Life For Rent

I was watching CSI last night on DVD. I can see why so many out there are hooked onto it. The wonderful forensics team who speaks with the dead, pieces together what happened and submits their findings as evidence. One has to note that the job of a CSI stops there. Prosecution of the suspect is up to the district attorney (DA) and the verdict is up to the jury/judge to decide. CSIs however, have to submit evidence that a jury can relate to.

Side- track a little. Singapore used to have a jury system but it was abolished. Why? Was it over a particular case where the spokesperson declared that the jury had a unanimous decision that the defendant was guilty of murder? After judgment was passed and the death penalty imposed, the jury had a little post court meeting session. They asked the spokesperson why he declared it was a unanimous decision, when in fact more than a few of them had doubts over whether the defendant was guilty beyond a shadow of doubt. The spokesperson said “Well I thought none of you were against it, so I assumed you were all in for it.” The sad fact is that it was NOT a unanimous decision, where unanimous means ‘everyone’. If just one of the jury members has doubts, or casts a ‘not guilty’ vote, the outcome would have been VERY different. Unfortunately, the sentence was already passed and there was no way it could be reversed, and so the defendant was hung eventually when the jury could not agree to a unanimous decision.

Singapore probably didn’t want this to happen again, nor do they want jury members who are not in the legal profession to get emotionally involved in a case. If one of the jury members does not condone capital punishment, what are the odds that he will pass a guilty vote even if he is convinced with the DA’s evidence? Members of the jury are ‘humans’ and it can be seen as a weakness or an advantage, depending if you were prosecuting or defending. How does one decide a ‘fair trial’ anyway? To have your fate decided by a single judge, or by multiple members of the jury who have no knowledge on law and basically passes a vote based on what they see hear and feel.

If Singapore had a jury system, the outcome of Took Leng How could have been very different. The same goes for the Vietnamese drug trafficker who was sentenced to death in a case last year. Rach and I were debating about it. She was not in for capital punishment at all. As for me, I chose to sit on the fence. I felt that we SHOULD have the death penalty, but NOT make it mandatory. In Singapore, you bring in 15g of heroine, you WILL hang. This is because the law states that it is a mandatory penalty. Same goes for murder. If one is guilty of murder, the person will hang. I say, keep the maximum sentence of the death penalty, but allow judges to decide if the person should hang or not, ie make it NOT mandatory. Interestingly Rachel told me, the attorney has the right to change the entire set of jury if he or she so wishes, once, before the court session begins. No reason is required. But the good thing is, the jury comprises of members from different races, religion, gender, sexuality (maybe) so the defendant cannot claim unfair judgment on the basis of racism or sexism.

Back to CSI now..

It was a case of a decomposed body found in a remote rural area of the city. Maggots and flies were all have a buffet literally. Cause of death was a single gun shot wound to the head, point blank.

During autopsy, X-rays revealed that the deceased had multiple facial injuries, including hairline fractures that dated years ago. Signs of domestic violence and abuse over a prolonged period. The crux of the case now lies in the time of death. It was hard to determine as the body was placed out in the open, exposed to the external environment. One of the investigators used the maggots found on the body as a way to determine the time of death. Interestingly, he found that the particular species found on the body, can only be found in city. Hence, the deceased was probably killed and wrapped up in the city, before being transported to the outskirts, where it was eventually found. He grew the maggots and when they turned into flies, he put the time of death to be 3 days before. The key suspect (the husband) could prove he was out of town 3 days back, and it was not possible for him to commit the murder. The case appeared to arrive at a dead end. What will it take to prosecute this guy? CSI then realized, when the body was found, it was wrapped in a blanket which may affect the decomposition rate. They did a live experiment with a pig, and revised the time of death to 5 days instead of 3, putting the suspect back into the case. However the DA was not convinced that the only circumstantial evidence is based on flies. He felt the jury is not going to be convinced with all the technical ‘mambo jumbo’ on how the 5 days was derived. What’s more, it was revised from 3 days to 5 days. How convenient! How accurate can this be? Putting myself into the jury’s shoes, I cannot convict a person based on maggots alone. There are too many questions and doubts.

