2010/01/25

sixy.ch

Sixy.ch is a directory of web sites that are accessible by IPv6. There are now 2952 sites listed. Today, I added my three IPv6 websites into the directory, namely :

www.i3way.net, www.bya.org.hk and www.hoimun-spa.com

All are binded with the IPv6 address of 2001:470:18:16c::2 through tunnel broker of Hurricane Electric.

2010/01/21

TTL of A and AAAA records assigned to a FQDN

Today, I talked with some IT friends about the importance of having identical TTL of A and AAAA records assigned to a fully qualified domain name (FQDN). Take a look at the illustration below:

www.example.com. IN A 300 1.2.3.4
www.example.com. IN AAAA 100 2001:aaaa::1

In an resolver, the AAAA record will disappear in cache after 100 seconds. After that time, an IPv6 only host interrogates the resolver for www.example.com will only get the A records and the target site can not be reached. Similarly, in the case of TTL of AAAA > A, an IPv4 host can only get the AAAA records but due to the lack of IPv6 connectivity, the site can not be reached.

As a rule of thumb, TTL of A and AAAA records assigned to a FQDN must be equal.

2010/01/20

Lack of authoritative IPv6 NTP Servers in Hong Kong

The number of IPv6 servers and hosts in Hong Kong are increasing. Yet there is not an authoritative IPv6 time server to be used by the Internet community in Hong Kong. Though there are IPv6 NTP servers in US or Europe, we can not rely on them to sync server clock due to the latency issue.

In terms of security, all access and event logs must be accompanied accurate time stamp in order to make them trustworthy. The lack of an authoritative IPv6-based standard time server in Hong Kong really affect security aspects of IPv6 servers.

The current Internet standard time service on IPv4 (stdtime.gov.hk) is provided by the Hong Kong Observatory (HKO). I have talked with people in the HKO and they say they might look into the issue in due course. I have no hope this can be resolved quickly as I fully understand that ISPs are reluctant to offer native IPv6 connectivity.

2010/01/19

A new dual-core desktop PC

Over the week-end, I assmbled a new dual-core desktop PC at a cost of HK$2510. I picked the following components:

ASROCK G31M-S motherboard, $300
Intel Dual Core E5400 (2.7 GHz), $530
500 Watt power supply, $ 280
ATX Case, $100
DVD R/W drive, $220
2GB DDR2 800 MHz RAM, $340
Geforce 210 512MB Display card, $340
500 GB Hard Disk, $ 400

The configurartion is not really high-end but it should meet the requirements of a game station.

2010/01/17

HTTPS in Gmail

Congratulation to Google for adopting HTTPS in Gmail in both the authentication session and after-login session. Yahoo mail only uses HTTPS in the login part and everything afterward is unprotected.

2010/01/16

高鐵與我

高鐵與我

一月十六日 (星期六) ,我在立法會門外皇后像廣塲站了一整天,參與「反高鐵,停撥款」的活動。我不是反對興建高鐵香港段接駁國內高速鐵路網,而是覺得這條香港段造價太離普、完全沒有充份諮詢及將來建成後只惠及小部份人。

廣塲有近一萬人,我們全神貫注留意大瑩幕上即時播放議會內的一問一答。當有十五分鐘休會時,我們以唱歌作為輕鬆減壓。奇怪,不單是議員有壓力,連關心的市民也感受到壓力。我可以衷心講句,冗長的發問不是「拉布」,而是涉及很多法律(一地兩檢)、選址 (西九對錦上路)、環保、躁音、交通擠塞、清拆、搬遷及賠償等問題。一眾官員都是問非所答,模稜兩可,絕大部份問題都未有解决方法。

廣塲附近有近百人的苦行隊伍,由幾歲小學生到七十多歲公公婆婆,由「八十後」帶領。他們以齊整的步伐,二十六步一跪,違繞著立法會前行,不讓手上拿着的幾粒米和種子跌下,路過的途人,眼見這情景,無不感動,有些還掉下眼淚。很想向「八十後」和苦行人士說聲多謝,你們喚起港人的良知,不要盲目追求發展,要珍惜現有的環境,愛護家園。

立法會另一邊的遮打花園,有數百名支持興建高鐵的人士,分別是飲食界、旅遊界、建造工人及民建聯支持者。他們真的很有錢呵,可以舞龍舞獅助興,還請不同的舞蹈團表演肚皮舞及流行舞,對於議會內進行討論的事,相信他們都沒有興趣。

其實,以建制派及功能組別的票數,高鐵撥款一定可以通過,但通過之餘,可否考慮一些額外措施,減小受影響,以彌補資詢不足呢。到四時左右,泛民開始提出動議,大部份動議都是對市民及受影響的居民有利的。例如有兩項動議要求港鐵給予新界西和新界東居民乘車優惠,因為日後這两區居民要長途拔涉才可乘拾高鐵,很不幸地兩項動議全被否決。最令人髮指的是有一項動議要求在施工期間,給予大角咀受影響的居民定期發放資訊,也遭否决。既然施工影響居民生活,提供資訊是理所當然的,為何這卑微的要求都不被接納呀 !

撥款通過後,我即時擔心菜園村的命運,我希望用這次活動為菜園村居民所作的一首歌,作為對他們的打氣:

菜園之光 (調寄友誼之光)

人生於世上最緊要個家
一生種下人地情
早上落田用我雙手創豐收
晚來閒話句句溫暖

簡單的快樂
可否再續弦下半生
你的發財大路
可否不進入我家

鄉土共發展(唏)
也可以共存(哈)
只須這路
不兜進我家
這縈縈樂土可不變
Repeat

撥款雖獲通過,但不要忘記這次民間活動也有很多成功的地方。第一,在譽論壓力下,迫使有利益衝突的何鐘泰 (中國建築董事)、石禮磏(港鐵董事)、 林健鋒 (新昌營造非執行董事),陳健波(競投西鐵工程保險項目) 缺席投票。其次政府日後在影響民生的大型基建上要做足諮詢。最重要的還是市民巳察覺到建制派和功能組別的禍害。

人在做,天在看,一月十六日所有投票都是記名的,每位議員的一言一行都會赤裸地暴露在立法會會議紀錄上,一字不漏,千秋萬世,直到永遠。

2010/01/05

ISACA's Business Model for Information Security Model

This picture is the ISACA's Business Model for Information Security.



According to ISACA, the Business Model for Information Security is made up of four elements and six dynamic interconnections. It can be viewed as a three-dimensional model, best visualized as a pyramid. All aspects of the Model interact with each other. If any one part of the Model is changed, not addressed or managed inappropriately, it will distort the balance of the Model.

The Elements are : Organization Design and Strategy, People, Process and Technology.
The Dynamic Interconnections linking these elements are : Culture, Architecture, Governance, Emergence, Enabling and Support, and Human Factor.

Really impressive illustration.