WEP, or Wired Equivalent Privacy, is a wireLESS standard for protecting data transmited over a WLAN network. Since wireless signals run over the air, they may be tapped easily. These data may include your login credentials to websites or application, sensitve emails, etc.

WEP uses a key which the user must enter into the router as well as all participating nodes. The key is then used to allow the user on the network and subsequently encrypt all trafiic using the key. Users will still be able to descrypt and see the data sent by another user on the same network, just as if the user had physical access to the Ethernet wire on the wired version. The problem with WEP is that it is not secure; by intercepting a big number of encrypted packets a cracker is able to crack the key used. There are also other known problems with WEP that cannot be solved with a bigger key.

After discovering this major security problem, WPA (Wi-FI Protected Access) was quickly created to replace WEP. As the 802.11i specifications was complete, WPA2 was introduced to comply with the new standard. WPA allows for two modes of operation, a “Personal” mode, where a Pre-Shared Key (PSK) is used for authentication and encryption, or an “Enterprise” mode where a IEEE 802.11X authentication server is used. [1]

The personal mode works similar to WEP, all users enter the “Network Key” to gain access to the network, then all traffic is protected. This scheme is suitable for home networks and small offices, where there are few machines and seldom changing.

No chance to try the authentication server mode yet…

[1] Wi-Fi Protected Access – Wikipedia, the free encyclopedia

Was recently introduced to a streaming TV application that allows you to watch overseas channels. Turns out it is based on the popular BitTorrent technology for streaming. What’s interesting about this form is that it has inverse properties of traditional Internet broadcasting: In traditional (uni-)broadcasts, the less people watching, the better the quality. The more people watch, the quality drops. Using BT, the more people watch, the better is quality, since there are more peers on the network and everyone becomes a re-broadcaster.

It also just takes a simple subscriber to the desired channel service to be the source. Despite only one source, if the content is popular (such as soccer matches), the peers will quickly help to make the swarm very big. It also does not matter if the original source bandwidth is not that high. As long there are enough people in the swarm, and you have a good download bandwidth, it is more likely your stream will be served well by the other peers.

Yes, like many others I have realized the troublesome-ness of posting code in WordPress. There’s no need for me to re-iterate the problem since this site [1] has done it perfectly I feel. The Problem analysis, Alternatives such as off-the-shelf plugins, selected Solution, Usage and Tests look just like a perfect project to me.

However, the plugin didn’t work for me at first, nothing was being escaped at all. The same symptoms appeared. The plugin didn’t work with WP 2.0’s WYSI[N]WYG editor, and there was advise to disable the editor under the post comments. Despite disabling it at Options>Writing, the Visual Rich Editor still persistently appeared! Finally this quicktip [2] taught me the correct way to disable it, so now I am writing without the Visual Editor! I’ll probably be better staying this way with the TechBlog due to the amount of code I post.

[1] WordPress Plugin: Code Autoescape
[2] QuickTip: Turn Off WordPress 2.0 Visual Editor

The Taiwan earthquake that occured late last year showed the world how dependant they were on communications technology. However I was thinking more about the lessons that this event brought about…

The Internet was designed to contain redundant links. It was supposed to withstand breakdowns within the network. And it did have redundant links through other continents and countries. Why did a single point of failure cause a drop in more than 50% of connectivity across Asia? Why was so much traffic preferred over the Taiwan link? Was it because it was cheaper so everyone turned to its link rather than the others? Was the Internet backbone design flawed to allow Taiwan to connect so many links?

I understand certain organisations or telephony networks might be directly connect to those links, but what about the rest of the major ISPs? I would expect slowness but not a breakdown such that it may cripples economies due to lack of financial information getting across. In fact economy crippling might be even on a terrorist agenda. (No I’m nothing near one.)

Perhaps, and hopefully, I’m just missing some information that gives me this mis-interpretation.

Update: According to this report [1], economical factors are preventing the network to be laid the way they should. I should have guessed.

But nature’s precise targeting alone cannot be blamed for Wednesday’s virtual blackout. It costs up to US$500,000 ($767,000) to lay a single kilometre of cables. Thousands of such kilometres were laid in the 1990s, but the returns dried up and no one was keen to pour money into fibre-optic activity for years. The next wave of investments is overdue, and just earlier this month a consortium announced plans to spend US$500 million on a high-speed undersea link directly between the United States and China.

