Use less bandwidth

What shall average end users do in times of severe Internet disruption. I can figure out several ways to help :

1. Stop using P2P software;
2. Configure email client to use plain-text instead of html (html-based contents involve unnecessary bytes which are for cosmetic effects);
3. Do not access streaming videos site such as video.google.com and youtube.com;
4. Do not use ftp services;
5. Do not attach files in email;
6. Do not use VoIP phones;
7. Do not use web cam in MSN.

You may argue these are crazy ideas. But think carefully, if everyone use less bandwidth in times of crisis, we can still maintain the most essential Internet communication services.

Life without Internet

This is the first time I successfully connected to blogger.com after the earthquake in Taiwan on 26 Dec. I have tried many times but the browser just returned nothing. Over the past 2 days, we were isolated from other parts of the world. I finally experinece how diffcult life is without Google, MSN, Yahoo and their webmail service.

postcard.exe

Today, there was a Christmas greeting message in my wife's inbox. We did not know the sender. Worst still, the message said there was a personalized e-card attached in a zip file. I checked the zip file that it contained a single file called postcard.exe. This surely was a Trojan horse or malware. To play safe, I had instructed my wife and my son not to open all attachments from someone they did not know.

Carrier Grade DHCP Server

DHCP severs can not achieve a high availability of 99.99 % without the use of stand-by server with automatic failover. For hot standby, there is a design or perhaps network architecture problem that only one single DHCP server can be placed in a network. What I know is that this problem has been tackled by IETF by developing the DHCP Failover Protocol. It works this way, a main server is keep communicating with the standby server about the IP adresses allocation and the standby server will not lease IP addresses to host. When there is a problem in the main server, the standby server will automatically take over and the previously addresses allocations by the main server before failure are known. This seamless takes over can ensure the provision of carrier-grade DHCP Server.

HKDNR offers one .hk domain free for a year

HKDNR asked me to fill a customer satisfaction surey. It promised to offer one single .hk domain to the 1st 100 submitters responding to the survey.

I think I am amongst the quickest to send back the suvery form. Just now thinking of which .hk domain should I use !! Yes, I got it, simple get warrenkwok.com.hk or warrenkwok.hk. The results will be made known to me by early Feb 2007.

Mail Server and Reverse DNS lookup

It has been reported that some mail servers fail to deliver outgoing emails to other servers due to the lack or incorrect settings of reverse DNS lookup.

I try to recall my experiences about the settings of MX and PTR in DNS configuration. Woo, the IP address of the mail server should have a proper PTR record which upon interrogation, shall point to a particular hostname. The PTR does not need to be the same host name or use the same domain as the MX record. However, it does need to point to a hostname that has an A record pointing back to the same IP address.

Poor Performance of IE 7.0

Damn it. IE 7.0 is really slow in performance in browsing web pages. Perhapas, this might due to the interrogation of phishing database set up by Mircosoft prior to allowing the client browser to directly go to an individual sites. Hey man, I don't need phishing protection. The reason is I never click on links embeded in email messages which require the input of personal information. I will disable the anti-phishing feature in IE 7.0.

Another disappointment is that when ActiveX is invoked, IE 7.0 broswer hangs up occasionally. IE 7.0 and ActiveX are from the same vendor Microsoft. There should have been extensive testing on compatibility before releasing out. I just hope Microsoft can release the patches to bring IE 7.0 in a proper working condition.

Changing hostname of a server without reboot

I need to change the hostname of my server. This is normally done by editing /etc/hosts. However, the new hostname will not be effective or placed in memory without rebooting. Fortunately, the command "hostname new_hostname" help me to solve this problem. The purpose is to set a overriding hostname in memory until next time the server reboot. This feature reallys help system administrator a lot.

MOOV on 3G platform

The success of 3G mobile phone to enter the mass market hinges on content. Everybody has heard "Content is King". The lack of content is the main reason people do not like to use 3G mobile phones. PCCW might be able to change this. It has integrated MOOV, the biggest online music store with its 3G platform. That is to say, people using PCCW 3G phones can listen to their favorite music delivered from 3G platform while on the move.

I will NOT rush to subscribe to this service. It is better to wait and see how the market responds to this new development.

Bounce Spam

I have done some analysis on bounce spam.

Actually, the spammer sending out the spam has used the victim's email address as the sender and the spam message is purposely send to a non-existing users of a mail server. This is done by froging the "To: and From" fields in the email message. Since there is no such user in the receiving mail server, the mail server will perform its job to bounce-back the spam message to the email address in accordance with the "From:" field of the spamming message.

Bounce spam is a new technique not used in the past. It is found quite recently. The single purpose of using this indirect method is to circumvent anti-spam systems. Spammers know very well that IP addresses of compromised hosts, open relays and zombies are often listed in blacklist systems or can not get through reputation-based anti-spam engines .

Bounce spam is NOT effective since many users will just simply delete messages from their INBOX which say messages "Non-deliverable" or "User-Unknown". Those caring users will open and see what happen. However, it is still a valid and perhaps guaranteed means of dropping a spam message to the target recipient instead of directly sending out from open relays, compromised hosts or zombies which has a high chance of being blocked.

Election Results

It has been announced that all representatives of the pro-democracy camp for the IT Sub-sector have secured a seat into the Election Committee. This is a great news since I have casted my votes to the correct candidates. The most interesting thing is that all the 6 candidates (working level IT people) of ITVoice won their seat.

The turn-out rate in the IT Sub-sector is the highest of over 45 %. Perhaps this is due to the Richard Li's effect.

Charles Mok got 1128 votes, the highest in this sector. That's why I always say this guy never disappoints me.

選委會選舉

明天將會是五年一次的功能組別進入選委會的選舉，我提醒自己要選基層代表，不要選商界人士或企業家，以往他們在選委會已經是佔大多數。

我實在討厭這種小圈子選舉，這個所謂八百人選委會，除了選出特首外，便無任何作為，奈何這就是香港現有的所謂民主選舉。

Bon Jovi Live from London Concert

From Youtube.com, I saw some video clips of Bon Jovi's Live from London Concert dated back to 1995. Amazing, this is the best Bon Jovi's live concert I have ever seen. The concert started with the song "Living on a prayer". In the middle of the concert, Bon Jovi suddenly announced that they kicked Michael Jackson out of No.1 in the radio chart. This triggered over 70000 audiences on the floor to applauded loudly.

Without hesitation, I decide to get one such DVD from HMV.

loading new zone records without restarting named daemon

I have been finding solutions for some time how to load newly created zone records into memory without restarting named daemon. Yes, the answer is "rndc reload". A single zone can be loaded without affecting other working records like "rndc reload abc.com".

Next time, when there is a change in zone files, I will use "rndc reload" to replace "named restart" which is a bit handy.

Body Combat 30

I practised BC30 tonight at Whampao. Actually this is the launch of BC 30 in Hong Kong. Guess what. There were five instructors on the stage; Yvonne, Charles, Tina, Michelle and Sunny. Those participating members acted like we were having a great party.

In BC29, I think the most attractive move is the double chop and double punch followed by a back kick in the recovery track number 6. For BC30, the action impresses me most is the evasive sidekick. I have never imagined about adding a jump in performing side kick.

Actually, the sound tracks in BC30 are not so good. Some tracks are already used in other earlier releases. The good thing is on the whole, the body movement and actions are beautiful.

Image spam again

I try to take a thorough thinking about image spam. It is too bad for me to realize that image spam can defeat anti-spam engine in the server side apart from paralysing key-word filter or Bayesian filter in the client side. This is because in every spam generated, the image contained in it is a bit different from the other. On the anti-spam engine, file hashing can not work as the hash values of image files are not matched. I wish IT people in the email anti-spam field soon come up with quick solution to deal with inage spam. I am a victim suffering from the image spam nuisance.

IT Sub-sector Election Committee

There are 39 candidates competing for 20 seats in the IT Sub-sector Election Committee. The group IT20 nominated 20 candidates, most of them are managing directors or professors in university. None of them has said anything about competition in CE Election except Charles Mok. Great, this guy never disappoints me. Another distinguished guy that attracts my attention is Ricky Wong. He says Hong Kong needs competition for a better tomorrow.

I have made up my mind how to vote. Actually, there are not enough candidates for me to rely on. At most, I can only select 15 candidates.

6 USB port in a PC enough or not

There are 6 USB ports in my son's PC. I find that all the 6 USB ports have been used up because of the following devices and connections :

1. USB mouse
2. card reader
3. 802.11b WLAN client
4. Web camera
5. colour printer
6. writing PAD

In case of the need to transfer music to portable devices, we have to disconnect the card reader and leave the port to MP3 player. Well, of course, there is also a need for USB drive for backup or other practical reasons.

Because of the wide spread use of USB connections, I certainly think that a PC with 8 built-in USB ports is a standard entry level configuration.

Firefox 2.0 Anti-Phishing Feature

Finally, Firefox 2.0 has successfully built with user alert warning for phishing web sites. This is really great. I know that IE 7.0 will offer the same. I haven't tried it yet.

This is a screen dump of alert by Firefox when attempting to access a phishing site.

The longest domain name I have seen

I had a bottle of Heineken beer today. There was a label sticked to the bottle with the words "please visit enjoyheinekenresponsibly.com". Woo, a total of 27 characters. This is the longest domain name I have seen in commercial products. Will consumers spend time to hit 30 keystrokes just to visit a web site ?