So they went on to do ballistic tests on a gun and bullets that belong to the deceased, and found that the bullets he had discharged Teflon, which was found on the deceased’s hair. With that, they had enough to place the suspect under arrest and charge him with murder.

I note that, there were not witnesses, other than neighbors who heard gunshots from the house. So everything is based on circumstantial evidence, which can be very hard to prove beyond a reasonable doubt.

Blood stains were also found in the house, but the suspect had a reason for it. Now, I am just thinking, if CSI could recreate the scene of the crime and what happened moments before and after the bullet was triggered, it would help a lot. Ie, prove that the blood splatter on the wall, was a result of the shot to the head. If that can be proven, I think this case would go beyond any doubt. It also proves that the defendant was lying about the blood, and the missing bullet, and why his gun was cleaned. But I do reckon it is just the job of the CSI to submit forensic evidence. It is then up to the attorney to fight the case, the jury to decide if the defendant is guilty, and the judge to pass the sentence.

I always like to look at something from as many corners as possible. So when I actually execute an action, the risk of surprises is minimized. As a skeptic at birth, if I can convince myself, then chances are it will convince the others too. I love to question everything, which appears to mean if I were an attorney, I would be better off as a defense attorney than prosecuting a defendant. But neh, no law for me. I love freedom, and my life. Money? Who doesn’t love money. But I don’t love it enough to lose my freedom over.

Good morning! It is a monday and the prince is back with the weekly dose of technical journal writing here.

Today I am focussing on 2 things:

1 – Kernel level malware
2 – Quantum computing

—

What is a malware? Essentially it is a program that has malicious intent that runs unknown to the user. A lot of things come under this. Spyware, viruses, trojan horses etc. I can give you one example:

I send you a program, and tell you, hey this game is fun! Go try it. You download it from me, run it and play the game. And you tell me, yeah this game is better than WARCRAFT. And I go *LOL* and you go *LOL* too. You laugh because you are enjoying the game. I laugh because unknown to you, behind the game, runs another program. This program allows me to, say, see what you are doing, take over your computer, or join your computer into my botnet. Botnets.. ahh these are fun. When I add your computer into my botnet, it means I take over your computer essentially. Normally, your computer will join an IRC channel, unknown to you of course, unless you run netstat and see if your computer is listening or establishing a connection to an IRC port. Your computer will of course me one of the many thousands of computers I control.

Say tomorrow, I would like to bring the SGX down so no one else can access SGX to do online trading. I will execute a command via IRC, to command all my ‘bots’ to attack the SGX website. There are various ways to do a denial of service attack but essentially, the website will go down. In SGX records, they see thousands of computers attacking them. That means thousands of IP addresses which implies a DDoS of course. Can they trace me? Possible, but near impossible. The very most they can trace is all these innocent computers, including yours. Someone will have to take the game I sent you, perform a malware analysis and see what the actual program does. Most of the time, steps will be taken to demolish my IRC channel, hence end of the game, but who cares. I have already achieved what I set out to.

The above is an example of a trojan horse. Aptly named so, cause the ‘real’ program hides behind an innocent one (think about the story where a horse was given to a country, but unknown to the country, soldiers were hidden within the horse. They came out in the middle of the night, caught the country by surprise and wiped them all out.).

Moving on, anti virues can detect this malware. But you need to understand that anti viruses work at application level. My trojan is also at application level, and so it can be potentially detected. These days, malware writers are moving onto kernel level. A kernel is the core of an operating system. These are not only aimed to avoid detection, but to run using privileged access. This kernel way of coding malware basically runs as if it is part of the operating system. How do you change the code of an operating system? Now you can see how difficult and how potentially serious this.

Windows Vista? It’s kernal is OPEN to such attacks. Not only open, it is WIDE open. It’s windows defender failed to detect 84% of spyware and malware. In comparison, third party software fared better in detection. (Source : vnunet.com) For now, Microsoft has a patchguard, aimed to protect the core of the OS. The fact is, attackers will eventually find their way in. The truth is, not a matter of if, but a matter of when. The OS will then be totally defenseless, and security software will not be able to do anything to stop this exploit.