Source: Channel News Asia

[1] The cable disconnect: Channel News Asia

I’ve gone one round from a simple blog+wiki to trying MediaWiki, then XOOPS, now finally back to WordPress. After listing my requirements of chronological and categorized articles it seems WP has what I need and is easier to setup and customize as compared to the wiki and CMS.

During the process I tried the XOOPS news module and a variation of it know as the Article Management System (AMS). They could have sufficed for categorized articles, but I also need a blog-like interface, which I tried XPress – WordPress for XOOPS. It was simply a wrapper and could switch between the XOOPS and WordPress styles. Pretty impressive to me. Since I’ve migrated my older posts into the wrapped WP it should be easier for me to move posts over to the current WP.

Posts in WP are stored in the “wp_posts” table, or whatever your table prefix is. This includes your Pages, so be careful not to have duplicated IDs over at both sides. For a clean migration you’ll need to delete both the example post AND the example About page. Then, export the wp_posts data from the old blog and import it into the new blog.

Categories are stored in the “wp_categories” table, and linked to posts via the “wp_post2cat” table. This is due to the many-to-many relationship between categories and posts. The table has 3 columns, the first being a running number, the 2nd and third columns are the PKs of the category and posts table. Also, if the categories don’t match the new database, be sure to also update the category_count column in the wp_categories table. Mine was empty so the category didn’t show up on the blog and the category admin page showed 0 posts on the category.

Finally remember to set the correct time difference on the Options page before you begin migration, or you’ll end up with screwed up old posts like me…

No posts for the whole of December – because of several reasons. One being the festive season I spent less time at the computer so there’re less stuff to write. Second and more importantly I registered new domains and was busy migrating stuff over. Currently the forum and blog migration is complete, I’ll need to move the wiki stuff into this system as well.

Will be writing more about the new stuff after migration. In the meantime, have a happy 2007!

There was a problem using Solaris’ tar as it had problems extracting Apache Tomcat that had files in deep directories inside the tar. It happily truncated the name and created a weird “@LongLink” file outside.

Following suggestions from Google to use GNU tar instead, I found all GNU FTP sites to offer the tar source in a tar.gz.

@_@

To reduce cases of phishing and sniffing of passwords in Internet Banking, banks are now introducing 2-factor authentication using a little security device. You press the only button and a 6 or 8 digit passcode appears, which you have to enter after your username/password.

In this way hackers not only must know your username and password, they need to gain physical access to your device to complete the stunt. Similarly only getting your device doesn’t give the hacker access to the account.

But how does the device work? How does it generate the number? Is it unique across so many devices in circulation? Can the algorithm be reproduced?

Little information has been provided, probably in hope of less attempts to break it. However, as history shows, security by obscurity will never work. From the information gathered, the device contains a clock, a unique serial number and the algorithm. When the button is pressed, the algorithm takes the serial number and clock as input to generate the number. Since the server knows the time and your serial number (based on your username/password) the server is able to perform the same calculation to verify the numbers entered.

What I felt intelligent in this algorithm is the use of time as input. This means the numbers are only valid for probably the minute the button was pressed – you cannot just remember 1 set of digits and use it every time you login. Instead you are forced to press that button every time.

[1] http://in.answers.yahoo.com/question/in … 355AAe8u8T
[2] http://www.hsbc.co.nz/nz/security/osd/default.htm
[3] http://www.hangseng.com/hsb/eng/onl/sec … x01.html#1
[4] http://computerworld.com.sg/ShowPage.as … issueid=91

On this blog [5] the author feels the device is an overkill. He compares it to another secure account that he has that does not require the security device.

However I feel that despite user education, not all may be able to maintain the rules of thumb. Users who change passwords frequently do not remember their passwords (I have a perfect example for that). With the increasing number of internet applications and passwords to maintain, if every application forces users to change their passwords so regularly, users end up wasting time changing system passwords every other day, and forgetting that password soon after.

Layman users may also not know if they are on a secured or unsecured connection, or if any part of their connection is unsecure. Even if the system is his personal desktop that no one else has access to, it is not guaranteed to be free from keyloggers. With the security device the account is more protected since keyloggers are no longer effective.

[5] http://technobiography.edongskey.com/ne … ty-device/

This tool allows you to change your Windows XP registration key:

http://www.magicaljellybean.com/keyfinder.shtml

A “tutorial” or introduction can be found at:

http://www.shivaranjan.com/2006/09/18/h … formation/

Based on information on:

http://support.microsoft.com/default.as … us;Q328874

According to the 2nd link, it is legal to use the tool in the 1st link, since the method has been publicly describied on the 3rd link. The tool simply implement the method described.