Answering the tough questions: Watson vs. Humans

IBM have always been on the cutting edge of innovation, they’ve moved more becoming merely a computer company to  what is probably the first truly all encompassing technology company, they don’t just make fancy gadgets or shiny tinga-ma-jigs, they make actual solutions for real-world problems.

In 1996, IBM introduced the world to Deep Blue. Kasparov met Deep Blue and wasn’t impressed, he had no reason to be, he defeated Deep Blue 4-2, and walked away comfortably.

However, in 1997, IBM re-introduced the world to the 2nd version of Deep Blue (unofficially named Deeper Blue), and this time Kasparov was beaten –but not by much. Kasparov is the Tiger Woods, Pele and Michael Jordan of the Chess world, and he was beaten by a super computer with 11.38 GFLOPs of power.

In turns out though, we had nothing to be afraid off, Chess is after all a pretty simple game when you break it down, the number of possible moves are finite, together with the number of possible scenarios to play out. It’s not an easy game to master, but as it turns out playing chess is infinitely easier than just plain talking.

In fact, of all the talking games, Jeopardy seems the most difficult. At the end of this post, I will make an argument to show that Jeopardy — a simple talking game — is about 6,500 times more difficult than Chess (a game we often associate with genius). Turns out Kasparov has to bow to Ken Jennings. Continue reading

Cracking Passwords with the Cloud

I  remember my computer security professor telling me that encryption doesn’t make it impossible to decrypt, but rather infeasible to decrypt. Nobody is going to buy a supercomputer to crack your final year thesis, simply because the data isn’t worth nearly as much as the cost to crack it–thereby making it infeasible.

With cloud computing, however, end-users and regular joes like us, have access to very very powerful machines for a fraction of their actual cost (since we’re only renting the machines). Couple that with the high scalability of the cloud , it means that what was previously infeasible, is now a very viable option. In fact what used to be only available to big corporations and governments, now has become available to anyone with a credit card and Amazon account.

I’m not talking about complex mathematical approaches to breaking encryption either, I’m talking about the standard brute force method. Brute Force basically involves trying every single possible password until you eventually find the password that works. In the past brute force wasn’t considered a valid option since trying all those passwords which number in the hundreds of billions, would require a very powerful computer, and most people–not even criminals, had access to that sort of computing power. However, with the advent of cloud computing, powerful hardware is suddenly becoming more available to the general public for low-down prices. What use to cost tens of thousands of dollars per server now cost just 2.60 an hour to ‘rent’.

What if we could use the power of the cloud to crack the average level encryption we have on our zip or excel files? Well it turns out, we can, and it’s results are ridiculous! Continue reading

Evidence Act Technological Misconceptions: A response to Rocky and Fatimah

The government has finally ‘relented’ and now wants to ‘discuss’ section 114A of the Evidence act 1950. Now it’s great because it proves beyond a shadow of a doubt that:

1. The internet can be used for fantastic good.

2. The general Malaysian public can make a difference in the governance of the country.

My website also had the pop-up banner, and according to Google Analytics, all 300+ people who visited yesterday were at least enlightened by it.

However, there are some misconceptions about the act, or more specifically misconceptions about the technology behind the internet. The only reason, I’m writing this post is because yesterday morning RockyBru posted up content by a blogger named Fatimah Zuhri, defending the act. Why on earth would a blogger defend the act is beyond me, but it became clear that her understanding of key internet concepts were way off the mark.

From a technological perspective, she was advocating from a point of ignorance, and Rocky whose a popular (or unpopular) blogger/journo only served to spread these misconceptions. I hope to point out how it is very difficult to pinpoint the origin of an anonymous or malicious post, and how shifting that burden to the ordinary citizen is unjustified.

