Author Archives: Arbet Bernardo

29
Nov

Disaster (un)preparedness

Posted by | Categories Ink | Tagged ,

Last Tuesday’s earthquake had shown that the emergency evacuation measures we have are inadequate. Heck, our reaction (or should I say, inaction) was even nonchalant, as if nothing happened. This is a terrible character flaw on our part; when we act, it is almost too late.

It is a damned-if-you-do situation: you do preemptive action, and when nothing happens, you get blamed. When you do nothing and disaster happens, you get blamed. The entry of typhoons Lando and Mina are instructive. Lando managed to ravage the country, though it steered clear of Bicol. The Philippine Atmospheric, Geophysical and Astronomical Services Administration (PAGASA) predicted that Mina may pass by Bicol, so emergency evacs were made. When Mina steered away from Bicol, PAGASA was blamed for faulty prediction.

No wonder government officials would rather react than act. But this should not be the case. As the tired quote says, it is better to err on the side of caution.

The typhoons and the earthquake highlighted some facets of the Filipino culture. Basically, our nonchalance, our passiveness about disaster prevention are manifestation of the so-called bahala na syndrome. We are very prone to it.

It will take another major disaster before we wake up from this stupor. By then, it will be too late. Again.

(The worst Philippine disaster in recent memory were brought about by typhoons – in Leyte and in Bicol.)

I have heard a lot of anecdotes from friends about last Tuesday, all of them troubling. They did not bother evacuating. “Mahina lang naman eh,” most of them said. That is not the point. The possibility of aftershocks are there. The possibility of stronger aftershocks are there. That is why emergency evacuations are always made. But we always want to learn the hard way, right?

If you work in a tall building, do you know what to do in case of earthquake or fire? Do you know where the emergency exits are? Does your company have emergency, evac, and restoration measures in place?

For the record, we did an evac, though much remains to be desired.

27
Nov

A tale of two losers

Posted by | Categories Ink | Tagged ,

Such losers.

—-

After Sen. Manuel Roxas II’s election as president of the Liberal Party, here comes the Arroyo saboteur Lito Atienza crying his heart out. He even has this to say:

Congratulations, Sen. Roxas, at your installation as president of the Liberal Party faction led by Frank Drilon and his merry cabal of destabilizers. We were hoping we would be congratulating Mar as our president, the head of a newly-united Liberal Party, but it seems the worst fears of our group became reality after all.

He then ranted on about LP being finally divided, etc.

Mr. Atienza: who caused the division of the party? Who went on to have a rump, unofficial, illegal party elections? Who tried to sabotage the party by subverting it to Gloria Arroyo’s regime?

Sure, go ahead and sue. Let’s see who the true losers are. (Yeah, the fact that you have the environment portfolio speaks for itself.)

Let’s have a wimp for another poor loser.

Speaker Jose de Venecia is in the hot seat for the past two months. His troubles began when his son, Jose de Venecia III, began his exposes against the National Broadband Network project (in the process, Comelec chair Benjamin Abalos Sr. was forced to resign, faced with imminent impeachment). To test his loyalty, de Venecia faced two crucial questions.

First, Atty. Roel “Palyado” Pulido filed an ethics case against de Venecia, at the height of the younger de Venecia’s exposes. Then, he filed a three-page impeachment complaint against Gloria Arroyo. It seems that the gameplay was simple: have the impeachment complaint dismissed or else.

JDV tried to be cute for all when he asked Representative Raul del Mar to transmit the complaint to the House Justice committee, in a way giving the Fortress by the Pasig a scare. Well, the dogs were compliant: committee killed the complaint. Then, the plenary buried it.

JDV should be in the clear now, right? Wrong. That’s how vindictive this regime is.

Not only is the ethics complaint festering at his back, the Office of the Solicitor General is reviewing a compromise agreement made by a company owned by JDV and the Presidential Commission on Good Goverment in 1988. Of course, the Solicitor General immediately claimed that this is not politically motivated. The deal was made in 1988. Great timing, madam solicitor.

(I am not even dealing with the Northrail project.)

And de Venecia? Ever the martyr, cries foul, says that the Supreme Court has already ruled on the case with finality. His lawyer, Singaw ng Bayan sycophant Raul Lambino branded the move as political harassment.

My grandmother used to say: do not deal with the devil. (To counterbalance that for atheists: do not deal with cheats.) So there.

Who’s the loser from all of this? All of us. At the end of the day, it is us who are screwed.

