Tuesday, December 30, 2008

Use WinSCP to securely transfer files between local and remote computer

I have been using WinSCP to securely transfer files between my Windows PC and remote Linux servers for years, and is still using this handy tools until today.

Based on the implementation of the SSH protocol from PuTTY and FTP protocol from FileZilla, WinSCP is developed by Martin Prikryl back from 2000 and was probably the first ever GUI file transfer client for SSH. This awards winning open source application is licensed under GPL with the project migration to SourceForge.net repository in 2003. The project is now hosted in TeamForge since 2005 while still made available in SourceForge.net at the same time.

With WinSCP, you can connect to and transfer files with an SSH (Secure Shell) server running SFTP (SSH File Transfer Protocol) or SCP (Secure Copy Protocol) service. It can also connect to a normal FTP (File Transfer Protocol) server for unencrypted file transfer.



The main differences between SFTP and SCP are:
  • File transfer with SCP is generally faster than SFTP.
  • SFTP supports resume of incomplete file transfer while SCP doesn't.
  • SFTP supports file transfer bigger than 4GB while SCP supports file transfer up to 4GB only.
  • Recursive operations with directories (deletion, permissions change, etc.) is faster in SCP than SFTP.
Some interesting features of WinSCP includes:
  • Translated into multilingual.
  • Integration with Windows Explorer for drag&drop, URL detection, shortcut icons, etc.
  • Supports for scripting and command line interface.
  • Local and remote file manipulation such as create, copy, duplicate, move, delete, rename, compress, etc.
  • Compare local and remote directories.
  • Directory synchronization between local and remote folder.
  • Remote editing of text files with integrated text editor.
  • Portable version that doesn't need any installation is available.


WinSCP is also available as a plugin for file manager applications such as FAR and Altap Salamander.

Click here to go to the download page of WinSCP.

Monday, December 29, 2008

iCapital.biz Bhd (ICAP, 5108)

Established as a closed-end fund (CEF) with 140 million shares by now, iCapital.biz Bhd (ICAP, 5108) has been listed in the main board of Bursa Malaysia since October 2005.

Similar to unit trust funds, ICAP pools together money for investment in Malaysian securities and/or other permitted assets to gain revenue and profit for the benefit of its shareholders. The appointed fund manager who is in charge of ICAP's investment activities is Capital Dynamic Asset Management Sdn Bhd (CDAM) head by Mr Tan Teng Boo (陈鼎武), which has been operating for more than 10 years and manages more than 50 discreationary accounts for various types of investors.

Funds under CDAM's management have consistently outperformed the market, and recorded an attractive annual compounded rate of return of more than 20% for the period from April 1998 to September 2008. The graph below shows its performance benchmarked with KLCI.




According to ICAP's IPO prospectus, so far CDAM has never made any negative returns in any year, and registered positive returns in 1998, 2000 and 2002 despite the bearish general market.

The primary investment objective of ICAP is long-term capital appreciation of its investments, whilst dividend and/or interest income from these investments would be of secondary consideration.

Its investment policy is to allocate not more than 10% of its net asset value (NAV) in any single public listed company in Bursa Malaysia. It may also invest a maximum of 10% of its NAV in unlisted Malaysian companies. As disclosed in its 2008 Annual Report, its portfolio as at June 2008 is as follow:




The NAV of ICAP is calculated on every Wednesday and updated by the end of Thursday on their website as well as Bursa Malaysia's announcement website. Today its last announced NAV by 24-12-2008 stood at RM1.56 and its share price closed at RM1.37 on 26-Dec-2008. This mean its share price is at a 13% discount position from its NAV. The graph below shows its share price versus its NAV.




The best time to invest in a CEF is when the market is undervalued or when there is a lack of excessive optimism. If you intend to invest in ICAP, perhaps the technical analysis below can give you some clue about the timing.




Click here to visit the official website of ICAP.

Disclaimer: This article is intended for sharing of point of view only. It is not an advice or recommendation to buy or sell any of the mentioned stock counters. You should do your own homework before trading in Bursa Malaysia.

Sunday, December 28, 2008

About the Statutory Reserve Requirement (SRR)

Effective 1 December 2008, Bank Negara (BNM) reduced the Statutory Reserve Requirement (SRR) by 50 basis points from 4% to 3.5%, together with the reduction of Overnight Policy Rate (OPR) from 3.5% to 3.25%. The last adjustment to SRR rate was made 10 years ago, from 6% to 4% effective 16 September 1998.

