Monday, January 17, 2011

如果你相信IMDB Top250的用戶評分和 The Wisdom of Crowds,豪無疑問,當Inception被提名金球獎最佳影片的同時The Social Network獲獎確是一人得道,雞犬升天的終極示範。不是想說The Social Network有多爛,如果要頒給它一個獎項,在Facebook上進行用戶投票而在虛擬世界上得到一億個"like"會來得更創新和名符其實。上帝要讓你滅亡,必先讓你瘋狂,May God bless Facebook....and Golden Globe

Sunday, November 26, 2006

Sudan egg

Sudan egg is not referring to the eggs originated from Sudan, instead, it is referring to the eggs produced in China, where chickens and ducks are fed with food contaminated by Sudan (a form of industrial dye) to induce a reddish color in egg yolk. This case has been covered extensively in the mass media of Hong Kong (not sure about mainland China). Interestingly, CNN has an article today about how human evaluate risk wrongly. The idea is similar to what we learned from the Sudan egg incidence. The intake amount of Sudan to be fatal to human boday is equivalent to eating 200k eggs according to some authorities. On the other hand, eating meals from McDonald for 1 month consecutively can already damage your liver badly (according to the movie supersize me). Which one do general peopl more afraid of? I bet it is Sudan egg.... to be continued

Wednesday, May 24, 2006

HTML recommendation to combat against phishing

As we know, phishing activities are very active in the Internet nowadays. Such vulnerability of phishing is partly because we allow a user's password to be sent in its plain format to the server side; it makes the phishers able to collect username and password by setting up a fraudulent website that looks like a legitimate one and tempt the user to input their secret information. I am suggesting to add a new attribute within the HTML input element to improve what we are currently using (<input type="password">) for password input. The new attribute will be something like (<input type="challenge" param="some random string" value=... >).The browser will render this as a password box significantly different from what the password box we are using to indicate it is secured, and when sending out the data, it uses the value input by the user to encrypt the random string and send it back to the server.

As you can see, the idea here is to avoid sending the password in it's plain format to the server; instead, it is used to encrypt a string. Given a corresponding changes in the server side to generate random string with proper timeout period when user access their login page, and use the same encryption/decryption mechanism to check against the password, phishers can no longer harvest plain password but an encrypted form of it. This new HTML input attribute can guard against phishing activities nowadays to certain extent. How do everyone feel about this addition?

p.s. This scheme may be vulnerable to man-in-middle attack, where once a victim visit the page, the phisher contacts the legitimate site and asks for a random string, and passes on the random string to the victim. Once the phisher collects the salted password from the victim, it forwards to the legitimate site and gain the login control. This can probably be fixed by allowing the random string consist of the client and server IP (or some value derived from these two values), so that the client (browser) is able the tell the random string is sent from the server it is talking to.

Monday, April 24, 2006

Newly erupted Internet buzz word - browser shopping.

This activity is analogous to what we called "window shopping" in real life except that it is practiced in the cyber space. It refers to browsing product pages without actually buying them. It is predicted that more than 30% of the Internet activities are related to browser shopping and this number will be growing rapidly.

Wednesday, March 15, 2006

Congratulation! You have been chosen. Recently, I have started a campaign that will revolutionize information flow over the web in the near future, you have been selected as one of the few luckiest testbed. The name of this project is called "Parasitic blogging" . From the name of this project, you can see that it meant to live parasitically. Instead of posting articles on one's own blog, I propose to post them as comments of other blog (it can be your friend's blog). By reshuffling how information is hosted, it revolutionize the internet as a source of information. You no longer go to some particular authoritative source for information; instead, you gather them from everywhere, this will give you a more balanced view of opinions (which the world is currently lack of), polish your information gathering skills and make you a better researcher; at last, it favors the hard-working people who dig into different places and leave their personal digital traces.

You can always be one of the very few people who started an eruptive campaign that generate the next wave of Internet.

Everything has a beginning, must have an end.

Rossi, Tassotti, Galli, Baresi, Maldini, Eranio, Desailly, Albertini, Evani, Weah, Papin, Costacurta, Donadoni, Boban, Gullit, Massaro, Carbone, van Basten. How many of these players do you still remeber? May be you are not aware, there is a match today between Milan and Barcelona, no no, it is not the semi-final of European champions league, it is the retirement match for Demetrio Albertini. Interestingly, Albertini, being a Barcelona player currently, play in the side of Milan and scored a freekick.

Today, we all buried something in some place.

Monday, October 31, 2005

BRICs

BRICs (Brazil, Russia, India, and China) are four countires whose economic potential is such that they may become among the four most dominant economies by the year 2050. The thesis was proposed by Jim O'Neil, global economist at Goldmann Sachs.

....

The BRIC thesis is merely just that. Prediction of events in future has always been notoriously difficult. There are many uncertainties and assumptions that could mean that any of these four countries do not live up to their promise. The preeminence of China and India as major manufacturing countries with unrealised potential has been widely recognised, but some commentators state that China's lack of full democracy could be a problem in the future, as is the possibility of conflict over Taiwan. Likewise, the population of Russia is declining, and this may have implications for its future. The potential of Brazil has been speculated upon for many decades without amounting to fulfilling this potential. Factors such as international conflict, civil unrest, political policy, outbreaks of disease and terrorism are all factors that are difficult to predict and that could have an effect on the destiny of any country. India, China and Russia are all in disupte regarding territory for example. Nonetheless, the BRIC thesis is based upon thorough analysis of key economic indicators.

Thursday, July 21, 2005

Recently, I choose one of Natalie Ng's photo as my wallpaper in the desktop computer in my workplace, well, she is gorgeous, isn't she?

The story is like this...... On Thursday July 21 2005 around 3pm, I left my cubicle for a while, and of course I lock my computer everytime I am away according to the company policy, thus the monitor showed, you know, Natalie Ng. When I was back, a colleague passed by my cubicle, due to the nature of human curiosity, he peeped into my cuibicle, without noticing that someone is watching him from behind (that's me, another peeper). Probably he was stunned by the beauty of Natalie Ng, even after he passed my cubicle, he walked back and peeped again, and this time was longer than the previous one.

As a considerate colleague, I then decided to use a blank wallpaper to avoid such embarrasing circumstance. Story end.