Spam messages in Facebook

Can't really figure out how this is possible, even applications that you install shouldn't be allowed to send chat messages on your behalf.  Perhaps browser malware?

Any ideas, anyone?

INTERNET. SERIOUS BUSINESS.

Serious business indeed.

Broken Promises

We know we live in the intersection of two worlds: Adam's and Jesus'.  But it is still painful to not do what we want, or even should be.

Barely half a year, and I've already failed at keeping my promises made to her in public...

Forgiveness was already given at the Cross, but we really would need God's help to keep changing to become more Christlike...

+1 Skill: Repair Toilet

One skill needed in marriage: repairing leaky toilets.

Problem is the toilet seems to be leaking still?  Argh.

Encouraged

I'm glad that the younger ones didn't only learn from the older ones.  They even went one step further: they took the initiative and started what we (especially myself) didn't do.

The only thing left is to commit to God all our plans, and work hard together at making it true.

Christmas Isn't Christmas Without Christ

Imagine celebrating the birthday of someone without giving two hoots about the person whose birthday you're celebrating.

Celebrating Christmas in Singapore

Went for the briefing this evening, then for supper with a few others. What struck me was how organized this is, but even more so how much effort all these people are putting into this, even with their own schedules.

Well, do look out for the Christmas Village at Plaza Singapura and the mini displays along Orchard Road! For more info you can check out http://celebratechristmasinspore.blogspot.com/ ;)

Broken

Everything is just, broken.

Sigh.

Disappointment? Anger? Sadness? Bitterness?

Everytime I hear any story/news with regards to that particular person, it is always a continuation of that long string of rubbish from her.

Everytime I hear any story/news with regards to that particular person, I don't know what is it that I feel anymore:  disappointment, anger, sadness, bitterness, or just a combination of everything.

Everytime I hear any story/news with regards to that particular person, I really wish to make her allegations come true anyway..

JkDefrag is good

After running CCleaner and clearing what I could from my C:, was still left with only 500MB of space there...

Then after running JkDefrag, the free space consolidated...and registered as 5GB =D

Windows Vista's defrag probably isn't working as it should...

You can get JkDefrag from here:

http://www.kessels.com/Jkdefrag/

PortableApps junkies can get it as a portable format:

http://portableapps.com/apps/utilities/jkdefrag_portable

Excited

I so want to code for the iPhone/iPod Touch man~

But don't have the tools necessary...yet?

Google Chrome

Google Chrome (Google's open source browser) has been revealed!

Speak properly

=D (from here)

E's birthday dinner

Some more pictures, this time from my baby niece's birthday dinner sometime back ="P

Housewarming

Some pictures from our housewarming a few weeks back =P

Beetle + Square = Origami

This is really fascinating... Check out Robert Lang's website also for the TreeMaker software as mentioned in his talk.

Who is the Lord...? I don't know the Lord...

(From Exodus 5:2) But Pharaoh said, “Who is the Lord...? I do not know the Lord...”

Words cannot describe the sadness, fear and helplessness that I feel now.

The Pharaoh was a guy who had no knowledge of, and gave no attention to who this so-called God is, as brazenly reflected in his reply to Moses and Aaron.

As some of us may know, he (and his country) didn't come to a good end even in that story, having being subjected to a variety of massive plagues and punishments, including the loss of his firstborn son. All as a punishment from God for his defiance at the Creator.

The story also pointed forwards, to the time when Jesus will come back, and every knee will bow, every tongue confess that Jesus the Christ is Lord. There will only be two different groups of people: who say Jesus is their King, and those who (are forced to) say that Jesus is the King.

Of course we don't deny God (and Christ) in the same way as the Pharaoh did. But are we doing so in the way we live our lives?

Yes yes yes...we go to church, we've come to know and verbally affirm our belief in what's right and true... but just looking at the way I've been thinking about things, how I've spent my time, how I acted in different situations, what were the things I talked to people about... only showed that I don't acknowledge the Creator either.

