2014/08/25

my advice to speakers

My advice to speakers : Don't use 3-D graphs or charts to describe data. 2-D charts are good enough. 3-D charts are visually distracting and add only junks but no value to your presentation.

 

2014/08/21

強烈譴責港鐵殘害生命

強烈譴責港鐵殘害生命。衆生皆平等,動物都有血有肉,有父母所生。撞死唐狗那位港鐵車長,願你和你的家人一樣被車撞死,早落地獄

2014/08/20

唔信我,出事了。


我都叫咗啲大戶,即大屏幕用戶,不要隨便落 patches,落之前要測試清楚。唔信我,出事了。
 
 

2014/08/04

leap second

This picture contains thousands words. If you understand it, you have definitely suffered from it before. Even there were a lot of crashes, I still think that time belongs to the Earth. It does not belong to GPS or atomic clock systems.


2014/07/30

掌握新智識

終於體會到,在一個無時間迫切性、無壓力的環境下學習和掌握新智識是人生最大享受,勝過去外地旅行。

2014/07/24

poor 802.11ac router design

 My advice to WiFi router manufactures: If you can not provide high-performance gigabit ports on the LAN side and WAN side, do not attempt to put your 802.11ac wireless router in the market. It is just a waste of time, money and technology. The one I give below is a piece of shit !



2014/07/07

450 Mbps LTE download speed

If a mobile carrier has 20 MHz bandwidth in each of the 1.8 GHz, 2.1 GHz and 2.5 GHz bands, it can offer 450 Mbps download speed by Carrier Aggregation across different bands in LTE-A network. Any such resourceful carriers in the world?

2014/07/05

惡警犯法,罪加一等!

PC 21276 殘害和平表達素求及手無寸鐵嘅公民,證據確鑿,惡警犯法,罪加一等!


2014/07/01

IT Voice 之恥

IT Voice 之恥,你去死啦!


2014/06/28

Chrome flash plugin

Google makes Chrome a piece of shit by embedding its own flash plugin into the browser which crashes with Adobe plugin. Chrome does not know which one to use !  I need to manually disable the embedded one.  

2014/05/03

燕窩真的有療病和補身功效嗎?

一位親友想用萬多蚊買燕窩,被我勸服及制止了。其實已經有很多科學證明,燕窩只是普通蛋白質,跟食雞蛋一樣,完全冇療病和補身功效,大家不要再做蠢事了。

2014/05/01

RFC 1918 address leaked out

What the hell is that?
[localhost~]# dig a +short mail.hkbn.com.hk
192.168.99.100

RFC1918 address leaked out ? Misconfiguration ? Or an authoritative name server serving both Intranet and Internet ?

2014/04/25

.xxx generic top level domains

Whether you like it or not, ".xxx" triple x top level domain has been in services for over 2 years. Of course, it is for pornographic websites only. I like the idea because only a simple filtering mechanism can be used to ban children from accessing adult websites.

2014/04/22

DNS reply larger than 4096 bytes


I thought I would never be able to generate a DNS query with reply size larger than 4096 bytes. I was wrong ! Just look at this.

[warren@dnssec ~]# dig any doc.gov | grep SIZE
;; MSG SIZE rcvd: 9735

Of course, the reply has to fallback to TCP instead of UDP. Thanks to US Department of Commerce for letting me to play around with this.


Hackers, don't use this for amplification attacks.  You will fail.

2014/04/17

Q1 2014 DDoS Attack Report

Thanks to Prolexic (part of Akamai) for sending me this Q1 2014 DDoS Attack Report. I love this more than Akamai's State of the Internet Quarterly Report.

















Fuck you, China and USA for generating 40 % of world's attack traffic.



2014/04/13

Historical heartbleed vulnerability

I need to make myself more competent on Openssl and TLS after the discovery of this historical Heartbleed Bug. I hate to learn and practise again but there is no shortcut.


2014/04/10

heartbleed bug

Announcement : If network administrators have difficulty to check whether their SSL private keys are affected by the heartbleed vulnerability, they can send me an email attaching the keys and let me know the websites. I will check for them, free of charge, of course.


2014/03/30

VPN for my mobile phone

不要再懶,起番個VPN 比自己手機在大陸番牆上 facebook, 雖然手提電腦可以用SSH + Proxy Server, 始终都覺得不夠用.





2014/03/22

home routers as open resolvers

A friendly note to home users with broadband routers : Quite a large number of home routers in use for years have open resolver fault. Please go to 

http://www.thinkbroadband.com/tools/dnscheck.html

check your router status and upgrade the firmware to plug the hole.
By having your router as an open resolver, you are helping cybercriminals to launch DDoS attacks.














This is evidence of ASUS RT-N66U routers able to do DNS amplification attacks.



2014/03/18

Open resolvers again

I repeat my statement again: Don’t compare open resolvers with Google Public DNS (8.8.8.8 and 8.8.4.4) and OpenDNS, they are not the same.  Google and OpenDNS have all sorts of security features that are beyond imaginations.