Low voice and with wisdom

Did you know that there are 12,000 South Korean missionaries prowling around the world looking to save your soul?  I didn't either, although some do show up at our doorstep at least couple times a year.  Ohmygod!  They know where I live!  I guess efforts of American missionaries who dedicated their lives in Korea early on are finally paying off big.

Kim Sun Il, the first Korean to be beheaded in Iraq, was one of the 12,000.

"He is a martyr to God's glory," said Mr. Moon of the research institute. "Korean missionaries are eager to do God's work and glorify God. They want to die for God."

I think media publicity like the NY Times article is not inline with their low voice and with wisdom approach though and could get more of them killed.

P2P Turning Point

This is what is going on in the P2P world this moment.  BitTorrent is the king of P2P world.  BitTorrent download rate is one to two order of magnitude faster using BitTorrent than other P2P technologies.  For example, what typically takes a couple of weeks to download via eDonkey2000 takes only half a day to download via BitTorrent.

Unfortunately, torrents are not easy to find as other P2P technologies.  So if you want to download something in particular, you have to google around or find some BitTorrent search site.  Since BitTorrent is most effective at the very edge of what is hot and Google is not so hot in that space, you are out of luck unless you are a member of a hot BitTorrent site.

The ideal solution would be to distribute BitTorrent seed files on other P2P services such as eDonkey or Gnutella but those services currently don't handle indirections too well.  Once they do, the flood gate will open and it won't be just RIAA screaming but the Hollywood itself.

Win32 Firewall Hook

If you are a Win32 developer, this article on the scarcely undocumented firewall hook might interest you.  Unlike the network filter hook which supports only one system wide hook, multiple firewall hooks can be installed to monitor network packets.  Neato.

Red Sox

Not being a baseball fan, I probably watch no more than a couple of baseball games in any given year, but this year I watched 8 consecutive ballgames.  That's right, I started watching after Red Sox lost the first 3 games to Yankees.  Why?  Because, if an amazing story was about to unfold, the fourth game against Yankees had to be the game where it starts and I had a feeling the impossible was about to happen.

One after another, I enjoyed the excitement and the thrill continue on until the happy ending tonight.  My thanks to Red Sox for the amazing 8 games and heartfelt congratulations to generations of Red Sox fans who persevered despite all those years of agony and frustrations.  They must have felt it as I have.  There was a smell of magic in the air throughout the eight games I watched and, tonight, even the moon winked.

I'll cherish those moments as I am sure all those who watched will.


I haven't been blogging much this week because I have been busy with work and my own projects.  BTW, I am planning to release soon a preview of a new server-side news aggregation technology built around a handful of interesting ideas.

Abuse of Power

While the technologies of electronic goods have improved over the past decade, their quality have dropped to a point where it is not unusual to see things stop working after just a year.  It seems to me that analog and mechanical parts break down way before digital parts do: switches, latches, wires, power adapters, etc.

For example, AC power adapter for my laptop became unreliable in six months of use.  My typical yet odd state of being busy and lazy at the same time meant I would just wiggle the thing until it worked.  After three months of wiggling, it died.  In the course of trying to breath life back into it with ducktape, I found out that outter mesh of wires was torn somehow.

So I went to Fry's and got Targus universal AC adapter which came with a handful of 'power tips', each tailored for a particular brand or model of notebooks.  One of the tips worked with my laptop.  Again, after just a few months of use, I was back to wiggling to make it work and things went downhill from there to having to do an emergency surgery on the power tip at 3AM.

Once you open up something, it's open for good.  The power tip was designed wide for some unknown reason and was getting in the way of another port right next to the power port.  So I chopped off one of the sides and ducktaped the result.  Today, not the usual wiggling ritual would work so I did another surgery.

Afterward, I could see that there wasn't much life left in it so I ordered a couple more power tips as well as a spare power adapter.  While ordering, I found out that the power tip I had mangling into use was not the right one for my notebook.  Oops.  Feeling sorry, I gave it a name to apologize for my abuse of 'power'.

Here is Igor the Tortured Power Tip:

When Igor's replacements arrive, I will give it a decent burial at sea.  I am sure my gold fishes will make excellent tomb guardians.

Goodbye to Passport

Looks like Microsoft's battleplan for Passport is in full retreat.

Several years ago, I integrated Passport with 3D-Secure so online credit card users can use Passport to approve online credit card transactions.  It worked well and some banks expressed interest but nothing came of the project because of all the bad press surrounding Passport.  Of course, Passport guys didn't help much either other than complaining about their cost and getting pushy with .NET adoption.

I also designed a P2P payment system on top of it but, thankfully, never got around to building it.  Otherwise, I would have been pretty upset by now.

The good news is that a class of vulnerabilities in Passport prompted Microsoft to add HTTP-only cookie support to IE.  Hopefully, support for HTTP-only cookie will become ubiquitous in the near future.


Using JDBC directly can get tedious fast, particularly when the database schema is in flux.  Many Java developers use Hibernate, but I prefer to work closer to the metal.  If you are like me, you should take a look at iBATIS (I, Bad Ass?).

Below is an example of iBATIS SQL mapping definition:

<select id="getAddress" parameterClass="int" 

        ADR_ID           as id,
        ADR_DESCRIPTION  as description,
        ADR_STREET       as street,
        ADR_CITY         as city,
        ADR_PROVINCE     as province,
        ADR_POSTAL_CODE  as postalCode
      from ADDRESS
      where ADR_ID = #value#

And here is the Java code that uses it to fetch an address:

Integer pk = new Integer(5);
Address address = (Address)
    sqlMap.queryForObject("getAddress", pk);

Simple and intuitive yet flexible enough to get us into trouble.  What more can you ask for?

BTW, iBATIS for .NET was released earlier this month

Crooks in Plain Sight == Stolen Getaway Cars

Tim Bray equates phishing websites to crooks in plain sight which makes no sense and asks what he is missing.  Well, Tim.  They are not crooks in plain sight but stolen getaway cars.  Those websites are either zombies*, parasites*, or simply setup with stolen credit cards by crooks.

Phishers populate phishing websites with pages that mimic financial websites and a CGI that forwards submitted passwords and credit card numbers to a public channel such as newsgroups where crooks can recover the goods without leaving traces pointing back to them.  To prevent others from stealing the goods in transit, they either encrypt them or hide them inside multimedia files.

Fortunately, there are no efficient market infrastructures for stolen authentication devices yet.  So phishing currently impacts customer support most severely with each phishing attack generating high number of calls and emails for the targeted financial service.  But spear phishing** is expected to change that in the near future.

If you are interested in anti-phishing technologies, take a look at PassMark Security which offers a simple yet elegant solution.

Disclaimer: PassMark is a client of mine.

* I prefer to differentiate zombies from parasites by defining zombies as compromised home computers with broadband connection and parasites as hidden webapps running inside compromised public websites.

** Spear phishing is where, instead of targetting millions with generic attacks, phishers target just a handful of rich individuals with designer attacks based on target-specific information.