27
Nov

A cookie authentication vulnerability for WordPress

Posted by | Categories Byte | Tagged

Securiteam reports of a vulnerability in WordPress’ cookie authentication. Through this vulnerability, an attacker can generate a valid login cookie for any user account without using a brute force attack (assuming that the attacker can gain at least read-only access to the WordPress database). When a cookie is generated, an attacker can perform limited SQL injection and be granted administrator access to that WordPress installation.

(Structured Query Language (SQL) injection is a technique used by hackers to execute destructive and admin-only SQL statements. Read more here.)

When a WordPress user (of any level) logs in, the WordPress system queries the database for the user name and password for authentication. If the credentials are OK, the system generates two cookies and save them in the user’s cookie cache. One of the cookies contain the user’s password encoded using double MD5 hash.

* Why save a cookie? A cookie allows a user to gain access to any WordPress administrative pages without signing in each time.
* MD5 is a cryptographic hash function used to protect passwords. When a new user registers with a WordPress-powered site, his password is encoded using MD5 and is saved in that form in the database.

Now, where is the problem? WordPress stores the password in the cookie in the MD5(MD5(password)) format. What does it mean? The password saved in the cookie is actually a password in the clear, which means that you can actually know what the password is using MD5!

What the hacker now needs is to gain access to a WordPress database. A hacker can do this by looking for a database backup that anyone can view, or looking for a WordPress installation that is vulnerable to SQL injection. When that happens, a hacker can gain administrative access.

Securiteam has listed several workarounds:

– Protect the WordPress database, and do not allow backups to be released.
– Keep your WordPress installation up to date. This should reduce the risk that your database will be compromised.
– Do not share passwords across different sites.
– If you suspect a database to be compromised, change all passwords to different ones. It is not adequate to change the passwords to the same ones, since WordPress does not “salt” the password database.
– Remove write permissions on the WordPress files for the system account that the webserver runs as. This will disable the theme editor, but make it more difficult to escalate WordPress administrator access into the capability to execute arbitrary code
– Configure the webserver to not execute files in any directory writable by the webserver system account (e.g. the upload directory).

27
Nov

Using Smart 3G: Port blocking is no more

Posted by | Categories Byte | Tagged ,

Mobility Philippines reports that Smart has started unblocking ports for its 3G service. I had checked that out and here’s what I found:

* I can now access my site’s cPanel, which means port blocking on HTTP is lifted.
* I can now chat via Internet Relay Chat, which means common IRC ports (starting at port 6666) are now open.
* I can now download via torrents. Port forwarding is now allowed over Smart 3G.

Note that there is nothing spectacular about torrent speeds over Smart 3G (at least on my end).

Now if only Smart implements HSDPA (and that would mean getting an HSDPA phone).

25
Nov

Dem Koreans

Posted by | Categories Journal | Tagged

You know what? I think there is something wrong with them Koreans.

I was watching Sponge on KBS last night. One of the information shown was that you can stop a potential sneeze by pinching your nose. The personalities were again so wacky I was laughing so hard.

Anyway, about the information: hello? I think I know this since I was in elementary. And they only knew that now?

Geesh.

And on an another show, (I think the title was The Golden Bell or something), there were 100 students, and they were asked a series of questions, and those who commit a mistake were eliminated.

The first question involved an object. The students were asked to hold the object and then they were to identify what it was.

One burly male was asked by the hosts to state his answer and explain why.

“This is an object for breaking,” he said.

The host asked, “Why do you think so?”

“Because it was made in China!” (WTFQ?!)

The host then asked him to break it. The stupid kid obliged by hitting the object to his head.

Toink!

Well, try hitting your head with a sharpening stone.

Koreans. Tsk. They’re like Filipinos.

23
Nov

Another weird dream, 6

Posted by | Categories Journal | Tagged

This is probably the weirdest dream I had.

I was in a cemetery (a fusion of the Chinese and Manila North cemeteries) for an internment when a group of alien-looking humanoids entered with violent intentions. I tried to run away, and when I got into a river bank, I brought out a one-pull inflatable boat, but it failed. So I had to scamper in the muddy river bank to get away. I lost them when I got off the perimeter of the cemetery.

I got back in, the aliens were gone. I entered the chapel, and saw a coffin with my paternal grandmother (who passed away three years ago). She was to be cremated, and the undertaker told everyone to get out, with the immediate relatives first.

