Digi begins April Fools day a bit early

Digit Vintage Phone April Fools

Everybody’s favourite yellow Malaysian telco decided to start April Fools day a bit early today–either that or somebody in Digi went a bit crazy, and who can blame them with all those yellow men running around the office an’ all.

Anyway, they offered a ‘vintage’ phone offer that includes phones like the Nokia 3310,  that comes with interchangeable covers, clock and alarm and best of all–an awesome snake game!! For the low low price of just Rm1499, you get the phone and 30GB of data–although that may a bit of challenge to use the Data, given that the phones pre-date not just 3G or LTE–but EDGE as well.

I personally enjoyed the joke, and actually reminisced about my old phones–ahhh those were the days.

Check our more of Digi’s Vintage Phone Offer here.

TOGAF Certification : Finally I’m TOGAF certified

TOGAF Certification Results in Malaysia Finally after a year of procrastinating I finally sat for my TOGAF exam. I’m glad I finally did it, but I should have done it much earlier.

A lot of people wonder what TOGAF really is, TOGAF is an acronym that stands for the The Open Group Architecture Framework–yes it’s a mouthful and you’ve probably never heard of it before, but I personally believe architecture is a great place to be in these days, and ever since I moved into solution architecture (slightly more than a year ago) I’ve never regretted it.

Studying for the exam was straightforward enough, and the entire exam takes about 2.5 hours, not bad in comparison for the 4 hour PMP exam or the 3.5 hours for the CCBA. However, where TOGAF slightly differs is the fact that the certification involves two exams, aptly called part 1 and part 2.

Part 1 consist of 40 multiple choice questions, and unlike most other examinations this one has 5 possible options. In my opinion this is actually the harder of the two exams, but this one is a pre-requisite for part 2. If you fail part 1, you go home.

Part 2 consist of 8 ‘complex scenario questions’, which unlike the straightforward questions in part 1 consist of a complex scenario and 4 possible answers. However, the scenarios are quite elaborate AND take time just to digest and read –let alone answer. Once you’ve digested and truly understood the question, there’s still a matter of choosing an answer from a list of 4 possible answers–the only catch is that the answers aren’t right or wrong–there is a gradient to the answers and only the ‘fully right’ answer scores you full marks, the other ‘partially right’ answer score you fewer points. The last thing to note about part 2 is that it’s open book, which is helpful only if you know where to find the information from the 700 page TOGAF documentation. Continue reading

Malaysian Education System : Seriously flawed GTP report

In conjuction with the release of the Government Transformation Project Annual report, the Star today reported:

The Malaysian education system is on track to becoming among the world’s best as stringent monitoring is in place to ensure its success under the Government Transformation Plan (GTP).

“The rate of improvement of the system in the last 15 years is among the fastest in the world,” the GTP report said.

Malaysia also ranks among the top in the world for equitable access to education.

The only question left to ask is what the hell are the guys over at the GTP smoking? A very quick reading of the GTP report reveals the following:

Malaysian Science, Maths and Reading Scores TIMSS

*picture taken from the GTP report itself and modified in no way

I’ll let you judge for yourself.

If Malaysia has indeed experience (in the words of the GTP report)  one of the fastest improvement in the world over the last 15 years– we must have really SUCKED 15 years ago. Which is just about the time I was in school — and I am absolutely sure I don’t suck … at least not that bad. For instance, I knew that Carbon Dioxide was CO2 when I was in school.

Recently, I was a bit harsh with a Malaysian Insider reporter for going a bit overboard with her reporting -but this is beyond manipulative reporting, it appears the GTP guys must have spent a lot of money and effort developing this report– and yet they failed to see such a glaring issue. It’s either we accept that the Malaysian Education System 15 years ago was slightly better than drip feeding your kids heroin, so that even though we ‘improved‘ we’re still in the bottom third–or we accept the far more plausible explanation that we have actually fallen-back over time and are nowhere near being the best in the world.

To me, this is wishful thinking, and while education should not be measured based solely on the academic achievements of students in just 3 areas–the fact that we fail so spectacularly in these 3 subjects is something of great concern. What’s even more concerning to me, is that the entire GTP report makes no mention on how it hopes to address the low scores in Maths and Science–someone in government must think Maths and Science isn’t a worthwhile pursuit. To make such a glaring omission and then have the ‘guts’ to display our failures in Maths and Science–and finally have the arrogance to proclaim we’re on track to be the best in the world….

It’s distasteful, upsetting, manipulative, deceptive and downright STUPID!