The SRR is a monetary policy instrument available to BNM to manage liquidity and hence credit creation in the banking system. It is used to withdraw or inject liquidity when the excess or lack of liquidity in the banking system is perceived by BNM to be large and long-term in nature.

SRR is the amount of money set aside by banks (all commercial, merchant, investment, islamic banks) to be placed in their Statutory Reserve Accounts with BNM with zero interest. By lowering the SRR, the banks will have a reduced cost of funds, and can therefore help to preserve their profit margins by lending out the liquidated money and earn interest.

A reduction in SRR will inject a certain amount of liquidity into the financial system, which is expected to be lend out by the banks to finance more economic activities in the market. The recent move of 50 basis points SRR reduction by BNM is expected to release about RM2.7~3 billion ringgit back to the bank system.

Together with the 25 basis points reduction to the OPR at the same time, it is expected to have positive impact to the economy as the bank can now lend out more money to earn interest, and the business and consumer public can also borrow money from the bank with a lower interest rate following the reduction of OPR for consumption or investment purposes.

Click here to learn more about SRR.

Added the e-Referer gadget

I have added a new gadget to this blog, namely the e-Referer.

This is how it works: if you've provided a link from your website to my blog here, and somebody clicked on that link to make a visit to here, your website will be listed in my referer listing, which contains a link back to your website.

I have made the setting so that the last 20 referers are listed. So, in order to stay on top of the list, continuous visiting from your website to update the last visit timestamp record is necessary. The number of reference made from your website is also shown beside your link. The total number of references within the last 127 days will be shown below the gadget.

If you find that this gadget is cool and you would like to have one in your website, just click on the e-Referer link provided in the gadget, register for a free account there, and copy over the javascript codes into your website.

Saturday, December 27, 2008

Asia Trader & Investor Convention @ KL 2009

Organized by NextVIEW and first launched in 2006, the Asia Trader and Investor Convention (ATIC) has travelled to 7 Asian Cities -- Singapore, Kuala Lumpur, Bangkok, Ho Chi Minh City, Mumbai, Shenzhen and Tokyo.

With participation by over 300 financial services organizations including securities exchanges, retail & consumer banks, securities brokerage firms, asset/fund management firms, listed companies and other financial services providers, ATIC events have already attracted over 75,000 active traders and serious investors across Asia.

The ATIC @ KL 2009 is coming soon.
Date: 14-15 March 2009
Time: 9.00am - 6.00pm
Venue: Kuala Lumpur Convention Centre, KLCC, Malaysia

It will feature more than 50 English and Mandarin investment seminars, 30 international and local renowned speakers, 40 exhibitors and 15,000-20,000 targeted investors.

Some of the feature speakers including:
  • Daryl Guppy - Founder & Director of Guppytraders.com
  • Paul Forchione - Commodity Trading Advisor
  • Brent Penfold - Veteran Trader, Licensed Futures Adviser, Educator
  • Dale Gillham - Fund Manager, Author, Educator & Founder of Wealth Within, Markets
  • Collin Li Xin Jing 李欣京 - Technical Markets Strategist
  • Don Schellenberg - Founder, Master Money Traders
  • Benny Lee - Chief Market Strategist
  • Yusrizan Ome Yaacob - Retail Market Strategist
  • Dar Wong - Independent Trainer & Columnist
  • Alan Hing - Institutional Trainer
  • Alan Voon 温世麟 - CEO, Warrants Capital
  • Saeed Shah - Senior Sales Manager
  • Azizi Ali - Chartered Financial Consultant
  • William Wermine - Fund Manager Rep
  • G.M. Teoh - Technical Analyst

This event is endorsed/supported by:

It carries a Continuing Professional Development (CPD) 15 hours for Registered Financial Planner (RFP) designees. The early bird entry ticket for this 2 days event is free (normal price is RM28.00).

Click here for more information about ATIC at KL 2009.

Friday, December 26, 2008

Laptops shipment has outnumbered desktops in 2008 Q3

The 3rd Quarter (July-September) of 2008 has been a historical break-through moment for worldwide laptops (a.k.a. notebooks) shipment to outnumber desktops for the first time ever.

During that quarter, global laptop PC shipments rose almost 40 percent compared to the same period of 2007 to reach 38.6 million units. Conversely, global desktop PC shipments declined by 1.3 percent for the same period to 38.5 million units.