Take work for example: when the demands of work come into conflict with the things that need to be done in service of God, be it spending time with my wife or just going to cell group for group bible study and fellowship, what takes precedence? In the beginning of my working life, it was still pretty much balanced out, but it gradually degraded to the state it is now..

I'm sad, because of how I've let things degenerate to the way things are now. But just as troubling is how am I going to lead my wife (spiritually) in this marriage in this state? I only am going to bring her down, and will be equally responsible for it as she would be.

Helplessness... at knowing that I can't change this by myself... but can only cry out for help as I make it a point to repent for the better..

I'm dying, but I hope revival comes before it's too late.

Don't Write Rubbish

Read this from TYC's post, who read it from Gordon Cheng's blog, who got it from the team pyro blog. =D

If I have a joint of meat on my table of which the smell and the taste at once convince me that it is putrid and unwholesome, should I show discretion by eating the whole of it before giving my judgment that it is not fit for food? One mouthful is quite enough, and one sentence of some books ought to suffice for a sensible man to reject the whole mass. Let those who can relish such meat feed on it, but I have a taste for better food.

She's right...

Heard before that when they (your wife) nags at you, it most probably because you're not doing something right, and that they're trying to let you know (whether it is done in a right manner or not) somehow, in this manner.

Well, I can only say that she's right on the things she's trying to communicate over, and that it's pride that comes in the way, not reason.

On another issue, responding rightly to my mum is one of the things that's really far off for me myself right now. We both know the reason why we need to do it (out of a response to the God who forgave and loved us so richly), she is trying to do it for that reason, and I still fail at it. Probably due to me being hard-hearted, when anger burnt the heart to a black crisp at that chain of events. Ha ha ha.

Maybe this post will be analyzed by some as me trying to give even more excuses for my failings. But if I'm in my right mind and I recognise to change quickly enough, there's a reason why I (on my side) chose her to be my wife in the first place: She's the godly (not PERFECT, yet), redeemed, God-fearing woman that I wanted to grow old together with.

And God makes use of people (many a time) to effect His actions and purposes in this world.

Lizard Trap

Unwelcome guests need special welcoming measures prepared for them. Like lizard glue traps for lizards.

GZip testing

A nifty online test tool for GZIP compression testing, along with some sample codes and methods to enable GZIP compression for your site/pages. ;)

http://www.gidnetwork.com/tools/gzip-test.php
http://www.desilva.biz/php/zlib.html

-------------------------------------

On Apache, if zlib is installed, we can use just a simple code snippet to enable GZIP compression:



Really simple right?

Rowan Atkinson - Invisible Drum Kit

Movie Weekend

After watching L: Change The World and Red Cliff over the weekend, the difference in standards really stand out man. Only problem with Red Cliff is that there's a sequel....right when the tension is mounting again towards the end of the movie -_-

Might start reading into the Three Kingdoms. My only impression of it from the past is the PC game (RTK4) that we used to play from a 3 1/2" floppy disk =D

Emu Music Online Store

Have been getting emails about Emu Music's online store, but I've only recently checked it out. Seems that all their albums are available online, making it far easier to get our hands on a copy now (short of waiting for it to be "imported" into Singapore) =)

TrueCrypt 6.0a is out

Available for download from their downloads page.

Getting NetBeans 6.1 to work with Nokia Symbian S40 and S60 SDKs

For Symbian S60 SDK
It seems that the steps to get the S60 SDK to work with NetBeans 6.1 isn't that intuitive (read: we need to scour the documentation to get it right), and the information isn't (easily) found on the Net, so I'll write it down here to share.

(If you get a NullPointerException thrown by the SDK, complaining that it failed to initialize session at the Connect to Agent step, you might want to try these steps to configure NetBeans to recognise the S60 SDK properly. )

In order to get NetBeans to be able to launch the S60 emulator successfully (to test run our midlet projects), we need to take note when configuring NetBeans to recognise the S60 platform.

This obscure information can be found in your NetBeans help section if you installed the S60 SDK enabling the automatic integration with NetBeans IDE.