A question arises. What is the maximum number of characters in a domain name ? According to IETF standard (forget which one), the maximum length is 63 characters. Here is a domain with 63 characters which I guess is used for playing only :

Iamtheproudownerofthelongestlongestlongestdomainnameinthisworld.com

Image spam is on the rise

At one time, spammers tried to use confusing words in message body or subject heading such as V!agr@, C alis, 0 E M to escape from being caught by Bayseian filter or key word filter that are bundled with email client. This is a game of cat and mouse chase. Spammers are already tired of this. They have come back to an old trick of image spam. All non-sense contents are contained in an image and by default, email clients and web mail interface capable of handling email in HTML format will display the image spam by default. Will end users be determined to config their email clients to only read text-based email and put image-embedded to trash ? I guess not.

Open DNS Serve again

I talked to some of my friends who are in the IT field about open DNS server. To my dismay, most of them do not consider open DNS Server to perform recursive query as a security vulnerability. I think the mind of people will only change only when there is a large scale attack associated with this unplugged hole.

Lame Server Nuisance

My server has captured a large volume of error logs related to lame server especially on reverse DNS lookup. Put it simply, a lame server is one that is not responding to a name request it is expected to handle. Network administrators are in general lazy. They do not spend effort in properly setting the reverse lookup of domain records.
For me, I have to eliminate the large volume of lame server logs. The way to do it is add the following in /var/named/chroot/etc/named.conf :

logging {
category lame-servers { null; };
};

All-in-one printer

Guess what. I bought a HP Deskjet F380 printer at HK$688. This is an all-in-one printer. Apart from printing documents from PC, it can be used as a scanner and photocopier. I never dream that the price of inkjet printer will ever drop to this low level.

Testimonial

Alen Lo invited me to write a testimonial published in i-totalsecurity web site. I accepted the invitation. This is what I have written in the URL http://www.i-totalsecurity.net/company.php#TESTIMONIAL:

"I like to thank Alen and Keith for conducting a well-organized CISSP traning course. I passed the CISSP exam on a first attempt. Apart from passing the exam, I have acquired the skills and knowledge to remain competent in the IT security field. If I can make it, so can you."

六年前的投稿

這是我六年前的一篇投稿，名為女朋友:

女朋友

我 有 兩 個 女 朋 友 ， 年 近 廿 五 ， 曾 為 花 旗 國 國 防 部 辦 事 。 雖 則 性 格 古 怪 ， 辦 事 能 力 卻 高 深 莫 測 ， 以 致 追 求 者 眾 。 為 了 接 近 依 人 ， 小 弟 勇 往 直 前 ， 併 命 追 逐 ， 放 棄 了 不 少 私 人 時 間 ， 換 來 卻 是 IT 世 界 ? 更 多 不 解 及 疑 惑 。 她 們 的 名 字 ， 你 猜 中 了 ， 是 TCP 和 ＩＰ 。

My trip to New Zealand

I returned from New Zealand after visiting the city of Auckland, Hamiltion. Queenstown and ChristChurch. In the South Island, the weather was cold in the morning (1 - 3 degree C) while temperature in the afternoo could rise up to 22 degree C.

New Zealand is a lovely country for sight seeing with plenty of beautiful lakes and snow mountains. There are a lot of fine food everywhere.

I bought a head banner with silver fern. To NZ people (Kiwi guys), silver fern is a sign of their country. Just look at what their national ruby team wear.

My photos are in the link http://www.i3way.net/nz/

Passed CISSP Exam

I received notice from ISC2 that I passed the CISSP Exam. The next step is for me to submit resume stating at least 4 years of experience related to security and find a professional to endorse my submission. The process might take another month. I am busy right now. My submission will be prepared in the coming 2 weeks.

Virus Notice

I received a strange email attaching with a virus. The sender tried to lure me to click and open the attachment. Of course, this is a trap.

------------------------- Quote ------------------------
Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

--------------------------------------------------------------------------

hacker.com and hacker.net for sale

This is not a joke. It is real. The two most controversial domain names are now open for hackers to bid :

CISSP Exam

I took ISC CISSP Exam today. The exam paper consisted of 250 questions to be completed in 6 hours. I finished al my work during the first 3 hours and I used one hour to go through the whole set of questions again. As a result, I left the exam center two hours earlier.

The questions were not really difficult but tricky. If I tried to read the questions 2 or 3 times, I could be able to pick the key words and the distractors. On the whole, I am confident that I could score more than 700 marks out of 1000 to get a pass. The results will be known to me in 4 - 6 weeks.

One thing I am not happy about the CISSP Exam is that the exam fees of US$499 and US$599 are far too expensive compared with exams conducted by other international IT bodies. If I fail, I would not take another attempt due to huge finance burden.

Most Popular Trainer Survey

California Fitness Center is now conducting a member suvery on most popular instructors. I have casted my votes for my favourite trainers as follows :

Hi Lo : Bibi
Reason : She is nice and friendly.

Step : Bibi
Reason: Her techniques make people surprise.

Cycling : Stephaine
Reason : clear instructions and easy to follow

Body Pump : Stephaine
Reason: nice and friendly smile

Body Combat : Yvonne
Reason: Best trainer in California.

Mind and Body : Yvonne
Reason: Best trainer in California

Dance : Utah
Reason: She is really a professional dance trainer.

The results will be announced in early November. I guess Bibi, Stephaine, Utah and perhaps Micehelle Dean might stand out to win some prizes. I have to pray for Yvonne.

Google + Youtube

I tried to look at tarffic graphs of Yahoo, Google and Youtube and came up with some thoughts.




There is no doubt to me that after combining with Youtube, Google has beaten down Yahoo and is now the world first ranking site.

Wooo, Youtube has an astonishing traffic growth of 20 billion hits per month.

Found DoS attack on web server

My web server logged the following attack couple of days ago :

TCP: Treason uncloaked! Peer 195.166.234.202:1473/80 shrinks window 3626183180:3626183181. Repaired.
TCP: Treason uncloaked! Peer 195.166.234.202:1474/80 shrinks window 3637349364:3637349365. Repaired.
TCP: Treason uncloaked! Peer 195.166.234.202:1478/80 shrinks window 3636828911:3636828912. Repaired.
TCP: Treason uncloaked! Peer 195.166.234.202:1480/80 shrinks window 3633561645:3633561646. Repaired.

The attacker was using a spoofed IP address 195.166.234.202 which is unallocated. In this attack, the remote host was trying to shrink the TCP window size for some malicious purpose.

To avoid any attacks involving internal IP addresses or spoofing IP address by unallocated ones, or Class D addresses, I decided to input these lists for iptables to screen them out.

Authenticaion System

Authentication is based on three factor types: Type 1 is something you know, Type 2 is something you have and Type 3 is something you are.

A typical example of Type 1 is password whereas biometrics are based on the Type 3 authentication mechanism. I can't recall any Type 2 example. Can smart card systems be one of them ?

Tiger Team

I came across Tiger Team when reading some books on computer security. Tiger Team is a team of experts employed by a company to test the security of computer systems. They are hackers with a legitimate purpose. However, the term Tiger Team is seldom used nowadays. Instead, these people are called penetration testers and security testers.

Suggestions to Les Mills

I have suggested the following songs for BC to Les Mills in their official web sites :

Track 9 - I hate myself for loving you (Joan Jett)

I can imagine lot of funs doing push up and crunch with this song following the strong beat.

Track 10 - Soldier of Fortune (Deep Purple)

This is a perfect song for the cool down part. Very gentle, soft and touching.

I think tracks for BC30 and BC31 have been selected. My suggestions, if selected, will only appear in release 32 or later.

Track Combination

She made it. Tina passed her Body Combat exam yesterday.

The track numbers for test are 1,2,7,8,9. I can imagine this kind of track combination is decided by Micehlle Dean. I really admire her talent in the selection. The reasons are :

Track 1 - An instructor must be able to tell the group how to get themselves warm up in the upper body and the lower limbs.

Track 2 - The transition from warming up to beginning to combat requires special step by step guidance. Track 2 is not really a power track but it is a step forward to releasing the highest energey later on.

Track 7 - Knowing how to lead the group to play Muay Thai in a stylist way is definitely a good attribute of an instructor as we all know Muay Thai is a great part of BC.

Track 8 - This is the last power track. It is good to see if the instructor is exhausted up to this stage.

Track 9 - Conditioning. Conditioning is important in training our various muscles and instructors must be able to show us how to perform the bicep and tricep push up plus ab crunch. Actually, I like to attend 1 hr class instead of 50-min class where the latter could not provide conditioning
training.

名氣值多少

名氣，在互聯網世界值多少？

Google 已經將答案揭開了，是120 億港元。你認為這個價錢是值得嗎 !

New freeBSD Logo

I do not like the new freeBSD logo.




Take a look at the past logo which is a smiling friendly red devil, a more appealing one.



Some said that the little red daemon did not make a professional impression. I disagreed. The logo is fine to indicate that freeBSD is in fact handling server (daemon) tasks.

Soft launch of .hk Chinese Domain Name

I received notification from HKDNR about the immediate soft launch of the .hk Chinese Domain Name. This has been delayed for 9 months if I can remember correctly. The original schedule promised by HKDNR was early 2006. Why was there such a long delay ??

The registration fee of ‘.公司.hk’, ‘.組織.hk’, ‘.網絡.hk’, ‘.政府.hk’, ‘.教育.hk’ is $200 per year; and for ‘.個人.hk’ and ‘.hk’ registration fee will be $150 and $250 respectively. I am not happy about charging $250 for a second level .hk domain registration. It should be charged at $200 only.

