tricubes aimed to get 5.4million email accounts, but according to the Malaysian Insider “ has so far only managed to register several thousand, most of whom were ported over from trial accounts”. This typo could be a cunning but ingenious ploy to get Malaysian more aware of the project, or it could be a error by a company that isn’t well run. Either way, there’s no such thing as bad publicity right? (sarcasm level at an all-year high).

SOPA: What Trey Ratcliff and Uri Geller have to say

Wed, 28 Dec 2011 10:24:45 +0000

Trey Ratcliff is a professional photographer who photographs ooze with talent, he also blogs at stuckincustoms.com. It’s an amazing blog, but what’s even more amazing is that Trey chooses to release his works of art under the creative commons non-commercial license, which has it’s restrictions but allows free usage of the photos as long as its used for non-commercial purposes. Now that’s like a programmer offering free programs, or a writer offering free-content. It’s not unheard off, but it’s rare. However, in todays economy more and more professionals are taking this step towards similar licensing of their works.

Treys photos aren’t customized for a specific purpose, he post them on his blog and if you like them you can use them. It’s not customized in the sense that he didn’t take the photograph of you or for you. Similarly a lot of programmers are offering free programs they wrote as a challenge or a dare and shared not just the program, but the source code that any other programmer can build further upon. They didn’t build it for a specific purpose, just something general that they thought would be best shared rather than sold. So in that sense, Trey can use photos of a holiday or a scenery and offer that for free.

I mention Trey not because I love his work (although it IS amazing), and not because Trey is a top level photographer that he shares his work online. I mention Trey because he has synthesized in short post on Google+ what he thinks of Online Piracy, and it really has struck a chord with people, especially since Trey is on a different end of the piracy war and he’s saying that pirates aren’t bad people. WHAT?

The Year in Review: A lookback at 2011

Sat, 24 Dec 2011 19:51:42 +0000

In 2009 I did a year in review and today (on Christmas Eve), I’m hoping to look back at my year and savor my accomplishments and even failures in preparation for my next project which I’m hoping to commence next year.

So most of time this year was spent doing many things, among others I moved out of my parents place into a new house I bought, while this may sound strange to most Westerners staying with your parents till you get married is quite common in just about all of Asia. I started a blog, delivered some successful projects for Shell, went for my first job interview in nearly 5 years, got a great job offer but turned it down , started using twitter and LinkedIn, and even tried my hand at cooking.

Computing Professionals Bill: Final Verdict

Wed, 21 Dec 2011 22:46:02 +0000

In what I hope is my last post about this ridiculous bill, I hope to ask and answer an important question I’m surprised no one has asked yet…

Why do we need such a bill?
In essence do we need to raise standards, or provide assurance to employers regarding hired professionals. I believe the answer is NO. It all stems from a brilliant book I read "start with Why" by Simon Sinek, and you catch his amazing TedTalk here. He goes on to say, that if you mess up the WHY of any action, no one will follow you, because "People don't buy what you do, they buy Why you do it"
Now I understand that we’d always need to raise standards, and provide assurances, but in the greater scheme of things is it really that necessary to do it now, or can we expend our energies and effort elsewhere for the IT community to get the value from our actions. This should be at the core of the discussions, this is the WHY of the bill, if I don’t believe in the WHY of the bill, then there’s no need talk about the who, what,where and how.

If the objective of the bill isn’t agreed upon, then it doesn’t matter how we achieve the objective. I feel a lot of IT professionals have bypassed this and zoomed down immediately to the details, pointing out flaws in the bill and a lack of clarity and specifics, however I’m not even sold at the high level of the bill let alone the specifics, and I struggle to understand why the bill is around in the first place, let alone how it will achieve it’s WHY.

I'm so happy....

Fri, 16 Dec 2011 16:26:10 +0000

My blog & name was mentioned on BFMs tech talk today. Woo hoo!! I’m so happy!!

You can download the podcast of the show at BFMs website here , and it’s fantastic (partially because it mentions my blog).

So while MOSTI still hasn’t given up on the bill, apparently no one in the Industry wants the bill except MOSTI, and they’re just a Government Ministry. Where were the Industry players MOSTI engaged before proposing the bill? The sad part is that even drafting out the proposal of the bill would have cost money and resources that could have been better spent elsewhere…sad!

Jobstreet does its bit for Thailand

Wed, 14 Dec 2011 11:23:59 +0000

The Thais have had a rough couple of months. With floods inundating entire swaths of the country, Bangkok had to revise its GDP estimates for the year and even hard-disk prices spiked due to limited supply. There is some good news though, Western Digital recently started up it’s plant in Thailand (although no news on when it’ll be resuming operations) and many other companies are following suit as flood waters appear to have subsided.

