With four little kids running around screaming their heads off, it’s time to really get down and look at how are we going to help with these kid’s education.

Strangely enough there’s a youtube story to that.

http://www.khanacademy.org

The Khan Academy is a not-for-profit organization with the mission of providing a high quality education to anyone, anywhere.

We have 1000+ videos on YouTube covering everything from basic arithmetic and algebra to differential equations, physics, chemistry, biology and finance which have been recorded by Salman Khan.

Looked at one of his videos and they really are good!!!

It’s not a classroom teaching video, it’s about using the video technology as appropriate for the material being taught (oh what a strange concept?)

I’ve watched, listened to a lot of University Course Videos/Audios and they are horrendous except for the diehard fanatic. Salman Khan’s videos is something that would be interesting and participatory to the learner, not just informational.

Grab a copy, go online.

An interesting announcement in Tonga letting organisations register themselves online. Great new service feature although of what little I know of the business’ in Tonga the number of organisations who are capable of taking advantage of this new service has to be significantly and there are a number of alternative IT services that could have been instigated (at a lower cost) with higher value for both the Government and Private Sector.

Tonga’s Electronic Company Registry, 1st in the Pacific Goes Live Today

Tuesday, 01 December 2009 14:36 administrator GOVERNMENT - Ministries & Departments

1 December 2009

Today, the Ministry for Labour, Commerce & Industries announced …the launching of the new electronic company registry. The Registry, the first of its kind for a sovereign nation in the Pacific, simplifies business registration procedures and reduces the time it takes to start a business.

…

"The system makes it easier for business to register and, once they do, will house their records securely and safely online," …

Tonga is the first nation in the Pacific to have such an electronic registry, and this system is based on the same software used in the New Zealand Companies Office. Firms bringing in their registration documents will have the paperwork entered into the electronic system by Ministry staff …

To ensure all records are transferred online, the Tongan government requires all companies to re-register within six months. …

ENDS

Issued by the: Ministry of Labour, Commerce and Industries, Nuku'alofa.

Just to be pedantic.

IFC, financed by the World Bank and New Zealand, modifies software the New Zealand Government has already paid for. Implements this in Tonga as part of New Zealand’s and WB general Pacific Aid program. I hope this was a ‘grant.’

It’s good to see they’ve gone for implementing something that already ‘works’ and hopefully there were enough skills on both sides (from their side and our side, [however that’s defined]) to make sure the idiosyncrasies of the local populace are adapted into the ‘system.’ (And I don’t mean liliu faka-tonga ee ngaahi fo’i lea fakapapalangii.)

Security ? Did anyone mention Security ?

It seems the above package is such a great deal, they the Government of Tonga has to relinquish all control of the system and let it be operated in “New Zealand.” The press releases aren’t too clear on the details, but for some absurd reason recent hacks on Australian Government websites do not preclude me from thinking that just because the stupid thing is in New Zealand isn’t going to make it any more secure than the Tongans in New Zealand?

Did we not just get a security alert this month regarding Man in the Middle Hijack’s of HTTPS (SSL) connections ? Warnings only came out last month (November) has the ‘system’ been updated and tested.

OpenSSL TLS Session Renegotiation Plaintext Injection Vulnerability

A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to manipulate certain data.

The vulnerability is caused due to an error in the TLS protocol while handling session re-negotiations. This can be exploited to insert arbitrary plaintext before data sent by a legitimate client in an existing TLS session via Man-in-the-Middle (MitM) attacks.

Successful exploitation may allow e.g. sending an arbitrary HTTP request under an authenticated context if certificate-based authentication is used by the server.

English Translation: Secured web access is a fat dream until this is fixed.

When the next big vulnerability occurs, is there a reputable process for reviewing the risks and implementing a change process, or do we just cross our fingers and hope the whackers go somewhere else?

It would be sad to hear that Tonga also becomes the 1st country in the Pacific with it’s electronic Company Registry republished out of Russia.

Not that we’re too used with Government sharing information about the risks they' are taking with our private data, but this project is rather extensive in the private information they store and make available on the Internet. It may have been a good time to be ahead of the game in having some processes and audit systems in place ?

