The Power of Assumption

When it comes to personal life, “assume” or “assumption” is the ugliest word. My good friend Ijoy has written about assumptions in his blog, most probably after someone assumed something that is not true about him.

WARNING: This is a partialy emotion driven post and should only be read by the open minded. Continue at your own risk.

Continue reading The Power of Assumption

When Security Is Not Secure

I was going after a moron who was disturbing my wife’s blog and reached an IP number. Utilizing nmap, I found out that port 80 on the IP is open.

-(~:#)-> nmap -A -T4 XXX.XXX.XXX.XXX
 
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-02-09 23:52 MYT
Warning: Giving up on port early because retransmission cap hit.
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
Insufficient responses for TCP sequencing (0), OS detection may be less accurate
Interesting ports on XXX.XXX.in-addr.arpa (XXX.XXX.XXX.XXX):
Not shown: 1673 closed ports
PORT     STATE    SERVICE        VERSION
25/tcp   filtered smtp
80/tcp   open     http            (GoAhead-Webs embedded httpd)
443/tcp  open     ssl/unknown
1720/tcp filtered H.323/Q.931
5000/tcp open     UPnP?
5001/tcp open     commplex-link?
5100/tcp open     admd?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port443-TCP:V=4.11%T=SSL%I=7%D=2/9%Time=499051AA%P=i686-pc-linux-gnu%r(
SF:GetRequest,18A,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\nContent-type:
SF:\x20text/html\r\nPragma:\x20no-cache\r\nDate:\x20Mon,\x2009\x20Feb\x202
SF:009\x2015:54:17\x20GMT\r\nLast-modified:\x20Mon,\x2009\x20Feb\x202009\x
SF:2015:54:17\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\r\
SF:n\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Implemented\n</title></head>\n<body \x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\x20Not\x20Im
SF:plemented</h2><h2>\n\x20\x20<p>\n\x20\x20The\x20requested\x20method\x20is\x2
SF:0not\x20implemented\x20by\x20this\x20server\.\n</p></h2></body>\n</html>\n")%r(G
SF:enericLines,18A,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nContent-type:\x2
SF:0text/html\r\nPragma:\x20no-cache\r\nDate:\x20Mon,\x2009\x20Feb\x202009
SF:\x2015:54:17\x20GMT\r\nLast-modified:\x20Mon,\x2009\x20Feb\x202009\x201
SF:5:54:17\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\r\n\r
SF:\n\r\n<html>\n<head>\n\x20\x20<title>400\x20Bad\x20Request</title>\n\n<body \x20bgcolor=\"ffffff\">\n\x20\x20<h2>400\x20Bad\x20Request<h SF:2>\n\x20\x20<p>\n\x20\x20Your\x20request\x20has\x20bad\x20syntax\x20or\
SF:x20is\x20inherently\x20impossible\x20to\x20satisfy\.\n</p></h></h2></body>\n</head></html>\
SF:n")%r(HTTPOptions,18A,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\nConten
SF:t-type:\x20text/html\r\nPragma:\x20no-cache\r\nDate:\x20Mon,\x2009\x20F
SF:eb\x202009\x2015:54:18\x20GMT\r\nLast-modified:\x20Mon,\x2009\x20Feb\x2
SF:02009\x2015:54:18\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20c
SF:lose\r\n\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Implemente
SF:d</title>\n</head>\n<body \x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\x20No
SF:t\x20Implemented</h2><h2>\n\x20\x20<p>\n\x20\x20The\x20requested\x20method\x
SF:20is\x20not\x20implemented\x20by\x20this\x20server\.\n</p></h2></body>\n</html>\
SF:n")%r(RTSPRequest,18A,"HTTP/1\.1\x20501\x20Not\x20Implemented\r\nConten
SF:t-type:\x20text/html\r\nPragma:\x20no-cache\r\nDate:\x20Mon,\x2009\x20F
SF:eb\x202009\x2015:54:18\x20GMT\r\nLast-modified:\x20Mon,\x2009\x20Feb\x2
SF:02009\x2015:54:18\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20c
SF:lose\r\n\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Implemente
SF:d</title>\n</head>\n<body \x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\x20No
SF:t\x20Implemented</h2><h2>\n\x20\x20<p>\n\x20\x20The\x20requested\x20method\x
SF:20is\x20not\x20implemented\x20by\x20this\x20server\.\n</p></h2></body>\n</html>\
SF:n");
Device type: general purpose
Running: Microsoft Windows Longhorn
OS details: Microsoft Windows Longhorn Preview
 