Computing Professionals Bill: This is IT

Tue, 13 Dec 2011 23:22:39 +0000

Some laws you have to fight wars to keep….others you have to fight wars to be repealed. This is one of those laws you have to fight to prevent from ever being made a law…

On April 12th , 1861 Confederate forces attacked Union Military installation named Fort Sumter in South Carolina. The attacked marked the beginning of the American Civil War, and the United States of America would never be the same. The war was about more than just a secession from a Union, it was about preserving the right that every man was created equal and that no man or woman would ever be ‘owned’ again. In just over 140 years later, the United States of America elected their first Black president.If ever there was a war worth fighting for, it was the American Civil War. The Abolition of slavery was a law worth fighting for, it was worth preserving, even till death.

Googles Wi-Fi strategy: The Power of Defaults

Wed, 30 Nov 2011 19:51:09 +0000

One of my favorite blogs, nakedsecurity recently published an article that Google "offering to stop mapping wireless access point location data, granting network owner s worldwide the choice to opt out from its Wi-Fi geolocation mapping". The problem is, that Google is asking users who want to opt-out of their service to change the SSIDs of their Wi-Fi and add a _nomap postfix. This means that all Wi-Fi networks without the _nomap postfix would automatically be added to Googles database of Wi-Fi access points.

What does this all mean? Well apart from the obvious icky feeling you have in your stomach right now, the main summary is that Wi-Fi access points that aren’t changed will automatically be added to Googles database (the Google Location Server). In short, the default setting is that you give permission to Google to store your Wi-Fis SSID until otherwise stated….eeeyeew.

We're not separated by 6 degrees of separation: It's now only 4.74

Mon, 28 Nov 2011 23:24:44 +0000

According to a New York Times article today, the world has apparently shrunk beyond our imagination. The latest study uses facebook as the base for their study, and used it to study the separation of people. Previously I blogged about the amazing study conducting by (even more amazing) Stanley Milgram and how he came up with the concept of 6 degrees of separation. The latest study not only re-inforces the original study, but goes further to explain that the number is now only 4.74.

It really is a great opportunity we have now with facebook being the Hyper-Social network, with little competition. What this means is, at least for now, everybody online has a facebook account. That would certainly change in the nest 2-5 years, but what’s really interesting is that with facebooks great popularity, we have now have a wonderful chance to perform these kinds of research, and kudos to facebook for actually initiating it. The data from the research can be found on facebooks data page. Now onto the research:

The internet is killing newspapers and how we can change that

Sat, 26 Nov 2011 23:27:27 +0000

On day 4 of my 30-day challenge to blog everyday, and I’m already running out of stuff to say. However, as with most things, inspiration seems to spring out when it is most required. I’m sitting in front of TV, watching BBC Dateline and one of the panel members is Henry Chu, the Los Angeles Times bureau chief in London.

The topic of the discussion was something along the lines of “Are newspapers going out of date, and what is the future of newspapers?”. Henry answered in a rather poignant way, circulation of newspapers throughout the world including the Los Angeles Times is decreasing, but the irony is that while circulation is decreasing, readership has increased. So think about it, less people are buying the newspapers but more people are reading it, and the newspapers have actually become a lot more interactive. For instance content of the LA Times is now not only being read by people outside of Los Angeles (or even the US) but actually being commented on by people from Australia and Malaysia.

The reality is that while newspaper circulations have been reducing over the years, the appetite for news has not decreased, and neither has the demand for it. What has happened is the nature of the demand has changed, and consumers now demand that their news sources fulfil these new demands or they’ll take their business elsewhere.

3 Reasons to say NO to Yes Mobile

Fri, 25 Nov 2011 19:53:38 +0000

I recently purchased a yes mobile account, and was pretty happy the results. In my past review I mentioned that the speed was great followed by good stability. However, there have been some downsides to the service, and here’s some reasons why you should avoid yes mobile.

While Yes is great, there are overall flaws with the service, and below is my review of 3 reasons why you shouldn't use YTL Yes 4G.