My advice? No OS is ever 100% secure. It is an endless fight between the good and the bad guys. The sad case, it is an endless war. We can only do so much, but we really can’t stop them. That is a fact. This is a case where the bad guys win. But they don’t have to win all the time. And even if they do, you don’t have to be involved.
–

Moving on, quantum technology..

Ahhh this is interesting, because it has been perceived as the next big thing. It has been researched for quite awhile, even before I was born. 30 years later, today, it appears to be in theory still, although experiments are ongoing. I don’t know a hell lot about it myself (move aside nanotechnology!) but this is worth looking at when I have time.

We all know the digital world is all about bits. Either a state 0, or 1. In quantum computers, qubits is used. The theory behind qubits have been around since eons ago by the way. Qubits can carry a state of 0, or 1 like in the case of bits, but can also be a superposition of both. This means, simultaneously occupying 2 or more states. (This is not analogue, which although is a ‘wave’ but a state is represented as itself, unlike a qubit where a single ‘point’ can have 2 or more states simultaneously, eg being a 0 AND a 1 at the same time). In short, what this means is, super duper (beyond super) computing power. Of course things are not so simple, but that’s an example of the result. By the way the term super duper is coined by myself.. haha

Security wise, having that power will render most, if not all current algorithms and encryption technology. Encryption that cannot be cracked with our current sets of computers today, will be cracked using quantum computers.

The theory behind it all is a little complicated but if you have time, go dig out quantum computers, and quantum cryptography. If you are interested of course.

The computers of tomorrow won’t be using transistors anymore. But Quantum computers are a different thing all together. Do we really dare to mess with this? Hmm…

I read a friend’s entry on LJ earlier about the issues back home with who gets the car and all.

From experience, there can be at most 1 active and 1 passive way of car sharing. 2or more people cannot co-share a car actively. Active in the sense, requires the use of the car more than once a week, and/or will only take the car if it is available (ie, on standby. He or she does not vie for the use of the car).

There are no solutions. Even if everyone asks everyone else if the car is needed, quarrels are bound to happen. One is attending an important job interview or meeting. Another needs the car to buy and transport food for BBQ parties. While another has an important project presentation in the morning. Worst case, all 3 fall on the same time. What now?

Or they could fall within the same day, so there are different ’shifts’. Return the car by 1pm so the other can take over, then return by 5 so the other can take over. So much uncertainty, stress and problems all because of one car. Fights? SURE to happen.

Solution? No solution, other than selling off the car so no one gets it. Seriously, there are little ways to solve this amicably. Do you really wanna go out with the car and have to return it by 5pm, knowing that if your plans change/stuck in the jam you are gonna be screwed by a whole bunch of people? What if the petrol cost is split among everyone? Maintenance costs etc.

So you see, some things are not meant to be shared. Boy friends, girl friends, and cars, are some of them.

Worst still, something happens to the car and all starts blaming one another on who scratched the car and who spoiled the radio. In my opinion, an item such as a car, is not worth so many people losing their temper over.

Money money money.

I wanna fulfill my hub’s dream before our time is up on earth…

Watched the dreamgirls earlier with my hubs.. Felt like I was watching a concert or something. You know, like moulin rouge without all the rouge. Powerful voices indeed, great music. It is supposedly, the story behind The Supremes, but I found the adaptation more familiar with the musical of the same name.

Bought loads of stuff too. A new mozzie killer. It is those with the light and the electric grills that will fry any insect that touches it. This one comes with a fan so the insects are sucked into it too. Been getting mosquito bites when I get into my room and it REALLY irritates the hell outta me. Also bought a new swish swosh. hahaha that is what I call those things where you pour water into the container, add in anti bacteria solutions and the machine swishes the water so the scent permeates throughout the room.

I have this aromatherapy solution called OA aromatherapy. Anyone heard of it and know where to get it from?

And lots of people have been asking me what is the song I used on my friendster link. (It is http://www.friendster.com/charlesming by the way, for the uninitiated).