So let’s start with the Post which you can read here, although for your sake I wouldn’t suggest it. Partial contents of the post is quoted in here as well. Continue reading

Maxis Fibre to the Home (FFTH) : Why you shouldn’t get it

Imagine buying a house from a housing developer who insist that even after you’ve bought the house the developer will be allowed access to your downstairs bathroom. So that even after you’ve bought the house and moved in and got that nice kitchen cabinet design you’ve been eye-ing, the developer can still access your downstairs bathroom, no matter what. Worse still, the developer then decides to turn your downstairs bathroom into a public toilet.

Sound crazy right?

No developer would ever convince me to buy a house under such conditions, but Maxis seem to think they can push through something very similar in their Maxis Fibre to the Home (FTTH) Agreement. Before you sign up for your Maxis Home Package, you’re presented with a single page document to sign. The document basically states that you agree to the Maxis terms and conditions (T&C). A single page document sounds rather minimal, until you realize it’s a single page of 2955 words. Maxis squeezed 2955 words onto one page through a straightforward method of reducing the font size, basically making the agreement even harder to read–but you should read it, because point 6 of the Customer Terms for Maxis states: Continue reading

How SSL works: A presentation on Slideshare

Slideshare.net is a great tool to share presentations on the web. Think of it as the youtube of powerpoint presentations. I was toying around with my preview version of Microsoft Office 2013, specifically Powerpoint 2013, and I thought I’d create a new powerpoint to illustrate what I described earlier this week about How SSL works. Hope you guys like the powerpoint presentation, I was just toying around, using simple block diagrams and icons borrowed from Amazon Simple Icons for AWS.

Just like youtube, slideshare is a free service. However for larger presentations (with Hi-Def Photos) or even videos, you may need to buy the Pro Version which enables up to 100MB uploads per presentation.

By the way, I absolutely loved Powerpoint 2013, I thought it was just an amazing tool. My two favorite features were the auto-align and spacing which make it easier to draw block diagrams like the ones in my presentation that are equally spaced and aligned, trust me, that makes the presentation look far more ‘professional’.

The second feature was the File button, no longer drops down a menu, but takes you to a whole new screen, that enables you to save the presentation to your ShareDrive. Even the Beta version of Powerpoint feels far more cleaner and intuitive than my current version of Office 2007. I guess Microsoft has come a LOOOONG WAY in 6 years, good one on you Microsoft.

Google: Lazada.com.my Malaysia is hosting Malware

Lazada Infected by Malware Warning from Google

Lazada.com.my contains malware. Your computer might catch a virus if you visit this site. Google has found malicious software may be installed on your computer if you proceed.

WOW, Lazada Malaysia apparently has been infected with some rather nasty infection. My version of Google Chrome prompted this when I tried to visit the site today. Hope everything is alright over there in Lazada headquarters.

In fact, Google is populating it on their search results as well, must be a rather nasty one:

 

It can get really nasty trying to disinfect a site. Good luck to the guys over at Lazada, what’s more worrying if Lazada actually carried credit card and personal data, I wonder if they secured it thoroughly and whether this breach could point to something even more serious over at Lazada headquarters.

We can only wait and see.

Update 1: Digging deeper

Further checks on the Google Safe Browsing diagnostic report for lazada.com.my reports no malicious software present:

Of the 793 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-07, and suspicious content was never found on this site within the past 90 days.

So what could be the issue? Well according to Google and some searches I made, Lazada is hosted on Rackspace servers in Hong Kong, and Google have reported that these Rackspace servers were used to serve up malicious content to users:

Of the 1484 site(s) we tested on this network over the past 90 days, 9 site(s), including, for example, chinafpga.com/ourebiz.net/,devicewell.cn/, served content that resulted in malicious software being downloaded and installed without user consent.

The last time Google tested a site on this network was on 2012-08-07, and the last time suspicious content was found was on 2012-08-06.

Could it be that Google is wrongly penalizing Lazada just because it shares the same servers as suspected malicious sites?

We’ll have to wait and see. This could prove very damaging for a lot of sites hosted on IaaS providers like AWS and Rackspace. Especially if you can get penalize just because you’re on the same network as malicious sites.

On a flip side, Firefox users don’t see the warning, but the “This site may harm your computer message” still appears on the Google Searches.