Finding the command dubious, I took a peek. The undertaker threw the body off the coffin. The only thing was that it was not the body of my grandmother. It was someone who looked stupid and cross-eyed. It made the sign of the cross, knowing its fate.

At the crematorium, the body was put in the cremation chamber. Everyone went home except for me and my father. After burning, the ashes were like dirty diamonds. The undertaker then told us to go back a day later.

On the way home, the internment for the ashes were discussed, and the Manila North Green Park was mentioned. The sidewalks had Chinese tombs in them.

Then I woke up.

If you are not familiar with the cremation process, it is darn simple. Anyway, I will describe the process as I saw it in the Chinese Cemetery crematorium.

The crematorium is divided into two parts: the first is where ceremonies and last minute rites are held. The other holds the cremation chambers. It is off-limits to most people except for a relative or two of the person to be cremated.

The body is put into the burning chamber, just like how a baker puts bread in an oven. The burning process depends on what is being burned. When the remains of my uncle were cremated, it took 2 hours – note that my uncle was dead for 25 years then. We had to transfer the remains to a smaller resting place, so cremating the bones was needed.

The ashes settle on a metallic pan. Now, even with cremation, it is normal to see charred bones, so the ashes are ground into a grinding machine. Afterwards, the finely-ground ashes are placed in an urn.

I always get death-related dreams. Mind you, I was not the one who is dead in those dreams. Most of them were relatives, alive and dead. Most of the time I wake up after those dreams, without any wish to go back to sleep. And no, I don’t tell the relative that I had dreamed about his/her death. Besides, in the dreams, they are usually dead.

23
Nov

Cris Anthony Mendez: Back to normal

Posted by | Categories Ink | Tagged ,

We really tend to have short memories. Or we are just too lazy to remember.

Months after the death of Cris Anthony Mendez from the barbaric tradition called hazing, nothing much has changed. First, unlike the dispatch shown by the ever consistent Philippine National Police on solving the Glorietta and Batasan blasts, no one has been charged with the crime. Very consistent. Second, most of the suspects are already in hiding or have already left the country. The guilty really hides from the truth. And the worst? It is all back to normal.

I have mixed feelings about the University of the Philippines. It is a bastion of student activism. It leads the charge against corruption. But it suffers from the proverbial pointing cliche – that when you point at someone, three fingers are pointing at you. And as they say in Tagalog, “Bago mo husgahan ang kapwa mo, tingnan mo muna ang sarili mo.” I really want to say that to all members of the UP community. Remember all those candles? All those marches? All those talks of remembering, etc, yada yada? Yet what have you to show?

Fraternities in UP are tumors that are hard to remove.

I am troubled by what my sources in UP Diliman have told me. Some of them said the same things, some of them have verified facts, and some of them gave me rumors. I will be posting what I have learned here, and the rumors will be clearly marked as RUMORS until such time I have verified them through multiple sources.

Some of my sources told me that the Sigma Rhoans are back at their usual tambayan, at the Malcolm Hall parking lot, now that the outcry is gone. Remember that some news reports showed an empty tambayan right after Mendez’ death was announced, and remained empty when the outcry was at its peak. Now, they are back.

Delta Lambda Sigma sorority is also busy recruiting. Fact: DLS is the affiliate of Sigma Rho. Fact: DLS is disassociating themselves with Sigma Rho. Good for them.

RUMOR: Sigma Rho is again recruiting new lambs to be slaughtered. It is also rumored that the Sigma Rho are taking a closer look at the LAE examinees for possible recruits. One of the sources noted the irony that Cris Mendez would have been one of the examinees.

RUMOR: A UP College of Law professor has been kicked out, apparently being involved in CA’s case. Still verifying this rumor.

RUMOR: Other fraternities are taking advantage of Sigma Rho’s “absence” last academic semester. Scintilla Juris is rumored to be raring to regain prominence in Malcolm Hall. In what way, the sources did not say. Hopefully not by another hazing death. Or a rumble. Speaking of which…

RUMOR: A rumble is about to erupt soon. Several sources have shared this rumor, but some of them have refused to say who are the parties to be involved; some sources gave different names. But all of them agree that a rumble may happen soon.

RUMOR: It seems that a new Law dean is to be selected, and one factor that weighs in heavily on the selection is the issue of fraternities. It is a hot issue, some of my sources told me. Interesting bit, if true.

RUMOR: The most troubling, for its implication: Sigma Rho has a Cris Mendez defense fund large enough to buy several judges, if necessary. THIS IS A RUMOR. But to be honest, with the way CA’s case has moved, this is very plausible.