MCMC screw up press release

So after the furore over the Malaysian Insider article that wrongly accused the Government of using spyware on its citizens, the MCMC rightly issued a press statement denouncing the article.

Unfortunately, even the MCMC has to do some reading up a bit before it post up press releases. According to the MCMC press release which you can read in it’s entirety here:

MCMC has also conducted a review of currently available information and we have found that the server that is allegedly hosted in Malaysia also has similar Internet Protocol (IP) addresses linked to a commercial webhosting company called GPLHost which has similar IP hosting in Australia, Singapore and the United States. We have also found that the server that is claimed to be in Malaysia appears to be registered to a company called Iusacell PCS. Further checking of Iusacell PCS indicates that it could be a Mexican mobile operator.

Unfortunately, this was due to mis-print on the original CitizenLab report, where they wrongly attributed the Mexican Mobile operator as the owner of the Malaysian servers. They corrected the error on the 15th of March stating:

Corrections (15 March 2013):

* The table of FinFisher server IP addresses has been revised since the original publication. Due to an issue during formatting, Ethio Telecom was incorrectly identified as being in Estonia rather than in Ethiopia and Iusacell PCS was incorrectly identified as being in Malaysia rather than in Mexico. The IP range 117.121.xxx.xxx corresponds with GPLHost, which is located in Malaysia.  Iusacell PCS corresponds with 187.188.xxx.xxx and is located in Mexico.

This was quite a rookie error, it’s actually quite simple to reverse lookup an IP address and determine which company owns a specific IP domain. In fact, there’s a whole bunch of websites online that offer the service for free–and the MCMC have the gaul to say “We have also found that the server that is claimed to be in Malaysia appears to be registered to a company called Iusacell PCS.”

No you did not FIND anything–you just read it online!! The fact that the MCMC itself can’t tell that a statement in their press release is contradicts itself from a technical perspective is both worrying and upsetting–but mostly upsetting. How can a local regulatory body mess up such a basic fact-check. To simply blame Iusacell PCS is as irresponsible as reporting Malaysia uses spyware.

Charities at the scale of Apple, Google or Amazon

We often talk about how where the next Apple, Google or Amazon will come from, rarely do we ask ourselves where the next Red Cross or Salvation Army would come from.

What’s even rarer is the question of how we can get our local NGO and charities to stop being Jaguh Kampungs and start being real world-changers that affect change in the areas of their focus.

Dan Pallotta thinks he has the answer, but it involves giving up some of the deeply entrenched notions we have around charities are start looking at charity in a more holistic way.

Activist and fundraiser Dan Pallotta calls out the double standard that drives our broken relationship to charities. Too many nonprofits, he says, are rewarded for how little they spend — not for what they get done. Instead of equating frugality with morality, he asks us to start rewarding charities for their big goals and big accomplishments (even if that comes with big expenses). In this bold talk, he says: Let’s change the way we think about changing the world.

Everything the donating public has been taught about giving is dysfunctional, says AIDS Ride founder Dan Pallotta. He aims to transform the way society thinks about charity and giving and change

Malaysian Cyberwar: Is it an external war or is it civil

The Cyber War between Malaysia and Philippines
A really piece written by Asohan Aryaduray on DigitalNewsAsia some time back talked about how the CyberWar between Malaysia and the Philippines was going on, and how he wanted government agencies to step up the security of our digital assets (or at least start the discussion). Asohan claims that Malaysia perhaps has “the most number of government and quasi-government agencies looking into cyber-security for a country this size; it is time for them to put their heads together and harden the nation’s cyber-defenses.” 

He ends with a rather poignant phrase: It’s war, gentlemen, and it’s time our agencies got cracking.

I’m not so sure it’s war–even less sure we should get the government involved.

If he calls the attacks by Malaysians on Pinoy websites (and vice-versa) a war, then what’s currently going on with the DAP website is a sign of not just war–but a digital civil war, with internal actors, attacking local sites.

TheStar last week reported that the:

DAP has claimed that its websites have been attacked and forced to shut down since last Friday.

National publicity secretary Tony Pua (pix)said the party’s official website, dapmalaysia.org, and its Malay portal, roketkini.com, were incapacitated by denial of service attacks (DDOS) on March 8, 10 and 13.