Australia and New Zealand have their ISO standard 27001:2006 that provides a framework to maximise security of the service and your private data. Do Tonga corporations deserve the same level of protection, or is it OK to let it slide in the Pacific?

Don’t worry, they won’t notice.

Very near and recent security breaches include:

Hacked: Ministry of Information, Tonga (Today Dec 1st) – Joomla website (nice and beautiful Web Content Management System, but seems to be high on the list of hackable systems with plenty of security alerts every week.)

Joomla seems to be the flavour of the month with the Government of Tonga at the moment (“it’s easy”) so hopefully the crude, rude statement above doesn’t start showing up on the rest of the unpatched systems for Tonga.

And don’t even go to one of those links to the site, just don’t do it until the site is fixed.

Hacked: Australian Prime Minister’s Website (September, 2009)

The prime minister's website has been hacked into in protest over proposed reforms of internet censorship.

The website, www.pm.gov.au, was brought down at about 7.20pm (AEST) on Wednesday night along with that of the Australian Communications and Media Authority, but both were back online about an hour later.

Hacked: JB Hifi (Today Dec 1st, 2009)

JB Hi-Fi's websites in Australia and New Zealand were redirecting customers to malicious web pages over the weekend in a cyber attack in the lead-up to Christmas.

The exact details of the attack are not yet clear as the retailer has refused to comment but users first started reporting problems on Friday night.

Visitors to jbhifi.com.au reported being automatically redirected to Chinese websites carrying malware. Similar issues affected JB Hi-Fi's New Zealand website, which is hosted on the same server.

Those with anti-virus software and fully patched internet browsers would have been alerted to the security issue upon visiting the page but people without up-to-date protection could be infected without even knowing.

Liability, Culpability

And what happens when after repeated concerns from company clients, data loss continues to leak and damage occurs to the a company through this data loss?

News this week points at Restaurants in the USA suing the vendor of a credit payment point of sale device that allowed identities of clients to be stolen costing these restaurants millions in penalties, operational reviews,

Threat Level Privacy, Crime and Security Online

Restaurants Sue Vendor for Unsecured Card Processor

Seven restaurants have sued the maker of a bank card-processing system for failing to secure the product from a Romanian hacker who breached their systems.

The restaurants, located in Louisiana and Mississippi, have filed a class-action suit against Georgia-based Radiant Systems for producing a point-of-sale (POS) system that they say was not compliant with payment card industry security standards and resulted in an undetermined number of customers having their debit and credit card numbers stolen.

OpenBSD Fanboys woke up to this year’s NOC report from Defcon 2009 with some vindication, validation, and just general “whooo haaaaa”

Wired Magazine recently updated their ‘coverage’ of the network construction for Defcon 2009 Las Vegas under the title “Inside the worlds most hostile network”, a follow-up to 2008’s “A First ever look inside the Defcon Network Operations Center” with a clientele that lists:

* circa 10,000 hackers, crackers, feds, spies, corporates, and noobs

* 100 GB Internet download traffic in 2 days

To cater for the connectivity requirements of this hostile collection (excluding voice services, presumably.) The Goons set up:

* 50 wireless access points, each in their VLAN

* 25 wired VLANs

* Mirrored ports for general access to monitoring traffic

* Secured Toilet and Sink (critical)

* Physical separation of sensitive equipment

* Ceiling access (to place and secure the wireless access points)

* Cables

* Booz (better known as liquid refreshments)

The amazing thing are the people/Goons who put the system together, and their choice of tools shortlisted to being:

* 50 wireless access points, Aruba (AP-70 noted as the model for 2008)

* Aruba Rack (handles encryption et. al. for access points)

* OpenBSD pf – firewall

* Cacti for GUI monitoring

Whoo haaa

Just finished reading CJ Cherry’s fantasy/science fiction novel “Hammerfall” and found the book very enjoyable with great imagery as the author weaves a story mixing future generation space travel, genetics overarching a tribal/medieval desert terrain society seeking right and wrong, extremism and survival.

Just trialling our Documents page and have uploaded / tagged a few to show how it easy it is for the content developers, as well as for the end-users.

