Nonsequittal Rumblings

I let kojih.com domain name expire… and left it expired for over a week. Ouch, that hurted when I realized it. But how wonderful is DNS caching… kojih.com continued to work until today. Yay, internet.

But I need to manage these things better. I host my mom’s e-mail address on this domain… now she’ll never have to switch her e-mail address when she switches her ISP. And it’s free for her. And it’s all made easy, because Mozilla Thunderbird is translated in to Japanese too. ….as long as I keep kojih.com up to current, that is!

First Swede Prosecuted For File Sharing

By itself, the news isn’t too big. It’s just another case of pirate being caught. But it’s the method used that’s questionable. An unconfirmed report (I read it on faireal.net, a Japanese site) says that APB, the anti-piracy bureau (Antipiratbyrån) was using an agent who acted a part in the file sharing community. 68000 titles of games and stuff!!! A thought of cyber-Jack Beuer came to my mind, but heh… this is just insane. Even Jack wouldn’t go THAT far.

w.tf – Yes, theoretically, it’s one of the shortest internet addresses that can and does exist.

The other day, couple of us were talking about a possible top level domain (TLD) name, “.of”. Such TLD can create some unique and fun URL’s, just like people did with “.to” TLD. Unfortunately, there is no such TLD exists. “.tf” does – it’s registered to the Southern French Territories. And w.tf is really an registered address, and a site exists (although not much there). what.tf is not registered yet. Anyone want to get that address?

Spyware on My Machine? So What? (found through slashdot)

This is a scary notion – people are giving in to the adware products willingly. They’re just giving away their personal informations, online behaviors, and what not… Where did the notion of privacy gone anymore?

As an opensource lover, it’s a pretty painful blow. People are very unaware of the free software that’s really free, with no catches.

On top of that, it’s scary that people are more willing to install these software on their work machines. Not only they don’t care about the privacy, they don’t care about the company confidentiality either? Hrm!

I’ve once used this quote in my blog:

Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

Now this quote is taking a completely new meaning. Whoa…

I just fell prey to a simple worm… How could I allow myself to such an easy pitfall? I feel like an ass now. I’m going to stay out of IRC for a day or so…

When more and more data are exchanged between the different parties in digital format, especially over some networks such as the Internet, data security becomes a big concern. My entry about phishing is one of those concerns. And to better protect the confidential information, some systems implement a system that lets password expire every so often, unless you change it to the new password before that expiration data.

Such is the case at where I work, and this includes all the passwords used within business applications embedded in them. And we had a fiasco because of it this morning – 1 password expired, and that broke one of the main pages on our extranet site, as well as a part of the intranet. It took about 2 hours to fix it all. Since it is relatively low profile web site (we only got under 30 inquiries while it was down *sigh*), the impact is somewhat small. I can’t imagine such thing happening to a major sites that we ALL might be using, such as CNN or BBC…

So, a question : would it be better to take the security as top priority, or take the smooth running of business application?
For example, from my view point, Microsoft took better application was picked over the security. I saw this in their Office application – they put more ways to automate tasks, and to integrate different systems together. Including their Visual Basic macro system, integration of HTML in the e-mail system, better coupling of Internet Explorer with Windows operating system as a whole, etc… This just opened up a whole bunch of security holes. (The lack of security awareness on the end users also is a concern, but we won’t talk about it here.) In the beginning, it all makes sense – you can automate things better, things run faster, and you get to be more productive. And more productive you are, you’re doing more good to the entity you are working for.

At the same time, if all those things you’ve worked for also leads to security compromise, that’s a problem. If the lack of the security system loses the trust of your business partners, what would happen? Lost business opportunities, lost revenue, all those bad things. So, the answer is simple – the security must come first, no exceptions.

That’s why the expiring password, in this case, is actually a good thing.

Still, having one of the major communication device also hurts our business. We can’t just say we just have a good security system. There must be a well-established business practice to support such scheme to prevent any system outages – better communication, better documentation, better process streamlining, etc. Yup… that’s what I’ll be working on today…

Aaaah, yes, I finally got first phishing e-mail in one of the inboxes I use. Yup, it was very deceptive at first glance. It had CitiBank logo. The e-mail said it was sent from CitiBank. It says “Recently there have been a large number of identity theft attempts targeting CitiBank customers.” (And now that I typed it up, I notice a few grammatical errors, that should have given away that it’s not official…)

Then, I read on to the sentense that said “In order to safeguard your account, we require that you confirm your banking details. This process is mandatory…” Wait a sec! Mandatory? Hm. We don’t have CitiBank account using this inbox. That raised my suspicion. Then I saw the e-mail title – “CitiBank – 0fficial Information”. Did anyone catch that? Yes, that “0” is not “O”. Then the whole thing broke loose. The message I was reading was not written. It was all an image with the text on it. Clicking on what it looks like a legit CitiBank website URL won’t take me to CitiBank site, it will go to some phishing server. Blah.

Well, I’m glad I caught myself.

Just couple months ago, I bought a new hard drive, along with a hard drive case, so I could make my own external hard drive unit. It works really well for me, with the combination of USB2 and firewire.

Yesterday evening, as I was driving back from dropping my daughter off with her mother, I noticed my windshield was filthy. It was covered with the dead insects. That hinted me with one fact – it’s going to rain soon. Some people knows that when the insects/bugs are flying low, it is going to rain soon.

And yes, it really did, and brought some thunder and stuff a long with it. That also meant that there is a great chance for power blackout or brownouts. And, no, I didn’t think about that when I was driving back last night.

Right before I went to bed, I started encoding Runaway Jury, using this external drive. There must have been a brownout over night.

The PC kept running, because it’s plugged in to the back up power supply. I like my UPS for this reason. But my external drive sort of failed, because it was not receiving the grace of the UPS. Well…. duh. Why didn’t I think of that before? Now I need to go back and figure out which power cord goes with which device, so I can plug this good, trusty drive into the power backup system. Oh, pain in the behind…