S60 3rd Edition SDK for Symbian OS, Feature Pack 2 > Tools and Utilities > Using the SDK with an IDE > Java Development > NetBeans > Installing and configuring NetBeans

1) In NetBeans, select Tools > Java Platforms.

2) Select Add Platform.

3) Select the radio option Java ME MIDP Platform Emulator, click next and wait~~~.

4) If the S60 SDK isn't listed, click on Find More Java ME Platform Folders and select the main folder where your S60 SDK is installed. Select the S60 SDK and click next.

5) NetBeans will autodetect the platform details (the MIDP profiles, CLDC configurations and optional APIs supported by the SDK) if the correct folder/SDK was selected. What remains is to click on finish to add the S60 SDK into the list of Java Platforms for NetBeans.

6) Use the S60 Emulator in a project configuration and run the main project as per normal. You should see that the emulator fires up as it should =)


For Symbian S40 SDK
The steps to configure NetBeans with the S40 SDK are similar.

1) In NetBeans, select Tools > Java Platforms.

2) Select Add Platform.

3) Select the radio option Custom Java ME MIDP Platform Emulator, and click next.

4) Click on Browse to select the main folder where your S40 SDK is installed.

5) Give the platform and device names. Click Next, then Finish to add the SDK to the list of Java Platforms.

6) Use the S40 Emulator in a project configuration and run the main project as per normal.

Fail IPPT

When you fail your 2.4KM run by a mere 19 seconds, you know it's way past time to get serious about your time planning for training up/keeping fit.

The worst part of it is that due to circumstances, I was only able to attempt my first attempt for this cycle today, and this cycle ends in two days.

Remedial training in the pipeline~~ Not really looking forward to it, counting that we're trying to adapt to the new lifestyle.

.NET: ILMerge

For .NET developers: ILMerge takes multiple .NET assemblies and merges them into a single .NET assembly. Might come in handy sometime in the future.

[Link]

Wireshark 1.0.1 is out

Wireshark 1.0.1 is out. Get it from the downloads page. (PortableApps installer listed in that page also)

Macross Frontier OST

Have been following the series so far (my first Macross series to date), and it's been really a great anime to watch =) the fighter planes...the story...the characters...the emotions...the songs especially! Woo~~

Now that the OST has been released, I hope it comes to Singapore soon. Really would love to get a copy of it to keep man =)

Anger and Pity

Only two emotions can be used to describe now...

Pity: at the (horribly irrational) state that she seems to be stuck in now.

Anger: at myself for losing control of my tongue yet again. At the whole situation, that a person, a mother can become like this...

Christians are changed people, but that's only because they've been changed by another Being.

I wish I'd stop acting like this, but what's needed is now far beyond human action alone.

Fiddler HTTP Debugger - A free web debugging tool

For those who want a transparent proxy extensible using .NET (rather than Java or BeanShell for WebScarab), here's Fiddler.

Web Security: ratproxy tool

Interesting reporting done by this tool. May be worth checking out when this goes out of beta.

Google Code page
Screenshot
Source Code

Edit: Seems that Google uses it themselves

Diablo III

So much looking forward to Diablo III's release =) But I wonder whether my laptop can take it or not?




Perhaps not, but let's keep our fingers crossed...

Dr. Fish @ Ang Mo Kio

As we were walking around Ang Mo Kio area buying our stuffs, we found this interesting shopfront, along with many people inside peering at something:

Curious, we went nearer to take a look, and found that this shop was offering the use of doctor fish as a service! Seems that many spas are already doing this (Sentosa's using it as an attraction of sorts I think)

Well, we decided to give it a try, seeing how intriguing it was. Quite steep, but the package came with a back massage, a foot scrub and a drink. $28 for 30 minutes worth.




Well, it was really ticklish initially (the aunties in the shop laughed a LOT when they placed their feet in), but it really did remove quite a bit of dead skin. Might try it out again someday =) Maybe, heh.

Photo-realism is moot?

Check out the Image Fulgurator. Really really cool idea, like the Laughing Man in Ghost In The Shell. The device looks too much like a gun though, wonder what security-paranoid countries would think?