Before I move to the reasons, let me explain the kind of user I am. I work from home 3 times a week and use my laptop for just about all my working needs which include late night teleconferences, phone calls (via my companies VOIP) and even for webcast and presentations that I do on a regularly basis. Working from home has it's advantages, for one I don't travel too often and can usually get a lot of work done. However, if my internet connection is down, I'm completely cut-off from the office, with no office communicator and email, there's very little I can do at home. Even worse, if the internet connection goes down before a teleconference (or even during a teleconference), things get pretty ugly pretty fast. I absolutely need a stable and reliable internet connection and chose Yes 4G because I thought it would provide me that, turns out I was wrong.

Domain Names: .xxx domain and what you should know

Wed, 26 Oct 2011 17:33:21 +0000

The internet Corporation for assigned Names and Numbers (more affectionately known as evil ICANN) has recently announced a new .xxx domain specifically for adult content online. Basically a safe place we can store porn on the internet away from our children. What’s interesting though, is that a .xxx domain are by definition associated with pornography and smut, that certain corporations and even people would not want to be a part of. For instance, I’m quite sure everyone’s lining up for www.BillClinton.xxx but Bill Clinton may not be too happy about it. So in light of this rather special domain name, comes a very special process that involves ensuring regular tax-paying adult content providers can bid for domain names they want, while allowing the rest of us to also work towards preventing others from getting our names tarnished with an .xxx post-fix.

So can we work on preventing my name from being associated with pornography?

Google: Typing your flight number in Google reveals the flight status

Sat, 22 Oct 2011 22:53:32 +0000

Apparently Google isn’t content being the number one place you have for your knowledge thirst. Google is working on being the number place you’d look for anything and everything, from the price of gold to currency exchange and now even flight schedules.

Typing in a flight number (with no spaces) directly into Google yields the flight status in terms of departure and arrival times. Not to mention letting you know of delays ahead of time, the flight data is pulled from flightstats.com and Google does a fine job of displaying the data directly before the query results.

Why Wordpress is so important

Mon, 17 Oct 2011 16:06:38 +0000

Imagine for a moment you’re an ancient social activist, somewhere in Babylon or Persia, or even ancient Rome, and you’ve just uncovered a secret of money laundering among elected officials. Armed with this information and a burning desire to expose the elected official you march out to tell the world of his exploits and hopefully stand over him in the expectation of swift justice to be executed.

How would you do it?

If you like most ancient social activist (if ever there were) would go out to the streets and shout it aloud, you’d meet the judges and the kings, and you may have your story heard. However, if you were known to be a troublemaker (as most social activist are) you’d probably not be taken seriously (at best) or even executed (at worst). This was how it was in the ancient world, where money bought power and the control of information was strongly held by those with power and by extension the money.

Accomplished: 1000 hits in 30 days

Wed, 12 Oct 2011 21:06:56 +0000

Mission Accomplished…GWB style!

When I started this blog on my birthday, I wasn’t so sure what was going to happen. I didn’t have a target, I didn’t have a goal and all I wanted to do was to start a website and keep it to myself.

Over time as I learnt about the awesomeness of wordpress, and the wonderful stuff you can do on the web, I knew I had to share that or at least write about it. So I started blogging about setting up wordpress blogs or Joomla on nearlyfreespeech, dreamhost and amazon web services. If you didn’t know how much I loved wordpress, let me tell you now…I Love it a Lot !!(arms stretched wide open)

So I set about a goal to create a blog that would get a modest hit rate of 1000 hits a month, and as of yesterday I finally crossed that target and now have had 1003 hits in the past 30 days….AMAZING!

Steve Jobs 1955-2011

Thu, 06 Oct 2011 08:49:51 +0000

Apple has lost a visionary and creative genius, and the world has lost an amazing human being….

3 Things Social: 6 Degrees Of Separation, Dunbars Number, Social Goodness

Wed, 28 Sep 2011 13:39:20 +0000

In the broad spectrum of the animal kingdom where you have the Lone Predator on one end and the Hyper-Connected Ants on the other , Humans are surprisingly much closer to the Ants than we are to that solitary Puma trolling the Jungles of Peru (although it may be a lot more interesting to be a puma). Humans are built (or even programmed) to be with other humans, to share our thoughts and emotions and to connect on a emotional level with others. It helps us build bonds and survive, but also has massive physiological effects on our bodies and mind.

In an amazing book by Nicholas Christakis and James Fowler that dealt with surprising power of social networks, aptly titled Connected addressed this particular drive by humans to connect with others. The book was a best-seller and even made it to Oprahs Fall Reading Guide (which means it has to be really good if Oprahs reading it).

Best File Sharing Website

Fri, 23 Sep 2011 11:11:35 +0000

A good file sharing website is hard to come by ever since drop.io was bought over by Facebook. I loved drop.io and my admiration for the design of their service goes without saying…but I’ll say it anyway.