This shows that more and more people are opting for laptop than desktop when they buy new PC. In my humble opinion, the following contributes positively for such purchasing decision:

  • Nowadays, the graphics display of laptop is not losing to desktop monitor.
  • The multimedia function of laptop also competitive to desktop. In fact, certain laptop even has built-in webcam camera, microphone, etc.
  • The network function of laptop is also superb. Most laptop nowadays has built-in LAN interface, dial-up modem, Wi-Fi, bluetooth, infra red connection, etc. However, most desktop doesn't have all of these built-in as standard package.
  • The laptop CPU processing power also in par with desktop CPU, besides being able to work with lower voltage and discipate less heat.
  • The laptop harddisk also more robust for mobile usage.
  • Most importantly, the gap between selling price of laptop and desktop has greatly narrowed down, although generally laptop is still more expensive than desktop.

What do you think? Will you select a laptop or desktop for your next PC purchase?

Click here to read iSuppli's news report about "Notebook PC Shipments Exceed Desktops for First Time in Q3".

Thursday, December 25, 2008

Job hunters advices about ethics for job seekers

As a manager in my present and past companies, I had interviewed with numerous candidates for my department's job openings. And when I changed job in the past, I was also being interviewed by others. I have to agree that all interviewers are very concern about the integrity of the candidates.

Most job candidates would have encountered some or all of the following 4 scenarios. Did you react ethically and up to the interviewers' expectation? Perhaps you could learn something from the advices of the job hunter, and act smartly during your future interview sessions when similar scenarios occur again.

Scenario #1:

You had an interview arranged by a Recruitment Consultant. On the day of interview, you were not feeling well. What do you do?

(a) Call the employer to explain the situation and request the interview to be arranged on another day

(b) Did not show up for interview

(c) Send an email to the Recruitment Consultant to cancel the appointment


Allyhunt's advice: Keeping posted is important as this is somehow lost in today’s culture. So, (a) is the answer. In situation such as this, an email is not sufficient. The Consultant may not check the email at all. Even an SMS falls short. It is only courteous to make the call personally. And don’t get your boyfriend and girlfriend to call on your behalf too unless you are too sick to even get yourself a drink.

My comment: I had encountered candidates of (a), (b) and (c), and sad to say that majority of them fall under (b) or (c). As of myself, if I can't make it, I'll call the Recruitment Consultant asking for a rearrangement. I didn't call the employer directly because I believe I need to keep the Recruitment Consultant well informed about any changes to the scheduled interview, and I trust the Recruitment Consultant can make a wise arrangement for me.

Scenario #2:

You attended two interviews with A and B companies and both companies have expressed interest in hiring you. Company A came back to you first and offered you the job and you accepted Company A’s offer. Before you sign the contract, Company B makes you an offer, with a RM200 more in salary. What do you do?

(a) Don’t sign the contract and accept Company B’s offer.

(b) Call Company A and tell them you are no longer interested. Reason given was another company has offered you a RM200 more in salary.

(c) Reject Company B offer and tell them that you had already accepted another offer.

Allyhunt's advice: The answer is (c). KEEP YOUR WORD! To accept a position and then renege on it for a better offer is poor form. Believe me, it’s a small world and you would not want to be labeled as a candidate that can be bought over with money easily later in your career. What do you do in such situation? Best advice: accept offers only after careful consideration. Think critically rather than grabbing the first offer out of fear or desperation. It is unethical to continue to interview after accepting an offer and/or to renege on an accepted position. Company B will respect you for that. Who knows? The same company may have a senior position in the future and you may be applying for the job then. You probably stand a better chance for the ethics you hold firmly at the beginning of your career.

My comment: Yes, I did encountered last minute rejection from candidates who had accepted an offer, or worse still a no show-up when he/she suppose to commence to work. And frankly speaking, I did blacklisted those candidates with the HR, and for those no show-up candidates, I did file an official complaint and request for explanation from the head hunter (if the recruitment was done with this channel) or blacklist the candidate in the job searching website (if the recruitment was done with this channel, and the website has such function to blacklist candidates with poor ethics). As of myself, I did experience such moment, and I rejected Company B which offered RM1200 more than Company A. I also rejected interview invitation from Shell IT International (which was a good place where many IT personnels are eager to work with) because they called me a few days right after I joined Company A, which had been more than a month after I sent them my application. I'm still unsure if that was the best decision to stay put with Company A, but anyhow, I was promoted to managerial position later while I was serving Company A, which end up to be not too bad.