While TheStar doesn’t report it, but other newsportals claim Pua was blaming political foes for the attack. For the most part this is quite common, we’ve seen Malaysiakini go down a few times, and various other pro-opposition blogs have taken some hits. This of course is even more interesting because Krebsonsecurity.com blogged that he was a victim of not just a DDOS attack but Swatting as well. Continue reading

Malaysian government using spyware against citizens? No, not really.

FinSpy server found in MalaysiaI’ve been pretty busy the past few months, and my post count has been pretty low, and although I just returned from a 2 week trip abroad and am now flushed full of work, I decided to burn a bit of the midnight oil today because the Malaysian Insider completely pissed me off.

It all started with an article from Lim Kit Siangs blog, which read “Malaysia uses spyware against citizens, NYT reports“. The post was merely a cut-and-copy reproduction of a Malaysian Insider article that had the same headline. The headline really got my blood churning and it was followed up with an even more mouth watering opening paragraph:

Malaysia is among 25 countries using off-the-shelf spyware to keep tabs on citizens by secretly grabbing images off computer screens, recording video chats, turning on cameras and microphones, and logging keystrokes, US newspaper the New York Times (NYT) reported yesterday.

….

Global human rights group Human Rights Watch said in its 2013 report that Malaysia has yet to ratify core human rights treaties, despite being a member of the United Nations Human Rights Council.

It added that Putrajaya continued to violate the rights to free association and public assembly last year, besides decreasing freedom of expression by amending the Evidence Act.

….

Unfortunately folks–this article is dead wrong. Not only is it deceiving and irresponsible, the fact that it appears on a news portal (rather than a personal blog) is terribly upsetting. The author of the article Boo Su-Lyn isn’t a freshie journalist either–you might remember here from the time she snuck into a Puteri UMNO meeting to report on what was said behind the walled-doors of UMNO, that was an impressive piece of journalism. This article however, is just a pile of bullshit–topped up with ignorance and sprinkled with deception.

*I’m just guessing of course that the Boo Su-Lyn that snuck into UMNO is the same Boo Su-Lyn here.

An Introduction to Spyware and FinSpy

Probably good to start with a short intro on Spyware and Finspy. Spyware is merely a generic term used to refer to malicious software that tries to infect your computer and perform various ‘nasty’ things. These ‘nasty’ things range from the harmless pop-ups of adverts to the not-so harmless stealing of personal data. Spyware has been around almost as long as the internet, and usually spreads via emails and thumb-drives, but mostly it rears its ugly head when you visit free porn sites — somebody has to pay the hosting bill for all those videos right?

FinSpy however is in a class of it’s own. According to the NYT article “FinSpy is spyware sold by the Gamma Group, a British company that says it sells monitoring software to governments solely for criminal investigations.”

The only problem is, some governments view political opposition as a criminal offence, and Gamma Group has sold this piece of spyware to these ‘questionable’ governments. The spyware is professionally built and masquerades as a JPEG picture. We aren’t talking about some high school kid writing code here, this is hardcore Enterprise-level spyware. For the more technical understanding of FinSpy, take a look at a full blown report by Citizen Lab here. (note: this is not meant for the layman).

In fact, Citizen Labs are the people to first break the news about Malaysia being involved in all this hullubala!!

So what has Malaysia got to do with it

FinSpy wouldn’t be any good unless it was sending data back to its master, all that spying would be worthless unless the spy-er got a hold of the data it wanted to spy on in the first place. On the internet, the most sensible way to send the data back would be to route it to a server somewhere (let’s call them FinSpy servers), and it’s here that the Glorious Name of our Marvellous nation gets sullied.

Back in August 2012, the New York Times reported that FinSpy servers were popping up in 10 countries–fortunately Malaysia wasn’t on that list. Things have changed though, the latest report from Citizen Lab reports that they found a FinSpy server–on a Malaysian IP!!

That single factoid, that a FinSpy server was hosted on a Malaysian IP is all the evidence we have that the Malaysian Government is spying on it’s citizens. Needless to say that’s not exactly a solid foundation for such a dramatic accusation.

Boo Su-Lyn needs to read the reports properly

So let’s get this straight. I’m a part-time blogger, up to my neck in assignments, and in about 1 hour on Google I can easily say that there is no evidence to say that Malaysian government was using spyware on its Citizens. Just because one FinSpy server (out of 25 found) happens to be hosted in Malaysia doesn’t mean the government is using it. How is it then, that a journalist–possibly a full time one– can’t find the time to properly check her facts before making such accusations–when I can do it in 1 hour.