Update 2: Problem resolved

Ok, the problem seemed to be neither the fact that Lazada was hosted on Rackspace (sorry guys!) or that it had a link to offerstation.com (an infected site).

I’m not entirely sure what the problem is, but it seems to be resolved now. Google has also updated it’s safe browsing diagnostic page to reflect the breach. Now a quick check on the Lazada.com.my safe browsing page reveals:

What is the current listing status for www.lazada.com.my?

This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 811 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-08, and the last time suspicious content was found on this site was on 2012-08-07.

Whatever it was the problem looks to be resolved. I can’t help but wonder what it was…

Would someone from Lazada help me understand what went wrong here?

To view the full Google Safe Browsing Diagnostic page for Lazada.com.my, enlarge the image below:

Google Safe Browsing diagnostic page for www.lazada.com.my

HTTP vs. HTTPs : Why SSL and TLS are important

I was looking for some detail on Maxis Fibre to Home service until I came across this while trying to to access the Maxis Customer Forum online:

In the early days of the internet, all the data flowing through was done in plaintext, this meant that everything flowing on the internet was fair-game for anyone to hijack and view. It was akin to sending postcards all around, all the post-men and intermediaries could view the entire contents of your messages because it was out there in the open, no need to open sealed envelopes. So everything from your letters to your uncle Bob or your resume for a new job or even your most intimate personal letters could only be sent via postcard–anyone could read it.

There was a strong requirement however to design a mechanism to encrypt data flowing through the internet, because unless you could encrypt data, personal and credit information couldn’t (or rather shouldn’t) have been trasmitted across the internet. So it was important that someone somewhere figure out how data on the internet could be encrypted to enable things like online shopping, social networking, even simple email. So sometime in the mid-90s Netscape (the default browser at the time was Netscape Navigator), took up the gauntlet and invented SSL.

At this point, I’m also reminiscing the days when browsers were actually pay-ware rather than freeware. Remember when Netscape Navigator Gold used to cost money? Continue reading

MSC Cloud Initiative : Why it’s a bridge too far

Why does Amazon–arguably the biggest cloud player in the world–choose to launch it’s Asia-Pacific Offering in Singapore rather than Malaysia? One would think that the prohibitively high prices of land in Singapore, coupled with it’s higher base cost and employee wages would make Singapore a terrible place to put up a Huge Datacenter comprising of thousands of Servers and HVAC units.

Just to compare Malaysia and Singapore, you can build data centers in Malaysia for a fraction of the cost, coupled with cheaper labor and support cost. Our subsidized power, also means that Amazon could benefit from lower electricity bills. Best of all, Malaysia and Singapore, aren’t really that far apart, so why setup shop in Singapore for something that relies on high volume and low cost? The answer is quite simple–Singapore is where the Internet is, or rather that’s where the data flows through. The internet is the information super highway, and just like any other highway the 3 most important criteria for setting up business on the internet is location, location,location. Continue reading

NFC page hacked

National Feedlot Corporation Logo hacked The guys over at the NFC can’t really catch a break. The National Feedlot Corporation have had a lot of bad luck lately, but I guess when you get an RM250 Million dollar government loan when you’re wife is a Government minister–you’ve probably already had your fair share of good luck.

With the recent arrest of Rafizi Ramli, the up and coming PKR young gun–the SGP Cyber Army decided enough was enough.

Who is Rafizi you ask? He’s the guy who debated with Khairy in the UK, he’s the guy who spearheaded the attack against the NFC, he’s the guy revealing documents about George Kent and the LRT project, and he’s the guy proposing abolishing the ridiculously high taxes Malaysians pay for cars. Yeah–all of that comes from one guy–Rafizi, and right now he’s being charged under a law no one except Bankers give a crap about.

So with his recent arrest, some hackers in his defense–decided to go on offense, and they set their eyes clearly on a big target–no not Sharizat–but the NFC website, and boy did they hack it well. Continue reading