Symmetric key management

A general question I always have in my mind about symmetric key management is how many keys are required for a network with n network nodes. People familiar with cryptography can say right the wayit is ( n * (n-1)/2). I am too old to recall the mathematics behind it . What I can do is to draw a picture to prove that in a 4-node network, there are 6 keys required in order to help me to memorize n * (n-1) /2.



This generally raises the question of the immense difficulty in symmetric key management if the number of network node is large, lets say over 20. Yes, that's why asymmetric key in the form of a private key paired with a public key (PKI) is commonly preferred for secure communications over the Internet.

Top ranking web site

Alexa.com (http://www.alexa.com) can allow people to enter a web site name and searh the site ranking based on traffic. A couple of days ago, I thought google.com would be the top site in the world and upon submitting, Google.com was ranking 3 only. Hmmm, without hesitation, I realized that it might be yahoo.com that attracts the highest traffic in the world. Yes, the search result showed that yahoo.com had the highest ranking. The average hit rate per day is over 300 billions.

Which web site will rank second after yahoo.com ? If it is not Gooogle.com, which one will it be ?

Maximum number of virtual hosts in a single web server

I just heard that an US web hosting has over 5000 web sites residing in a single web server. I do not know if the web server has the processing power and memory to serve a large number of concurrent connections. On the other hand, if the web hosting clients know that they are in fact sharing a single web server with over 5000 clients, they can easily figure out what kinds of sevice levels they will have.

So the question is what is the maximum number of virtual hosts that can be supported in a web server. The answer is difficult to guesstimate. I guess it would be below 1000.

These days, a P4 machine with 512 MB and 160GB HD does not cost much for setting up a high performance web server. Why are web hosting companies so mean as not to set up more server. Is it related to the lack of IP addresses ? I guess not. Even if one single IP address in use, it is feasible to make virtual servers behind NAT to boost performance and number of web sites served.

Say "Aloha" to your friends

I find that many young children like to say "Aloha" instead of "hi" or "hello". This probably stems from the popularity of Disney's movie "Stitch".

Aloha is a nice and fancy word. The word "hello" has been used for many centuries. It is good to have a replacement. Next time when you see your friends, try to say "aloha" but not "hi" or "hello".

CentOS

I have tried using Fedora Core to config servers. Despite Fedora Core can offer rock stable performance, it can not be classified as Enterprise Grade OS. With CentOS, things are changing. Centos is equivalent to Red Hat Enterprise Linux but of course since it is originated from open source, there will not be any technical support. If you are competent with Fedora Core and you would like to try Enterprise Grade Linux OS, Centos is the only choice.

加州 Group X 一位教練

在我認識眾多的加州健身中心教練當中，有一位 Group X 女教練可算是用心良苦。每次 Group X exercise 之後，她總是提醒會員回家後不要吃太多飯、不要飲可樂、奶茶和咖啡，否則我們辛苦運動得來的消耗都會白費。這簡單的幾句說話，正是我們經常忽略的要訣，緊記呀！

Ngong Ping 360 Cable Car

Ngong Ping 360 has opened this month. The biggest attraction of course is riding on the cable car. This is the second cable car facility in town, the first was implemented in Ocean Park about 30 years ago. I plan to ride the cable car by early November. At that time, the weather will be the best around the year and I can enjoy a best view from inside the car.

End of Body Combat 29 launch

Today finished the 2-week launch of Body Combat 29. Altogether I attended over 10 classes in the past 2 weeks.

Overall, BC29 is a great release. Two very special tracks I like most is Wasabi and Vogue. The jump action in track Wasabi is exhaustive and facisinating. For the recovery track no. 6, seems like Les Mills like to pick Madonna's songs. In BC28, it was hung up and in this release, it is Vogue. I guess other Madonna's songs will still be selected for the recovery track in future release.

Since BC 29 is so good, it is difficult for me to expect BC30 to maintain the same quality and standard.

Good work, Les Mills.

WORM_ALCAN.A

I got this nasty virus on my Windows XP probably due to downloading malicious files through p2p networking. This virus disabled command prompt and task manager. Even if you know the name of the malicious files, as they are running in resident memory, without invoking task manager, the background process can not be stopped which renders not being able to delete the files. One way to remove the virus is to boot in safe mode and then delete all the associated files. Another method is to use a boot a Linux live CD, then mount the Windows hard disk and rm the files in Linux environment.

The word "google" added in Oxford Dictionary

The word "google" has been added in dictionary which means searching information from the Internet by means of search engine.

I can think of a few of my examples of using the word google.

1. Google has become so popular that googling is part of my daily online activties second to email.
2. I tried to google about Steve Johnson but can not find any information.
3. Googling is fun.

Enjoy using the word "google" in your daily life.

ipod hang up

In the past week, I experienced crash on my ipod twice. I guessed they were due to the playing of corrupted video files. According to the user manual, whenever there is a hang up on ipod, the remedial action is to press the menu and play button together for 6 seconds and then everything will be reset.

Reasons to get a mac

ttcp - Cool Throughtput Test Tool

ttcp is a cool throughput test tool. I am aware that many network administrators use it for network testing and troubling shooting. Even Cisco uses it to test the performance of end-to-end host connection.

For end to end test, the receiving IP has to be put in listen mode. Say, if I want to choose port 1234 for testing with 512 packets only , I would put the machine in receiving mode and speficy the following :

#ttcp -r -n 512 -p 1234 -s

On the transmitting side, the receiving host IP address and port number must be given as follows :

#ttcp -t -n 512 -p 1234 ip_address

It can also generate udp packets by having -u in the comand string. A really handy, cool and useful tool.

33 million network services in a Class C Network

I read a web page about networking and it mentioned that there could be up to 33 million network services in a Class C Network. I was puzzled and started using a calculator to figure it out.

No . of usable IP addresses = 253

No. of TCP Port + UDP port per IP address = 65535

Total number of available network services = 253 x 2 x 65535 = 33.16 million

This is the theoritical situation. In reality, most of the reliable Internet service can not be relied upon UDP. I would therefore better say there could only be 16 .5 million network services in a Class C network.

Launch of Body Combat 29

I attended the BC 29 launch class last evening. Again, this is a great release that makes participant surprised. Really strong body movement and fantastic punches. I felt a bit exhausted after the first 3 tracks.

After BC28, we know for sure that there will be something new in track no.6 which is normally the recovery or conditioning track. In track 6, we twisted our waist and perform a double chop and double punch and then the back kick. The side kick part was also extra-ordinary. Side-kick once and then hold the leg without touching floor and then immediately extended another side kick. Great great fighting actions !

笑話一則

朋友說沒有身材的女士性慾特別強。

何解 ?

難道你們沒有聽過 "細胸夾狼" 嗎！

Interesting AD Banner

I always think that AD banner should be interesting and innovative in order to lure other people to clike on it. Take a look at the one below. If you are IT people and comfortable with programming syntax, no doubt you will be atracted by it:

critical processes in IT management and governance

I come across an article on IT Governance. It said there are 6 core processes in IT management and governance, namely :

1. Demand Management
2. Portfolio Management
3. Project and Program Management
4. Resource Management
5. Financial Management
6. Asset Management

All of these processes are focused on providing visibility, control, and utilization of IT resources to maximize business value.

For my curiosity, which one of the above 6 processes is the most difficult one to manage ? The answer is .....

She's back now

She's back now. This time for the 2008 Presidential Election.

If succeeded, Hillary will be the first US female President in history.

I very much want to see people create a new page in history.

3-hour cycling class - the celebration of Le Tour De France

Today marked the celebration of Le Tour De France in California and there was a 3-hour cycling class in Causeway Bay. About 80 members participated this enjoyable evemt.

The 6 trainers on stage were Michael, Diana, Phyllis, Gavin, Lyn and Charles. Each of them took turn to lead the class for 30 minutres.

I consumed 1300 cc of water and swallowed a banana during the 3 hours. For those who completed this traning class, they were given a nice certificate. I think I have burnt out at elast 2400 kcalorie.

There is no doubt that I will definitely join again next year.

Corporate Governance

When you browse the web sites of big corporations or multi-national companies such as IBM, Microsoft and some famous banks, do you find if they publish their statements about corporate governance. Strange, I can not find any.

SmarTone)http://www.smartone.com.hk) is one exception. It publishes its corporate governance as follows :

The Group strives to maintain a high standard of corporate governance practices. It has established an Audit Committee to ensure proper reporting and adequate internal controls, with a majority of the committee members being independent non-executive directors. In addition, Remuneration Committee has been set up to ensure a formal and transparent procedure for setting policy on executive directors' remuneration and for the fixing the remuneration packages of executive directors and senior management. The Group is also committed to achieving a high level of transparency with the timely communication of information to shareholders and investors through different channels, including corporate web site, investor meetings, press conferences and financial reports.

After reading, my comment is that an Audit Committee plus Remuneration Committee should not be sufficient to ensure a broad and sound framework for corporate governance practices. More should have been mentioned. How about protecting the interests of stake holders, protection of customer data privacy, setting benchmark to gauge the Group's business and operational performance and establishing a business continuity plan in case of disasters.

Open DNS Server

According to US-CERT, 80 % of DNS Servers in the world have a loophole that allow third party untrusted IP addresses to perform recursive lookup. This risk can give rise to large scale DDoS, cache poisoning and other forms of attacks. The US-CERT and ISC therefore recommend all network administrators to close the recursive lookup by untrusted IP addresses.

I have followed the advice of US-CERT. To this end, the solution is simply adding a single line in /var/named/chroot/etc/named.conf

allow-recursion { IP address; IP address/subnet mask; };

or simply put

recursion no;

The former allows trusted hosts to accesss recursive lookup while the latter only serves the recursive lookup function for the localhost only.