Nmap finished: 1 IP address (1 host up) scanned in 122.444 seconds

And so I went to look at what the HTTP server offers. It’s a D-Link DCS-950 camera, most probably port-forwarded using a router since the browsing IP from the computers are also the same.

I went to the D-Link website to look for the product manual and as I suspected it is using the default password, admin/admin. Here’s what i saw:

[singlepic=21,600,600]

Anyone recognize this place?

The point here is that a device that is intended to serve as a security tool, can also be used against you. The dumbest thing you can do it leaving your devices on default passwords.

Ha… I can see someone changing tab to open their router configuration panel which have the default password. 😉

But hey, this camera is cool. I would not hesitate to install one or two at home. It can also be a PPPoE dialer (ADSL) so it can connect directly to a modem and dial the Internet. One bad thing I noticed is that to login and browse the images you need to use IE as it utilizes ActiveX.

One Bun To Rule Them All

I went out to Subang Parade on Sunday and passed by a Rotiboy outlet. This board was placed up front:

rotiboy-one-bun-to-rule-them-all

It was interesting, funny, and scary at the same time.

It’s funny and interesting to know that whoever designed the board is a LOTR fan because that is not even a tag line (I can’t find it on the website).

It’s scary to think that there is some kind of mind control substance in the buns, and them all refers to consumers! Who knows one day with a simple radio switch, the franchisers will turn us to zombies.

Of course, I am kidding. People are particularly testy these days I don’t want a lawsuit against me!

Filters! Yahoo! I Want Better Filters!

I have been a long time Yahoo! Mail user (since 2001), and a paying customer of Yahoo! Mail Plus for 5 years+ (since 2003). There were no Gmail back then, and I needed a permanent email with POP3 access. Yahoo! slowly improved their services, although one thing that I have always been annoyed about is the unavoidable error that will be displayed if I try to access the web interface while my email client is pulling email via POP3. Every time!

[singlepic=19]

In June 2004, I received an email informing some improvements. I didn’t really noticed them, really.

[singlepic=20]

But then again, this is what I am really disappointed about. The “temporary” message has been there since the release of the new GUI.

[singlepic=15,600,600]

And here is the antique filter form. Furthermore, Plus users can only create 50 filters. What’s that about?

[singlepic=14,600,600]

Come on, Yahoo! please improve Mail. While you’re at it, IMAP service wouldn’t hurt too.

Gmail Gone Offline

I have been actively glancing over to the settings page to see whether “Offline” has been activated for my account. And it was there so I decided to activate it:

[singlepic=12,600,800]

The settings for Offline is displayed, but not changeable (except to enable or disable the feature):

[singlepic=10,600,800]

I have no idea how the algorithm selects which labels to always synchronize.

Now I have enabled it and synced the emails:

[singlepic=11]

When offline, this indicator is seen:

[singlepic=13]

When using it offline I don’t really notice the difference, except when my Firefox gave me hiccups as it try to connect to the Internet for other websites.

Another AdSense Payment

Today I managed to cash out my latest AdSense payment via Western Union. This is just to show a prove, and to motivate the unmotivated. Although the amount is not that huge, it’s still money and after subtracting the hosting cost there is some profit.

[singlepic=9,600,800]

Next objective is getting significant monthly payments (I currently put my account on hold until a few months).

Gmail Going Offline

Read the title again. Gmail is going offline soon and that’s the truth. Scared yet?

Gmail is actually testing out a new lab feature: Offline Gmail

The video featured in the official blog looks really cool, and they are currently opening the lab feature for testing in the UK and US. Seeing how many emails I store in my Gmail account, I am scared to test it out when it comes available for me. One thing for sure, all these emails require storage on the local hard disk.

