Friday, January 30, 2009

I Passed The CEH Exam

I took the EC-Council Certified Ethical Hacker v6 exam this afternoon. The exam was scheduled to run from 1pm to 5pm. To make sure I won't be late, I had lunch at the Goldilocks across the training center. Since there was no place to park in that area, I parked at Makati Cinema Square and walked a short distance to Marvin Plaza where my training school/testing center Infotech Xchange is located.

The test comprised of 150 questions. The 4 hour time allotment is really overkill. I finished it in about 2 hrs or less, and got a score of 88.45% (passing is 70%). Its an odd figure because some of the questions have multiple answers. So I guess if you don't get to choose all the correct options, they pro-rate it.

The questions focused more on the theoretical/conceptual aspects of hacking. The reviewers that I downloaded were pretty helpful. In fact, I would say that the time I spent going through all the materials from cover to cover for the past couple of weeks was probably not really necessary. Going through the reviewers with explanations on what the correct answers are proved to be much more effective even though I only started going through them yesterday afternoon.

In any case, I am now an official EC-Council Certified Ethical Hacker (CEH v6)!

Wednesday, January 28, 2009

Another BDO Programming Stupidity Bug

I previously commented on the seemingly low IQ programming that went into BDO's Internet Banking.  Well, I encountered a couple more recently:
  1. To simplify my payments to Yellow Cab Central for our supplies, I wanted to stop issuing checks, and instead, just pay them via direct transfer to their BDO account.  So naturally, I went to BDO's e-banking facility to do that.  There is an option there to do 3rd party funds transfer.  The blank field prompts you for the account number, then you specify the currency, then the amount.  Very straightforward.  I entered YC's BDO account number and the system kept giving me an error about the currency not matching with that of my account.  I'm sure we're both PHP accounts, so I called up support.  It seems that their 3rd party funds transfer requires that all accounts that you want to pay to, must first be enrolled so that they will appear in the dropdown list.  So my question is -- if that is a requirement, then why did they even bother to put a textbox field to let people enter adhoc bank account numbers.  And furthermore, why is the error message saying currency mismatch when it should be saying something like "3rd party account must be registered"?!
  2. In that same 3rd party payment page, there is a textbox field where you are supposed to type the amount you want to transfer.  They require that the user enter the amount in "NNNNNN.MM" format with no commas to separate thousands/millions.  Surely parsing something like a comma should be trivial.  In any case, I tried copying-and-pasting a figure from my Excel spreadsheet and I didn't notice that there was a trailing whitespace.  When I clicked the submit button, the BDO web application complained about amount should only have 2 numbers after the decimal point.  It took me some time to realize that it was treating the blank/whitespace as another digit!!!  Surely trimming whitespaces is really trivial when it comes to field validation.  But no -- I have to manually delete the space so that the system will not think there are 3 digits after the decimal point.
As far as I can tell, BDO's system runs on Java.  I know because there have been times when their site would return a very descriptive error showing a JVM stack trace. :P

Tuesday, January 27, 2009

The LGV Home Theater Mystery Solved

For some time now, we've been wondering why the door of our home theater "mysteriously" gets locked.  According to Yaya, she never locks it.  And Cols always think that I'm the one locking it.  I've been tempted to review the DVR recording just to see why its locking itself.  Of course, Cols has her usual "haunted" theories, which I don't really buy.

Anyway, today, I was transferring some camcorder recordings to the Philips DVDR, for further burning to DVD-ROM.  Then Ethan and Yaya came in.  That's when I noticed that when they open the door, they push it all the way to the wall.  Since there is no door stopper, the door handle bumps the wall, which in turn, causes the lock to be pressed.  Voila!  That's what is causing it to lock!  So that finally disspells Cols spooky theory.

From LGV House Blessing

Monday, January 19, 2009

My First Ride on the MRT

I had a meeting at Taipan this morning. Since its a car coding day, the driver just dropped me off. After a meeting, I walked to SM Mega Mall for lunch at El Pollo Loco. I haven't eaten there for quite some time since I rarely go to Mega Mall. It has always been one of my favorite fast foods.

After lunch, I decided to take the MRT to Makati. The MRT station is connected to the Shangri-La Mall. So I had to take a short walk from Mega to Shangrila. If you're walking along EDSA, you don't have to go into Shangri-La itself because there is a stair accessible from the street going into the station.

The elevation of the MRT tracks on Shaw is quite high. In fact, the long staircase going up is divided into 5 sections. The first section is a mere 10 steps or so. Then after that, its 4 sections of 20 steps each. That gives you a total of about 90 steps to reach the station platform! My hamstrings got a good workout climbing the steps.

The fee was quite modest -- only Php11 from Shaw to Ayala. I did not have to wait long for a train to arrive also. The train is well-ventilated. Although the airconditioning is not that cold compared to trains in other countries, it was pretty decent. There are good air blowers inside the train to circulate the air.