Openwebmail 2.52 - Internal Server Errors

A lot of people using Openwebmail 2.52 or earlier versions have encountered "Internal Server Error" during logon. This happens intermittently and if one tries to logon again, the error prompt might be disappeared. I've got this trouble for over a month and after continuously googling, I found that the root cause of the problem lies in virus check of Openwebmail. The workaround solution is to disable virus check in /var/www/cgi-bin/openwebmail/etc/ opennwebmail.conf.

Putting this problem aside, on the whole, I think Openwebmail 2.52 is a piece of surprising webmail package comparable to those used by Hotmail, Yahoo and Google mail.

We suck more, that guaranteed !

I like this wallpaper. Look at the words printed on the drink : "We suck more ! And that's guaranteed". My comment is that it should be changed to "We suck money ! And that's guaranteed."

Germany has the highest Firefox browser penetration

According to onestat.com, Firefox penetration in Gemany ranked the highest in the world, about 39 % :

The rankings of browsers in Germany are :

		July 2006
1.	Microsoft IE	55.99%
2.	Mozilla Firefox	39.02%
3.	Opera	2.78%
4.	Apple Safari	1.73%
5.	Netscape	0.30%

This is not surprising to me as I know people in Gemany are keen to support Linux and their developed Suse.

MYoga

I visited MYoga today. The Club is very spacious, good decoration which should give everyone a high class feeling. The group exercises offered to members are of course a variety of Yoga training courses, Body Combat, Body Pump, Spinning and some dances. Woo.. the greatest disappointment is that there are no physical training facilities. I could not perform ab crunch or running on treadmill. Without training equipment, there is no way MYoga could attract me to join.

All hand-held electronic devices banned onboard aircraft

The time has come to mandate a strict rule in the aviation industry. Passengers are not allowed to carry any electronic devices onboard aircraft. These devices include notebook PC, game stations, MP3 player, ipod and cellular phones. I will not be happy in long hour flight without an ipod. But I have to consider it from another angle. If these devices are permitted, the batteries inside can be dis-assembled and then used to ignite a liquid bomb. For the sake of aircraft safety, passengers please adhere to the new rules.

Phishing skills to hide domain name in URL

This is the link I find in a phishing email.

http://%7a%68%61%6e%67%2e%6d%79%74%
77%2e%6e%65%74/

Average users can not tell what the % and codes after % mean. In fact, the sender is using the HEX value of ASCII characters. By looking at the ASCII table, the above link can be translated as : http://zhang.mytw.net

3-hour cycling class

CFC will host a big challenge cycling class on 19 August lasting for 3 hours. 85 bikes will be placed in the dance studio of Causeway Bay Club. There will be a 15-minute break for members to change their clothes or take some snack.

What should I bring to prepare for this challenge class ? Definitley 2 litres of water, 3 sports T-shirt and some energy bar. I surely need some energy bar because the whole class will help me to burn at least 2000 kcaloires.

rwhod

Strange. I remember that I have never installed or activated rwhod. On performing an Internet security scanning, this one appeared running and I have no idea if it was under xinetd. This was a highly vulnerable daemon which could result in buffer overflow.

What I could do is to chmod /usr/sbin/rwhod and /etc/rc.d/init.d/rwhod to make the binary and script not executable.

Because of you - Kelly Clarkson

This is a fantastic song filled with heart-breaking lyric. Just listen by heart and I am sure you will love it.

I will not make the same mistakes that you did and
I will not let myself cause my heart so much misery
I will not break the way you did
You fell so hard I've learned the hard way, to never let it get that far

Because of you I never stray too far from the sidewalk
Because of you I learned to play on the safe side so I don't get hurt
Because of you I find it hard to trust not only me, but everyone around me
Because of you...

I am afraid I lose my way
And it's not too long before you point it out I cannot cry
Because I know that's weakness in your eyes
I'm forced to fake a smile, a laugh erveryday of my life
My heart can't possibly break
When it wasn't even whole to start with
Because of you I never stray too far from the sidewalk
Because of you I learned to play on the safe side So I don't get hurt
Because of you I find it hard to trustNot only me, but everyone around me
Because of you...I am afraid

I watched you die I heard you cry every night in your sleep
I was so youngYou should have known better than to lean on me
You never thought of anyone else
You just saw your pain And now I cry
In the middle of the night For the same damn thing..
Because of youI never stray too far from the sidewalk
Because of you I learned to play on the safe side so I don't get hurt
Because of you I tried my hardest just to forget everything
Because of you I don't know how to let anyone else in
Because of you I'm ashamed of my life because it's empty
Because of you am afraid
Because of you....Because of you...you... mmmmmmmmmm.....

Being beautiful is nothing next to feeling beautiful

I find these words printed in some Yoga mat :

"Being beautiful is nothing next to feeling beautiful."

What does that mean ? I will find it out.

Sony VGN-UX90PS

Sony UX90PS can be claimed as the world smallest PC. This is the most attractive notebook PC I have ever seen so far.

Take a look at the config :

CPU : Intel Core Solo 1.2 GHz
Drive : 16 GB Flash Drive
Memory : 512 MB
Display : 1024 x 600 SVGA
Weight : 498 grams
Standard battery run-time : 3 hours

The weakest part is the battery which can only run for 3 hours. A fully charged standby battey is definitely needed for using this smallest PC on the move.

php-mysql

I tried to install phpBB2 and the installation script prompted me that my php 5.0 version was not compiled with mysql database.

What a surprise ! In PHP4 and earlier versions, by default, it was compiled with mysql. Woo, I tried to search for work around solutions and some people suggest rpm removing php and mysql and re-install php with mysql compiled. This would be a great trouble.

After some deliberations, I realized that what I needed was the rpm of php-mysql packages. Hey, I did not want to trust rpm anymore because it would probably give dependencies failed and asked me to download other necessary shared libraries or utilities. A more direct and simple method was to yum install php-mysql which should take care of both versions and dependencies.

It worked. Thanks to great yum.

Disable root login in sshd

People say that root login should be disabled in sshd. From security point of view, it is totally understandable as I have seen bad guys connecting to port 22 to try root password. But if the ssh port number can be hidden or changed to other alien port, it might not be necessary to disable root login.

I myself would like to use root login in sshd which does not binded to port 22. The reason is that even if a normal user can su to get root access via ssh, the working directory paths are not the same.

This is the working paths of root account using su :

/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:
/bin:/usr/bin:/usr/X11R6/bin:

and the following is the working paths of root account by direct login :

/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:
/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:

Of course, the latter one provides much more convenience as I can invoke system commands or utilitiy only accessed by root account at any directory path. Unlike the latter, the former requires me to only issue the command ./ifconfig after I changed to /usr/sbin or I have to use : /usr/sbin/ifconfig

Seagate hard disk

In the past decade, I purchased 4 sets of Seagate hard disks. Seagate disk drives are notorious for generating noise and heat. Forget about these bad designs, all of the drives I purchased experienced failure after used for 2 or 3 years. Seagate hard disks are not my choice anymore. The best I can think of is IBM hard drive, and it is now re-branded as Hitachi.

inode

What is the full name of inode ?

I'm Not Operating DOS Ever.

Just kidding .........

Smart Antenna

Look at this new set of Linksys WLAN AP. The whole antenna array looks very smart. Actually Linksys has used smart antenna technology to boost the coverage and throughput.

Linksys claims coverage will be increased by 4 times while throughput will be boosted by 12 times. I have no doubt of the 4 times increase in coverage but 12 times increase in throughput is far beyond my expectation and imagination. Prove it, Linksys ?

named in chroot environment

In past versions of named without chroot, named.conf is placed in /etc/ while zone records are placed in /var/named/.

In chroot operation, where are the default paths for named.conf and zone records. The config file name.conf should be in /var/named/chroot/etc/ while zone records are in /var/named/chrootvar/named/.

Difficult to remember the long string of the default paths. I'd better write them down onto a notebook.

DocumentRoot

Network administrators are lazy. In building up web servers, they tend to use the default Document Root. In IIS, it is c:\inetpub\wwwroot\ and in Apache, it is /var/www/html. In case a web server is comppromised, hackers can build bogus web sites by following the Document Root to put the source files. This can be properly circumvented if the Document Root of a web server is different from the default settings.

Phasing out of 3.5-inch floppy drive

I find that these days many people do not like to install a 3.5-inch floppy drive on their PC. The reason is that with 1.4 MB storage space, a floppy diskette can not serve any useful purpose, even not large enough for copying one single file. USB flash should provide much more convenience than floppy diskette. Other would use ftp account for copying temporary files or transferring to other machines.

So what are we going to do with the floppy drive slot on the case. Oh yeah.. it could be best used for card reader. We are not wasting any available space in the case.

Body Combat 28 Tracks

I have been searching for BC28 tracks for some time but can not get a full list. Yesterday, I came across a site that gave the name of all the tracks :

01 - Listen To Your heart - ColorBox / Trouble - Pink
02 - The Final Countdown - HeavyDance
03 - Come With Me (Hixxy Remix) - Special D
04 - Push It Again - Dj Lawless Vs Oliver Swab
05 - Hymn - Tina Cousins
06 - Hung Up - SBI
07 - Fight - KopyKatz
08 - Reach Out - Maximum
09 - Switch - Will Smith
10 - Because Of You - Kelly Clarkson

The best I love in BC 28 are track 1,3,5 and 7. I guess BC29 will be released in early August.

client port number

I always have the concept that client ports are from 1024 up to 65535. This is not correct. Only Windows machines use starting client port number of 1024. All Unix/Linux flavours have client ports starting from 32768. I have tested this using tcpdump on a Linux box.