The feature requires Google Gears to work, where local application files are cached in the local browser for immediate use. WordPress has this feature since the last available version and it has worked well for me.

I wonder if there is any option to only sync emails according to their age, so that I don’t have to sync the whole thing. I’ll wait and see.

Nevertheless, this is a very useful feature. Bravo!

Economy Crisis Hits Malaysia

For the last couple of months I realized that the world economy is heading downwards. Europe and America have had their worst moments, Asia had a taste but Malaysia didn’t really feel anything. To be really honest the first sign I saw was last week when they announced that around 100K people in the manufacturing industry was going to lose their jobs. Maybe I was ignorant enough that I didn’t realize of other related events happening in this country.

Even when that happened, it still has not touched my comfort level. Although I am working in an American company I trust the brand and the business nature enough. I was living my dreams, praying that nothing bad would ever happen.

On Wednesday the morning peace in my office was broken by a rumor that a team is going to be closed and the product they maintain is going to be discontinued. And to think that this was the team I tried to penetrate back in 2007 I was selfish enough to think that I am lucky that I didn’t really join them. At least 6 people left the building in disbelief (exaggeration). Of course they get some kind of compensation but I am not going to talk about it here.

The main reason that made this event scary and were able to shake my comfort wall (not only me!) is the fact that there was no sign, no hint, nothing. It was a sudden move. I have not had the chance to talk to one of them yet but I think they was not warned. Were they?

There is no secure place except if you work with a Government Linked Companies or are a Public Servant. I would like to hear from these people, whether or not they worry about their jobs?

Good luck ex-TRAK I hope you will find better Ruby jobs! We will certainly miss you.

Sun xVM VirtualBox 2.1.0

While doing some work I accidentally saw that there is an update available for VirtualBox. I was still using version 1 so I decided to download it and test it out myself. In older versions running on Windows I often get corrupted OS images after an upgrade. Not anymore. My CentOS, Debian, and Ubuntu virtual machines booted fine and faster.

Also, the host interface is now automatically bridged so there is no need for manual bridge setup at the OS level anymore. I don’t really have time to investigate further but I was shocked to see the battery meter inside the Ubuntu virtual machine was gauging the correct battery level. How cool is that?

[singlepic=7,600,800]

And here’s the meter while charging.

[singlepic=8,600,800]

The accuracy is amazing. There must be some kind of hardware interfacing between the host and guest OS provided by the new VirtualBox.

Line Numbers in EPIC + Eclipse

When I was using Europa I was baffled by the inability to get line numbers to be displayed in my Perl source codes (using EPIC). Since PDT 2.0 has been released I decided to upgrade to Ganymede (3.4.1) but I still face the same issue:

eclipse-epic-line-numbers

I was thinking that the right-click context menu might be defective so I decided to thoroughly dig the preferences.

eclipse-epic-line-numbers-eclipse-editor

Guess what? Nothing happened. I finally realized that there is a separate setting honored by EPIC:

eclipse-epic-line-numbers-epic-editor

Now I am happy. Is this only my problem or anyone out there is facing the same issue?

My overall experience so far with Ganymede is great. The software update menu works faster and the dependency solver no longer freezes my machine. Bravo to the Eclipse Foundation. I decided to upgrade my Aptana plugin as well. Let’s see how it goes.

The US Boycott Dilemma

Since Israel started to attack Gaza many parts of the world has started to organize events such as demonstration and peaceful gatherings to voice out against Israel actions, and as usual the ally – United States of America. WARNING: The fact that I am currently serving an American company might cause me to be biased and clouds my judgment.

The biggest countrywide boycott was launched against 3 major brands: Colgate (toothpaste), Coca-Cola (carbonated beverage), and Starbucks (coffee chain).

To be really honest, the first thing that crossed my mind was that whether boycotting these brands (and other brands of US origin) will be beneficial towards the objective. And my first concern was that what will happen to Malaysians who are working for these giants. Since the topic here is related directly to Islam, I am wondering how many brothers and sisters of Islam would be suffering from the loss of job that may be caused by the boycott activity. Would the effect of the boycott to the US is significant enough for us to jeopardize the life of those people we call brothers and sisters?