There were 3 stops before Ayala (Boni, Guadalupe, Buendia). One thing I noticed was the stations do not have markings on what the next step will be. There are also no indications inside the train showing which station you are in, and what is the next step. So you pretty much have to listen carefully to the audio announcements. Foreigners who are not used to Manila will probably have a hard time navigating our MRT system.

It was a relatively short ride to Ayala. Upon disembarking, everybody had to queue on 2 working turnstiles because the lady operator was fixing the other one. This led to a very long queue -- again, quite substandard by foreign comparison. The stations are also not airconditioned. :P

Saturday, January 17, 2009

Hacking Using Dictionary Attacks

There are recent news that Twitter was hacked using a regular dictionary-based attack. Since I recently took the Certified Ethical Hacker course, I got interested in looking around for dictionaries of common English words that can be used for such attacks. Popular password crackers like LOphtrack/LC4 and Cain & Abel use third-party dictionaries to do their brute-force cracking methods.

Here's a Google search query that returns listings of sites where you can download dictionaries. I have to admit -- some of my most commonly used accounts still use dictionary passwords. I should really get around to changing them one of these days.

Friday, January 16, 2009

TV Taping for Makisig Network

I went to Marikina City Hall first thing in the morning to settle some taxes. Then I headed off to the Timog area to meet with Roger at the Makisig Network TV station. The traffic was horrendous at Commonwealth (in front of the new UP-Ayala Techno Park) U-turn section. There was a cycling event going on at the QC Memorial Circle that took out 2 to 3 lanes that contributed to the monster traffic jam.

I arrived at the station about an hour late. Makisig Network is owned by the Herma Group and is carried by SkyCable on Channel 76. It targets mainly the male audience and most of the programs are sports-related. One of our PayEasy merchant GameHopper, produces a show there called Pinoy Gamer. Its a show focused on all sorts of video games -- from PC-based to console-based.

So in next week's episode (which is the one we're taping today), the show interviews GameHopper to talk about their business. GameHopper basically provides subscription services to its huge catalog of console games. This includes all the popular ones from Sony PlayStation 3, Nintendo Wii, XBox 360, to those played on hand-held consoles. The all-original games are delivered to the subscriber and he/she can play it as much as he/she wants. GameHopper wanted to expand their business so they are working with PayEasy to accept all sorts of online payment options.

The studio was not that big -- maybe 50 to 60 sqm. There were 3 cameras shooting us, and the floor director just gave us basic pointers in blockings: where to stand and where to look. Then the hosts took it from there. During the 5 to 10 min interview of GameHopper's operations guy, I was called in by the hosts to talk about PayEasy briefly. To watch my full interview from that episode, click here.

Wednesday, January 14, 2009

Face Recognition with Picasa

Picasa has this really eery technology called "Name Tags". It can go through your photos and find images of people who look similar. Finding a face in a photo must be a complex task from the point of view of a computer. While it may be obvious to a human eye, everything is just pixels from the point of view of a computer. So determining facial features must be a daunting task. But not only can it detect faces well, it can also figure out which faces look "similar". Then it allows the user to define a name tag to associate with that face.

Above is a screenshoot of Picasa finding several photos of Caitlin in my differenet web albums. Of course, it would be impossible to find her face in all photos from birth to 5 years old, but what it did find automatically was still pretty impressive. You still have to manually correct some of the choices, but it sure beats doing this manually one photo at a time.
It leads one to wonder what such a Big Brother-like technology can do. Can you use it to recognize a person within a crowd in real-time? I'm sure the US Dept. of Homeland Security or CIA would want to have such a technology that can do real-time scanning for suspected terrorists in high-density areas like airports, train stations, and so on.

Saturday, January 10, 2009

House Blessing

Tonight's the big night everyone's been excited about. We're having our official house blessing. For the past several days, we've been trying to get a priest to officiate with no luck. So we eventually opted to go with Rev. Lyons, the same pastor who officiated our wedding and a neighbor at Valle Verde. It has been raining the past few days. So for good measures, Cols rented a large tent to cover the paved driveway at our lawn.

Guests started to trickle in by around 5:30pm. Some of dad's guests arrived a bit earlier because we originally planned the priest to do the blessing late afternoon. Nibet Locsin was our official photographer. You can see her shots by clicking on the image/link below.

From LGV House Blessing

As usual, the caterer was Verleo (they seem to be one of the most popular ones in town). Dad donated a lechon. We probably had about 120 guests. A large part of our lawn was still unoccupied. I guess we can actually host more than 200 guests in the house if we wanted to.

Rev. Lyons arrived past 7pm because he had a church commitment in the afternoon. Once he got here, we started with a house blessing/prayer. Then we did the "traditional" throwing of coins around the house, and dinner started.

