Started some days back, the flood of co-ordinated, distributed but slow brute-force attempts on my sshd (and possibly others) was evident in my logs. Over a few days, my logs swelled into megabytes, many times over the usual kilobytes.
The attack, I have to say, was rather intelligent. The attacker(s) used many machines, each trying a name starting from a, in concerted succession, alternating one after another. This way, my usual brute-force detection systems fail to kick in as they are seen to be a few invalid logins from each host, when view in a per-host isolated context.
In clearer terms, let’s say there are 1 to 1+n hosts. Host 1 tries to login as a. Fails, wait 1 second. Host 2 tries as b. Fails, waits x seconds, where x < 10 seconds. Host 3 tries as c. Rinse and repeat until the whole dictionary is visited. Innocent as each individual login might seem, when view from the context of an attacker, it’s simply brilliant.
Believe it or not, eventually, it’ll enter my machine if my defences aren’t stepped up to at least trigger a reaction to these events.
Days before, I’ve already implemented login tallies, whereby whenever an user account has experience 3 consecutive failed logins, the user account is locked, regardless of the password supplied. This way, I get to control when the accounts are re-enabled, allowing me to keep a closer eye on the situation.
Coincidentally, while the attacks are going on, one of my friends told me about his account which is always being locked out. As I was away from home, except to sleep, for the large part of that week, I hardly had the time to investigate.
Two days ago, in a bid to improve security, I came across this great defence mechanism, Fail2Ban. It works for multiple services and can flexibly do anything whenever too many failed connections are detected.
I rushed down to Funan after work, hoping that I could get my hands on the Company of Heroes Gold Edition which also comes with the Opposing Fronts standalone expansion pack.
I visited numerous shops but all of them claim that the product is sold out. Then, I came across ‘GameSpot’ and looked inside. To my horror and surprise, they have the product on stock, but only at S$19.90. I clarified with the staff as it looked like a misprint – too affordable to be true, compared to the standard retail price of S$59.90. The price was right, and I bought it.
At S$19.90, it’s a good opportunity to pay for a 2006 Game of the Year and play it online; it’s one of the best, if not the best Real-time strategy games I’ve ever seen.
I’m back from the Shoalwater Bay Training Area and it’s been an experience to fathom, thanks to the company of great companions. The environment is rather harsh and it’s something that Singaporeans can get to experience out of their usual living conditions.
The nights are chilly and the days are hot; winds stir up huge clouds of dust; dust trails from vehicles colour everything around brown.
That aside, I’ve also gathered sufficient evidence on why flight is better than fight in a conflict involving Singapore.
With that, here’s one of my favourite songs, Today is the Day by Lincoln Brewster:-
Today, I’d received a piece of mail addressed to me in my former school’s letter head. Inside, it’s a copy of the invitation to an ‘inaugural reunion’, printed on letterhead.
I mentioned this letter to a couple of friends and all have concurred with me their suspicions. The most amusing part was that suspicion greets us the moment we receive anything in the mail from the school; what a great way the school administration has brought us up to be!
The usual questions we asked ourselves were – Where’s the food? Where’s the entrance fee? Where’s the programme? What’s their motive?
We made a few guesses... A survey on university acceptance? A chance to sell us something? Maybe more speeches to teach us what to blog about?
The joke is, the letter reads pretty like a multi-level marketing (MLM) invitation, if not for its name.
Taxes have always been unpopular but necessary to fund the government. It also has an effect in limiting the money supply, similar to the effect of increasing interest rates.
Inflation on the other hand has always been the pain in every financial planner’s neck. It’s easy to bring it up and extremely damaging to control and reduce it.
I’ve been wondering lately about the recent spate of price increases and the seemingly unrelated inflationary pressures.
Given the dichotomy of the credit freeze and the spiralling increase of prices, based on money supply theory, both effects should cancel each other out. However, I’m guessing that as this effect is not in equilibrium and hence further money supply manipulation is required.
As mentioned, one of the effects of taxes is to reduce the amount of money flowing in the economy. Though possibly effective in annulling the cash injections by the central bank, it is highly unpopular and enacting it is not an option in technical recessions. The GST trump card however can’t be used again as it has been played this year. The next possible avenue to do so would be in the pricing of commodity items which everyone needs, desperately. Something that just functions like a tax but with another name.