The track is by Da Hool – Meet her at the love parade.

Glad you enjoyed it!

Time to lou yu sheng! Later dudez..

Nothing much in the cyberworld today. Could be a good thing. Can also be a darn bad thing depending how you look at it.

Planning my next few courses and exams somewhere towards the end of the year. Gonna head to uob plaza later to open CDP and trade accounts. yeay yeay.

I think I have been sleeping weirdly for the past couple nights. I don’t know. My mind is processing something and it wakes me constantly. Yikes. Sashimi dinner over the weekend?

Wow. I survived CNY! Escaped from most visits, but gave out huge ang pows to ‘the big 3′. Larger and fatter ang pows than last year. Ah well…

We had one heck of a party at Powerhouse on monday, but I seriously must be getting old. I had a throbbing headache from the vodka and whiskey and champagne, but loved playing 5-10, and ‘hei bai qing’. The last time I played those was like a year ago during my peak clubbing season. I guess the company was fun, but some 6 hours into the whole thing we had to go. We were all gonna die or something already. Tired, groggy and stuff. The next day saw my tummy still recovering from that jello feeling while i ended up coughing and coughing feeling sick and weak and what not. My dear also appeared so. Are we really getting too old for all these? Despite the crowd, the lights and all, it still feels *yawn*.

In any case it is all over for now. Time to get back to ‘regular programming’. Am looking forward to my BKK trip. My first honeymoon? heh heh… I can’t wait.

But I need to head back to the tracks and the gym. Things are getting out of control…

Saw a friend’s LJ post and I thought the survey reflected him rather accurately. So I did one too.

The Keys to Your Heart

You are attracted to obedience and warmth. In love, you feel the most alive when things are straight-forward, and you’re told that you’re loved. You’d like to your lover to think you are loyal and faithful… that you’ll never change. You would be forced to break up with someone who was emotional, moody, and difficult to please. Your ideal relationship is open. Both of you can talk about everything… no secrets. Your risk of cheating is zero. You care about society and morality. You would never break a commitment. You think of marriage as something precious. You’ll treasure marriage and treat it as sacred. In this moment, you think of love as commitment. Love only works when both people are totally devoted.

A technical post from me again… and do read cause if you are online, chances are you have a broadband connection at home.

If you do use a router, PLEASE REMEMBER TO CHANGE THE ROUTER DEFAULT PASSWORD!

What someone has recently done was to create a web page. This is what potentially that can happen:

1. You did not change your router default password. So the password is still ‘admin’ or ‘password’ etc.
2. You surf the web, and unfortunately go into the malicious website.
3. The javascript code written on the page (it can be any page and you won’t even know what happened!) will attempt password guess attacks, and if successful, the attacker will be able to change your DNS settings.

*** What is DNS? DNS is like the phonebook on the internet. It matches IP addresses to domain names. In reality if you haven’t already realised, computers and routers do not understand what is www.yahoo.com or www.sillypore.com. When you key it in, the DNS server will search its lists and return the IP address associated with www.sillypore.com back to you. This is all transparent to the end user. Just google or wiki DNS if you wanna know more on how it works.

4. The attacker can then overwrtie the DNS setting inside your router, to one of his choice. Uusally he will put his computer IP address as the new DNS setting.

5. So what happens is that when you attempt to go to say www.google.com, it will pass through his computer. He can either collect info on what you are doing (forward your web request out to the real server) or he can return you a fake page. When you key in www.google.com, you get the webpage, but it is NOT the real google. The google webpage is coming from his computer. What if you were surfing a webpage that requires passwords and usernames? Security can be easily compromised.

In a corporate network, this is very serious indeed. But of course, the passwords corporate networks have are strong. The impact is just as high for home users though. Just 1 webpage, with the javascript encoded, ALL routers are vulnerable. You can imagine if I can pull a lot of people into my website.

Oh hang on. I don’t need to do that. I can inject a javascript into any website if their server has vulnerabilities. Using cross site scripting, a perfectly legit webpage like google.com can contain my javascript. And you do know how many people visit google..

