Summary:

If you believe all the hype that spins around about network/internet security, especially coming out of politicians kept in office through exposing their “hands on technology” or espoused by news/forums that get their money by the ‘eye balls count’ then I have some beach front property in Tofoa to sell you.

If you believe, then you need a course in Media Studies 101, how to sell junk while making people believe you’ve served them well.

More Details:

There’s a little storm in a teacup brewing around the blogosphere, news outlets pushing for IE to be replaced because it’s been used (and identified) by Google as a vector for stealing intellectual property from corporates such as themselves.

Apart from the obvious self-serving nature of the “information release.”

Two immediate questions come to mind.

Are Google desktops running Windows 98 or Windows 2000 ? It’s pretty hard to ignore (not get updated) IE7 on Windows XP, and if you’re workstation is kept up to date, then it’s most likely got IE8.

The attack targeted IE6 and Adobe Acrobat(?) so how are these vanguards of technology to be trusted if they’re critical infrastructures are run on 10 year-old software.

I can’t really see how IE6 could be used against Google unless they really hate their own browser (what’s it’s name?) that they would have IE6 still running on their corporate network equipment.

Or, maybe Google have all their accounting systems running on Windows NT or Windows 2000 servers, and no-one secured them properly (why is the administrator on that box doing e-mail and browsing the internet on the server?)

Don’t trust Windows for what you show the world, but run all your internal critical stuff on it?

Google used to be the see no evil, do no evil, company, but they sure like to play tight with announcements and the repercussions of those statements.

If you want to educate yourself instead of trash talking, I suggest the following reads:

Google, China, Chicken Little and Cyber Armageddon. at TrendMicro by Rik Ferguson

China vs. Google (et al) via MSIE... – Stop the Bus at Preach Security by Rafal Los

Oh boy, is Sydney going through a heat wave or what.

Today it’s raining which hopefully means a little reprieve from the heart. Fortunately in this 21st century many can ignore the heat, because we’re contributing to it with all the electricity being burned to keep us cool in our offices.

But, let’s blame the Indians without air-conditioning for causing global warming!!!

Definitely the type of weather that can be fatal for the elderly, not well, without air-conditioning.

Sydney heat is very different than Tonga heat. The heat in Tonga is consistently higher than Sydney, but it is also mixed with a high humidity. In Sydney the heat waves are very dry, suffocating.

The old back-up solution for dry weather is the trusty wet blanket hanging in the wind. Speaking with my Burmese village friend. The practise in his village was to hang up wet blankets to help put back moisture into the air.

We had an old fan, back in the day, that looked like an air-conditioning window unit, except all it was was a boxed fan with a large tray of water underneath.

Hope all is well with you and yours.

Just finished reading CJ Cherry’s fantasy/science fiction novel “Hammerfall” and found the book very enjoyable with great imagery as the author weaves a story mixing future generation space travel, genetics overarching a tribal/medieval desert terrain society seeking right and wrong, extremism and survival.

Just trialling our Documents page and have uploaded / tagged a few to show how it easy it is for the content developers, as well as for the end-users.

HarperCollins Review: One of the most renowned figures in science fiction, C.J. Cherryh has been enthralling audiences for nearly thirty years with rich and complex novels. Now at the peak of her career, this three-time Hugo Award winner launches her most ambitious work in decades, Hammerfall, part of a far-ranging series, The Gene Wars, set in an entirely new universe scarred by the most vicious of future weaponry, nanotechnology. In this brilliant novel -- possibly Cherryh's masterwork -- the fate of billions has come down to a confrontation between two profoundly alien cultures on a single desert planet.

"The mad shall be searched out and given to the Ila's messengers. No man shall conceal madness in his wife, or his son, or his daughter, or his father. Every one must be delivered up." -- The Book of the Ila's Au'it

Marak has suffered the madness his entire life. He is a prince and warrior, strong and shrewd and expert in the ways of the desert covering his planet. In the service of his father, he has dedicated his life to overthrowing the Ila, the mysterious eternal dictator of his world. For years he has successfully hidden the visions that plague him -- voices pulling him eastward, calling Marak, Marak, Marak, amid mind-twisting visions of a silver tower. But when his secret is discovered, Marak is betrayed by his own father and forced to march in an endless caravan with the rest of his world's madmen to the Ila's city of Oburan.