HarperCollins Review: One of the most renowned figures in science fiction, C.J. Cherryh has been enthralling audiences for nearly thirty years with rich and complex novels. Now at the peak of her career, this three-time Hugo Award winner launches her most ambitious work in decades, Hammerfall, part of a far-ranging series, The Gene Wars, set in an entirely new universe scarred by the most vicious of future weaponry, nanotechnology. In this brilliant novel -- possibly Cherryh's masterwork -- the fate of billions has come down to a confrontation between two profoundly alien cultures on a single desert planet.

"The mad shall be searched out and given to the Ila's messengers. No man shall conceal madness in his wife, or his son, or his daughter, or his father. Every one must be delivered up." -- The Book of the Ila's Au'it

Marak has suffered the madness his entire life. He is a prince and warrior, strong and shrewd and expert in the ways of the desert covering his planet. In the service of his father, he has dedicated his life to overthrowing the Ila, the mysterious eternal dictator of his world. For years he has successfully hidden the visions that plague him -- voices pulling him eastward, calling Marak, Marak, Marak, amid mind-twisting visions of a silver tower. But when his secret is discovered, Marak is betrayed by his own father and forced to march in an endless caravan with the rest of his world's madmen to the Ila's city of Oburan.

Instead of death, Marak finds in Oburan his destiny, and the promise of life -- if he can survive what is surely a suicidal mission. The Ila wants him to discover the source of the voices and visions that afflict the mad. Despite the danger sof the hostile desert, tensions within the caravan, and his own excruciating doubts, Marak miraculously reaches his goal -- only to be given another, even more impossible mission by the strange people in the towers.

According to these beings who look like him yet act differently than anyone he has ever known, Marak has a slim chance to save his world's people from the wrath of Ila's enemies. But to do so, he must convince them all -- warring tribes, villagers, priests, young and old, as well as the Ila herself -- to follow him on an epic trek across the burning desert before the hammer of the Ila's foes falls from the heavens above.

Written with deceptive simplicity and lyricism, this riveting, fast-paced epic of war, love, and survival in a brave new world marks a major achievement from the masterful C.J. Cherryh.

Ko e ki’i post fakaangaanga atu pe ‘eni, ngaue’aki ‘a e “Windows Live Writer” ke create ‘a e post (hange pe hano fa’u pe open he Word ‘o toki send ki he website.) I guess it works ? Pictures and all.

I’m as much a fanboy of Open Source as the next fella, but sometimes the fanboys for Linux, passing themselves off as journalists just don’t make any economic sense.

The Ubuntu Podcast #19 lead me to a blog post “French Lawmakers Hope to Inspire Linux Revolution” from the New York Times?

If the French National Assembly gets its way, the open-source Linux operating system will take over the governments of Europe, seizing on a weak economy to displace Windows.

About 18 months ago, the Assembly shifted from running Windows on the 1,100 computers of its members and their assistants to running a version of Linux called Ubuntu. (I profiled the rise of Ubuntu in a recent article.) According to Rudy Salles, vice president of the assembly, the decision to abandon Microsoft’s Windows software was both an economic and political gesture.

Fanboyish Articles like this really hurts the credibility of the Open Source ‘movement’ even if they do inspire some PR. Dig in and see if you can find assertions by the French Parliamentarians that such a “Linux Revolution” is actually being pushed.

1st (Article dated: January 21, 2009) If the French had known 18 months ago that we would be in the economic down spiral we’re in now, they sure picked the wrong thing to be worrying about (Operating Systems on PCs) and have shown themselves fiscally incompetent and any further discussion in that matter is banal.

Seriously people if the French knew 18 months ago that people would be losing jobs and homes on an unprecedented scale, what were they doing with that knowledge? If I were French it would seem an appropriate time to tear the government down for continuing signs of idiocy.

2nd 500,000 euro saving over 5 years on licensing an OS is such a stupid number. They could have quoted $15 million over 5 years and we’d still have no clue what that number’s supposed to mean. Let alone 500,000 euro being a lot less now than 18 months ago.