Scenario #3:

You have been short listed for an interview at employer’s office after attended an on-campus interview. During the on-campus interview, you were very keen on the job and you managed to convince the employer accordingly. But now, the more you thought about the job, you find neither the organization nor position is for you. What shall you do?

(a) Go for the interview anyway and pretend you are still interested.

(b) Ignore the interview completely as the employer would have also short listed other candidates.

(c) Tell the recruiter that you have changed your mind and do not wish to pursue this opportunity.

Allyhunt's advice: The answer is (c). At this stage of the process, it is not unethical for you to decline the offer to meet up at the office.

My comment: My own experience in the past, I did rejected a 2nd interview session with Intel, after I found out during 1st interview that the job position is a "Green Badge", which was employed under the job hunter company and outsourced to Intel, instead of being Intel's own employee, and I was not interested nor keen with such arrangement.

Scenario #4:

During an interview, you are asked to give an example of a part-time job experience, but you never had that exact experience. What do you do?

(a) Make something up.

(b) Reinterpret the question to something you are more comfortable with and answer that question.

(c) Acknowledge that you have not had this experience, but offer the closest experience you have had.

The answer is (c). Telling your employers what you think they would like to hear or what you think will get you the job is not productive for you or the employer. If they discovered that you have been less than honest, you may be disqualified immediately.

My comment: Yes, honesty is very important. Only tell the fact to interviewer, don't make story. If you make the interviewer to have a wrong expectation on you, you will be having a very hard time if you happen to be employed, because the employer is expecting you to perform up to the standard and level as you have told them.

(Source of the above 4 scenarios and advisable answers are from Allyhunt, an executive sourcing company in Malaysia)

Wednesday, December 24, 2008

Post Graduate Education Fair 2009

The 11th Post Graduate Education Fair(PGEF) will be organized by AIC this coming January 2009. The event is freely open to public.

Exhibitors consist of local and international universities and colleges, and over RM500,000 worth of scholarships and study grants will be available for application.

The event details are as follow:

Date: 16-18 January 2009
Time: 10am ~ 7pm
Venue: Mid Valley Exhibition Centre (KL)

The 8th Malaysia Career & Training Fair (MCTF) 2009 will also be held at the same time and same venue together with this PGEF '09.

Click here for online registration to PGEF 2009.

JobStreet.com Malaysia Career & Training Fair 2009

The 8th Malaysia Career & Training Fair (MCTF) to be organized by JobStreet.com is coming in January 2009. This event is freely open for public. The previous MCTF 2008 had successfully attracted participation from more than 116,000 job seekers and over hundred of exhibitors.

The event details are as follow:

Date: 16-18 January 2009
Time: 10am ~ 7pm
Venue: Mid Valley Exhibition Centre (KL)

Job seekers are advised to bring along their C.V., and some of the exhibitors might conduct on the spot interview with suitable candidates during the event.

The 11th Post Graduate Education Fair (PGEF) 2009 will also be held at the same time and same venue together with this MCTF '09.

Click here for more information and online registration of MCTF '09.

Click here to see the exhibitors' list in MCTF '09.

Tuesday, December 23, 2008

The UNIX genealogy

The UNIX genealogy diagram below is released to the public domain and free for use for any purpose. It shows the relations between several UNIX systems.



UNIX is born in AT&T's Bell Laboratories. Its history began from 1969 when Ken Thompson, Dennis Ritchie and others started working on a project with a PDP-7 minicomputer in their lab.

It was first written in Assembly Language, and was then rewritten in C Language in 1973. In 1975, UNIX version 6 branched out with the emergence of the first version of BSD, which was developed based on UNIX version 6 free source code.

In the 1980s, the two common branches of UNIX were BSD (from the University of California, Berkeley), and System V (from AT&T). Both were derived from the earlier UNIX version 7, but had diverged considerably.

The GNU Project, started in 1984 by Richard Stallman, had the goal of creating a "complete UNIX-compatible software system" made entirely of free software. This mission was eventually realised by Linus Torvalds, who has developed the Linux kernel in early 1990s.

Today, the BSD family has branched out to FreeBSD, NetBSD, OpenBSD, Solaris, Mac OS, etc. On the other hand, the System V family has branched out to HP-UX, AIX, UnixWare, IRIX, etc. Meanwhile, Linux, which was derived from Minix (a UNIX-like system intended for academic use), has gained its popularity and rapidly growing in both the server and desktop markets.