Instead of death, Marak finds in Oburan his destiny, and the promise of life -- if he can survive what is surely a suicidal mission. The Ila wants him to discover the source of the voices and visions that afflict the mad. Despite the danger sof the hostile desert, tensions within the caravan, and his own excruciating doubts, Marak miraculously reaches his goal -- only to be given another, even more impossible mission by the strange people in the towers.

According to these beings who look like him yet act differently than anyone he has ever known, Marak has a slim chance to save his world's people from the wrath of Ila's enemies. But to do so, he must convince them all -- warring tribes, villagers, priests, young and old, as well as the Ila herself -- to follow him on an epic trek across the burning desert before the hammer of the Ila's foes falls from the heavens above.

Written with deceptive simplicity and lyricism, this riveting, fast-paced epic of war, love, and survival in a brave new world marks a major achievement from the masterful C.J. Cherryh.

Ko e ki’i post fakaangaanga atu pe ‘eni, ngaue’aki ‘a e “Windows Live Writer” ke create ‘a e post (hange pe hano fa’u pe open he Word ‘o toki send ki he website.) I guess it works ? Pictures and all.

Shell Programming and Scripting

There’s always Google and Live Search, but the Shell Programming and Scripting forums look just like the place to wander around to learn more about that scripting environment called unix shell.

It’s amazing the simple things in life that can get people’s nickers in a knot.

After the web learned earlier this week that the final name of Vista's successor was Windows 7, all hell broke loose. The general consensus was that Windows 7 wasn't a bad name, but the reasoning behind it wasn't very clear. Many couldn't figure out how Microsoft had reached the number 7 (I'll give you a hint: they were looking at the kernel version number, instead of counting every single minor and major Windows release). But then others wanted to know why the current builds of Windows 7 were at kernel version 6.1, not 7.0.
Mike Nash, Corporate VP of Windows Product Management, chimed in again on the Windows Vista Team Blog with the official explanation:
"So we decided to ship the Windows 7 code as Windows 6.1 - which is what you will see in the actual version of the product in cmd.exe or computer properties. There's been some fodder about whether using 6.1 in the code is an indicator of the relevance of Windows 7. It is not. Windows 7 is a significant and evolutionary advancement of the client operating system. It is in every way a major effort in design, engineering, and innovation. The only thing to read into the code versioning is that we are absolutely committed to making sure application compatibility is optimized for our customers."
Read full story...

Final release of Windows 7 to have kernel version 6.1
Sicarius
Thu, 16 Oct 2008 14:31:37 GMT

The more amazing news is that there is still so much code out there in the world with seriously broken code like.

if ( major_version != X ) then
   exit

When was it were were told to write code that allowed you to write

if ( os.major_version < X ) then
   exit
if ( os.major_version > X ) then
  potential_compatability_warning

Maybe MS should ship with their SDK’s a switch to increment the os version during the debug sessions?

An interesting announcement in Tonga letting organisations register themselves online. Great new service feature although of what little I know of the business’ in Tonga the number of organisations who are capable of taking advantage of this new service has to be significantly and there are a number of alternative IT services that could have been instigated (at a lower cost) with higher value for both the Government and Private Sector.

Tonga’s Electronic Company Registry, 1st in the Pacific Goes Live Today

Tuesday, 01 December 2009 14:36 administrator GOVERNMENT - Ministries & Departments

1 December 2009

Today, the Ministry for Labour, Commerce & Industries announced …the launching of the new electronic company registry. The Registry, the first of its kind for a sovereign nation in the Pacific, simplifies business registration procedures and reduces the time it takes to start a business.

…

"The system makes it easier for business to register and, once they do, will house their records securely and safely online," …

Tonga is the first nation in the Pacific to have such an electronic registry, and this system is based on the same software used in the New Zealand Companies Office. Firms bringing in their registration documents will have the paperwork entered into the electronic system by Ministry staff …

To ensure all records are transferred online, the Tongan government requires all companies to re-register within six months. …

ENDS

Issued by the: Ministry of Labour, Commerce and Industries, Nuku'alofa.