And so, conveniently blaming the market, we see a 21% hike in tariffs with little reason.
Does this read like a condolence letter to you if not for the word ‘condolences’?
30 September 2008
Mr Kenneth Jeyaretnam
Mr Philip Jeyaretnam
Dear Kenneth and Philip Jeyaretnam
I was sad to learn that your father, Mr Joshua Benjamin Jeyaretnam, has passed away.
Mr JB Jeyaretnam was a Member of Parliament for Anson constituency from 1981 till 1986, and a Non-Constituency Member of Parliament from 1997 till 2001. He used to engage in heated debates in the House. Perhaps it was because he and the PAP never saw eye to eye on any major political issue and he sought by all means to demolish the PAP and our system of government. Unfortunately, this helped neither to build up a constructive opposition nor our Parliamentary tradition. Nevertheless, one had to respect Mr JB Jeyaretnam’s dogged tenacity to be active in politics at his age.
However, our differences were not personal. In 1993, one of you (Kenneth) wrote to Mr Goh Chok Tong, who was then Prime Minister, to say that you found employers in Singapore reluctant to offer you a job, and your only explanation was that the employers felt the authorities would not welcome your employment because of your name. Mr Goh replied with a letter which could be shown to prospective employers, to say that the government did not hold anything against you, and that employers should evaluate you fairly on your own merits, like any other candidate, because Singapore needed every talented person that it could find. Mr Goh had previously made the same point to your brother Philip, whom he had invited to lunch. I am therefore happy that both of you have established yourselves in Singapore.
Please accept my deepest condolences.
Yours sincerely
Lee Hsien Loong
They better hope that there isn’t such a thing known as retribution.
Having read the news today, I was shocked to see a blatant article on the drastic raise of electricity tariffs overnight. Moreover, the article was phrased in such a way so as to put the blame squarely on the works of the markets. The timing however was not unexpected as articles on electricity conservation were published some days ago. It was the magnitude that did it.
Apparently, according to the article, the “Energy Market Authority” approved this raise. This certainly raises my eyebrows because this reflects succinctly which side this “regulatory authority” stands on. The next shock lies in their justification and their seemingly well prepared “charts and figures”.
In the first place, natural gas is used to generate electricity, not crude oil. Secondly, the price of oil has been falling for a few weeks and this raise in tariffs when the spot prices are low are hardly justifiable.
I’m wondering if this is a business decision gone sour and as a quick-fix to their bottom lines, costs are passed onto the customers.
“In a market where oil prices are relentlessly moving up, by pegging to three-month forward fuel price, we have been better off by and large,” said EMA chief executive Khoo Chin Hean, referring to how oil prices have surged over the last year.
So, the magic question is, “who pegged the prices?” And if they did as a form of “hedging”, it certainly failed and are paying for the risks involved; why punish the consumers for NOT making the decision?
As a regulator, the EMA has the cheek to tell consumers to “cope” by “using less air-conditioning, switching off lights and opening refrigerator doors less often”. It sounds exactly like a certain Member of Parliament telling members of the public on choosing cheaper groceries and foods. What has happened to saying NO to price increases?
Really, it makes me wonder what regulators and regulatory frameworks are for. From the MAS to EMA to the PTC, all of them are tasked to ‘regulate’ their various markets, but on whose side do they stand on? In truly uniquely Singapore, it’s anyone’s but the consumers.
Case-in-point, given the latest melt down of the following, “DBS High Notes 5, Lehman Minibonds and Merrill Lynch Jubilee Series 3 LinkEarner Notes”, the position of the MAS hasn’t exactly been regulatory in nature. It’s more like an arbitrator, trying to cast aside as much work and blame as possible, in total contrast to HKMA. HKMA went straight to meet with the investors and subsequently launch investigations into mis-selling, NOT hammer out a deal with banks so as to allow them to appoint “independent parties”. Appointing independent parties to report to the banks would allow their legal teams to plan defences from any possible malpractices, defeating the purpose of complaints in the first place.
