Author Archives: antonyma

About antonyma

Engineering trained, Antony has the qualifications of CISA, CCSP, Oracle DBA and BS7799 ISMS assessor. He also received a LLM in Intellectual Property & Information Technology Law from The University of Hong Kong. Founder of Cybersecurity Risk Assessment firm www.hoplite-tech.com Antony was th Chairman of Professional Information Security Association (PISA) from 2009 to 2010. He also joined ISC2 workshop on developing a new cloud security certification. Current positions include: 1. Chairman of Cloud Security Alliance (Hong Kong & Macau Chapter) 2. Convenor of HK OGCIO Working Group on Cloud Security and Privacy 3. Hong Kong delegate to ISO SC 27 committee, which drafts security standards like ISO27001. email : antony.linkedin@gmail.com Specialties Retail Banking System & Process, IT Security, Copyright Law, Audit & Control, Technology Risk Management, Cloud Security

The colors of blockchain

 

blockchain colors

I am writing next article about explaining blockchain to my wife , continuing last one published on TechInAsia and Medium -blockchain. Here is a prelude quoted from “RISKS AND OPPORTUNITIES FOR SYSTEMS USING BLOCKCHAIN AND SMART CONTRACTS”

“Traditionally, these transactions are supported by trusted third-parties such as government agencies, banks, legal firms, accounting firms and service providers in specific industries. Blockchains provide a different way to support these transactions. Instead of trusting 3rd parties, we would trust a majority of the collective. ”

 

 

NetBIOS resurrection

The ransomware incident is believed to related to a Microsoft Windows Vulnerability (MS17-010 – Critical) affecting Microsoft Windows SMB Server from Windows 2008 to Win7. The attack is on Microsoft Server Message Block 1.0 (SMBv1) server.

When I was an IT aduitor in banks, I always asked for justifications on using SMB services and opening of port 137. It is a standard hardening procedure to turn off NetBIOS. I would had thought after 10 years such procedures are still enforced.

The widespread of this attack may means the IT security industry and practitioners are too young to this dated protocol !

 

On Internet, the most clicked link is truth.

pallas_athena_wien

With information overload, we rely on algorithms to help us comprehend the world. At the end, algorithms and their creators are shaping reality. Data scientists will need to follow the same professional ethics as journalist.

http://mediashift.org/2017/02/unintended-consequences-algorithms/

“Google was built on the premise of truth,” O’Neil said. “Now that people on the internet love lying, Google is screwed.”

How to hack a hackathon, by a 42-years old guy?

At 42 yr old, I joined a travel tech hackathon for the first time 2 days ago, Sabre Destination Hackathon here in Singapore. Installing Eclipse and reading API docs brought back lot of memories when I started my career 15 years ago as a Java developer. At the end, I won small prize by developing Sabre Red App Widget. The new widget is to show relevant credit card offers when shopping for flights and hotels. As a first time Red App developer, it is really a surprise that proof of concept demo can win support from the audience and judges.

img_4513

I registered hoping to find developers to create a VOIP app using Twilio APIs connecting with Powerdata2go portable wifi router, with global coverages. However, listen to Red App presentations, I found the Red Workspace is a uniquely positioned platform. Then with coaching from two awesome Sabre development leads (Alexandre Meneghello and Julian Macagno) and hours reading the SDK doc, I managed to create my first Red App Widget. The process on bouncing ideas and implement it with right away, focused, debugging and finally see it working within 24 hours is the greatest reward. Obviously, the endorsement from judges was a bonus.

Hackathon is like a new intellectual sport, where likeminded people (regardless of age) join and compete on ideas and coding skills. Below are few things I noted in these 2 days.

1. Be there early and talk to people.

The people you meet at hackathon participate for many reasons. You will likely bump into students, freelancers and even industry people trying to learn coding. With a room so diverse, hackathon becomes an excellent opportunity to meet new people, besides coders. Also talk to the organizer team, know their business, challenges, competition and product roadmap. Most hackathon have a commercial goal, be it launching new product/platform or building ecosystem or just brand awareness. And the organizer is more than happy to share their views since they want you to help them find new ideas and new projects. Their sales, marketing, technical and even finance may be there. There is no better place to learn.