Vulnerability counting revisited: a hypothetical example

Quoting the article:

The lesson to take from this hypothetical example is that counting vulnerability reports is as likely to lead you to the wrong conclusion as to the right conclusion. Find more information before making a decision. Think through the implications of any metric you have available.

Don’t buy the easy interpretation just because it’s easy.

Link: http://blogs.techrepublic.com.com/security/?p=472

June 26 - For The Love Of God - Vol II

Just to share from the daily mailer from Christwaymedia.

---------------------
Isaiah 58

HOW SELF-DECEIVED WE HUMANS ARE when it comes to matters religious. So many things that start off as incentives to repentance and godliness develop into vicious idols. What starts as an aid to holiness ends up as the triple trap of legalism, self-righteousness, and superstition. So it was with the bronze snake in the wilderness. Although it was ordered and used by God (Num. 21:4-9), it became such a religious nonsense in later times that Hezekiah destroyed it (2 Kings 18:4).

So it sometimes is with other forms of religious observance or spiritual discipline. One may with fine purpose and good reason start “journaling” as a discipline that breeds honesty and self-examination, but it can easily slide into the triple trap: in your mind you so establish journaling as the clearest evidence of personal growth and loyalty to Christ that you look down your nose at those who do not commit themselves to the same discipline, and pat yourself on the back every day that you maintain the practice (legalism); you begin to think that only the most mature saints keep spiritual journals, so you qualify — and you know quite a few who do not (self-righteousness); (c) you begin to think that there is something in the act itself, or in the paper, or in the writing, that is a necessary means of grace, a special channel of divine pleasure or truth (superstition). That is the time to throw away your journal.

Clearly, fasting can become a similar sort of trap. The first five verses of Isaiah 58 expose and condemn the wrong kind of fast, while verses 6-12 describe the kind of fast that pleases God. The first is bound up with hypocrisy. People maintain their fasts, but quarrel in the family (58:4). Their fasts do not stop them from exploiting their workers (58:3b). These religious people are getting restless: “We tried fasting,” they say, “and it didn’t work” (58:3). At a superficial level they seem to have a hunger for God and his way (58:2). The truth is that they are beginning to treat the fast as if it were a bit of magic: because I’ve kept the fast, God has to bless me. Such thinking is both terribly sad and terribly evil.

By contrast, the fast that pleases God is marked by genuine repentance (58:6-12). Not only does it turn away from self-indulgence but it actively shares with the poor (58:7), and intentionally strives “to loose the chains of injustice,” “ to set the oppressed free and break every yoke” (58:7), to abjure “malicious talk” (58:9). This is the fast that brings God’s blessing (58:8-12).


Copyright 2008 D.A. Carson

BackTrack 3 Final

BackTrack 3 final version is out, get it at remote-exploit! More security tools to play with in a nice package! =D

Wedding and Honeymoon Pictures

Will be uploading pictures from the wedding actual day and the honeymoon, hope you guys like them =)

Wedding album (1 of 2)