There was a huge void for a short period, where I was struggling with things like dropbox, skydrive and even hosting my own file sharing server (here). Fortunately, for the file sharers among us there emerges from the midst a file sharing website worthy of being called drop.io’s replacement. It’s name is minus.com.

Techless Tuesday: Stress isn't just mental

Wed, 07 Sep 2011 09:37:49 +0000

I’ve decided to start a separate Tuesday posting that has nothing to do with the web or tech, I call it Techless Tuesday, and the topic of todays Techless Tuesday is something I’ve been researching for about 3 weeks now…Stress.

So what is Stress and what can we do about it.

It’s all pretty standard question but what I’ve discovered about stress really amazed me , not just about how little I knew but also how dangerous it really is. I learnt how pervasive stress can become in our lives and how if left uncheck it would invade not just our health, but our relationships with our spouses as well. Stress wasn’t some concept, stress was something real that had a real impact.

Today is the first part of a series of post I intend to do about stress and I’d thought I clear up a misconception that most people have about stress namely that the stress is all in your mind something conjured up by your thoughts, and the way to avoid stress is to ’think happy thoughts’ and ’take it easy’. Research however points in a different direction, suggesting that stress isn’t just psychological (caused by the mind) but physiological (caused by the body)

Starting your own Groupon site

Sat, 03 Sep 2011 13:13:02 +0000

My wife trolls deal sites everyday looking for deals to save us 50% on romantic dinners or 70% off on Hotel stays or even 90% off on skydiving. Deal sites like Groupon and Mydeals are popping up everywhere these days that you’d look like a fool if you bought a meal at …regular price (gasp!) .

However, if you’re not contented with just trolling the 10 deal sites you subscribe to, you might want to start your own groupon site. Think about it, it’s an easy business model, you require limited upfront capital and you’re more or less just a middle man, you’d think anyone can do it. Well it turns out everyone can do it, and a lot or people are. Here’s 3 ways to start your deal website and be on your way to Groupon like fame (or infamy)

Http torrent downloads with Torrific

Tue, 30 Aug 2011 21:42:38 +0000

I recently wrote about how excited I was to use fetch.io, but that turned out to be a bit disappointing. Recently I discovered torrific, a web based torrent download web page. It’s as good (if not better) than fetch.io. The time taken to download the torrent may not be as super fast as fetch.io, but torrific works for most torrent files and is far more reliable than fetch.io

Overall great experience, and I haven’t even mentioned the best part….it’s FREE. As in free as advice from your mother-in-law free, absolutely. I loved it, and you should try it.

The interface is simple to use, and the downloads are reliable. Premium users get to bump up their torrents but overall free accounts also get you a good dose of downloads :)

I'm an Ikea Hacker...woot!!

Tue, 30 Aug 2011 21:18:08 +0000

So I’ve just moved into my new place and my wife and I wanted to convert our upstairs hall into a study area for the both of us.

Problem is that I wanted a standing desk and my wife was having none of it. So a comprimise was in order…in this case we’d have 2 desk one for each, mine would be a standing desk and hers a regular sit-down one. I’m no master carpenter so our greatest hope was to hack ikea. If you’re wondering what hacking ikea means, well the ‘original’ Ikea Hackers says:

Yes.my : A review of Malaysias 4G broadband

Wed, 17 Aug 2011 11:51:19 +0000

I’m going a bit off tangent today and focus on Malaysias latest 4G broadband. Recently I moved house and my new area didn’t yet have UniFi, so to avoid locking myself down to contracts I decided to go for a pre-paid wireless service offered by YTL called Yes.

Initially I was a bit skeptical on the performance of yes, but it did have some things going for it. Firstly it was prepaid meaning I could terminate the usage anytime without incurring any fines. Secondly it was wireless so no wiring for my new house, and finally it a usage based thing, so if I was bit-torrenting then I could get pretty high mileage from just RM30.

Crowdsourcing: The way of the future?

Tue, 09 Aug 2011 11:49:31 +0000

So you heard about Crowdsourcing from a TED talk you just watched online, and now you’re wondering what Crowdsourcing is. Well here’s the lowdown, Crowdsourcing is a phenomena where ultra rich companies rely on many lowly underpaid serfs to gather data, process it and then produce a result where the ultra rich companies can then use to make them richer…well in not so many words of course, but obviously I’m joking.