Just to be pedantic.

IFC, financed by the World Bank and New Zealand, modifies software the New Zealand Government has already paid for. Implements this in Tonga as part of New Zealand’s and WB general Pacific Aid program. I hope this was a ‘grant.’

It’s good to see they’ve gone for implementing something that already ‘works’ and hopefully there were enough skills on both sides (from their side and our side, [however that’s defined]) to make sure the idiosyncrasies of the local populace are adapted into the ‘system.’ (And I don’t mean liliu faka-tonga ee ngaahi fo’i lea fakapapalangii.)

Security ? Did anyone mention Security ?

It seems the above package is such a great deal, they the Government of Tonga has to relinquish all control of the system and let it be operated in “New Zealand.” The press releases aren’t too clear on the details, but for some absurd reason recent hacks on Australian Government websites do not preclude me from thinking that just because the stupid thing is in New Zealand isn’t going to make it any more secure than the Tongans in New Zealand?

Did we not just get a security alert this month regarding Man in the Middle Hijack’s of HTTPS (SSL) connections ? Warnings only came out last month (November) has the ‘system’ been updated and tested.

OpenSSL TLS Session Renegotiation Plaintext Injection Vulnerability

A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to manipulate certain data.

The vulnerability is caused due to an error in the TLS protocol while handling session re-negotiations. This can be exploited to insert arbitrary plaintext before data sent by a legitimate client in an existing TLS session via Man-in-the-Middle (MitM) attacks.

Successful exploitation may allow e.g. sending an arbitrary HTTP request under an authenticated context if certificate-based authentication is used by the server.

English Translation: Secured web access is a fat dream until this is fixed.

When the next big vulnerability occurs, is there a reputable process for reviewing the risks and implementing a change process, or do we just cross our fingers and hope the whackers go somewhere else?

It would be sad to hear that Tonga also becomes the 1st country in the Pacific with it’s electronic Company Registry republished out of Russia.

Not that we’re too used with Government sharing information about the risks they' are taking with our private data, but this project is rather extensive in the private information they store and make available on the Internet. It may have been a good time to be ahead of the game in having some processes and audit systems in place ?

Australia and New Zealand have their ISO standard 27001:2006 that provides a framework to maximise security of the service and your private data. Do Tonga corporations deserve the same level of protection, or is it OK to let it slide in the Pacific?

Don’t worry, they won’t notice.

Very near and recent security breaches include:

Hacked: Ministry of Information, Tonga (Today Dec 1st) – Joomla website (nice and beautiful Web Content Management System, but seems to be high on the list of hackable systems with plenty of security alerts every week.)

Joomla seems to be the flavour of the month with the Government of Tonga at the moment (“it’s easy”) so hopefully the crude, rude statement above doesn’t start showing up on the rest of the unpatched systems for Tonga.

And don’t even go to one of those links to the site, just don’t do it until the site is fixed.

Hacked: Australian Prime Minister’s Website (September, 2009)

The prime minister's website has been hacked into in protest over proposed reforms of internet censorship.

The website, www.pm.gov.au, was brought down at about 7.20pm (AEST) on Wednesday night along with that of the Australian Communications and Media Authority, but both were back online about an hour later.

Hacked: JB Hifi (Today Dec 1st, 2009)

JB Hi-Fi's websites in Australia and New Zealand were redirecting customers to malicious web pages over the weekend in a cyber attack in the lead-up to Christmas.

The exact details of the attack are not yet clear as the retailer has refused to comment but users first started reporting problems on Friday night.

Visitors to jbhifi.com.au reported being automatically redirected to Chinese websites carrying malware. Similar issues affected JB Hi-Fi's New Zealand website, which is hosted on the same server.

Those with anti-virus software and fully patched internet browsers would have been alerted to the security issue upon visiting the page but people without up-to-date protection could be infected without even knowing.

Liability, Culpability

And what happens when after repeated concerns from company clients, data loss continues to leak and damage occurs to the a company through this data loss?