2. Join a chat room

Nowadays, there is a chat room for every development project, as emails are no good for team real time communications. Expedia development manager Poi created a HipChat room for people to ask questions on Expedia APIs. I joined and discovered lots of interesting questions. Reading their questions and comments helped me to understand different challenges facing mobile apps and web apps. The exchange of ideas and problem solving skills

screen-shot-2016-10-18-at-2-14-56-pm

After this event, I believe chat room interactions are invaluable asset for recruiters. I would suggest recruiter to join each chat room and listen to their conversations. A friend also joined trying to recruit developers, with a passion in travel tech. I saw her talking to participants, distributing business cards and encouraging developers to know more about her new iOS App. This way she cast her net wide and try to talk to as much developers as possible. Another way is to be more focus and do researches in chat rooms. Find out which user are asking relevant questions, contributing answer and with good manners. These are the right people to work with, who are focusing on their project and helping others to achieve their goals. Then send him/her an email for a coffee. During the hackathon, a developer would like to spend time on their codes, there are tons of improvement he/she can make. There is no time for a recruiter.

3. A good chef cooks with what is given to them

Unless you have a workable product ready and plan to showcase it, I suggest keeping your mind open and explore possibilities. Within 24 hours, there is not enough time to build a full feature app and your brilliant idea may be totally trashed by poor executions. Let people share their experiences, identify the real problem statement together and co-create a solution. It is far more collaborative and also build friendships. After all a hackathon is like a sport, where people participate to make friends and enjoy the process.

Writing this piece helped me to recognize that hackathon is very much like a sport, when people and teams compete and achieve a certain goal within a defined time. Just like any sport there are amateurs, professionals and observers. The younger and more energetics one will definitely enjoy the party and football table. But even you are not a coder or consider yourself too old, it is still an excellent opportunity to collaborate with people with different skills, culture and age.

Feel free to leave your comments and connect with me at LinkedIn or Twitter.

Smart Nation is a process

If you ever took MRT to Singapore Ayer Rajah Crescent startup community Blk 71-79, you must know there is one traffic light about 100 meters on right of exit. A typical traffic light: open area, under the sun, wait 60 seconds and walk 10 sec. Nothing special. However, if you are a native to this community or a savvy frequent visitor, you most likely will take THE shortcut.

Few people accept this sub-par but safe design, the community vote with their feet and jaywalk cross a moderate busy two-way traffic. They choose to take the risk and decide their own fate.

Today I found out that with enough people jaywalking, LTA or JTC responded. Not with a permanent fence or intimidating notice. They are adaptive and officially ended the jaywalking with a pavement!

IMG_3651

Before pavement is built 

IMG_3993

Having worked in Singaporean government before, I know there are SOPs in LTA on where, how and what traffic light should be placed. It must be well articulated internally, like thousands of other traffic lights. Each traffic light installation is a science, choosing the optimal uses of resources taking consideration of all stakeholders, car owners, predisisent , and traffic flow. No matter how well planned it is, users still choose the own best option balancing risk and reward. In this traffic light case, the young, confident and time-conscious geek community choose jaywalking.

A smart nation is not about collecting user behavior data and crunching the data to control. It is about being adaptive and make intelligent move when the data suggesting you were wrong. LTA and JTC did it. I am faithful other government agencies will follow suit.

Singapore on StackOverflow

stackOverflow

Everyone is buzzing about big data these days.  Without something interesting, I would rather be a reader or an audience. Until now, while I am doing my own website researches, I have noticed something which you may like to know too.

As IT geek coming from Hong Kong and working in Singapore, I can’t remember how many times I was asked “How Singapore is different from Hong Kong?”. There are many similarities between these two ex-British colonies in Asia. People like to compare and contrast both economies on their business readiness, innovations and productivity. In many city indexes, Singapore and Hong Kong are often competing.

After living in Singapore for over 2 years, I usually answered the question more based on my own observations and experience.  For people who is more interested in food, I can talk about the difference in food in the two places.  For someone who cares more in politics, I can talk about the difference in the election systems.  So, in the context of IT industry, “How Singapore is different from Hong Kong?” Which place is having a better competitive edge? Which will better leverage IT advancements to support economic growth?