So be street smart. I have a website that I come across. If you pass the 20 questions, chances are you’re pretty alright. Provided you also know the importance of a strong password. Many of us do but are too lazy to implement it. Well, you just have to weigh the risks yourselves.

Goto http://www.yorkshire-safe.org/

Click on Security Self Assessment.

Happy surfing!

Ah friday..

Had a very busy work week. Not just at work but more of assessing my own needs in terms of savings and investment needs. I had a lot of reading to do, since I’m someone who couldn’t tell the difference between insurance, investment and savings where all 3 are entirely different things and serve different purposes. And then you have life insurance, term insurance. You have cash back options, you can invest using CPF, or in cash. So many things! I have just about learnt the basics, enough to make an informed choice. I have decided on my savings plan. Assessing investment plans is gonna take a while cause there is a lot to look into, plus I strongly feel once my income is protected, I am in a better position to go forth.

What are my priorities? Unlike many of you, I feel insurance is not beneficial to me for I do not have dependents. That is the main fundamental of insurance. If you have no kids and all, why have insurance? The pay out on death does not benefit anyone. Other than parents, family, and partner, if you so choose.

Death is not an issue to me. What is my top priority is disability. Should I be disabled (touch wood!), my earning power is gone. My earning power is THE ONLY source of income thus far, and I must protect that. When you are disabled, you have medical bills to pay etc. Basically if one just dies, that is the end of story, potential loss of income (if death occurs before the prime of one’s life) can run into hundreds of thousands, but that is all. If one cannot work due to disability or illness, not only that income is affected, but you have to pay for medical bills and treatment. Terrible scenario!

Some may choose to have term insurance then, to keep them going till age 45, or 65 in some cases after which the policy will cease with no cash back. The advantage of it is that it has a very low premium. Upon death/disability, the payout is at sum insured, but only if you die or get disabled.

Life policies on the other hand may run till age 99, but policy matures at 65 although you are covered for critical illnesses and death but not disability (for some policies),

Some choose this as they wonder, in their old age who will take care of them if they get sick? The older you get the higher the chances of getting ill. There are many medical schemes, eg medishield etc that will take care of hospitalisation charges. You won’t get one lump sum payout upon diagnosis, or death though unlike wholel ife insurance policies. But.. do I really need a pay out? If I am dead, no one stands to gain that is for certain. Maybe my partner, or my siblings but not me. I won’t need to guarantee my earning power at age 65 onwards cause technically I won’t be working anymore (hopefully!), So there is NOTHING to really protect against.

During my income generating years, my partner is also working.. so my sum insured upon death throughout my life if any at all, need not be a lot. Hence I lowered my sum insured, to pay the same premium (if I had purchased a policy with a high sum insured) to get a lot more returns after 25 years of savings. The difference after 25 years, of putting in around 200 a month between a high sum insured and a low one can run into hundreds of thousands. Needless to say, a low sum insured is better for me.

I have hand picked 2 savings plan to run concurrently, which is one someone had worked out for me. Pretty good indeed. Suits my needs perfectly. Very good for homosexuals hahah… if you want a referral, get it from me. He has my stamp of approval for sure.

Investment wise.. long way to go. CPF should be invested at any rate higher than its current 3% interest in CPF. Anyway you can’t touch the funds, so you might as well invest it for higher gains. Pick a low-medium risk bond or fund for long term investment. Nothing wrong with a high risk one though. The decision is up to the individual.

Wow I am beginning to sound like a financial consultant, I had better stop! haha..

My one and only advice is, READ THE FINE PRINT! A lot of agents just want to close the deal without properly going through the details and giving you what YOU need not what THEY want. Health insurance has very little commission. Life insurance of course has a lot more. So you really need someone who looks at all policies across the board instead of just what he or she sells, for your benefit. Usually only a friend would help you in this. What I’d say is, if Prince Charlesming gives a stamp of approval, you can be sure it is of the highest quality ever.

It is a Friday, I so wanna get my hair done and all later. Meet up with friends and stuff. Gonna dread CNY but I’ll just do what I can…

We really do need the next few days of rest though! Any anti-CNYians wanna hang out together?