Another interesting name related to this is ephermeral port which can mean port assigned temporarily to client.

Just wonder if Windows and Unix/Linux machines are on the same network segment, are there any special requirements or conflicts on firewall to manage traffic in the outbound direction as they are using different port number ranges. I guess NOT.

Error 404 web page

Browsers have ugly information pages presented to users for error 404 (Page Not Found). It is a good practice for webamsters to create their own 404 error handling page such that some basic information can be presented to visitors why the page are not found or they have mis-typed URLs spelling.

Mine is simple with a straight forward message, no graphic :

"Woops ... The page you request can not be found.
Please make sure you type the URLs with correct spelling. Good luck, friend...."

In Apache, the directive for this task in httpd.conf is in the line :

ErrorDocument 404 /errors/custom404.html

low cost server co-location service

A data center offers 1/4 rack for server co-location services with 8 IP addresses and only charge HK$1,500 per month. I read carefully about the service level and spot this :

- 99.5% Uptime Guarantee:
- Proactive 24 X 7 monitoring system:
- Redundant power supplies:
- UPS Power Failure Backups:
- Multi Internet Backbones (Network Redundancy):

How can a data center only offer 99.5 % uptime guarantee.
This translates to 1.83 days or 44 hours in a year where service will not be available.

I can not accept such a service level.

yum port number

I am not sure which port number yum rides on. This triggers me to conduct a netstat test while doing yum installing packages.

Great, it works on port 80. Users need not worry that they will not be able to update or install packages since all ISPs allow port 80 in the outgoing direction. The same applies to icq, instant messages over port 80 and there is no need to worrying about firewall blocking.

L7 filter and bandwidth manager

Just when I think iptables is the most powerful tool in Linux, then comes L7 filter. The name itself is interesting and L7 means Layer 7, the application layer. With L7 filter, one can turn a Linux box into a bandwidth manager thereby offering QoS, priority and queuing of traffic. Commercial grade bandwidth manager costs at least HK$100k.

Since it works in the application layer, every single packet will be analyzed. It eats up significant resources. The CPU must be fast and there must be large memory to support L7.

wisely crafted spam

The following is the content of a spam email :

-S''ensationall r'evoolution in m''edicine!
-E'n'l'a'r'g'e your p''e'n'i's up to 10 cm or up to 4 i'nches!
-It's h'e'r'b'a'l solution what hasn't side e'ffect, but has 100% g'uaranted results!
-Don't lose your chance and but know wihtout d'oubts, you will be i'mpressed with results!

Clisk here: http://golfarmour.com/

Looking at the words I highlighted in red, no doubt you will agree that this spam email can bypass keyword filter and get into the inbox of the recipient.

Fedora Core 5

FC5 was released in late March 2006. The most distinctive feature compared with previous releases is that it has 64-bit OS version to support 64-bit CPU.

I found a nicely packed FC5 box package with a single DVD and a colorful installation manual selling at HK$80. I better buy it instead of spending serveral days to download the iso images from mirror sites and then burn four CD.

2300 IP addresses of i-cable listed by real-time blacklists

I tried to access Senderbase network and performed a check on hkcable.com.hk. Surprisingly, Senderbase returned that over 2300 IP addresses of hkcable.com.hk were put in realtime blacklists. Some IP addresses have mail volume of 4.7 - 5.1. These IP addresses were connected to compromised machines which are either zombies or open proxies.

The impact of zombies or open proxies will be reduced significantly if an ISP can barred TCP port 25 in the outbound direction. This is a worrying trend and I really hope the ISP in question can take some positive actions to reduce email spams arising from compromised hosts.

Copyright video found on Google Video

A couple of days ago, I accidentally found the 1-hr video of BC24., BC25 and BP 56 of Les Mills could be seen in Google Video. I called a man who had some official connection with Les Mills to take actions. Google was quick to respond and the copyright materials were removed promptly.

Why Google commit such a careless mistake ? The copyright owner could file a law suit and Google would be in trouble.

Email Honeypot

I want to set up an email honeypot which seemed to act as an open relay to attract spammers. The trick is to allow all IP addresses from 1.aaa.bbb.ccc to 233.xxx.yyy.zzz to relay in the /etc/mail/access file. However, the emails queued which are deposited by spammers must not be delivered out. Hopefully, there are some easy to understand settings in sendmail.mc to accomplish this task. I also start a cron daemon to move the files in the default mail queue directory to other protected path. With a bit of luck, my email honeypot is successfully operational.

Openwebmail 2.52

I am deeply attracted by the new features of web disk and personal calendar in Openwebmail 2.52 which I tried yesterday. Web disk can be used as a ftp account and I would say Openwebmail has successfully integrated email and ftp in a web client interface. My PIII-450 MHz server is running RH7.1 which is not compatible with Openwebmail 2.52. I need to migrate the whole hardware to P4 CPU and upgrade the OS to Fedora Core 4.

Dovecot

I installed a mail server with Fedora Core 4. The MTA package was of course Sendmail. However, there was no pop or imap daemons associated with FC4.

According to some experienced FC users, dovecot should be used. I followed instructions from web links and do a "yum install dovecot". The installation was successful but dovecot failed to start with the error message :

Starting Dovecot Imap:Fatal:Can't use SSL certificate /etc/pki/dovecot/dovecot.pem;Permission denied

Wooo.. dovecot's default settings come with SSL certifcate. After changing ssl_enable = yes to no in /etc/dovecot.conf, dovecot started up successfully.

巴士阿叔

這幾天如果你沒有聽過這兩句口頭禪「我有壓力，你有壓力，你做乜挑釁我呀？」和「未解決！」，恐怕你都不可以稱得上是八掛的香港人。

netcat to emulate servers behind a firewall

I need to test request to POP, SSH, WEB and SMTP services behind a firewall could get through. The services are not started up yet. Then how could I test the firewall connectivity.

My colleagues remind me of netcat. Netcat can listen on a particular port and if a PC is running with netcat, it can successfully emulate a server. In Windows mode, the command is something like :

nc -l -p 25 -t -e cmd.exe

Really handy and powerful !

Black Frog

Blue Frog died a week ago due to large scale DDoS attack by spammers on the Blue Security command and control site. This week, Black Frog arises. Talented software people think that they have successfully learnt from the failures of Blue Security and eager to apply their belief on the cyberworld. This time P2P technology is used to avoid the whole anti-spam community network being cracked down by a single point of failure.

Can Black Frog survive ? This is something every IT people wants to witness.

Woo. after Black Forg, there might be Red Frog or Yellow Frog. Who knows what next ?

ldd and Windows ldd

"ldd" is the utility to find all the shared libraries or dynamic dependencies of executable files required by each program. I like to state an example to refresh my memory about the usage.

# ldd tcpdump
libc.so.6 => /lib/i686/libc.so.6 (0x4002d000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

It is very clear to me ldd is a must in cleaning malicious codes or Trojan programs in Linux/Unix boxes.

How about Windows PCs that are the targets of spyware programs. I could remember a freeware "Dependency Walker" which performs similar functions with nice GUI.

Anti-spam Warrior BlueSecurity Defeated by Spammers

Sad news ! BlueSecurity has closed down its operation. Earlier this month, spammers sent 10 million packets to attack BlueSecurity. There is no way BlueSecurity could survive. Also, given its war with the largest spammers in the world, no ISP would like to offer service to BlueSecurity.

Lets pay a moment of silence to this anti-spam warrior.

廣告的吸引力

廣告的吸引力有幾大，單看地鐵站內 “moto 明” 的海報便可估到了。

Steganography on images

This week I come across some theories about steganography on images to hide secret text. The method is to change the least signifcant bit to its reverse value. Consider a true colour image with 24 bit colour depth, altering least significant bit will cause a slight change in colour but this can hardly be detected by human eyes. How much information can an image carry ? An image might have 320 x 480 pixels and six pixels each giving out a single bit can contribute to a single ASCII text character. That is to say, an 320 x 480 image can store up to 25600 text characters which should be quite sufficient to spread secret information from one machine to another.

Comat 28 Class Today

Today evening is the launch of Combat 28 in all 7 clubs of California Fitness Center. I intend to attend the 1st class by Yvonne at Causeway Bay starting at 6:30 pm and then proceed to Wan Chai to continue the 2nd class by Stephaine. I can not finish all the 9 tracks in the first class as I need to rush to Wan Chai. I think I will have to leave after finishing the Muay Thai track.

Tomorrow I agree to meet Kay in Central for the class conducted by Michelle D. Wooo... I don't know if my physical strength can sustain three rigorous exercises in 2 days.

SMTP Daemon can not restart

A couple of days ago, my email server crashed and it could not be restarted. The reason was unknown. I had no other method to restore it but had to perform a remote reboot. Hopefully everything worked fine.

Actually, I had not rebooted my server for over 200 days. When running programs are closed, there is no guarantee that residual memory occupied could be 100 % released. Days after days, there is less and less usable memory. It is a good idea to reboot server after a certain time, say one or two months.

Launch of BodyCombat 28

Combat 28 training class will be launched on evening of 12 May (Friday) at the 7 California centers almost at the same time. Frankly, I don't like to have launch class of new release on Friday evening. It is because members might not be able to free themselves from their duties. Saturday and Sunday are the perfect time for launch. I hope the timing of launch class should be considered carefully in the next release.

BTS Forum

BTS is a well-known forum is for instructors, participants and anyone interested in the Les Mills programs. I joined it a couples of days ago.