Monday, December 22, 2008

Gartner Business Intelligence Summit to be held in The Hague, Netherlands

With the theme of "The BIg Discrepancy: How can we do better with BI?", the Gartner Business Intelligence Summit will be held in The Hague, Netherlands on the coming 20-22 January 2009.

The conference, consists of more than 80 conference sessions and exhibition with more than 25 leading BI technology and service providers, will focus on the following key Business Intelligence issues:
  • Key steps to making Business Intelligence strategic
  • Creating a BI and performance management strategy to widen the use of BI
  • The evolving role of corporate performance management
  • Role, structure and organization of the BI Competency Center
  • Identifying the right metrics to measure performance
  • The Data Warehouse in a time of data explosion
  • New delivery models: Open Source and BI "as a service"
  • The impact of SOA on BI
  • Trends in Enterprise Information Management (EIM) and Master Data Management
  • Difficult choices in the Data Quality tools market
  • Portal strategies for BI integration
  • Business Activity Monitoring and the rise of process-driven BI
  • Determining the "return on BI"
  • Performance management and compliance
  • BI market trends and the increasing impact of the mega-vendors
  • Best practices in budgeting, planning & forecasting
Some key benefits to attend this Summit are:
  • Understanding the business forces that will affect IT leaders of BIIM initiatives
  • Insight into the future scenarios facing BI leaders
  • Techniques in making the right innovation choices at the right time
  • Improved decision-making responsibilities for BI investment
  • Evaluation of the market dynamics when making investment decisions
  • Approaches for melding emerging technologies with existing tools and infrastructure
  • Development of ROI and cost allocation models that impact the business case
  • Linking of CPM to strategic planning, budgets and operational activities to aid strategy execution
  • Improved decision-making through BI initiatives and techniques
Click here for more information about the Gartner Business Intelligence Summit and its online registration.

Serious security flaw found in Internet Explorer

You might be awared that recently, there is a serious security flaw found in Internet Explorer versions 5.01, 6 and 7. The security bug is related to the way Internet Explorer handles XML (Extensible Markup Language), which allows hackers to put and run trojan horse program in your computer without your knowledge, when you visit infected website with unpatched Internet Explorer.

In fact, this exploits have already been rigged into many hacked Chinese language websites. Later, launching of massive SQL injection attacks to thousands of legitimate websites to serve this exploit were also found and over 100,000 websites were affected.

In simple words, if you are using Internet Explorer to browse websites, and you haven't patch up this security flaw via Windows' Automatic Updates service or manually download and install the patch, your computer is vulnerable to the attack, and your password and other information could be exposed and stolen by the hackers. Your computer can also be made use by hackers to launch further attacks to other computers.

This security issue is discussed in Microsoft Security Bulletin MS08-078 (KB-960714) published on 17 December 2008, and rated as Critical by Microsoft. Microsoft has responded quickly and come out with an out-of-band patch. Links to download the security patch for various version of Internet Explorer is available in that article.

Therefore, you should immediately patch up your Internet Explorer, or use other browsers such as Firefox to surf the Internet. However, Firefox has also just released a new version 3.0.5 which fixed up several security issues (which were not as critical as the Internet Explorer's security flaw). Even though you use Firefox (or SeaMonkey suite), it is also advisable for you to update the browser to the latest version.

You may click here to go to the download page of Firefox.

How do you know the security patch has been applied to your computer?

For Windows XP, run the "Add or Remove Programs" in the Control Panel, and ensure the "Show updates" option is selected. You should be able to find the installed patch in the listing under Internet Explorer 7 as "Security Update for Windows Internet Explorer 7 (KB960714)" as shown in the diagram below. You should also ensure that other earlier security patches also installed for your browser.

Sunday, December 21, 2008

How to get rid of termite

People are afraid of termites because its infestation could bring damages and losses, it is hard to detect, and it's colony is hard to eliminate.

To get rid of termite, you must firstly know your enemy. Here are some of the characteristics of termites:

  • Termites consume fibrous plant matter, such as wood, paper, etc.
  • Termites love mud and don't like sand, because it is hard for them to burrow through sand.
  • Termites love moisture and stay in the dark.
  • Termites might come from soil, and also from sky. During reproductive seasons, they have wings and will swarm around. They'll shed off the wings once they found place to settle down.
  • Termites may move to another location when disturbed. Therefore, if you find them, don't disturb them before getting the pest control service.