I have gotten the opportunity to meet with IT professionals from both the public and private sectors in Singapore. Singapore Government dedication and investment on technology is impressive. We see many projects (some experimental) to reinvent this city state. Industry associations like Singapore Computer Society and SITF are working hand in hand to build the competitive edge of Singapore in the IT arena.  However, I am not a PR consultant and should dig deeper. With my IT engineering background, I am trained to be fact-based. So, instead of settling with a conclusion based on what I experienced or how I felt, I would like to finalize my conclusion with hard fact: Data!

So, I turn to Alexa.com, which is a website that tracks Internet usages and ranks websites in each region or country. The ranking of website reveals how netizen surf Internet which tells a lot of their digital life and thus indirectly on digital economy. From there, I looked into the Top 100 websites in Hong Kong and Singapore listed in Alexa website.

First, it stunts me when I see StackOverflow ranked 37th in SG but 57th for HK. This difference tells something about IT industry in two very economies. Stackoverflow.com is the most popular website for programmers globally. Developers and technical professionals share their knowledge via forum-like platform. I myself find it most useful for undocumented features of programming languages & APIs. You don’t spend time on StackOverflow trying to find next hotel deal or sangria receipt. Developers spend time on StackOverflow exchange ideas and share bug-killing joys.

When StackOverflow ranked higher in SG than HK, we may loosely read that the percentage of time SG people collectively spend on developing software is more than HK (i.e. bug killing is more popular in SG). Yet, I believe it is more likely that SG has more developers or SG developers are more hard working!

Absolute ranking in Alexa maybe affected by seasonal or other technical issues, it may not paint the true picture. To avoid such bias, let us use relative ranking, i.e. the distance between Stackoverflow with other popular daily websites (I have chosen online banking and local newspaper). Let us throw in some simple chart here.

Screen Shot 2015-11-29 at 6.12.38 PM

Left hand side  shows SG ranking of Online Banking (DBS.COM.SG), Local Newspaper (Straitstimes.com) and StackOverflow-SG. Right hand side shows HK (HSBC, NextMedia.com and StackOverflow-HK.

A shorter distance between popular websites and StackOverflow reconfirm our observations with absolute ranking. Singapore netizens are more geek! Or, Singapore geeks are more active on the geek-forum! More time are spent on analyzing IT and killing bugs. Just a caveat though: StackOverflow is mainly English, Hong Kong developers may prefer similar forum in Chinese.

Screen Shot 2015-11-29 at 5.28.34 PM

When double check with StackOverflow own 2015 survey, Singapore has 31.7 devs per 1000 people. 6th globally, highest in APAC.

Even with user behavior data, the conclusion may still be too generalized.  However, I do think this gives an encouraging picture to SG policy maker (IDA,ITSC, MDA, LTA etc) and IT practitioners. Singapore have nurtured a culture for people to built and tinker. In the last two years, I met with different communities (like Null Security, iOS Dev Scout, Lean Startup) full of energetic people sharing their experiences and dreams.

Implications for Eddystone-URL in Chrome 44

When I wrote in my last post about Eddystone, I was not aware of Chrome already included an update to scan nearby Eddystone beacons.  Chrome version 44.0.2403.65 available in Apple AppStore (not in Play Store as of writing) now let Chrome user to open an URL broadcasted by Eddystone-URL.

This change is profound ! The following are the implications

  1. Developer no longer needs to write IOS codes to assess functionality offered by beacons . This is a liberation from the Apple iBeacon which must use native iOS APIs.
  2. A web developer can now add physical object interaction to their website. Website content can be targeted to a micro location.
  3. Security wise, the URL is unfiltered. A curious user clicking on a broadcasted URL may be directed to malware infected website.
  4. Privacy wise, by enabling Eddystone and use Chrome to launch the URL. Google knows where you are even when GPS is turn off or blocked. The Eddystone beacon location is your location. Therefore Google has a better “insights” of locations and time of your activities with a 20m accuracy.

Likely Firefox and other browser will follow and enable Eddystone. Will test out this feature with my Raspberry PI BLE project and write in next blog post.