Nowhere in the NYT article does it say Malaysia was spying on it’s citizens–although to be fair, the title of the NYT post did say “Researchers Find 25 Countries Using Surveillance Software” which isn’t accurate either. The accurate title would be “Researchers find FinSpy servers in 25 countries”. Just because a country is hosting a server doesn’t mean it is spying on it’s citizens.

So let’s look at the facts:

Facts About FinFisher & FinSpy in Malaysia

Fact 1: Citizen Lab reported that they found 33 servers in 25 countries.

Fact 2: By their own admission they admit the list is possibly incomplete “due to the large diversity of ports used by FinSpy servers, as well as other efforts at concealment

Fact 3: Citizen Labs goes on to clearly disclaim that “ a discovery of a FinSpy command and control server in a given country is not a sufficient indicator to conclude the use of FinFisher by that country’s law enforcement or intelligence agencies. In some cases, servers were found running on facilities provided by commercial hosting providers that could have been purchased by actors from any country

Fact 4: The initial NYT report that found the first 10 servers–found them hosted on Amazon EC2 instances. Instances even I can procure with a credit card.

Fact 5: The Malaysian IP (though not published in full) belongs to a company called GPL host.

Fact 6: GPL Host has a partnership with TM in Malaysia for their hosting (which explains the Malaysian IP).

Fact 7: Eight FinSpy servers out of the 33 found were hosted by GPL Host. Only one of these servers was from Malaysia

Fact 8: The Malaysian IP is in the 117.121.240.X range. The other 7 FinSpy servers exist in nearby ranges, and are hosted in the US, Singapore and Australia. All of the servers in the 117.121.X.X range are hosted by GPLHost.

Fact 9: GPL Host is a Hosting company, which means anyone with a credit card can procure a server within their IP range for use. (which includes their Malaysian IP range).

Fact 10: Just to reiterate, Citizen Lab (who’ve done extensive research here) claim “in some cases, servers were found running on facilities provided by commercial hosting providers that could be purchased by actors from any country“. These include commercial hosting providers just like GPLHost.

Conclusion

It’s far more likely, that there is just one actor here, procuring servers from GPLHost and running FinSpy for one operation in (possibly) just one country–than it is that each of the 8 GPLHost servers are run by 8 separate individuals across 4 different countries–and all 8 of them just ‘so happened’ to pick this one obscure hosting company instead of something more common like Amazon EC2.

It’s also far-fetched, based on this data to conclude that “Malaysia is using spyware on it’s citizens” when it’s far more likely that Malaysia is merely a hosting ground for an overseas operation. I could be wrong–but as far as I can tell–no one has found an instance of FinFisher targeting Malaysian citizens. Let’s be honest la, do you really think the BN government has the technical know-how to pull this off?

Finally, the entire article was written with an intention to deceive. There is no way a definitive conclusion could be made from the data given and then Boo Su-Lyn goes on to sprinkle excerpts from the Human Rights Watch–which is valid but obviously has nothing to do with the article in question. The Human Rights quote isn’t mentioned anywhere in either the NYT article or in Citizen Lab. The allusion is clearly present, and I for one don’t appreciate it.

Now you all know me, I’m by no means the biggest supporter of the government. In fact, I much rather vote a Parang Wielding Rhesus Monkey than anyone from BN, but reporters have to be fair–and when they mis-report news on technology, I view it as my responsibility to set them straight!! (and it’s not a responsibility I take lightly).

So take note Ladies and Gentlemen–there’s about as much proof that your friendly neighbourhood BN government is spying on you as there is proof of a human colony on Mars. It is POSSIBLE, and indeed quite exciting to think about–but ultimately the evidence is inconclusive and nothing suggest it exist.

*image shamelessly stolen from the Amazing people at Citizen Labs who wrote the original report https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/

Is the MCMC going to ‘monitor and control’ or is it going to ‘censor’

A week ago, I wrote about the MCMC was planning to ‘monitor and control’ the internet, but just today I looked at my RSS subscription and notice that the Malay version of the press release used completely different words.

While the English version of the Press release used words like ‘monitor and control’, the Bahasa version used the term ‘memantau dan menyekat’. The term ‘memantau dan menyekat’ more appropriately translates to ‘Monitor and Block’ or ‘Monitor and Censor’ rather than ‘Monitor and Control’.

There has to be some reason why the translation wasn’t as accurate as it could be. Someone should remind the MCMC that the MSC Bill of Guarantees aptly prevents internet censorship and no government agency has either the mandate or the right to censor the internet–least of all the MCMC.