Knowing about these, you should avoid a termite-friendly environment found around your house.

There are generally 2 methods of termites treatment:

  • Method 1 is to create a chemical barrier underneath the building structure. Normally it is done to the land before the building is developed. After the building is developed, this treatment requires drilling of holes all over the house in order to inject the chemical into the land underneath. The chemical will either repel the termites, or kill them off. However, its effectively wear off after time, and can probably last for 3 years only. In addition, if there is untreated gap in between, termites can still find their way into the house.
  • Method 2 is to use a colony elimination baiting system, such as the Sentricon system. Stations are placed around the house to look for the presence of termites. If found, chemical which can retard the termites' moulting process will be put into the bait, and the termites who eat the chemical will infect each other when they return to the colony. Eventually, the colony will be eliminated. This method also require to drill holes in order to place the station inside the house. Normally only 2 stations are placed in the middle of the house, and the rest are placed in the garden area outside the house building.

Method 2 is generally more expensive than Method 1, and the baiting stations need regular inspection for presence of termites. However, it is a more effective way, and unlike Method 1 which only function to create barrier to hinder termites from entering the building, Method 2 will try to eliminate the termites colony by killing them off.

Anyhow, it is a good practice to regularly inspect your house for signs of termite infectations. And I would recommend the inspection to be done with thermal imaging technology.

Detect termite infestations with thermal imaging inspection

Among the household pests, termite brings the more headache because it would cause damage and loss to the building materials, furnitures, etc. In fact, some studies show that losses caused by termites are 4 times higher than losses caused by fire.

Termites infestation is difficult to detect because they are intelligent to cover up their tracks. For example, they will consume up the wood underneath the surface, and the wood seems to be normal from outside. It might take up to a few years before signs of the problem eventually revealed. Worse still, the termite queen may live up to 25 years and lay more than 60,000 eggs in her lifetime, and there could be more than one queen in a termite colony.

The conventional way to detect termite infestations is to look for signs such as hollow sound when wood surface is tapped with blunt object, muddy tubes, shed wings of termite swarm, etc.

The more effective way nowadays is to make use of thermal imaging technology.

Objects with a temperature above absolute zero (- 459° F) emit infrared radiation which is not visible to our naked eye. As an object heats up, it will radiate more and more energy from its surface. The technique for making this invisible radiation visible is called thermal imaging, and involves the use of sophisticated thermal imaging cameras.

Thermal imaging technology detects heat patterns. When termites invade buildings, the normal heat patterns of the walls, floors and roof change due their presence. The thermal imaging camera is able to records this change in heat pattern and indicates the exact location of any termite infestation. The camera is very sensitive and is able to detect temperature variations as little as 0.1 degrees celcius.

Thermal imaging can therefore be used in detecting items that may be of concern which are concealed by wall linings, including termites. This method is non-destructive and non-intrusive, as there is no need to poke holes in a surface to determine if there is damage beneath it.

I have just engaged with Ridpest to inspect for termite with this with thermal imaging technology. It has been few years since the termite barrier threatment done by the developer when my house is built, and I'm aware that the effectiveness of that termiticide underneath the house will just wear off by time.

Tuesday, December 9, 2008

Find out and compare grocery price in all major hypermarkets & supermarkets

The Ministry of Domestic Trade and Consumer Affairs (MDTCA, a.k.a. Kementerian Perdagangan Dalam Negeri Dan Hal Ehwal Pengguna - KPDNHEP) has setup a Price Watch section in their website and list out the grocery price in all major hypermarkets and supermarkets including Carrefour, Giant, Jusco, Mydin, Tesco, The Store, etc.

The price lists are made according to state. You might be surprised to find out how much different can the highest and lowest price of the same item among them, and different hypermarket under the same group might have different price for the same item in different area.

Here are the grocery price list downloadable from their website:

Monday, December 8, 2008

Secret code to enter Service Menus of Sony Ericsson handphone

There is a secret code to enter the Service Menus of Sony Ericsson handphone. Different information might be shown in different model number. And here is the code... (warning: use it at your own risk! Don't do it if you feel uncomfortable to try!)

Enter the following sequence in Standby Screen.