Shifting 11,000 PCs already running an OS to another OS seems something only politicians can dream of as fiscally responsible. How much would you consider will be the cost in man hours to complete the installation and reconfiguration of support infrastructure for these 11,000 PCs ?

Just because the OS is free doesn’t mean that it magically puts itself onto all the machines, nor correct itself if somehow the PC is different enough to have unique requirements. And those 11,000 PCs aren’t identical so the variations of installation/configuration is very large.

Oh, but they say that there’s no support overhead (oops, much much lower overhead) for Ubuntu than Windows, and they have all of FIVE (or maybe more) case studies for this too.

Amazing how people who don’t do support, or have even done a valid study of it, can be so authoritative.

3rd Open Source Software is good for the local economy

This is a rich distortion field argument. So, the company that got the contract is somehow not self-serving to state that because Microsoft doesn’t pay taxes in France that it’s better for the local economy to hire his company to roll out solutions. We’ll just ignore the stupid French tax payers who actually make money from using the Microsoft Ecosystem building and releasing products and services. Because obviously they’re not real French people ?

Dude, I can’t stand most Americans speaking in English. I don’t know how the French (as alluded by the post) have been able to stand the Americans providing so much of their training, installations, documentation in Americanised French (or have they all been delivered in American English?)

Ubuntu is a great product, and I use it everyday on my desktop and servers I manage but there are enough limitations on it that I’m more than willing to spend my money and also have a MS Windows machine with purchased software running on it. The above article is just lame, sounds authoritative because its from the New York Times, but could have been much better done.

Summary:

If you believe all the hype that spins around about network/internet security, especially coming out of politicians kept in office through exposing their “hands on technology” or espoused by news/forums that get their money by the ‘eye balls count’ then I have some beach front property in Tofoa to sell you.

If you believe, then you need a course in Media Studies 101, how to sell junk while making people believe you’ve served them well.

More Details:

There’s a little storm in a teacup brewing around the blogosphere, news outlets pushing for IE to be replaced because it’s been used (and identified) by Google as a vector for stealing intellectual property from corporates such as themselves.

Apart from the obvious self-serving nature of the “information release.”

Two immediate questions come to mind.

Are Google desktops running Windows 98 or Windows 2000 ? It’s pretty hard to ignore (not get updated) IE7 on Windows XP, and if you’re workstation is kept up to date, then it’s most likely got IE8.

The attack targeted IE6 and Adobe Acrobat(?) so how are these vanguards of technology to be trusted if they’re critical infrastructures are run on 10 year-old software.

I can’t really see how IE6 could be used against Google unless they really hate their own browser (what’s it’s name?) that they would have IE6 still running on their corporate network equipment.

Or, maybe Google have all their accounting systems running on Windows NT or Windows 2000 servers, and no-one secured them properly (why is the administrator on that box doing e-mail and browsing the internet on the server?)

Don’t trust Windows for what you show the world, but run all your internal critical stuff on it?

Google used to be the see no evil, do no evil, company, but they sure like to play tight with announcements and the repercussions of those statements.

If you want to educate yourself instead of trash talking, I suggest the following reads:

Google, China, Chicken Little and Cyber Armageddon. at TrendMicro by Rik Ferguson

China vs. Google (et al) via MSIE... – Stop the Bus at Preach Security by Rafal Los

Oh boy, is Sydney going through a heat wave or what.

Today it’s raining which hopefully means a little reprieve from the heart. Fortunately in this 21st century many can ignore the heat, because we’re contributing to it with all the electricity being burned to keep us cool in our offices.

But, let’s blame the Indians without air-conditioning for causing global warming!!!

Definitely the type of weather that can be fatal for the elderly, not well, without air-conditioning.

Sydney heat is very different than Tonga heat. The heat in Tonga is consistently higher than Sydney, but it is also mixed with a high humidity. In Sydney the heat waves are very dry, suffocating.

The old back-up solution for dry weather is the trusty wet blanket hanging in the wind. Speaking with my Burmese village friend. The practise in his village was to hang up wet blankets to help put back moisture into the air.

We had an old fan, back in the day, that looked like an air-conditioning window unit, except all it was was a boxed fan with a large tray of water underneath.

Hope all is well with you and yours.