Can Malaysia produce the next Facebook or Google?

Can Malaysia produce the next Facebook or Google?

The short answer is NO.

The longer answer is HELL NO!

One of the things that pushes my buttons is when people talk about how Malaysia can produce the next Google or Facebook like as though creating a world renowned tech brand is like winning a lottery–submit enough entries and you’re bound to win it sooner or later. These people dream, and they dream a lot, from reaching 1% of the global cloud market, developing 5 companies with revenues of at least USD100 million or the most usual dream of them all–for Malaysia to produce the next Google or Facebook.

While all of the nice plushy dreams sound good to a lot of people, the reality is that Malaysia as a far away from realizing this dream as we are from winning the Football world cup–technically it is possible, but no one would be betting money on it (except possibly the Singaporean bookies).

In order to understand how a multi-billion dollar company is created, we can easily re-visit the creation stories of these companies and try to find some similarities that are common across them. So that’s what we’ll do… Continue reading

MCMC looking to ‘control’ social media at GE13: A worrying trend

Bernama (an official government news channel) yesterday reported that the MCMC is “looking at suitable methods to monitor and control the use of social media in the 13th General Election (GE13)“. Deputy Information Communications and Culture Minister Datuk Maglin Dennis D’Cruz said this was “to ensure that the social media would not be abused by irresponsible quarters to achieve their own political agenda“. Datuk Maglin then quickly goes on to shameless promote the BN by saying that “Therefore, the public, especially the young voters should be wise enough to do their parts in selecting the right government with vast experience in managing the country, so that their future will be secured.”

I’m not going to revert into conspiracy theories here, but this is a pretty scary development. Firstly, it’s not the first time the government seems to be misusing the MCMC, previously it sought to use them to curb the supposedly prevalent Lesbian, Gay, Bisexual and Transexual (LGBT) culture online. Then back in 2008, we saw the government use an MCMC directive to instruct local ISPs to block Malaysia Today, which was then a popular anti-government blog. All of this could be construed as a indirect intention to censor the internet through the use of government agency that has no mandate nor authority to do it.

What Datuk Maglin is suggesting is a complete block of social media sites during the General Election.The reality is that there is no way to partially block or censor distinct parts of social network sites like Facebook or Twitter, these websites were designed to be one giant application standing on themselves, they weren’t designed to be modularized and cut up into small chunks that could individually be blocked on their own. The best way–the ONLY way to control social media is to block it of in it’s entirety and that is completely unacceptable that a person of Datuk Maglins position make such irresponsible claims.

Pakistan, till today still blocks youtube, denying their nearly 176 million citizens access to Gangnam Style and Harlem Shake (oh the humanity!!).  So when we say Psy is a global phenomenon, we might want to check if the 176 million people in Pakistan know about him. China continues to block Facebook and Twitter, forcing their entire population to use local variants of the social networks whose server resides completely within the great firewall–this makes control far easier than trying to control applications that reside in America. These countries aren’t interested in partially blocking facebook, they’re looking at a complete block of social networks that could threaten the political survival of their masters.

So what exactly is Datuk Maglin talking about when he says we need to ‘monitor’ and ‘control’ social media? When he refers to politicians abusing social networks for their own political agenda–does he also include the Barisan Nasional politicians, and wouldn’t that also include the Prime Ministers twitter account with 1 million ‘supposed’ followers? Would we want to ‘monitor’ and ‘control’ that? Doesn’t he have a hidden bias since one of those politicians using social media for their own political agenda happens to be his boss, and his bosses boss?

It also seems hypocritical for Datuk to talk about political agenda, when he himself is a member of a political party aligned to the ruling coalition. It seems even more suspect when politicians seek out to ‘regulate’ other politicians whose views don’t align with theirs. We’ve seen this throughout history before, when a government looks to censor information it usually results in a self-serving policy not to protect the citizens of the country, but rather their own political survival.

Plus, this could easily be counted as internet censorship, something the government has promised not to do as part of the MSC Bill of Guarantees. Are we a government or a nation that reneges on it’s promise? That we so easily forget promises cast in stone to prolong the political survival of a shaky government? Are we nation so afraid of change that we would sacrifice our freedom of expression and our right to access social networks so that a archaic group of politicians can keep doing what they do?

We cannot stand by and let ourselves be bullied by government agencies with political agendas. ISPs and Telcos should choose to neglect and defy any government directive to censor the internet as it clearly violates the governments promise to both the foreign companies investing in the MSC–and the people of Malaysia.