Don’t answer that! I don’t want to know what you think — I was just thinking aloud and asking myself.

Not surprising to me, the list is long. Major popular brands (for the mass public not only the rich and famous) in Malaysia includes KFC, Pizza Hut, McDonalds, Huggies, Maggi, Nestle, IBM, Nokia, The Sun and countless others. And I am not even sure whether sales drop in Malaysia will have any effect for those in the States — maybe they are only collecting license fees, who knows?

If any of them are only collecting license fees and the licensee in Malaysia is not doing well I don’t reckon they will give any kind of discount to the failing company. Will they go bankrupt? Fat chance. Will the license holder in Malaysia go bankrupt? Probably. How many jobs will be affected? Plenty.

I am not saying whether the boycott is correct or wrong — I am simply saying my concern for others and one day maybe myself.

The American government is doing something we don’t like, do we punish the people? Some Americans are against the US Army invasion in Iraq and the US-Israel alliance.

One thing I am sure about, I have already been boycotting Fotopages for a couple of years now. Fotopages is owned by an Israeli company called Pidgin Technologies, based in Tel Aviv. It is a pure product of Israel. Most shocking to me is that there are more than 58,000 users registered from Malaysia. Malaysia is the winner with the most users. User count from Israel is merely around 700. Some people asked me how this company would make money when the service is free?

It’s actually very simple — from traffic. The traffic generated from users browsing the photos will cause the site ranks to increase, and in turn the advertisement revenue will also be significant. The conclusion is simple: By using Fotopages to share your photos you help fund the Israel economy and in the end the attacks against Palestine. If you really want to join the fight against Israel you should start telling your friends and deactivate your account at Fotopages. Your old photos do generate traffic from the search engines. —

SpongeBob SquarePants

I have been working from home for almost a month now, and to cope with loneliness from the lack of company and with the noise produced by the work next door I always have my TV turned on while working. I used to hear about SpongeBob and I know what he is but never bothered to watch it. I stumbled upon the cartoon series once in a while at 5.00pm at TV9 (dubbed version) so I decided to watch it. Although I usually hate dubbed versions I have to say that for this series they did it pretty well.

spongebob

And now, I have learned to love Spongebob. If I have nothing important to do at 5pm everyday I will switch on TV9 and watch the yellow little guy with his friends Patrick Star and Sandy Cheeks, his colleague Squidward Tentacles, his boss Eugene Krabs, his pet Gary the Snail, and the unsuccessful rival of Eugene Krabs’ – Sheldon Plankton.

SpongeBob cartoon series is fun to watch, as the funny elements are intelligent enough in contrary to some cartoons (local and international).

And yes, in history it will be known that my first post for 2009 is about SpongeBob. SpongeBob is my hero, he made me laugh and this suppresses my desire to commit any kind of crime.

Spongebob names in other languages:

  • Спондж Боб (Spondzh Bob) (Bulgarian)
  • SvampeBob Firkant (Danish)
  • SpongeBob Schwammkopf (German)
  • Μπομπ Σφουγγαράκης Τετραγωνοπαντελονής (Mpomp Spouggarakhc Tetragonopantelonhc) (Greek)
  • Bob Esponja (Spanish)
  • SpongaBobo (Esperanto)
  • Bob l’éponge (Bob the Sponge) (French)
  • 네모네모 스펀지 송 (Ne-mo Ne-mo Seupeonji Song) (Korean)
  • Svampur Sveinsson (Icelandic)
  • スポンジ・ボブ (SuponjiBobu) (Japanese)
  • SvampeBob Firkant (Norwegian)
  • SpongeBob Kanciastoporty (Polish)
  • Bob Esponja Calça Quadrada (Portuguese)
  • Губка Боб Квадратные Штаны (Gubka Bob Kvadratnye Shtany) or simply “Спанч Боб” (Russian)
  • Paavo Pesusieni (Finnish)
  • SvampBob Fyrkant (Swedish)
  • Sünger Bob (Turkish)
  • 海綿寶寶 (Mian Qiu Fang Kuai) (Mandarin)
  • BobSfoge Michnas Meruba (Hebrew)

So in Malay language he should be “SpanBob SeluarSegiempat” ?