Vaporizing Sione Halasika

There’s apparently a different explanation when nurses, or mum’s, use the term vaporizing.

‘Ofa said yesterday that she keeps forgetting to vaporize Sione Halasika, and I was a little concerned and asked her why she wanted to vaporize Sione Halasika (as in the SciFi et. al. term for terminating, removing all existence, taking all the vapors out of a person leaving only the dust from which we were formed.)

So, apparently vaporizing is some term the ‘medical’ field uses for wafting vapors through someone’s nasal system? Otherwise known as:

• getting a bowl of steaming water with a drop of some ointment (like Vicks)
• getting under blanket
• letting that vaporized ointment up through the nasal system.

Seems to be some old school medication system that still works in today’s Instant Noodle medicine world.

Wii Wii – we need a better name

The kids are on their two week vacation, so there’s four mouths in the house 24/7 for the next two weeks. The weather is quite unhelpful being windy, cold, and on the touch side of drizzling wet.

We can’t get the kids out, they’re locked in all day for two weeks, what’s to keep a mother sane (or dad for the 2 days he’s at home?) Get the Wii.

We went ahead and got the Nintendo Wii as something to help keep the kids sane and active while in doors for the next two weeks.

After a days trial and tribulation, Ma’ata Ngalo’afe asks a poignant question.

Dad, W-I-I, wii. Why is it called the wii, when we go to the toilet it’s called wii wii and the games called the wii. That’s not a good name, we have to think of another name.

so, there you go. After getting exhausted with boxing, bowling, tennis, and kart racing. Today we’ll think of a ‘better’ name for the Wii.

Like most people, that wonderful collection of DVDs gathereth dust smudgy fingers, until you get kids.

And then the lifetime of said media plummets to days instead of the vaunted years.

I’m getting tired of trying out trialware that copies some dvds fine and just totally barfs on others. Linux wasn’t doing me any favours either but I’m going back there again with a few things to try:

Routed through: read # this # aloud

sudo /usr/share/doc/libdvdread4/install-css.sh

Installs libdvdcss libraries from medibuntu.  Now to get back to trying out acidrip et. al.

dvdbackup –i /dev/dvd –M –o path-for-storage/

I won’t be burning to disk, since I want to watch them on the computer(s) but apparently the way to get the things back to disk is:

growisofs -speed 1 -dvd-compat -Z /dev/dvdrw -dvd-video path-for-storage/MOVIETITLE/

For the truelly insane, or click-click amongst us, Ubuntu’s ‘Medibuntu’ (Multimedia, Entertainment & Distractions in Ubuntu) might be an appropriate distraction. I suppose adding it to your Ubuntu source list is the simplest thing you can do.

Ctrl+Alt+Del does work.

[ref: Ubuntu Send Ctrl+Alt+Del command to VMware Server VM]

Problem:

Using the VMWare Console client in Ubuntu (i386) 8.10, I can’t send Ctrl+Alt+Del so I can log into my Win 2003 Server Guest.

On the Windows hosted VMWare Console, we can either send Ctrl+Alt+Shift (as a proxy for .+.+Del,) or select a menu option. Neither option seeming to work.

Solution:

Use the “Del” key on the numeric keypad.

Ctrl+Alt+Del sends the appropriate key sequence if you use the “Del” key on the numeric keypad. That is: Ctrl+Alt+[numeric-keypad]Del.

More Information:

Server: Ubuntu 8.10 64bit running VMWare Server 2.0

VM: Windows 2003 Server SE

Client: Ubuntu 8.10 Gnome, Firefox 3.0.7

We’ve moved a number of WMWare VM’s onto a dedicated Ubuntu box (previously hosted on VMWare Server on a Windows box.) One of the features we get with the new VMWare Server 2.0 is that the console app behaves differently between the Windows version and the Linux version.

The Server is free and more than functionally adequate for our needs, except for the glaring problems we’ve been having trying to connect to Windows VMs.

If you follow through links you’ll find that grabbing the right values from keyboarded presses becomes non-trivial when you begin to traverse different languages (and their keyboards) then through to virtual connections and their inherent lingua theorems.