For handphone with joystick or arrow keys:
1. Press the [right] key
2. Press the [*] key
3. Press the [left] key
4. Press the [left] key again
5. Press the [*] key
6. Press the [left] key
7. Press the [*] key

For handphone with jog dial:
1. Rotate jog dial up (just rotate a bit, don't make circular rotation)
2. Press the [*] key
3. Rotate jog dial down (just rotate a bit, don't make circular rotation)
4. Rotate jog dial down again
5. Press the [*] key
6. Rotate jog dial down
7. Press the [*] key

Here is what I get on the Service Menus of Sony Ericsson P1i:
1. Service Information
  • Model information
  • Software information
  • Hardware information
  • SIM locks
  • Configuration
2. Service tests
  • Display
  • Camera
  • Touch screen
  • Illumination
  • LED's
  • Keyboard
  • Vibrator
  • Speakers
  • Microphone
  • FM radio
  • Memory Stick
3. Format internal disk
  • Are you sure you want to format your internal disk? (you should answer NO or else you might get into trouble)

You might probably want to play around with the Service Tests available to your handphone. It is a handy tool to check if the respective hardware portion of your handphone is functioning or not.

Disclaimer: I shall not be liable to any losses or damages if you intend to use the secret code mentioned in this article.

Sunday, December 7, 2008

Procedures for the approval for house extensions and/or renovations

The following serves as a useful FAQ that you should know as a house/building owner who plan to extend and/or renovate your house/building in Malaysia.

What is meant by building extensions / renovations?
  • Any demolition work to the original building
  • Any extension work to the original building (enlarging floor area)
  • Any renovation work to internal building layout
  • Construction of car porch, fencing wall and refuse chamber
  • Any other extension / renovation as prescribed in Act 133, Road, Drainage, and Building Act 1974, and Building By-Laws 1984

Steps to be taken by home owner for submission of extensions / renovations application:

  • Obtain letter of consent from neighbours should extension / renovation work involving housefront bordering neighbour's house
  • Appoint an architect or a registered draughtsman for preparation of building plans
  • Appoint professionals should extension / renovation work involving concrete structures
  • Obtain Development Order approval from municipal council should the extension work exceed 50% of the original floor area
  • Ensure the proposed extension / renovation work comply with the Building Guidelines & Standards
  • Ensure construction work commence only after proposed extension / renovation application has been approved

Documents in submitting application for building extension / renovation:

  • Form A
  • 4 complete copies of the building plan
  • 1 copy of the most recent income tax returns
  • 1 copy of the Certificate of Fitness
  • 1 copy of the Title Deed or the Sales & Purchase Agreement
  • Consent letter from neighbouring residents (if applicable)
  • 1 copy of the structure plan and structure measurement from a certified consultant engineer (if applicable, or purchase the Standard Plan from Department of Building)

Examples of standard plan available:

  • Back extension
  • Front awning extension
  • Building of gazebos
  • Concrete fence
  • Air-well
  • Store and fish pond

Processing fees for plan submission:

  • RM500 for extensions / renovations that involve the lower level / storey
  • RM1000 for extensions / renovations that involve the lower and upper level / storey

Steps to be taken by home owner after extensions / renovations approval:

  • Apply for permit to place building materials on the road shoulders prior to commencement of renovation work.
  • Contact Alam Flora for collection of debris of building materials before construction begins.
  • Display Letter of Approval of the extension / renovation application during construction work.
  • Ensure construction works is carried out within own boundary and adhere to the approved extension / renovation plan.
  • Notify construction stages to municipal council by submitting the relevant forms.

Saturday, December 6, 2008

40% of IT jobs will be related to open source by 2020

Last week, the 78 pages 2020 FLOSS Roadmap Version 2.16 has been tabled in the Open World Forum (OWF) in Paris. OWF is a forum dedicated to free/libre/open source software (FLOSS), its players and projects.

This 2020 FLOSS Roadmap report is the OWF’s main manifesto, and is designed to support discussions taking place during the different OWF seminars and forums. It is a prospective and projection to the influences that will affect FLOSS between now (2008) and 2020, with descriptions of all FLOSS-related trends as anticipated by OWF contributors over this period of time. It also highlights all sectors that will, potentially, be impacted by FLOSS, from the economy to the Information Society.

Studies have been carried out in seven key areas:

  • Theme 1: Public policies: promoting sustainable development of sharedresources
  • Theme 2: FLOSS: the key to future innovation and competitive differentiation?
  • Theme 3: Ensuring sustainability for FLOSS developer communities and businessecosystems
  • Theme 4: Technological and economic breakthroughs: challenge or opportunityfor FLOSS?
  • Theme 5: IT 3.0: towards new governance for information systems?
  • Theme 6: FLOSS: a lever for employment and careers
  • Theme 7: FLOSS in an Open World: Innovations and best practices from Brazil

The report predicted that within the next 12 years, 40% of IT jobs will be related to open source, and open source-based cloud computing will be solving many problems in the real world.

