Cancer?

If someone tell me that cancer is an alien bioweapon sent to destroy humanity of earth, I would believe it. Something that causes your own body to destroy itself from within, that leverages on the diversity of humanity to create diverse variant of itself, is sinister.

The cancer that I’m currently familiar with strike indisriminately. It survived surgery and a cocktail of chemotheraphy and returned with a vengence. It teases us that we did all we can in vain, and now it is back to finish the job.

Many would say that the family is mature, with multiple healthy generations, and death is a part of life, that we would, should, be able to accept this. I do not deny that logically it made sense; but can’t help feel that it rings hollow. The same logic that we shoud not need to worry because time never stop for anything and thus, it will all pass.. so dont do anything? I’m sure the good people at the hospital ER agrees with me.

I see cancer as a monster. It is not satisfied attacking just one body part but moves on, mutates and comes back. It doesnt have a clear treatment, no clear direction what it will target next until you see it. It does nothing except turn everything of its host into more of itself.

A morbid thought, considering what it does. Is it forming a new lifeform that can survive indefinately and be harvested by the alien overlords as biofuel?

Cancer

I had read enough about cancer to know that there are always new variants being discovered, and new treatments to combat them. News and articles about cancer always felt distant and cold, something that healthy people read about.

Until it affects someone you love.

Suddenly the conversations are filled with emotions and pain, disbelief and efforts at staying positive, suggestions and alternatives. Somewhere, someone smart would have categorized the emotional stages cancer patients and their family members go through and you can read all about them, but for me, it’s all about the end of the story.

Would it end up as a glorious chapter where lady luck smiles upon us and this cancer gets banished into one of many life’s chapters to be told like war stories, or does it ends up with everyone deciding on limited choices to get the best outcome?

I fear the answer is more of the latter.

As I’m typing this, it’s at the end of multiple never-ending tiring days. I will continue when I have more time to write further.

One year’s a gap, two year’s late, three year’s a trend.

“Yes I can hear you, can you hear me?”

This question is the most oft-repeated phrase for the year 2020, and potential for the rest of 2021 as well. It’s a sign that people from all walks of life are dragged screaming and kicking to the digital age but I can’t say the same for the infrastructure serving them.

Why can’t there be a green wave form under everyone’s profile picture when their speaker is playing; and an overlapping red wave form when their mic is recording? That way one can quickly see who’s able to hear and who’s forgotten to mute their mics.

William’s brain interruptions, 2021

How single character passwords became common place

You might think the title of this blog is such a click-bait! Who in the world would dare use a one character password you say! This dude is rambling again on a beautiful afternoon!

Well only the rambling part is true, as with all my posts I can only blog when I have settled life’s many priorities.

But back to the title, it is no joke for I see more and more users going down this path of using a single character password to protect their most treasured banking transactions, access to their mobile phones etc.

I’m talking about the use of fingerprint based biometric logins. (I have previously blogged rambled about this.)

The similarities I see with using a single fingerprint that can easily be stolen is comparable to using one character key from your keyboard as your password. In some cases I think the keyboard method might actually be safer! Here’s why:

One Character Password:

You have to guess 1 out of 94 characters.

(Assuming 26 upper case, 26 lower case, 10 number and 32 symbols).

Fingerprint:

You only need 1 out of 10 fingers *

(*Available all over your coffee mug and on the phone itself! Don’t ever think just because it’s unique it’s safe.)

So referencing my previous post on how safer passwords involve length and complexity; it’s funny why a single fingerprint is still acceptable when a single character password is not. I strongly vote for someone to give me an option to use multiple fingerprint combinations per login attempt!So hypothetically if your mobile phone is stolen, I just have to find out which of the 10 fingerprints is registered, and probably guessed it’s your right index finger. Instead if you use just one character on your keyboard, I would have to guess which of the 94 is true!

PS: Apple iPhone X is out! No more fingerprints! But now any 3-letter-GOV-agencies don’t even have to force you to remember your passwords or pull your fingers off to scan. They just have to show you your phone and say “Do you recognize this phone? *unlocks* Thanks we’ll take it from here.” Great!

Late night thoughts

It’s been a while since I wrote and I wanted a place to write, someplace where I used to belong and left abandoned, like going back to your childhood playground and realizing that the swing set is still there; and you can’t help but have a go just to see how it feels.

I wouldn’t call what I’m about to do serious writing (like penning for a novel) but likely similar to a random scribbling of thoughts on paper/screen. If technology advances to a level where a mind map can be generated in real time, my map right now would look like a bunch of spaghetti sparsely spaced with meatballs of vague ideas.

So, about life. Kids are doing ok so far. Any new parents (hopefully) would think of the world for their kids, that they will grow up being someone useful to the world. My thoughts aren’t as grand so far. It’s amazing how my wishes for them are as small as baby steps (literally). Growing from wishing they were born safe and sound, to having normal limbs and even number of digits to not having blemishes or birthmarks.

Right now I’m anxiously mapping their growth rate based on wonderfully “all babies develop at different rate disclaimers” wall posters. But still it’s a good way to see what’s coming and where I can help to make I MYSELF more comfortable with what and where they are currently at in term of cognitive and brain developments.

