Sudan egg

Sudan egg is not referring to the eggs originated from Sudan, instead, it is referring to the eggs produced in China, where chickens and ducks are fed with food contaminated by Sudan (a form of industrial dye) to induce a reddish color in egg yolk. This case has been covered extensively in the mass media of Hong Kong (not sure about mainland China). Interestingly, CNN has an article today about how human evaluate risk wrongly. The idea is similar to what we learned from the Sudan egg incidence. The intake amount of Sudan to be fatal to human boday is equivalent to eating 200k eggs according to some authorities. On the other hand, eating meals from McDonald for 1 month consecutively can already damage your liver badly (according to the movie supersize me). Which one do general peopl more afraid of? I bet it is Sudan egg.... to be continued

HTML recommendation to combat against phishing

As we know, phishing activities are very active in the Internet nowadays. Such vulnerability of phishing is partly because we allow a user's password to be sent in its plain format to the server side; it makes the phishers able to collect username and password by setting up a fraudulent website that looks like a legitimate one and tempt the user to input their secret information. I am suggesting to add a new attribute within the HTML input element to improve what we are currently using (<input type="password">) for password input. The new attribute will be something like (<input type="challenge" param="some random string" value=... >).The browser will render this as a password box significantly different from what the password box we are using to indicate it is secured, and when sending out the data, it uses the value input by the user to encrypt the random string and send it back to the server.

As you can see, the idea here is to avoid sending the password in it's plain format to the server; instead, it is used to encrypt a string. Given a corresponding changes in the server side to generate random string with proper timeout period when user access their login page, and use the same encryption/decryption mechanism to check against the password, phishers can no longer harvest plain password but an encrypted form of it. This new HTML input attribute can guard against phishing activities nowadays to certain extent. How do everyone feel about this addition?

p.s. This scheme may be vulnerable to man-in-middle attack, where once a victim visit the page, the phisher contacts the legitimate site and asks for a random string, and passes on the random string to the victim. Once the phisher collects the salted password from the victim, it forwards to the legitimate site and gain the login control. This can probably be fixed by allowing the random string consist of the client and server IP (or some value derived from these two values), so that the client (browser) is able the tell the random string is sent from the server it is talking to.

Newly erupted Internet buzz word - browser shopping.

This activity is analogous to what we called "window shopping" in real life except that it is practiced in the cyber space. It refers to browsing product pages without actually buying them. It is predicted that more than 30% of the Internet activities are related to browser shopping and this number will be growing rapidly.

Congratulation! You have been chosen. Recently, I have started a campaign that will revolutionize information flow over the web in the near future, you have been selected as one of the few luckiest testbed. The name of this project is called "Parasitic blogging" . From the name of this project, you can see that it meant to live parasitically. Instead of posting articles on one's own blog, I propose to post them as comments of other blog (it can be your friend's blog). By reshuffling how information is hosted, it revolutionize the internet as a source of information. You no longer go to some particular authoritative source for information; instead, you gather them from everywhere, this will give you a more balanced view of opinions (which the world is currently lack of), polish your information gathering skills and make you a better researcher; at last, it favors the hard-working people who dig into different places and leave their personal digital traces.

You can always be one of the very few people who started an eruptive campaign that generate the next wave of Internet.

Everything has a beginning, must have an end.

Rossi, Tassotti, Galli, Baresi, Maldini, Eranio, Desailly, Albertini, Evani, Weah, Papin, Costacurta, Donadoni, Boban, Gullit, Massaro, Carbone, van Basten. How many of these players do you still remeber? May be you are not aware, there is a match today between Milan and Barcelona, no no, it is not the semi-final of European champions league, it is the retirement match for Demetrio Albertini. Interestingly, Albertini, being a Barcelona player currently, play in the side of Milan and scored a freekick.

Today, we all buried something in some place.

BRICs

BRICs (Brazil, Russia, India, and China) are four countires whose economic potential is such that they may become among the four most dominant economies by the year 2050. The thesis was proposed by Jim O'Neil, global economist at Goldmann Sachs.

....