In the Forum, I see big names of some international renowned trainers. There are not many people from Hong Kong. I counted only 5. As a matter of courtesy, I have dropped them a message to introduce myself.

I gained a lot of new knowledges about Les Mills exercise. For example, the name BodyBalance is not used in USA, rather, it is called Body Flow.

Could I be an active member in the Forum ? I don't know yet !

New banner in blog template

The recent Blue Frog Community Program attracted me, the purpose of which is to unite a large group of people (about half million) together to fight back against spammers. These people set up a do-not-intrude list. If spammers try to send spam email to any of the email account, a large number of PCs will send DD0S to the spammer servers or web hosts.

For more than a year, I have not added any new banner into my blog template. I decided to add Blue Frog banner as part of my blog template. The aim, of course, is to let more people know the Blue Frog Community Program. I particulary like their slogan, " Stop filtering spam, start deterring spammers!"

My first visit to Pakpolee Club

Today, Pakpolee Club was opened to use by members of the California Fitness Cente. I made a tour aroud for about 15 minutes. The changing rooms are at the top floors. Of course, this is not convinient as we have to walk upstair for so many floors. Actually, this comes as no surprise to me.
For group X facilities, the cycling studio is ok. What I dislike much is the size of the multi-purpose studio. It is so small that it can not accomodate 50 people together. It would be very crowded for bodybump or bodycombat classes. Unfortunately, the management of California Fitness Center is not aware of this.

storing maps on PSP

I need to go to Ma On Shan Sports Center tomorrow morning. I don't know the location and how to get there. Logically, average Hong Kong people will browse centamap.com and print a hard copy of the location. But my situation is different. I don't have a B&W or colour printer at home. What I can do is to save the image on to my PSP and bring along the PSP. Woo..... I have save atb least one paper by using electronic means to store something of temporary use.

California Fitness Center - Mongkok Pakpolee Club

The 7th club of California Fitness Center at Mongkok Pakpolee Centre will be opened on 1st May. I heard that there will be 8 floors and the total club size is only 30,000 sq feet. We can imagine how small each floor will be. Walking stair 8 floors is not fun at all. Let's hope there will be lifts to serve different floors. Wait ! I recall that there are two lifts in Tsim Sha Tsui Center but somehow they are disabled in order to allocate more space for placing training equipment and facilities. This is completely crazy.

Election Committee - IT Subsector

In response to the Government call, I have registered myself as a voter for the Election Committee Subsector for the Information Technology Functional Constituency. Amongst the 800 members in the Election Committee, 20 of them will come from the Information Technology Functional Constituency. In the last election, only 5 % of the local IT workforce registered as voters. This is far disappointing. Though I do not have a vote on the CE election, I hope the elected members from the IT sector will make the right choice and pick the right candidate.

One-to-one personalized email marketing service

In an attempt to lure me to register new domain name under .name TLD, godaddy.com sent me an HTML email with the following image embedded:




It tried to put my surname in the banner image and the image is only applicable to me. This is a typical case of harnessing one-to-one personalized email marketing service. The recipient, of course, will be much impressed.

Sender Policy Framework (SPF)

I checked that I have not written anything in my blog about sender policy framework (SPF). Well, I'd better do so otherwise I might forget the whole concept later on. In fact, this is a service for receiving mail server to authenticate the sender in the "mail from" field. It works this way. Suppose a spammer tries to use the sender email address as xyz@aol.com, the receiving mail server will interrogate the domain records of aol.com. There is a string of text telling which IP addresses can use the domain aol.com (sender policy). The spammer will be using an IP addresses not in the domain records of aolc.com and the receiving mail server will reject the email.

The good news is that all existing DNS software packages can support additional text strings for implementing SPF. However, receiving mail servers need to be upgraded to perform the SPF interrogation.

Here below is the IP addresses that can be associated with the domain aol.com:

> set type=txt
> aol.com

Non-authoritative answer:
aol.com text = "v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"
aol.com text = "spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all"

Right Hand Side Blacklist

I am using DNS-based Blacklist (spamhaus.org and spamcop.net) to filter out spam emails. The blacklist systems are based on IP addresses which somebody might call it Left Hand Side Blacklist (LHSBL). There is another kind of DNS-based blacklist system that check domain names instead of IP address. The name Right Hand Side Blacklist (RHBL) is therefore established as we look at a DNS record, the right hand side always denotes a domain while the left hand side tells the IP address associated.

Suppose an email has the domain name "example.com" in the "MAIL FROM:" field and the server dsn.rfc-ignorant.org is where we want to lookup. We will look at example.tld.dsn.rfc-ignorant.org, and if the IP address 127.0.0.2 is returned, the domain name "example.com" is blacklisted.

Ha... I have gained some new knowledge in the area of DNSBL.

CD album will be history

In late 70's, CD was invented to replace grtamophone record. Now that everyone uses portable players such as MP3 or ipod, purchase of music online will soon make CD album redundant. This is a logical evolution and there are some benefits to consumers. They can nuy individual songs they like instead of buying all the songs in an entire CD album. Without CD, the world uses less plastic and less packing materials. Good to the environment.

Everyone needs an FTP Server

Yesterday, I needed to transfer 5 GB of files from one PC to another. The usual and logic way to do this is to hook up to an Ethernet switch and share the required folders for the PC on the same network to retrieve. However, things did work that work because of SP2 personal firewall settings.

I tried a work around solution. I started an FTP server (Cerberus) on the PC holding the 5GB files that needed to be transferred out. The other PC run SmartFTP client to download the files. This seemed to be a better solution than sharing folders over the same network segment.

For those that have more than 2 PCs at home, they should have an FTP server to circumvent problem in sharing folders.

Richter scale on email volume

SenderBase Network sets up a global email traffic monitoring network. In quantifying email volume, the Richter scale used to measure earthquakes is applied to message volume calculated using a log scale with a base of 10. The maximum theoretical value of the scale is set to 10, which equates to 100% of the world's email message volume (approximately 10 billion messages/day).

By checking the IP address of our company's outgoing mail server, our Richter magnitude is 1.9. This can be translated to 7900 outbound email messages per day. Hey....., this is a rather interesting concept.

bodycombat tracks

There are about 300 tracks in Les Mills Bodycombat (BC) series. I try to list the 10 most favorite tracks. Here is my choice in the order of preference :

Greensleevs : BC19 – 03
Ludwig is alive : BC17 -8
Symphony No. 9 : BC13 - 8
Razzia : BC18 - 08
Bagpipes : BC26 - 04
Excalibur : BC11 - 5
Guita Damage : BC26 - 02
Stuck on you : BC23 - 01
I like chopping : BC19 - 01
My Sharona : BC10 -5

By the way, some combat fans do not know who Ludwig is. Ludwig is the given name of the famous German musician Beethoven. His full name is Ludwig van Beethoven.

60GB ipod player

Finally, the storage space of my 4GB ipod Mini has all exhausted. I have no means to expand the storage but to buy another ipod player. The logical choice is 60GB ipod which can supports video playing and viewing of photos. It costed me $3100. This time it is not possible for me to consumer all the available storage space. Should I consider to use the available space to store my personal files. Thats a good idea indeed !

HKIX Looking Glass lookup

Sometime ago, I was able to tell my colleagues the IP address prefixes advertizied by AS 9269 which is owned by a Hong Kong ISP. At that time, I relied upon www.fixedorbit.com to use the AS lookup tool to find the prefixes.

In fact, HKIX provides a looking glass service that we can look for the IP prefixes advertized or received through a particular AS number. "Looking glass" is an interesting term. I am still looking for the exact defintion meaning in the networking world.

.xxx top level domain

Some wise people put forward to ICANN the idea of creating the .xxx top level domain for adult and porn sites. The motive was good. Parents would not allow children to access domains ending with .xxx. I don't see why ICANN needs to reject the proposal.

有誰共鳴

三年了，你己離開我們三年了 !

夜闌靜 問有誰共鳴 ?

Body Parts Enlargement Corporation

I tried not to laugh when I first saw this comic picture but couldn't.

Windows OneCare

Not many people can have the time and knowledge to handle security issue on their PCs. The good news to these users is that Microsoft will soon launch the Windows OneCare service which includes anti-viruses, anti-spayware and basic firewall proctection. The bad news is it is a subscription service, up to USD$49 per year for three PCs.

I am keen to try but currently OneCare only supports the English language OS.

杜鵑花

如果大家這幾天坐車經過窩打老道瑪利諾書院，一定會被校園盛開的杜鵑花所吸引。杜鵑花盛放的月份應該是 3月尾至4月頭，一般顏色有白色、紅色、粉紅色、橙色及紫色。，記憶中小弟曾經見過粉藍色杜鵑花，或許這些品種是人工培植。

不要以為杜鵑花漂亮便胡亂採摘，杜鵑花帶有強烈毒性，如果手接觸過後然拿取食物，可造成噁心、嘔吐、血壓下降、腹瀉及昏迷等現象產生。

netcat

Some people say "netcat" is the second most powerful networking tool, the first being "nmap". That is true.

Netcat can pick any TCP or UDP port for initiating a connection to any host. This way, it acts as a powerful network client. With multiple IP addresses binded to a host, we are free to choose which IP address to use for inbound and outbound connections. When the listen mode (-l) is enable, it acts as a server.

I should have practsied netcat a long time ago. Can't recall why I miss the opportunity to play around with netcat.