Everyone says that with time, everything will pass and it’s often with fondness and memories when we look backwards. For me, I disagree. Looking at how things were, I have fallen deeply into the trap where I get no time to rest until they have kids of their own (or maybe even till much later). I might not even have time to sit down and think about the good old days since all parents (yours truly included, now) will end up worrying about their kids until their ripe old age.

OK maybe I can chill a little when they learn how to talk and walk.

 

 

Lost, and found my luggage

I came back recently from a trip and had the misfortune of losing my luggage. Amongst the many things lost are souvenirs and items with sentimental values.

There was initial confusion on my part over where it may have gone, whether it would be in the large luggage conveyor or with customs or stolen! But when I passed my barcode to the airline staff, the confusion was on them as well.

You see, I thought the barcode was linked with both the departing and arriving airports. Kinda like how you can scan it and track your baggage like a parcel from FedEx. However in reality it does nothing except tag your luggage with a reference number. So when it goes missing like in my case, there’s a reference number they can use.

They are not able to tell me if it left the departing airport, or arrived, or was still stuck with customs. All they can do is email the departing airport with the reference number to check if it left the country. I was told to wait for news in 2-3 days and after that, file a missing luggage report.

Monetary compensation is one thing, but souvenirs and sentimental items are priceless. Not even MasterCard can pay for those!

So that got me thinking, what is there to prevent the airline from not knowing and informing me that the luggage did not go on board? If there are systems to identify a passenger isn’t on board, and to unload the checked in luggage, why can’t the opposite happen?

It would be so stupid to know I flew 8 hours back and all this time my luggage wasn’t with me. Worst that could happen is the luggage actually goes on a world tour without me. Now imagine what if the contents are not declared safe for some countries like NZ or Australia?

I eventually got it back 2 days later. Seems like no one can tell why it was left unloaded in the cargo area, sitting there looking pretty; but it was then loaded on the next flight and reach home. There was some perishables inside which is a write-off, lucky I have insurance for that.

I know it’s not the airlines fault rather it would be the airport ground crew, but it does leave me a bad taste that the plane took off without my luggage and no one know about it.

Thoughts on Phishing

Similar to the theme of my previous post (one year ago, shame on me), I felt that the world had moved on to what I’d call second generation Phishing. Phishing 2.0?

Previous iteration of Phishing had victims visiting bogus websites but the 2.0 version acts as a proxy so that your first transaction does go through (say if you want to check your bank balances). What it does then is to silently steal your login & password. No word if any malware boasts that they are successful (Ha! In your face! Victim!) 

TAC messages are used by some banks to prevent this but nothing solid is really in place to prevent a proxy Phisher from asking for it anyway. When the malware / Phishing website has your trust, nothing will stop it.

See: Zitmo (Zeus In The Mobile)

So it occurs to me that Phishing extends to mobile apps as well. Speaking to industry players in the mobile app development world and IT Security guys, it seems seldom does a company (banks, cinemas, airlines etc) implement mechanisms to identify the integrity of the mobile app talking to their servers.

We have seen SecureWords (those little pictures or words you select during registration) that pops up before you login, to tell you the company is trusted and is not someone else. But nothing to tell the company that the application is their own.

In my ramblings to my colleagues I always challenge why is it so hard to develop some hashing functions that gets passed along to the server to say “yep, I’ve not been modified or imitation in any way” (simplifying it greatly just to prove a point, the detailed steps is probably too technical).

I feel there’s lots more that can be done both on education and technical implementation to deter Phishing, but I’m from the camp that believe that even if a user is not educated (I always use my grandma in presentations, sorry Grams), the technical controls should prevent it. That’s called serving the 18 to the 80.

Just to share something recent: When I was registering this address, I was also paying my income tax. The first website I went to was htp://www.lhdn.gov.my. Now imagine my surprise that it’s actually for sale. The official site is http://www.hasil.gov.my. Now it’s income tax filing season, if I can make that mistake, what is there to stop me from registering the site and use it to Phish for login credentials?

Fingerprint as login is not a bad idea, but current implementation is

Today’s news has been about how bad an idea was to use fingerprint as a login mechanism (Ars Technica). Apple’s iPhone had a similar mechanism and it was broken in 48 hours by someone swiping a lifted fingerprint (Ars Technica, again). Mythbuster had an episode whereby the latest in fingerprint locks (fingerprint+pulse+heat+skin conductivity) was broken by having someone lick a plastic mold of a fingerprint

In short: Passwords can be changed, fingerprints can’t.

But I disagree that fingerprints can’t be used as a convenient way to grant authorized access. It’s only the current implementation made it simple and easy to break. Sure you leave fingerprints all over the place, and once someone has your prints it becomes impossible to change it. But no one say it has to be just 1 print per scan. 

A better way would be to adopt common good password practices, instead this time we apply it to number of fingerprint swipes.

  • Password length = fingerprint swipes
  • Password complexity = random fingers (we have 10, take a pick)
  • Password history = length + complexity combo history
  • Example: Fingerprint password of 3 length + complexity = Left Thumb -> Left Middle -> Left Pinky finger. 3 swipes.

This way even when someone has your prints they have no idea which finger you use, for how many swipes, or in what combination.

Problem solved.