Speaking of the PTC, I’ve seen more posters deterring commuters from under-paying fares than any form of service level improvements. Apparently, even with the installation of the EZ-Link system “to curb fare evaders”, the PTC still had to spend so much effort to deal with fare evaders, rather than the appalling standards of the public transportation system. Apparently, the profitability of the “public” transportation companies comes before service levels.
Anyway, in another year or so, I can’t wait to get out of this place. Maybe coming back just to cast my vote in the general elections.
Playing with my iPod Touch today, it suddenly occurred to me that this device is actually a multiple more powerful than my Tungsten | T Palm-powered device. This device has 8GB compared to 32MB in my palm; a screen 1.5 times bigger and brighter; and with two times the battery life and almost equal functionality. The only thing the palm device could do better is that it has bluetooth hardware. Everything else, including pricing, this Apple device triumphs; even 802.11g wireless.
Price-wise, the Apple device is half that of my previous Palm-device, at S$388. I bought my Tungsten | T 5 years back for roughly S$700.
Software-wise, given the recent release of the Singapore Bus Guide for the Apple device, this handly iPod is possibly on-par with the Palm at the height of its success.
Little did I expect, it is Apple, Inc. that surpasses Palm, Inc. with an equally easy-to-use device at half the price and double the technology.
Historically speaking, looking at the past decisions of Palm and Apple through their respective valleys of deaths, Apple has taken the route not travelled while Palm has taken the route most recommended by commentators, Dvorak and the likes. It’s an extremely rare and compatible foil between the two companies.
Commentators have suggested, when Apple was on the verge of collapse, some of the following:-
License its OS to other hardware makers
Copy Microsoft’s Windows strategies
Compete directly against Microsoft in IT markets
Split into hardware and software companies
Buy Be, Inc. for its BeOS
Adopt the Linux kernel
License Windows from Microsoft
Those advice is what Apple has not taken but wholly adopted by Palm.
Lately, I’ve just started playing this game called Sudoku and found it quite interesting. As usual, the first thing that comes to my mind when I have a rough idea of how a game works is to code an algorithm to solve the puzzle using a computer.
There are a few approaches to this problem I can think of so far. The easiest and slowest of all is the brute-force iteration method. Just sub in a number, check if it contradicts any rules, and move to the next box, with a whole decision making tree of what to do upon alternative situations.
The second approach is by elimination. Fill up all the blanks with all possible but legal numbers. Through the checking of rules in a circular method from the centre, alternatives will be eliminated and most puzzles can be solved.
The third approach, the hardest and most interesting, is by inspection. By “visually” inspecting how set numbers are placed in a gird, reference to the rules of the game, some solutions are obvious and can be easily solved. The greatest challenge is to let a linear piece of code “read” the grids and say, “this looks like the only possible solution here”.
I shall think a little more about the data representation schema before starting work.
Python sounds like a rather good language to use...
Thus far, I’ve walked past a few ERP gantries by foot and have never failed to notice the charges flashed on the LED screen directly above the gantries. After having seen a few gantries, I’m confident to say that the rate they charge is inversely proportionate to the perceived speed of the given vehicle class, not efficiency in human transport.
To illustrate this point clearer, I shall use some numbers (the list below is non-exhaustive):-
Motorcycles: $1
Cars: $2
Buses: $4
Trucks: $4
If you are thinking along the lines like I did, you’ll be asking why are buses charged more than cars when buses in actual fact transport more people per vehicle than compared to cars, reducing the number of cars having to be on the road at that time should all the people in the bus at that moment be driving.
That form of pricing shows how short-sighted the ERP system is.
What I believe the pricing for ERP should be is as follows:-
Motorcycles: $2
Cars: $4
Trucks: $4
Buses: $1
The pricing should be inversely proportionate to the amount of people per vehicle it is licensed to transport, not surface area nor speed.
After all, the point of car pooling is to increase the efficiency and scale of vehicular transport. This simple principle should also be applied to the ERP-protected areas. Otherwise, it’s just a scam to earn more money while exacerbating the problem (to cash-in further in the future).