Email spider

I played the trial version of Email Spider from http://www.emailsmartz.com. I must emphasize that I am not a spammer, but I am interested to have a look on how email spider operate. Within the first 30 minutes of scanning a famous directory web site, the spider successfully got over 3000 email addresses. The maximum that it could captured within a single URL is about 45000 email address. This limit seems ok as there will not be any single URL that contains such a large number of email address.

HELIX Forensic Toolkit

The open source community has recently offered a surprisingly powerful Helix forensic toolkit to network administrators and enforcement agencies. The whole toolkit is on a live Linux CD. It is developed from Knoppix.

I started to download the iso image tonight (712 MB). I should be able to have a forensic toolkit early tomorrow.

公民黨

公 民黨昨日成立，現時有六位立法會議員座陣，包括余若薇、張超雄、吳靄儀、湯家驊、梁家傑、譚香文。公民黨最特別之處是以毛孟靜作發言人，毛小姐精通公關及 傳媒技略，得毛小姐相助像如虎添翼，真不愧為非常勁秋的政黨。公民黨楊言會參與所有選舉活動，並期望成為執政黨，不排除派員參加香港行政長官選舉。

今後政壇必定有一番龍爭虎鬥，好戲在後頭。

Last day for bodycombat 27

Today is the last day for bodycombat 27. Afterwards, combat classes will be back to normal and trainers are free to pick their favorite tracks. As far as I know, the video for combat 28 is now being filmed by Les Mills. We expect combat 28 to be launched in the 1st week of June.

I counted that altogether I attended 15 classes in the past 14 days, wooo, slightly more than one class a day. Here below is my record:

下一任政務司長

官場盛傳，肥龍 (許士仁)任期只會到 2007年中，看目前形勢，下屆特首仍是曾蔭權，那麼，誰將會是下任政務司長。其實答案淺而易見，這人選將會是曾俊華，大家不妨拭目以代。

九鐵事件

九鐵兵變事件終於曲終人散，雖則 2名高層被鈔，但幕後黑手仍逍遙法外。

事件對打工仔有何啟示呢 ? 在出現企業高層鬥爭時，員工是不宜胡亂表態支持某一方，否則會被秋後算賬。緊記 ！ 緊記 ！

Yet another cousin domain

The URL link of the phishing email below uses a cousin domain "citiblank.com" to disguise "citibank.com". To find this out, you have to place the mouse in the URL link them you will discover the actual domain path is redirected to "citiblank.com". This tactic will go on continuously. I am afraid that after some time, Citibank will not be able to send genuine email notice to its customers as they will treat all emails from Citibank as phishing fraud.

Dear CitiBank customer,

We are looking forward to your assistance and understanding and inform you about new CitiBusiness department system updrade performed by security management team in order to protect our clients from increased online fraud activity, unauthorized account access, illegal funds withdrawal and also to simplify some processes.
v5QqzMF1dEk6hDbb3agzrntTMJQxAId6O4xoRdp6QKc9nmkryB11ZvJMgBjQkyXaDvzvIZBBKNJac6CJ
The new updated technologies guaranty convenience and safety of CitiBusiness account usage. New services for your account will be effective immediately after an account confirmation process by a special system activation application.
HELHawuq8OttmgE1Ldxvd96ZXQ9aXLVFqHlBeP3lGkO4Bu5nTCTVLZVJQ4UNQOttwPUJGX7liXpVqwi9
To take an advantages of current updrade you should login your account by using CitiBusiness Online application. For the purpose please follow the reference:

https://citibusinessonline.da-us.citibank.com/cbusol/signon.do

Please note that changes in security system will be effective immediately after relogin.
9c5Vc0F45zRWoleVc9GT6MgpJHkcdEklQqt4qY8wy1tXmHRAQztXlJn7qIiEnF1f6jjytr5PtyNQgHq7
Current message is created by our automatic dispatch system and could not be replyed. For the purpose of assistance, please use the "User Guide" reference of an original CitiBusiness website.
gV5DGtK7c5LBJNQQ8boqDut726ZiMpp4lvH2ZracxWMtKE9TOzjt3DB6IAox1PBnliqkKBxiykCi0KdP
Sincerely yours,
CitiBusiness Administration.

A joke on spam filtering

I heard a funny story on spam filtering.

A corporation tried to deploy content filtering solution to reduce spam emails. One of the targetted keywords is "sex" since a large number of pornography spam emails contain the word "sex" in the message body. However, a nightmare occurred. All emails sent in for job applications were inadvertently filtered because in the CV part, the applicants need to tell their sex is male or female.

Good luck to those that rely on content filtering to fight spam !!

what is RPM

Les Mills International invented 7 category of body exercise, namely, Bodypump, Bodycombat, Bodybalance, Bodyjam, Bodyattack, Bodystep and RPM. I don't have difficulty to understand the former 6 category but what exactly is RPM. RPM is indoor cycling exercise just like the Schwin spinning class we have in California Fitness Center. RPM is the abbreviation of "Raw Power in Motion", a cool name indeed !

Forwarding email header

On last Friday, I was in a pulic anti-spam workshop. Some people asked how to forward spam mail to an ISP complaint account since clicking the forwarding button will just send the mail contents without the mail header. A clever guy working in the ISP industry said that in common mail clients such as Outlook or Outlook Expresee, forwarding as attachment will combine everything. Woo.... this is very useful and I need to remembe this technique from time to time.

second level country domain

I try to ask myself are there any standard names or rules and regulations for second level sub-domains under country code domain such as .hk, .cn and .uk. Seems like the authorities of ccTLD can decide this matter on their own. I notice that Korea uses ".or.kr" to replace ".org" for organizations while UK just uses ".co.uk" instead of ".com.uk" for companies. As for Hong Kong, we have "idv.hk" which stands for individual.

Recently, the UK ccTLD has rejected the sub-domain ".scot.uk" which is to represent Scottish registered organizations. I personally think the resource required is not so much and the proposal should be supported. Hmmm.....there might political considerations behind the scene.

Notice of Jury Service

I received a letter from High Court telling me that my name will be placed in the list of jurors. To fulfill my civic duty, I will not have any objection to serve as a juror just in case I am needed. But this sounds a bit funny or perhaps odd to me. I should have been listed some ten or twenty years ago. What's wrong with my personal records in government registries ?

Body Combat 27 again

I attended two combat 27 classese today, one in morning and one in afternoon. In the afternoon, Yvonne launched her class at Wan Chai. Guess how many trainers were teaching together, yeah .. five, Yvonne, Paul, Jeremy, Sunny and Martial. The floor was so wet that after the 6 track, I had to dry the floor whenever there was a short break.

After 3 classes, I think I could follow almost 95 % of the body actions and movements.

Apart from "So what" which is the default Muay Thai track, there is another special one named "Bad and Sexy". This is a recovery track. The background musc, beat and rhythm are wonderful.

From a web site in Sweden, I got a list of tracks in bodycombat 27 :

1. Shake that - Scooter
2. Bom bom suenan - Freddy Fader meets Locana
3. Out in the fields - Heavy dance
4. Genie in a bottle - Speedway
5. Tribal dance - 2 unlimited
6. Saturday night's alright for fighting - Dynamix
7. Bad & sexy - Balloon
8. So what - Independence day
9. Neck breaker - Plus system
10. I believe in a thing called love - The darkness
11. When love & hate collide - Def Leppard

Body Combat 27

I tried body combat 27 today at Whampao. The class was supposed to be led by Martial and Jermey and it was nice to see Paul and Roger as guest trainers. Of course, the launch class today attracted a large group of people. At the end of the class, people seemed satisfied and smiling, looked like they had got something new.

I think body combat 27 is very exhausting for the 1st and 2nd time. I believe once I have been familiar with the body movement and pattern, it wouldn't be difficult for me to follow. The Muay Thai part is quite special; bend down the body and punch on the floor hardly. The track is also wonderful, at the start, a male voice shouting out "so what.. so what and so what" again. I guess the track might just be called "so what". I am interested to check it out.

Yahoo and AOL impose email stamp

I want to condemn AOL and Yahoo for forcing other companies to buy electronic stamp if they want their emails to be delivered to AOL or Yahoo users. This drastic action/measure is aimed at collecting revenue. No doubt it impedes the free flow of information to the cyberworld.

If my email service provider tries to impose email stamp, I would stop asking people to send emails to me. As an alternative, I will set up a web page for people to type in their messages to me and the messages could only be read by me.

Launch of .hk Chinese Domain Name

HKIRC has announced that .hk Chinese Domain Names (CDN) will be launched in the 3rd quarter of 2006. Seven categories are opened for registration; 公司.hk, 網絡.hk, 組織.hk, 政府.hk,教育.hk and 個人.hk. I don't see the need to delay to the 3rd quarter of this year. I had participated with the 6-month trial of the Chinese Domain Names and the system operated smoothly without a single minor technical fault.

If CDNs are still charged at HK$200, it will not be competitive as currently .com domain names are only charged at US$8.9 per year.

My tour to Singapore

I arrived at Singapore late last night. I chose to stay at the Furama City Centre Hotel which is close to Chinatown. The first thing I wanted to do was get to chinatown and had a bowl of shrimp noodle. I did not make it as all food stalls had been closed.

Broadband Internet service at the hotel is SGD$25 per day. Actually, there is an Internet Cafe nearby which charges $2 per hour. For convenience sake, I had to buy a 1-day package from the hotel. I really admire the San Francisco Metropolitan WiFi Initiative whereby free or low cost Wifi connections will be offered to all people including visitors.

My last day in Perth

Today is my last day in Perth. During the past two days, I did not find many sight seeing spots or large shopping malls in this city. The Swan River is attractive. Overall, the city is clean and I can smell very fresh air even in urban town. That's something we really never have in Hong Kong.

