China blocked Youtube

China has taken extreme measure to block access to Youtube in the whole country. This is unnecessary. This ultimate move is just like burning down a farm because of a dead chicken found inside the farm.

China can just request Youtube to remove video clips related to beating of monks and Tibetan. Youtube has in the past removed copyrighted videos from its website.


Firewalls should not block DNS traffic over TCP port 53

Some firewalls explicitly allow blocking DNS traffic on TCP port 53. This is not a protective feature but rather it causes a lot of troubles. System administrators should allow DNS traffic to go through TCP. Take MX records of hotmail.com as an example. Currently, the byte length is 511. If Hotmail adds an additional mail servers, the return on MX records will exceed 512 bytes which can not be handled by UDP. The transaction will logically fall back to TCP.

There are other cases of transactions using TCP, mainly queries on nameservers of top level domains and country code top level domains. When IPv6 and DNSSEC are popular, a large part of DNS tarffic will ride on TCP.


Amazon Kindle

This week, I saw people reading electronic books on the Amazon Kindle ebook device inside MTR. The look is quite attractive. The quality of the displayed text is very equivalent to printed paper quality. Hong Kong is considering ebooks for school teaching. The technology should have a promising prospect in future.


Cloning hard disk

My colleague tried to clone a 80G HD with a 250G replacement using clonezilla. After successful booting with the replacement HD, only 80GB were seen. The following steps were carried out to get back extra disk space:

1. fdisk /dev/sda
2. add a new extended partition which will then become /dev/sda3
3. add a new logical parition which will then become /dev/sda5
4. When fdisk -l is run, it show /dev/sda3 and /dev/sda5 are created.
5. format the /dev/sda5 by mkfs.ext3 /dev/sda5 (*note : /dev/sda3 can not be formatted)
6. assign a mount point to the partition /dev/sda5
7. Add the new mount point to fstab

After system reboot, all added new hard disk space can be seen.


Number of rows in Excel 2007

There is one compelling reason for me to switch to Excel 2007. The number of rows that can be supported is increased from 65,536 to 1,048,576. Apart from rows, the
number of columns has also been expanded from 250 to 16,384. These features are great but their functions are still limited compared to a database system.



I have been looking for a free pdf software to convert documents to pdf format. Adobe Acrobat sold at US$500 per licence is too costly. I finally found dopdf to suit my need.

Every body needs pdf converter. I wonder why it is not included in office suite.


IE8 officially launched today

Microsoft is set to make its Internet Explorer 8 browser available later today. I have tried the beta version for over 4 months. It does not impress me very much. It is not as good as Firefox or Flock. In the light of popularity of social networking, Flock is user-feature richer than any other browsers.









To juniper a network

In the Internet world, the term "to google" means to search the Internet by Google. How about to "juniper a network" ? I came across it when browsing some websites. At a first glance, it could mean applying a Juniper firewall into a network. Hey wait a moment, Juniper is not the number 1 firewall in the market. It should not be used in this way unless Juniper products are dominating the firewall market.


Social networking is now more popular than email on the Internet

Nielsen Online has reported that social networking has overtaken email to become the fourth most popular online product. Social networks and blogs are used by almost two-thirds of all worldwide online users.

This comes as no suprise to me. Almost all of my friends have facebook accounts. We just need to use facebook to keep in touch with each other. Why bother to use email?


Changing my 404 Error Handling Page

Recognizing the 512 bytes limitation of IE browsers in displaying 404 error handling pages, I decided to change my page as follows:

"Woops ... The page you request can not be found under the website www.----.net
Please make sure you type the URLs with correct spelling. Good luck, friend....
Since IE browser can not display error handling pages with less than 512 bytes, I have to add meaningless text to make this page displayable by IE browsers."

The text strings together with html tag add up to 514 bytes.


IE can not display 404 error handling page less than 512 bytes

If you are a system administrator, you will configure 404 error handling page of individual websiites with a few lines say "the URL you typed can not be found in this web, please make sure it is not mistyped". However, IE browser will not display your error handling page if it is less than 512 bytes but with some preset html display of "The page can not be found". No such hassle is found in Firefox.

What IE should impose such a limit? It doesn't make any sense at all.


DJB Award

Dan Julius Bernstein (DJB) offers award of US$1,000 to anyone who can find the first verifiable security bug in his djbdns and qmail.

He has acknowledged an exploitable security flaw in his djbdns software and has made good on a public security guarantee — to pay $1000 to the first person to publicly report a verifiable security hole in the latest version of the popular DNS name server.

For qmail, the award is still valid.


My experiences with CSL pre-paid SIM card

I have one CSL prepaid SIM card which has already been expired on 29 Jan 2009. Though expired, I can still use the card to make outgoing calls and receive incoming calls. CSL gives customers several months for them to re-charge after the expiry. No such flexibility is offered by the other 4 operators in HK, namely Hutchison, SmarTone, PCCW-mobile and Peoples. For the other 4 operators, once a card is expired, the number will be forefeited and the residual value will be confiscated.


衛詩 = 儍女 ?



Setting up SSH tunnel with PuTTY for web browsing

I need to use SSH tunnel to perform web browsing in WiFi hotspots. The procedures for setting up SSH tunnels with PuTTY are as follows:

Web Browser: Use proxy, connect to port 7070

PuTTY: normal SSH login + tunnel

The tunnel should have local port 7070 forward to IP assuming there is a squid daemon running on IP listening on port 3778.


The power of rsync

Rsync is the most powerful command in Unix and Linux for backing up data. It uses checksums to compare local and remote files and only copy files that are different. This effective algorithm is highly efficient. That's why rysnc is used in many backup products.

For me, to back up a directory from one partition to another partition on a regular basis, I normally start a cron task to perform the following:

#rsync -av --delete /source /destination

The parameter --delete is to tell the destination directory to delete those files that are not longer present in the source directory.

Rsync can also be used for backing up between hosts. If ssh is used in conjunction, the transmission of data over Internet is secured.


Wi-Fi Security Measure

Yesterday, I attended the Seminar on Protecting Your WiFi Network and Utilization. There were a lot of recommendations on securing WiFi which include using WPA2+AES, change default SSID, stop broadcasting SSID, MAC address filtering, and not to place APs near windows. Strange, no body mentioned stop DHCP allocation on APs and WiFi client must use a static IP address to connect while the network address is difficult to predict like Even an attacker finds out the key, without being allocated proper IP address and gateway, the attacker can still not get through the AP to connect through other people's network.