Wedding album (2 of 2)
Wedding pictures courtesy of Yong How of 1950 Photography [blog], thanks! Haha, we've got a post in their blog too.

~~~~~~~~~~~~~~~~~~~~~~~~

Honeymoon (to be posted)

URI / URL Parsing Using RegExp in JavaScript

Sometime back when I was writing a web crawler in JavaScript, I had to parse URIs into their constituents. And for that task I modified Flog's URI Parser class for my needs.

Well, as part of the licensing, and for sharing of information, I thought I'd post the JavaScript code here.

function UriParser(uri){
//define class (for use with prototype.js) to do URI parsing
//modified from FlogUriParser found at http://www.flog.co.nz/index.php/journal/prototype-uri-parser-class/
this._regExp = /^((\w+):\/\/\/?)?((\w+):?(\w+)?@)?([^\/\?:]+):?(\d+)?(\/?[^\?#;\|]+)?([;\|])?([^\?#]+)?\??([^#]+)?#?(\w*)/;
this.username = "";
this.password = "";
this.port = "";
this.protocol = "";
this.host = "";
this.pathname = "";
this.url = "";
this.urlparamseparator = "";
this.urlparam = "";
this.querystring = {};
this.fragment = "";
this.results = null;

this._getVal = function(r, i) {
if(!r) return null;
return (typeof(r[i]) == 'undefined' ? "" : r[i]);
};

this.parse = function(uri) {
var r = this._regExp.exec(uri);
this.results = r;
this.url = this._getVal(r,0);
this.protocol = this._getVal(r,2);
this.username = this._getVal(r,4);
this.password = this._getVal(r,5);
this.host = this._getVal(r,6);
this.port = this._getVal(r,7);
this.pathname = this._getVal(r,8);
this.urlparamseparator = this._getVal(r,9);
this.urlparam = this._getVal(r,10);
this.querystring = this._getVal(r,11);
this.fragment = this._getVal(r,12);
return r;
}

if(uri) this.parse(uri);
}

Assessment Methodology

Done by hitechpo on House of Hackers blog.

[Parts 1, 2, 3, 4 and 5]

Introduction to reverse engineering

Done by n2u in House of Hackers blog.

[Part 1]
[Part 2]

Cool hack: Man exploits random deposit verification flows to steal $50,000

This is really really impressive, though on a serious note it's not that funny for a system to be so poorly designed and implemented.

Link: http://www.cgisecurity.com/2008/05/12

Backdated post [23:11 Tue 6-May-2008]

My presentations skills suck. At least for now?

After hearing two independant (largely similar) reviews on my presentation, I'd have to listen, unless I'm not interested in improving in this general aspect. :-P

Stuff to note:
- using pictures to illustrate points is ok, but at least have some words/a title to clarify on the point of the slide.

- let the audience know what will be covered in the slides

- put the speaking notes in the slides themselves, not the preceeding slide

- organize the time properly

- manage the audience, not the other way round

- don't use useless filler words

Backdated post [20:37 Sun 27-Apr-2008]

It's pretty exciting to see the house come up bit by bit, part by part. Planning, deciding, buying, cleaning...

Heh, it's also very exciting to see our expenditure and money in the bank as we spend on stuff for this and that. Hahaha.. :-D

Suggestive

Was looking for the meaning of the word "obviate" on the net, and I found this ad in one of the sites. Really really suggestive..



For your info, the word obviate means to do away with something (unnecessary).

Nintendo DS freestyle music creation

Just...wow.

From Digg.

NetBeans 6.1 does JavaScript editing

Wow...

http://www.netbeans.org/download/flash/js/javascript_demo.html

Click Crime

I seldom write about articles that I read, preferring to share them in my Google Reader or put the link in my Twitter. But I'll make an exception here:

http://www.securityfocus.com/columnists/471

Mark Rasch gives a very good description on "criminal honeypots" some of it's possible implications worldwide if implemented on a larger scale. The difference between setting up a trap and entrapment is talked about here also.

From the web application security perspective, it would be possible to frame someone else not only by using social engineering, but also even attacks like this:

1. Create javascript code in a site that you control that exploits CSRF weaknesses in the criminal honeypot. Wait for the target to access your site and "click" the link automatically.
2. Create a site that's linked to your target somehow, and get many many people to click on the link (to the criminal honeypot) that you put in the site. The FBI sees the referrals from that site, and traces it to your victim.

Zealous Autoconfig

LOL =D

(from XKCD)

[WEB SECURITY] A New Class of Vulnerability in Oracle: Lateral SQL Injection

Hey all,
I've just released some research that demonstrates a new class of
vulnerability in Oracle and how it can be exploited by an attacker. You can
grab the paper from here:

http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf

Cheers,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/
http://www.davidlitchfield.com/blog

--
E-MAIL DISCLAIMER

The information contained in this email and any subsequent
correspondence is private, is solely for the intended recipient(s) and
may contain confidential or privileged information. For those other than