I will try to verify these rumors and seek more information from other sources.

Roundup of news on Cris Mendez’ case: Cris Anthony Mendez: The Search for Justice
Roundup of blog post on Cris Mendez’ death: The true barbarians of UP (UPDATED)

PS: If I die at UP, you know the reason why. ;P

22
Nov

Black Friday

Posted by | Categories Journal | Tagged ,

I used to remember that there was a group of people who advocated for the Philippines to be part of the American Union. They are opposed to the group who were advocating for independence. I think that was more than 50 years ago.

Fast forward to today. To be honest, I’d be glad to be an American on Black Fridays. For those who are not familiar, Black Friday refers to the day after Thanksgiving (usually 4th Thursday of November). I’ll give way to Wikipedia:

Black Friday is the day after Thanksgiving in the United States, where it is the beginning of the traditional Christmas shopping season. Since Thanksgiving falls on the fourth Thursday in November in the United States, Black Friday may be as early as the 23rd and as late as the 29th day of November. Black Friday is not an official holiday, but many employers give the day off, allowing consumers to get a head start on their Christmas shopping. Retailers often decorate for the Christmas season weeks beforehand. Many retailers open very early (typically 5 A.M.) and offer doorbuster deals and loss leaders to draw people to their stores. Although Black Friday, as the first shopping day after Thanksgiving, has served as the unofficial beginning of the Christmas season at least since the start of the modern Macy’s Thanksgiving Day Parade in 1924, the term “Black Friday” has been traced back only to the 1970s. “Black Friday” was originally so named because of the heavy traffic on that day, although most contemporary uses of the term refer instead to it as the beginning of the period in which retailers are in the black (i.e., turning a profit).

Ok. Browse these sites to see what I mean.

Gizmodo’s Ultimate Black Friday Guide
Joystiq Holidaze: best of Black Friday
Black Friday deals
BlackFriday.info
Black Friday Ads

Join me and weep.

22
Nov

Rethinking the Asus eee PC

Posted by | Categories Byte | Tagged ,

An Asus eee PC is a tempting gadget. Its appeal is on its size and price. When it was announced, I was one of those who rejoiced, but the later price announcements were disappointing.

For example, an Asus 4G would cost around Php 16,999 at PC Corner, and the high-end Asus 8G is already pegged at Php 25,000. Here are the specs of an 8G (taken from Asus eee PC Web site):

Display: 7 in.
Processor: Intel 900 MHz
Disk capacity: 8 Gb
Memory: 1 Gb DDR2
Wi-Fi: Yes

And the Asus eee PC 16G, pegged at Php 29,999 has the following specs (speculation on the part of the retailer, as Asus has not made an official announcement):

Display: 10 in.
Processor: Intel 1.2 GHz
Disk capacity: 16 Gb
Memory: 1 Gb DDR2
Wi-Fi: Yes

I think it is ridiculously priced. Compare 16G with a cheap Acer Aspire 4310, priced at Php 29,700:

Display: 14.1 in.
Processor: Intel Celeron M 1.73 GHz
Disk capacity: 80 Gb
Memory: 512 MB DDR2
Wi-Fi: Yes

Asus eee PC wins in weight and size.

What stops me from getting an Asus eee PC? It’s a question of whether it will serve its purpose on my part.

* I am using Smart 3G for Internet connection at home, using Sony Ericsson P1i as modem. Now, SE’s PC Suite is Windows-only; the eee PC comes with Xandros Linux. While Windows XP can be installed, I will have to get an external DVD drive. Yes, DVD, because the Asus Rescue Disk is in DVD format. So, an external optical drive is additional expense, so add Php 4,000 to the total price. The price of the OS is not factored in yet.
* I can still use the phone as modem without the PC Suite, if I follow the steps here. I am not sure if the workaround will work, since Ubuntu and Debian-based Linux is needed.
* Storage is measly. That means I can install only a few applications. I intend to use it as home work computer, and let my brothers use the desktop PC at home.

So, as of now, I will not be getting an Asus eee PC. I have to think of my options first. Now, if only we have Black Fridays here…

21
Nov

Typical response

Posted by | Categories Ink | Tagged ,

Stimulus: World Bank defers loan, probes graft

Response: Palace blames World Bank

World Bank v. The Fortress by the Pasig. Sa pula o sa puti?

(Will expand this post when I get the time.)