Jokes aside, Crowdsourcing is a pretty cool thing, it’s getting the wisdom of the crowd in your decision making process and relying on the fact that many people working together can produce much better results one single person or organization can. Think of crowdsourcing as brainstorming with an unlimited number of people, and where anyone can join (and leave) the group providing you the influx (and reflux) of ideas necessary to produce truly lateral thinking.

Fetch.io : Review and Final Verdict

Fri, 29 Jul 2011 10:09:11 +0000

When I first heard about Fetch.io I was really excited, I thought finally I could collate all my downloads through one interface, and I could speed up my bit-torrent downloads by downloading my torrents through fetch.io and using blazing http to download from fetch. I was so excited I jumped on an subscribed to one month the moment it launched.

Twitter vs. News: How they reported the Oslo bombing

Sat, 23 Jul 2011 17:23:11 +0000

Working for a Multinational company means I have colleagues from all over the globe, some of whom I’ve developed a friendly relationship with, friendly enough to ‘friend’ them on facebook. Today I received the tragic news of the Oslo bombings not from CNN or BBC, not even from the Google news, but over a facebook status update from a colleague of mine in Norway. The sad news of such an atrocity was heart-wrenching, but in the midst of this I decided to do a small study to see how twitter was reporting the news as opposed to the usual mainstream internet news companies.

So going online I searched twitter for Norway and saw the very first tweet on the list, a condolence message from BO himself:

Placing thumbnails in your RSS feed: Wordpress Hack

Tue, 19 Jul 2011 21:02:54 +0000

My wordpress RSS feed has always been a bit dull without the accompanying pictures I scour flickr for. However, today there is promise as I stumbled across a post by the wordpress geniuses at catswhocode, there was a wordpress hack to include pictures in your RSS feed, and all it requires is to post the following code into your themes functions.php file.

How to hack passwords with just a login script: Predictable passwords and how we choose them.

Tue, 19 Jul 2011 11:03:57 +0000

Troy Hunt a Software Engineer, Microsoft MVP and the genius behind the website www.troyhunt.com, did a huge analysis on recent password hacks on Sony and Gawker to come up with a pretty daunting conclusions on how people choose passwords and why email accounts are easily hacked.

My Friends been hacked on Hotmail

Tue, 19 Jul 2011 10:20:56 +0000

When the web was starting up and I was still using a 14.4kBps line for dial-up I used hotmail as my default web-based email service. Back then it gave out nearly 4MB of storage (wow!), then about 5-6 years later I migrated my email account to Yahoo Mail! as it offered nearly 250MB of storage, finally about 2 years later, I switched to Gmail that offered 2GB of storage, and I haven’t maxed it out since (it’s nearly 7 years of email now).

Google went the way of Apple, instead of supplying mediocre storage Google supplied 2GB and made Gmail accounts invite only, which took a while to get viral but it eventually did. Apple did the same thing when they launched the 20GB ipod back when iriver was offering paltry 128MB.

loads.in : Let's you know how fast your page loads across the world

Fri, 15 Jul 2011 16:13:36 +0000

Want to figure out how long your site loads across the globe. This great app called Loads.in provide a simple straightforward interface to time your webpage load time from various locations across the globe.

Besides having a very apt url, loads.in actually has a great looking design. The app is design to do one thing and one thing only, and that’s to let you know how many seconds your webpage will load depending on location. I found the app pretty impressive and would definitely recommend giving it a go to see how fast your page loads.

Fox News Twitter got hacked, claims Obama is dead

Mon, 04 Jul 2011 16:51:12 +0000

Fox news, the great TV channel that brought us the Simpsons and Bill O’ Reilly today had it’s twitter account hacked. Hackers manage to break into @foxnewspolitics twitter account and start posting bogus tweets, one notably about an assassination of Barack Obama. The hackers painstakingly painted a picture of Obama dying from two shots to the head over the course of 3-5 tweets separated by a couple of minutes.

fetch.io is launching! Is it worth it?

Mon, 04 Jul 2011 08:38:47 +0000

Recently I registered at fetch.io for a free account to try out it’s service. For those who don’t know, fetch.io was a site that ‘fetches’ files for you from rapidshare, megaupload and a host of ofther file sharing websites and ‘Full Speed’. What that means is, no waiting 5 minutes for the file to begin download or throttled speeds. Fetch.io will get the file at full speed and store it on its servers for you to download. You can then download the file…once again at full speed (presumably).