the intended recipient(s), any disclosure, copying, distribution, or any
other action taken, or omitted to be taken, in reliance on such
information is prohibited and may be unlawful. If you are not the
intended recipient and have received this message in error, please
inform the sender and delete this mail and any attachments.

The views expressed in this email do not necessarily reflect NGS policy.
NGS accepts no liability or responsibility for any onward transmission
or use of emails and attachments having left the NGS domain.

NGS and NGSSoftware are trading names of Next Generation Security
Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1
4BF with Company Number 04225835 and VAT Number 783096402

------------------------------

----------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

It takes two hands to clap

Clashed with my mum again today. Or rather, she said some things this morning, some of which were true, some of which were just unfounded and untrue. Chose not to fight with her because of time, and the fact that quarrelling with her brings no progress at all. But as a result, lost the chance to explain to her, and to reason with her.

What i really can't stand is the ingrained attitude shown (not just in her, but when seen in some people around sometimes), that only the people around her are wrong, and that she's perfectly right always.

I'm really really angry, not just at her, but at how things have downward spiraled into this state.

How should i be thinking about this? I can remember a few points:

• Hypocrisy is out. Recognise and work on your own faults first before helping others with theirs. It's always easier to see and focus on others' wrong.

• In doing what's right, we must be ready also to give up on our (legal &/or moral) rights. That's exactly the way Jesus walked. The way of the cross.

• Do unto others as how you'd have others to do unto you. Not wait for others to do something as you'd like, then reciprocate.

• Anger tantamounts to murder.

Remembering what i learnt so far is the first step. But i'd sure need help to obey God in this area.

Sometimes not knowing who is reading stops a person from writing in a blog. Sometimes knowing who might be reading stops a person from writing. Sometimes knowing who is reading stops a person from writing.

Question then, is why write what you/I write? If the objective was to reveal oneself in writing, then perhaps the writing should continue.

Slowly being choked to death. And I know I'm dying. Question then is: what am I going to do about it? I'm already bringing down along with me others who're around me also.

The scourge of the Singaporean Christian's life would be busy-ness. It takes no prisoners, killing all who succumb to its attack.

Want to read, think and pray already so hard to do. But...still must think of something to fight this problem eh.

I'm confused as to what to think of my mum. I think it would be easier to rethink of the entire situation as being my fault, for a few reasons. Benefit of doubt, assuming that the changes in her were brought about by hormonal changes, and more importantly, the tendency to recognise my own real wrongdoings, and to be repentant about it.

Google XSS

Billy Rios has published one that he found in Google. Pretty exciting eh (not in the wrong way!) =O

Netcraft has a shorter version of the details also. Quoted below:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

An interesting cross-site scripting (XSS) vulnerability found in the Google Spreadsheets service would have allowed attackers to gain unauthorised access to other Google services, including Gmail and Google Docs.

The vulnerability was discovered by security engineer Billy Rios, and takes advantage of nuances in the way Internet Explorer handles Content-Types for webpages.

When a spreadsheet is saved and downloaded in CSV format, the Content-Type is set to "text/plain", thereby instructing the client's browser that the document should be treated as plain text. However, if HTML tags are entered into the first cell of the spreadsheet, Internet Explorer detects these tags near the start of the CSV document and instead deduces that it should be treated as HTML. This essentially allowed arbitrary HTML webpages to be served from spreadsheets.google.com, which in turn allowed JavaScript to be executed in the context of the spreadsheets.google.com site. A remote attacker could exploit this weakness by stealing the user's session cookies and hijacking their session.

Rios points out that Google cookies are valid for all google.com sub domains. This means that when a user logs in to Gmail, the Gmail cookie is also valid for other Google services, such as Google Code, Google Docs, Google Spreadsheets, and more. Cross-site scripting vulnerabilities in any of these sub domains can allow an attacker to hijack a user's session and access other Google services as if they were that user.

Google has fixed the vulnerability discovered by Rios and there have been no reports of the vulnerability being exploited by attackers.

Finally... We got our flat keys proper! :-)

Chinese Compo

I wish I could write like this... =D