Two years on, teaching coding in schools declared a success

teach-codingKLANG: Two years on, the the pilot initiative to teach coding and digital security as an SPM subject has been touted as a resounding success, and the government is mulling a move to make it compulsory by 2020.

The announcement shocked parents, as out of 10,000 students who took part in the pilot program, only 10 had scored an A while the rest had failed with a grade of F.

Education Minister, Dato’ Seri Java, said that this reflects the current IT market, where out of 10,000 security consultants, only 10 will ever give you good advice.

“We benchmarked against the industry, and set the grading curve accordingly, so only a 10 students getting an A was the intention!! We can’t have cases where students just memorize a textbook and then score an A, this is not History or Geography, this is an important subject” he said, while further mocking drama and English literature under his breath.

Deputy Director of Education, Perl Ramachandran further added that instead of focusing on the 9,990 students who failed, the public should instead focus on the ‘A’ students who showed exemplary work and are were ‘bright spots’ in the dark abyss which is the Malaysian education system.

One such exemplary student was 17-year old lass Siti Pintu bt. Belakang, she had managed to install a backdoor into the MOE exam system and downloaded the question paper days before the exam. A backdoor is an application that allows an attacker unfettered access to the compromised system, and Siti managed to code one from scratch specifically for this purpose.

Already Russian cyber-criminal organizations are offering her scholarships to prestigious universities, Perl further added.

Then there Godam a/l Rajakumar, who instead of stealing exam papers, simply hacked into the MOE grading system and gave himself a ‘A’. Continue reading

More security theatre

So now, only actual travellers will be allowed into airports, and everybody else from your mother to your 3rd aunty twice removed has to say their teary goodbye at home rather than at the Airport KFC.

But why?

So that terrorist will now have to buy a ticket in order to blow up the airport? I can picture out now, “Al-Qaeda attempt to bomb KLIA foiled due to lack of funds for ticket purchase”

….riiiiggght!

Do these people even consider just how easy it is to circumvent some of the ridiculous ‘security measures’ they put in place these days.  If all it takes for a terrorist to gain entry into an airport is a plane ticket, it’s not a very tall order for them to go out and buy one, or just print a fake copy good enough to fool the security officers.

We’d be spending countless of man hours, for security personnel on entry points scanning through useless documents with no real security in return.

What a waste–just like those women only KTM coaches that do absolutely nothing. Continue reading

Just buy McDonalds

If you haven’t listened to it already, here’s a fantastic cut-down (no bullshit) version of Jim Comey’s testimony to congress, on why he recommended Hillary Clinton not be prosecuted for hosting her own e-mail servers.

For the uninitiated, while Hillary Clinton was US Secretary of State, she hosted her own official e-mail servers, and the contention was whether she was right in hosting a service that would handle classified e-mails in the basement of her house.

The politics and legal wranglings are fascinating but I want to focus on the technology.

At one point of the testimony, you can hear the shock of a Congressman that Hillary Clinton’s e-mail server was less secure than Gmail. To his credit, Jim Comey went on to elaborate that Google has a full team of security experts working on its mail servers, something Hillary could not afford, when pressed on whether he considered Hillary’s mail server ‘secure’, he answered that security “wasn’t binary”, and it’s not secure vs. insecure, but rather a spectrum of more secure or less secure.

That was a good answer.

Security is define by various factors, such as from what, from whom, and what kind of attack.

It’s very easy to look at a piece of code and determine that it’s insecure, because we know what insecure code looks like.

But it’s impossible to look any code and say it’s ‘secure’, because unless you know all the attack vectors, you’re not going to be able to determine the absolute security of any system or application.

Going back to the original point though, nobody should be surprised that Gmail has better security than anything you could build on your own. Even Hillary Clinton, with all her Clinton dollars couldn’t compete with an industrial e-mail solution from a big corporate conglomerate–and why should it?

You wouldn’t build your own car, or microwave oven, or toaster? Why would you build your own e-mail system.

A lot of people think that e-mail servers, and website are easy things to host and maintain–actually they’re not. And you couldn’t compete with the scale of services like Gmail in terms of pricing, features and security….no way jose.

Sure, we love our mother’s cooking more than any industrialized fast food, but those are the exceptions. With computers and technology, it’s often a good idea to be just like everyone else, in other words just buy Mc Donalds and be happy with it.

Highly customized solutions ‘tailored’ for your every need, are not just more prone to software errors waiting for be exploited, they’re also less likely to be fixed even if those issues are found.

I hear it all the time, people want customized websites that ‘represent my brand’, but never stop to consider the other issues at hand.

Would you ask for a customized brick and mortar shop that ‘represented your brand’, or would you be happy with a standard generic store-front that you just plaster your signboard on? A highly customized shop, that looked unique to just your brand, cost a lot of money, and that’s money only the largest companies would be willing to shell out.

If Berkshire Hathaway (with a market cap of 326 Billion) is happy with this website–do you really need anything more fancy.

That’s why I recommend people to just get a wordpress.com blog, or a Squarespace site, it’s simple, it’s secure and it’s cheap. Of course it looks like every other website out there, but hey less worries about DDOS attacks, and less targets for hackers, and you can just focus on the content–not managing the dodgy IT vendor you got to help with your site.

Differentiate on the content, not on the looks.

Rolling your own website, usually involves employing a website designer, a UX/UI designer, a coder, and infra guy, and a whole lot of invoicing that frankly 99% of people aren’t prepared to deal with. Even if you were, the cost would be 1000’s of times higher what you could get with sites like squarespace or ghost.

I’ve heard people moan that they spent RM10,000 on a website and it didn’t look pretty enough–but what were you hoping to get for RM10,000? Sure it’s a lot of money, but if you bought a RM10,000 car, what kind of car do you think you’ll get? A modern website is actually more complex than a car, especially one that is tailored to you, rather than a generic off-the-shelf solution.

A custom website requires custom maintenance, custom patching, and custom hosting–all of which require expertise that don’t scale very well. So unless you’re willing to shell out tens of thousands of dollars on something that will cost another tens of thousands to maintain over the years, do yourself a favor and just go generic.

Technology saves lives, but it isn’t perfect

What do you do when the technology turns on you?

Or when the feature that’s built to save you, is the one that might just kill you?

There’s a stark similarity between the Takata airbag fiasco, that’s already taken 2 Malaysian lives, and the lady who died in self-driving Tesla.

Both involve the auto-industry and both are technology related, but together they represent a much deeper issue at hand–despite our noblest expectations, technology isn’t perfect–but it’s better than we had before.

We’ve all been trained by Hollywood to expect perfect technology, working all the time and in every scenario, but in reality technology sometimes fails, and newer technology fails more often.

Technology endures through failures, only by our good graces, but unless we grant that grace to it, we will not progress.

What should our response to a technical failure be?

Do we insist on removing ALL traces of the offending technology, or do we accept it as a price of progress, that the occasional failure is a tax we pay to get better technology.

But are some taxes just too high?

Society might accept failing antennas on an iPhone, or even bad Google searches, but an air-bag, that might blow a hole in your chest or a car that might crash you into a truck, might be too high of a price.

So is the tax for air-bags and self-driving cars just not worth the potential safety we get in return?
Continue reading