Our guests included relatives, neighbors, current and former officemates, our store managers, our contractors, etc. Dad invited another 30 to 40 of his friends. Caitlin invited two of her classmates -- Rogue and Zoei. The food sort of ran out for those who ate late (including me). I didn't get to taste the lechon anymore. :(

The party finished by around 10pm. Phew!

Friday, January 9, 2009

Our House Goes Online

My original plan for our new house's Intenet connection is to go through the same PLDT postpaid landline that we applied for. To my horror, I was advised by PLDT back in December that they do not have any DSL port left in our subdivision. She placed us on the waiting list (around #15) but cautioned that they do not plan to expand their DSLAM until there is a couple of hundred requests because such an expansion supposedly costs more than a million Pesos.

I went to check with Globe because Marikina is also their service area and our store is using Globelines DSL. The lady at the Globelines center in Blue Wave told me that they only have facility in the main Marikina area. Since LGV is in the edge (pretty much at the Quezon City border), they can only serve us through their wireless landline facility -- which is pretty useless for DSL purposes. (In any subnote, our Globelines DSL at the store has been really, really slow as of late. Its almost unusable even for GMail.)

My next attempt was to plead my case at the Bayantel office also in Blue Wave. Nobody there seem knowledgeable about DSL because they only sell their wireless landline service through that office. They told me that I'm the only person who has been to their office asking for DSL since they do not have wired facilities in Marikina, not being part of their service area. Nonetheless, the male customer service representative there (Rudolph) was very helpful. Since we're at the border of QC and Marikina, they can possibly string a line over. I just have to furnish him with a reference Bayantel telephone number in our area so he can check which CO can service us.

I checked with Grandma if they have a Bayantel number. Luckily, they *HAD* one, but already had it discontinued a couple of years ago because Bayantel lines then were very hard to contact from other telcos. It took her a couple of days to recall that number, but once I had it, I brought it over to Rudolph who initiated the site survey request through their contractor. I made a PHP1,000 installation payment and promptly enough, after 3 to 5 working days (well, it felt very long because of the long holidays this year), their contractor arrived and installed our DSL today!

The speed is pretty decent. I was expecting the worst because we had a client (Gadgets Magazine) who was using Bayantel DSL facilities just along Katipunan and had a horrendous experience with their speed. They're not as cheap as PLDT which bundles their DSL with landline for something like PHP990. Bayantel's DSL is P895 (or is it P899) but does not include a landline. To get a landline with it, you have to pay extra. I think it totals to something like PHP1,300. Anyway, I opted to get a Bayantel wireless landline insteads so we just went with the unbundled DSL.

I'm not sure as to the exact rated speed of Bayantel's DSL. I think its supposed to be 728kbps or something like that (I think PLDT's entry level bundled PHP990 is 384kbps?). But a customer service lady called me a couple of days later and told me it has a "speed-on-demand" feature that lets you burst up to 1280kbps between 10pm to 6am. To avail of it, you just have to add the suffix "@sod" to your PPPoE login id. Not that I surf at night, but I guess it can come in handy if I start to do Bittorrent downloads overnight. hehehe...

Monday, January 5, 2009

How Much Google Top Ranking is Worth

Here's an interesting info I got from an SEO newsletter that I subscribe to -- Google makes US$37.7 million a day with its ads! That comes out to US$3.4 billion in ad sales per month!

Wow! No wonder those guys are buying companies left and right and have a deep war chest for seemingly non-profit R&D. Who would have guessed years ago that search could be this profitable. Certainly not even the Google Guys (at least, if you read The Google Story).

Thursday, January 1, 2009

A Rainy New Year's Eve

We held the annual family New Year's Eve gathering at our new house last night. Cols cooked a couple of dishes; mom did too; Leslie did the dessert; and Dad ordered for the lechon and sotanghon. Food was served and we had dinner at our Lanai. Kenneth came over to spend New Year's Eve with us because he was doing practicum at a hospital while the other siblings of Cols all went home to Gen San for the holidays.

After dinner, everyone went home to spend the eve at their respective homes. Although Dad kinda wanted to have everyone stay here at LGV, Mom insisted that she has to be home for New Year's Eve as it is her tradition to shake her piggybank. So Nikki, Les and William went home with them.

The weather has been muggy the whole week, and it drizzled tonight. I can't remember the last time when New Year's Eve was raining. Although it would rain a bit, it somehow always stops by midnight so the fireworks merrymaking goes unimpeded. But for this year, it rained all the way to midnight (but not that hard). So we limited our fireworks at our garage (not that we had that much firecrackers). During the merrymaking, I crossed the street to meet-and-greet our neighbor next door for the first time.

From LGV New Year's Eve