News this week points at Restaurants in the USA suing the vendor of a credit payment point of sale device that allowed identities of clients to be stolen costing these restaurants millions in penalties, operational reviews,

Threat Level Privacy, Crime and Security Online

Restaurants Sue Vendor for Unsecured Card Processor

Seven restaurants have sued the maker of a bank card-processing system for failing to secure the product from a Romanian hacker who breached their systems.

The restaurants, located in Louisiana and Mississippi, have filed a class-action suit against Georgia-based Radiant Systems for producing a point-of-sale (POS) system that they say was not compliant with payment card industry security standards and resulted in an undetermined number of customers having their debit and credit card numbers stolen.

Vaporizing Sione Halasika

There’s apparently a different explanation when nurses, or mum’s, use the term vaporizing.

‘Ofa said yesterday that she keeps forgetting to vaporize Sione Halasika, and I was a little concerned and asked her why she wanted to vaporize Sione Halasika (as in the SciFi et. al. term for terminating, removing all existence, taking all the vapors out of a person leaving only the dust from which we were formed.)

So, apparently vaporizing is some term the ‘medical’ field uses for wafting vapors through someone’s nasal system? Otherwise known as:

• getting a bowl of steaming water with a drop of some ointment (like Vicks)
• getting under blanket
• letting that vaporized ointment up through the nasal system.

Seems to be some old school medication system that still works in today’s Instant Noodle medicine world.

Wii Wii – we need a better name

The kids are on their two week vacation, so there’s four mouths in the house 24/7 for the next two weeks. The weather is quite unhelpful being windy, cold, and on the touch side of drizzling wet.

We can’t get the kids out, they’re locked in all day for two weeks, what’s to keep a mother sane (or dad for the 2 days he’s at home?) Get the Wii.

We went ahead and got the Nintendo Wii as something to help keep the kids sane and active while in doors for the next two weeks.

After a days trial and tribulation, Ma’ata Ngalo’afe asks a poignant question.

Dad, W-I-I, wii. Why is it called the wii, when we go to the toilet it’s called wii wii and the games called the wii. That’s not a good name, we have to think of another name.

so, there you go. After getting exhausted with boxing, bowling, tennis, and kart racing. Today we’ll think of a ‘better’ name for the Wii.

Leave it to Dare Obasanjo to finally make a decent summary of what is the Windows Haze.

Disclaimer: What follows are my personal impressions from using the beta version of Windows Azure. It is not meant to be an official description of the project from Microsoft, you can find that here.

…

What is it?

Before talking about a cloud computing platform, it is useful to agree on definitions of the term cloud computing. Tim O'Reilly has an excellent post entitled Web 2.0 and Cloud Computing where he breaks the technologies typically described as cloud computing into three broad categories

…

To try out Azure you need to be running Windows Server 2008 or Windows Vista with a bunch of prerequisites you can get from running the Microsoft Web Platform installer.

…

…, I find the Live Services piece (access to user data in a uniform way) and the SQL Services (hosted storage) most interesting. I will likely revisit them in more depth at a later date.

…

It would be interesting to read [or write] further thoughts on the pros and cons of Platform as a Service offerings when compared to Utility Computing offerings. … it would be informative to look at the topic from more angles…

Windows Azure from a Developer's Perspective
Dare Obasanjo
Mon, 03 Nov 2008 10:04:04 GMT

Sometimes Microsoft can be at fault for not even understanding their own message, and then there are the times when even the fanboys and detractors just don’t have a clue.

Looking back at a present past

Stuart was there at the onset of the consumer focussed Internet and brings us an interesting perspective of how the toolsets we now use evolved.

It was 10 years ago today that I first got involved with the Mozilla project.

As I once said: “I did, like, some random, like, little basic things.“

In the beginning…

It all started sometime in 1995 when I started running Linux.  Sometime over the next couple of years I decided to write a GUI email client.  Ironically, the only real option at the time was Netscape Communicator.  GTK+ and GNOME were both new and I decided to go with them as my toolkit of choice.  Eventually I ended up with the Balsa email client.  Through my journey with the Linux desktop I had gotten to know a number of people, including one Mike Shaver who at the time was at Netscape.

Stuart Parmenter: Ten Years
Thu, 23 Oct 2008 13:26:15 GMT

People easily forget that ‘today’ started off quite a long time ago and with quite a bit of sweat for some people.