Malaysian Governments Rm1.8million Facebook page: Utter Rubbish

Thu, 30 Jun 2011 22:22:53 +0000

It’s not often I get to write about 2 topics I’m deeply passionate about, politics and technology. So when I got wind that my very own government (whom I voted against by the way) spent nearly USD600k on a facebook page you can imagine how I blew my top. Now let’s be honest, RM1.8 million isn’t going to make Malaysia bankrupt but it does represent huge amount of government expenditure into something that cost peanuts to develop.

notes.io : A great way to jot down notes online.

Tue, 28 Jun 2011 08:54:04 +0000

Notes.io is a great simple online app that allows you to store your notes in a quick online interface. Of course you’re wondering why you’d need a note taking app when you carry your iPhone or Blackberry all over the place, but notes.io offers a couple of cool nifty features that make it quite practical.

Coolendar: Wonderful Calendar App

Wed, 15 Jun 2011 11:51:52 +0000

Google just added appointment slots to their online Calendar in their quest to successfully emulate MS Outlook on the cloud. Quite frankly, Googles getting pretty good, I can organize my whole life online and now with appointment slots I can allow people to book my time online, just like they would do with a MS Outlook Meeting Request.

For those of us who miss the good ol’ days of pen and paper though (like me!!), there’s a spectacular app that does just the calendar bit and nothing else. It’s call coolendar and it’s really cool (pardon the lame pun)

Visualizing the Twitter Universe

Thu, 09 Jun 2011 14:55:38 +0000

Nathan Yau, the guy over at Flowing Data (an amazing blog), recently posted about a website called tweetolife that allowed you visualize tweets by either gender or by hours. So for instance a simple check on the word ‘shopping’ allows you to see what words were most associated with shopping on every tweet sectioned out by gender. For instance Men are more likely to tweet about shopping portals, or amazon or cash. While women are more likely to tweet about dresses or their parents (weird!). The data itself isn’t complete but it does let you kill about 10 minutes of your time trying to figure out the twitter universe. I had a fun time looking at the differences between men and women, confirming my suspicions and creating doubt in some others.

Why you should never post anything into Public Space.

Mon, 30 May 2011 06:59:31 +0000

A lot of people seem to think that you can get away with loading files into public space and that no one will see them until I send someone a link.

That’s WRONG!!

Should you apply for the same job twice?

Fri, 27 May 2011 13:44:03 +0000

You’re probably wondering, what Anne Hathaway(pic) has to do with applying for the same job twice. Well more than you might think. Read on for more.

Should you apply for the same job….twice!!

Entrepreneur or Employee

Wed, 25 May 2011 01:47:33 +0000

A lot of people think you’re either an entrepreneur or an employee, but whether you own your own company or work for one, you’re both. However, with the recent economy both state-side and in europe (greece,portugal,spain,iceland), some employee-minded people are finding it tough to get jobs.

Over here in Malaysia the job market seems to be picking up, but even then you never know what might happen. Starting up side projects that have little to do with your career path could be an answer to these problems, my wife use to run an online makeup retailer called simply-naturale.com. I’m starting up a new project called jomlunch, over at jomlunch.com. While these are all still new, I believe starting up projects is one of the best learning opportunities you’ll get.

The limits of Facebook, LinkedIn and Twitter

Thu, 12 May 2011 16:01:33 +0000

Facebook has a 5000 Friend limit, meaning you can’t have more than 5000 facebook friends, and once you hit this limit Facebook won’t let you have any more friends.

Being an excel guru, I knew that older versions of excel had a 65,536 row limit per worksheet. That meant you couldn’t store more than 65,536 rows in excel, the geeks among us would recognize 65,536 as a 2 raised to the 16th power, so the number itself suggest it’s a system limitation that prevented excel from exceeded 65,536 rows. Facebook on the other hand has a very nice round number of 5000. That suggests that is was a very careful design consideration to limit the number of friends you have rather than some database limitation. Personally I don’t even have 1,000 friends so it’s unlikely to bother me, but it did bother quite a number of people who now have turned to fan pages to broadcast their message on facebook.

LinkedIn reaches 100 million members

Tue, 19 Apr 2011 09:42:47 +0000

According to the LinkedIn blog, LinkedIn that ever popular ‘professional’ facebook like thingy now has more members than the population of Australia, Malaysia, Singapore combined. LinkedIn has grown to a more niche social network that proves Facebook isn’t the only kid on the block, and niche networks like LinkedIn do have a future, for instance we’re more likely to search for a job/talent via LinkedIn than via facebook, and for the most part it’s probably better to keep our social (facebook) and professional (linkedIn) lives separate.