Earlier this week I attended a MDeC organized private meeting with Richard Stirling from the Open Data Institute (ODI).The ODI is an institution that hopes to promote the ‘open data’ culture, and founded by a giant of the Tech world, Sir Tim Berners-Lee, which you might remember for inventing a small little thing we call the world wide web.

The meeting was attended by just a handful of folks, some of whom I recognized from a previous Seatti conference I attended, with the audience and topic focus on Open Data (and Big Data) in Malaysia.

The conversation was really good, and broadly speaking touched on 3 key topics. Most of this post is a re-hash from my failing and aged memory, but there's a clearer version of the minutes here from the amazing people of Sinar Malaysia if you're interested in the specifics.

It’s now almost two years on, since that fateful day at the Mira Hotel in Hong Kong when Edward Snowden divulged secret NSA documents detailing unlawful and on-going spying programs carried out in the name of security.

Sure we knew the government had 'a' spying program, and we've all seen Hollywood movies with fictional technology that allowed governments to carry out un-restricted surveillance,  but no one in their wildest dreams would have imagined a government having access to ALL phone calls, ALL e-mails, ALL text messages and ALL transactions...and then storing that information for ALL time.

What we've learnt so far is that the NSA had executed bulk surveillance on the American people (and us poor non-Americans as well) across all channels of communications including phone calls, internet searches and e-mail without a proper court warrant, congressional approval or oversight of any kind. Particularly strange for a country whose own constitution protects the rights of citizens against illegal searches and seizures. I'm no lawyer, but even to layman like me, the bill of rights looks like a masterpiece, and the fourth amendment is a beautifully written piece of law:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

-4th Amendment to the Constitution of the United States of America

In other words, if you want to search smartphones, computers or e-mail accounts, you'll need a warrant. And the law goes on to state, that warrants can only be issued, upon probable cause, that must be affirmed by a Judge providing the necessary oversight. Finally, even after a warrant is issued,it must state the place of the search and things to be seized. A warrant shall not act as a blanket approval for law enforcement to look through all aspects of the citizens life, but only that which is explicitly stated in the warrant.

[caption id=“attachment_4859” align=“alignleft” width=“256”]

Apache runs nearly 50% of all active websites[/caption]

Recently I moved the hosting for keithRozario.com from a regular hosted platform called WPWebhost to my own Virtual machine on digitalOcean. The results have been great, but the migration process was a bit tedious and took some effort.

I thought I’d share my Apache configurations, so that if you’re thinking of hosting your own WordPress site on an SSL server, you’ll at least have a solid base to start off from. I’m by no means an expert here, but this is what makes sense to me, and if you have any feedback please let me know in the comments.

So let’s start.

keithRozario.com has a new look, and I can hardly contain my excitement.

The blog still retains all its previous content and more glorious content will be on its way, for now take a moment to savour the brand new theme which hopefully is cleaner and easier on the eyes than my previous blogs design. Also enjoy my complementary TLS connection (notice the httpS connection instead of just http) which means you now have a fully encrypted tunnel from your browser all the way to my new server in Singapore, and to round things up, the blog should be much faster now that its hosted it's own dedicated server.

Today I read that our beloved Education Minister is ‘SHOCKED’ that Malaysian students are not on par with their foreign counterparts. 

Shocked? Really?

Just 2 years ago, the good Minister was proudly proclaiming that “The Malaysian education system is on track to becoming among the world’s best”, and this was backed up by a Government Transformation Project (GTP) report.

The US Government host a really cool website called “We the People”, that let’s users petition the US Government for various things. It’s a cool website, because you get really cool request on it.

For instance, in 2013, more than 34,000 people petitioned the US government to  “Secure resources and funding, and begin construction of a Death Star by 2016″, which triggered a response from the Government that was one part Star Wars Fanboy-ism, and one part Science lesson.

Those were exceptions though, the vast majority of petitions are political in nature, with the most popular petition requesting the US Government to formally press charges against 47 Members of Congress for their role in under-mining a nuclear agreement with Iran.

So it was natural that the former US Ambassador to Malaysia, John Malott create a petition to "make the release Anwar Ibrahim a top priority for US policy towards Malaysia". This Petition was then picked up by the likes of Lim Kit Siang and begun garnering significant attention from the Malaysian online community.

Last week was a pretty exciting week for me--it was my first time on TV.

A TV show called VBuzz that was hosted on a Astro Channel 231 called me to be a guest to talk about Cyber Security, obviously I make it point to try new things and let's be honest....how many of you would turn down a chance to be on TV? I mean this is Television, if you're on it you must be good right?! Even if it is a Tamil channel, and it's on at 9pm, I thought this would be exicting...and it was!

Anyway, they scheduled me in for a show on Tuesday, and I happily took some time off work to go down to their studio and all was really great. Until....