Should I also mention the weather here ? Oh yeah.. the weather is hot and dry but not humid. Even it is hot, I still feel very comfortable.

Launch of Combat 27

After waiting for 3 weeks, I am happy to know that California Fitness Centre will launch Combat 27 class on 4-5 March. Hmmm... I will attend two launch classes, one is conducted by Jeremy and Martial at Whampoa and the other class is by Yvonne at Wan Chai. Yvonne once mentioned that there will be up to 5 training instructors invited. No doubt Eric and Jeremy will be present. The other, I can only think of Sunny, whoelse will come ???

Telstra Roaming Service

I arrived at Perth at about 8:3o hours this morning. My mobile phone automatically logged to Telstra roaming service. I was just wondering what prefixes I should dial in order to call my home. Before departing, the customer service officer of NWPCS in Hong Kong advised me that I should stick to 00852. Oh shit... this didn't seemt to work at all.

Just when I was frustrated and angry, a SMS message from Telstra came to my mobile phone, advising all visitors to use oo11 followed by country code in dialling overseas calls. This is really a fantastic service to deliver the right information at the right time. Indeed SMS is so powerful that it can tremendoulsy enhance the services of mobile networks.

Checking Assignment of AS Number

Quite honestly, I have played whois for some time and am not aware that this tool can be used to find the registrants of AS Numbers in addition to IP addresses. The command is quite simple, for instance, to find the owner of AS9269, I would do the following :

c:\whois -h whois.apnic.net as9269

Wooo... fantastic and more powerful than web-based whois database search.

DNS query tool

In Linux/Unix distributions, there are 3 DNS query tools provided, namely nslookup, dig and host. Only the nslookup tool is available in Windows XP. I have got the Windows version of dig and host offered by http://pigtail.net/LRP/dig/. Surprise, there is also a copy of whois ported from Linux/Unix. With all these 4 tools, I can use my Windows machine as a Linux box for DNS and whois query tasks.

How to check if an IP address is on Realtime Block List

I have been puzzled for a long time about how to check if an IP address is listed in some famous RBLs. After playing around for several hours, I figured out that RBLs are running on DNS and nslookup or dig should be the interface to perform the query. That’s true. If spamhaus.org blacklists the IP address 218.19.1.220, it will make "A" record of 220.1.19.218.bl.spamhaus.org and upon querying this string, the IP address 127.0.0.2 will be returned. Other DNSRBLs work on similar mechanism. On command level, it is as follows :

# nslookup

> 220.1.19.218.bl.spamhaus.org
Server: 202.81.252.116
Address: 202.81.252.116#53

Non-authoritative answer:

220.1.19.218.bl.spamhaus.org canonical name = blocklist.address.is.wrong.spamhaus.org.
Name: blocklist.address.is.wrong.spamhaus.org
Address: 127.0.0.2

I found that dig is more useful in DNSBL query. Using dig, I would type :

[root@i3way mail]# dig +short 220.1.19.218.relays.ordb.org A

and the response is “127.0.0.2”

IP address for broadband TV set-top box

For PCCW’s 6M network service, the ADSL modem has four RJ-45 ports. If a NOW set-top box is connected to one of the ports, the IP address obtained is internal IP address 192.168.X.Y. Only this IP address range is able to access the multicast network for viewing NOW broadband TV.

However, for desktop or notebook PC connected to the ADSL modem port, the IP address obtained is a routable public unicast IP address. How come the set-top box get a private IP address and PC gets a public IP address. The answers are simple. The MAC address of the set-top box is known so a special IP address range can be assigned upon the DHCP connection. If PCCW assigns public IP addresses to both PC and set-top box, it will have to double the IP address resource. So long as private IP address can serve the IPTV delivery, there is no reason to deploy another IP address.

Combat 26

Bodycombat track series 已經在去年12月初出至第26版，加洲健身中心 (California Fitness Centre) 亦有舉辦為期兩星期的 combat 26 練習。其實 combat 26 tracks 包括了多首強勁節奏的歌典，最特別應該是 bagpipes，蘇格蘭風笛的一段非常動聽，很難想像配合的動作竟是 jump kick，真佩服 trainers 的想像力及音樂感。其它值得介紹的歌曲有 guitar damage, fighter, night life 和 I’m so excited.

shame on NWPCS

NWPCS increases the service charge of Inter-network SMS by 50 % from 40 cents each to 60 cents. This is not necessary as the infrastructure has already been built there and there is enough capacity for higher growth. I guess the reason is that as CSL charges 60 cents per message, after CSL has acquired NWPCS, CSL sure will not allow a large difference in the SMS service charge of the two networks belonging to the same company and will align the service charge of NWPCS to a higher level. This is a bad side of merger and aquisition.

Smoke on the water

How many rock bands have played Deep Purple's super rock song "Smoke on the Water" ? Oh yeah, numerous. At least I know Iron Maiden, Led Zepplin, Rainbow, AC DC, and Black Sabbath and Queeen. The lyric tells a true story. In December 1971, a fire burnt down the Montreux Casino near Lake Geneva. The band members would never forget what they had seen and experienced so came up with this great song in the history of hard rock music.


We all came out to Montreux
On the lake geneva shoreline
To make records with a mobile
We didn’t have much time
Frank Zappa and the mothers
Were at the best place around
But some stupid with a flare gun
Burned the place to the ground
Smoke on the water, fire in the sky

They burned down the gambling house
It died with an awful sound
Funky claude was running in and out
Pulling kids out the ground
When it all was over
We had to find another place
But swiss time was running out
It seemed that we would lose the race
Smoke on the water, fire in the sky

We ended up at the grand hotel
It was empty cold and bare
But with the rolling truck stones thing just outside
Making our music there
With a few red lights and a few old beds
We make a place to sweat
No matter what we get out of this
I know we’ll never forget
Smoke on the water, fire in the sky

Switching on the backlight of ipod

Sometimes I need to turn on th backlight of my ipod Mini for a few seconds. I did not know how this could be done until today. If I press the menu button for a few seconds, the the backlight will be turned on. Pressing the menu button will toggle from on to off. This is convenient especially if I want to see the name of songs or to view playlist.

If I remember correctly, this feature is not stated in the user manual.

captcha images

These days, we see a lot of captcha images when registering new accounts on web sites, writing blogs or even sending out messages from webmail. We are required to retype the characters printed in the images.

A captcha (an acronym for "completely automated public Turing test to tell computers and humans apart") is a type of challenge-response test used in computing to determine whether or not the user is human. A common type of captcha requires that the user type the letters of a distorted and/or obscured sequence of letters or digits that appears on the screen. Only human can read the image and therefore it successfully prevents bots or machines to perform automated registration.

Some people are not happy that captcha wastes their time. Please be considerate. If we want to reduce the amount of spam on the Internet, we have to live up with captcha.

Private Multi-cast IP Addresses

It is well-known that in the IP address range 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are assigned as private IP addresses not routable to the Internet. The allocations of these IP addresses have somehow extended the life span of IPv4 address space.

Are there any private IP addresses in the Class D multicast range ? Yes, the range 239.255.0.0 - 239.255.255.255 are available for each organization to freely use. Right now, NOW TV and SUPERSUN are riding on this IP range to deliver their IPTV service. NOW and SUPERSUN could each have up to 65536 TV channels for their services. The limitation is that IPTV services delivered in such a way could not be routed to other networks.

Some broadband TV service providers are now using the GLOP address range 233.x.y.z. The value of x and y will be derived from their AS numbers. They will have the last octet freely available for them to use. In such a case, they will have 256 TV channels that could be delivered across the Internet.

PSP Video

I got a PSP and wanted to transfer some music video files onto it. Damn it ! Nothing has been mentioned in the user manual where video files are to be stored. The only thing mentioned is that the video files must be in MP4 format.

After searching the Internet for several hours, I figured out that the folder to be created is PSP/MP_ROOT/100MNV01/. Thumbnail files associated with the video must also be created accordingly. Fortunately, I have PSP video 9 which helps me to handle these stuff easily. This is a freeware.

For photos and music, the folders to be created are clearly stated in the user manual. It is disappointing that Sony purposely does not properly publish the information on storing video.

Cousin domain names of paypal.com

I received another phishing email and upon clicking the embedded URL, it redirected me to a site called r-paypal.com. This is a common technique of cousin domain name which is to make people believe that r-paypal.com is a sub-domain of paypal.com. On further querying DNS name records, the cousin domain names a-paypal.com, b-paypal.com up to z-paypal.com have been registered. This group of people spend about US260 to register the cousin domain names for 1-year use and then they can send out phishing email.

I think domain name registration bodies should pay attention to the registration of cousin domain names and notify the name owners of paypal.com to investigate if these cousin domain names will disrupt the businesses of paypal.com.

Yet another phishing fraud

Yet there is another phishing email to fool visa card holders:
=============================================
Good afternoon, unfortunately some processings have been cracked by hackers, so a new secure code to protect your data has been introduced by visa.

You should check your card balance and in case of suspicious transactions immediately contact your card issuing bank.

If all transactions are alright, it doesn't mean the card is not lost and cannot be used. Probably, your card issuers have not updated information yet. That is why we strongly recommend you to visit our web-site and update your profile, otherwise we cannot guarantee stolen money repayment.

Thank you for your attention.

Click here and update your profile.
============================================

The email header indicated that the mail was from 220.82.163.106, reverse lookup give the host name as "kpobr.moao.ameritech.net". It has nothing to do with visa corporation.

Hey..... silly tricks come over and over again!!!