The BRIC thesis is merely just that. Prediction of events in future has always been notoriously difficult. There are many uncertainties and assumptions that could mean that any of these four countries do not live up to their promise. The preeminence of China and India as major manufacturing countries with unrealised potential has been widely recognised, but some commentators state that China's lack of full democracy could be a problem in the future, as is the possibility of conflict over Taiwan. Likewise, the population of Russia is declining, and this may have implications for its future. The potential of Brazil has been speculated upon for many decades without amounting to fulfilling this potential. Factors such as international conflict, civil unrest, political policy, outbreaks of disease and terrorism are all factors that are difficult to predict and that could have an effect on the destiny of any country. India, China and Russia are all in disupte regarding territory for example. Nonetheless, the BRIC thesis is based upon thorough analysis of key economic indicators.

Recently, I choose one of Natalie Ng's photo as my wallpaper in the desktop computer in my workplace, well, she is gorgeous, isn't she?

The story is like this...... On Thursday July 21 2005 around 3pm, I left my cubicle for a while, and of course I lock my computer everytime I am away according to the company policy, thus the monitor showed, you know, Natalie Ng. When I was back, a colleague passed by my cubicle, due to the nature of human curiosity, he peeped into my cuibicle, without noticing that someone is watching him from behind (that's me, another peeper). Probably he was stunned by the beauty of Natalie Ng, even after he passed my cubicle, he walked back and peeped again, and this time was longer than the previous one.

As a considerate colleague, I then decided to use a blank wallpaper to avoid such embarrasing circumstance. Story end.

It's been a long time since my last entry. Ok, two things to put down here.

1) Why my interest to blog (seems to be) decreased? (If not interested, jump to 2)
Everytime I think of something to write a blog entry, I sort of undergo a filtering process, judging whether this idea or thought worth to be in the blog entry or not. As time passes, I start to feel that let's do some other stuff, this crappy thing will just sink to the bottom without being noticed. This reason is also becuase I have read so many "JUNK" blog, I feel so disgusted (but still keep reading) why people (including me, yes I am a POS) keep putting useless content on the web, exactly like part of the lyrics in "the sound of silence"
people talking without speaking,
people hearing without listening,
people writing songs that voices never share.
Perhaps the last sentence should be re-written as
people writing blogs that thinkings never share.
But anyway, it's just like academia, having publications is at least better than no publication, a blog is still a blog.

2)Is my posting pattern predictable?
I HAVE BEEN working on modelling the posting pattern of bloggers for a while, what I have used is a periodic inhomogeneous Poisson model (sounds geek?). It basically said that people write blog in a quite regular pattern, usually at night 2AM when they are lonely, sleepless, best time for individual thinking and shit, thus we should learn this pattern and schedule to retrieve them for supporting a live-feed news alert. However, is my posting pattern predictable (or at least periodic)? Absolutely not, period. So, what to do with it? Seems having the bloggers (or blogging software) to notify others that they have new entries is a elegant solution. Olston et.al have proposed similar ideas in the paper "Best-Effort Cache Synchronization with Source cooperation". Though it seems to me that such large-scale cooperation in Internet scale seems infeasible, the world is changing so fast, google has just enrolled this webmaster sitemaps service. Basically, as a webmaster, you like your website to be visible, well use this service and google can guarantee your site get crawled whenever you have new things added. If you don't do this, fine, no one care about your website then. Come on, give me a break, is this a really win-win situation? Seems yes, websites get visibility, google can provide better service, everyone is happy. Yes, it is really a win-win situation, but I feel a bit worry. This reminds me of the documentry called "the corporation", In modern world, there is something called the corporation, they gather a lot of human resource as a giant machine, they sort of posess human rights (they can own land and properties, they can sue people and shit), we are living with these giants together, if we are not inside one of these giant machine, basically, we are dead meat, not competitive at all, waiting to be eaten (or be converted to some part of them). I hope I am not jumping too far away, but what I worry about is that search engines in general have become so influential that you'd better work closely with them, otherwise, you are out of the game. Returning to this new Google "service", webmasters creates content and provide information to Internet user, who is the eventual benefitor of this "service"? Google of course, they can provide more updated information, improving the search result, attracting more users.... why not webmasters get paid for using this "service"?