The first thing they told me was that I couldn't talk about the recent MAS hack, because they were afraid. The Obvious question I had was--afraid of what? Apparently, MAS was a Government Linked Company, and they couldn't talk bad about a GLC for fear of losing their license. Now I had no intention of talking bad about MAS, just trying to help people understand what happened in the hack, but they were still afraid. So OK, you can still have a 15 minute conversation about cyber security without talking about MAS...no problem.

So I got my 'HD' make-up on, because High Definition recording captures so much detail of your face, that they need special make-up for it. I found that quite amusing, plus I never knew so much effort and co-ordination went into making a production like this.

We started off with 'easy' topics like cyber criminals and hacking incidences, and the conversation was light and flowed pretty well, but then (according to plan) we veered into cyber warfare, which was a topic I was deeply into over the last few weeks. And out pop-ed a question like "What can governments do to ...." to which I responded that "Governments were the biggest perpretators of the crime". This didn't sit well with the producers or the writers, and at the end of the show we did a re-take of that bit, censoring out a my statement, which I maintained wasn't just true, but totally consistent with the entire show.

As the 1MDB fiasco begins to simmer over the political stove, I wanted to inject some technical information into this discussion, specifically around emails and how they’re almost useless pieces of evidence.

Just to make sure everyone’s on the same page, here’s some context.

In early March 2015, sarawakreport.org, a website run by investigative journalist Clare Rewcastle-Brown together with the London Sunday Times, published an article on controversial deal done by the 1MDB fund. At the centre of the deal was a man named Jho Low, who masterminded a sophisticated ‘wheeler-dealer’ that pocketed him $700 Million, all of which (at least according to sarawakreport.org) was siphoned from 1MDB, a Malaysian sovereign wealth fund.

Honestly, I don’t understand the financially complex deals that sarawakreport.org was trying to explain to lil ol’ me. So I’m just going to take her word here, that all the documentation that was produced leads to the conclusion that Jho Low masterminded the “Heist of the Century” by stealing $700 million through shady back door deals involving 1MDB and a company called PetroSaudi. But then of course, the question becomes, can you trust the documentation.

Reading the article you get the sense that the e-mail trail presented forms the backbone of the entire story, and if the emails themselves are not true then the entire story is untrue as well.

In either case though, let’s get straight to the point, and say that e-mails by themselves are quite useless.

I've stopped scrapping the API readings for Malaysia, as the MET department have stopped publishing historical readings on their website.

The data has been updated to include all API readings up to 01-Sept-2015, and then from 28-Sep-2015 to 03-Oct-2015. The ‘gap’ in the dataset is because the MET department changed their webpage and removed the legacy data before I could get my hands on them. I’ve written to them for it, hopefully we get a useful response. For now though, there’s 24 months of data from Aug-2013 to Oct-2015 in the dataset. enjoy!

To get all the readings by region in a single delimited file, click this link, I apologize for the messiness of the data and the files, I should tidy them up by the end of the month. Contact me directly for anything specific.

Keith

Once again, your friendly neighbourhood techie has used this powers for the good of the country.

Last September, I scrapped all the procurement data from the Malaysian’s Government MyProcurement website, this time I scrapped all the Air Pollutant Index (API) readings from the Department of Environment (DOE) website.

First off, Kudos to the DOE for keeping such great tabs on the data–overall the DOE publishes one API reading for every hour or every day across 52 locations in Malaysians. Just to put the sheer volume of data into perspective, for just one year that’s:

52 locations x 1 reading/hour x 24 hours/day x 365 days/year  = 455,520 readings.

Late in January the Malaysian Airlines website was ‘supposedly’ hacked by Lizard Squad. You  might remember Lizard Squad as the guys who ‘hacked’ the XBox and Play Station network over the Christmas holidays, and I’m using a lot of ‘quotes’ here because Lizard Squad didn’t really ‘hack’ XBox One or Playstation, they merely DDOS-ed the services.

What is DDOS-ed I hear you say?

Essentially you’ve denied McDonalds their chance to serve their customers–or you’ve just launched a Denial of Service (DOS) attack–the extra D in DDOS, just stands for distributed.

Real-Life DDOS happen all the time–what do you think the Thai Protestors were doing to Airports in 2008?

But why is this important?

The REAL motive of the Lizard Squad DOS attack became apparent some days later when they started to offer their DDOS attack as a service to paying customers. Essentially you could go online and buy their services to attack a target–maybe a competitor company, a personal blog of someone you don’t like, or just about anything. Lizard Squad were hawking their services to anyone with cash.

Some suspected that Lizard Squad were running this large DDOS attack using nothing more than home routers–similar to the ones that UniFi provides and that I demonstrated could be hacked trivially over an internet connection.