The roadmap has outlined seven areas of change for 2020, which are:

  • FLOSS will become mainstream. It will be the de facto standard for areas such as development tools, infrastructure and scientific computing, as well as being widespread in other sectors
  • 40% of IT jobs will be related to FLOSS
  • FLOSS will free businesses from vendor lock-in, providing a "vaccine against abusive behaviour from a commercial vendor"
  • FLOSS will help reduce the global digital divide, as it is a collaborative effort that works for sustainable development of a shared resource
  • Open source communities will help build business ecosystems for specific markets
    Green datacentres will lead to business models with a low ecological impact, in "the next industrial revolution"
  • Cloud computing will be ubiquitous, and social networking will be the main way to communicate with businesses and government

Click here to download the comprehensive 2020 FLOSS Roadmap Version 2.16.

Friday, November 28, 2008

Developing and implementing .NET applications in Linux, Unix, Mac, etc. with Mono 2.0

Microsoft has been promoting their .NET application platform quite some years ago, and supporting the development of .NET applications with their Visual Studio development tools. They even introduced a new programming language named as C# targetting to the .NET frameworks.

If you have the impression that .NET applications can only run on MS Windows platforms, and that you can only develop .NET applications using Visual Studio in MS Windows, probably you are still not aware of Mono which frees up all the .NET developers and their applications to the rest of the world other than Microsoft, which includes Linux, Unix, Solaris, BSD, Mac OS X, etc.

Mono is an open source development platform based on the .NET framework, which allows developers to build Linux and cross-platform applications with improved developer productivity. Mono's .NET implementation is based on the ECMA standards for C# and the Common Language Infrastructure (CLI).

The Mono runtime contains a just-in-time (JIT) compilation engine for a number of processors including x86, SPARC, PowerPC, ARM, S390 (in 32-bit and 64-bit mode), x86_64, IA64 and SPARC for 64-bit modes.

The Mono project started in Ximian since 19 July 2001, which was about 7 months earlier than the release of Visual Studio .NET 2002 (first release of Visual Studio that supports .NET framework) by Microsoft. Ximian was a company that provided free desktop applications for Linux and Unix based on the GNOME platform, and has been acquired by Novell in 2003. Mono is currently sponsored, led and supported by Novell.

Mono version 1.0 was released in June 2004, one year after Visual Studio 2003 was released. Current version of Mono is 2.0.1, which is API complete in regards to .NET 2.0 and supports for Visual Basic.NET as well as C# versions 2.0 and 3.0.

Mono includes compilers, an ECMA-compatible runtime engine (the Common Language Runtime, or CLR), and many libraries. The libraries include Microsoft .NET compatibility libraries (including ADO.NET, System.Windows.Forms and ASP.NET), Mono's own and third party class libraries.Gtk#, a set of .NET bindings for the gtk+ toolkit and assorted GNOME libraries can be found in the latter. This library allows you to build fully native Gnome application using Mono and includes support for user interfaces built with the Glade interface builder. Furthermore, Mono's runtime can be embedded into applications for simplified packaging and shipping. In addition, the Mono project offers an IDE called MonoDevelop, Debugging, and a documentation browser called MonoDoc.

As an open source software, you can download, copy, distribute and use Mono for free. Here is the download page of Mono.

There are a lot of information about Mono in Wikipedia. There are also many resources and documentations about Mono in its official website.

TM revised Lets Talk packages to give more benefits

Recently, TM sent me a notice about the changes in their Let's Talk plans, which would replace the existing from 15 November 2008 onwards.

Here are the new Let's Talk packages:

Let's Talk 38

  • Monthly fee: RM38
  • Local calls: free unlimited
  • National (STD) calls to TM's fixed lines: free 60 minutes/month, thereafter 18 sen/min
  • Calls to mobile & other fixed lines: flat rate @ 25 sen/min
  • International (IDD) call: normal rate

Let's Talk 68

  • Monthly fee: RM68
  • Local calls: free unlimited
  • National (STD) calls to TM's fixed lines: free unlimited
  • Calls to mobile & other fixed lines: free 60 minutes/month, thereafter flat rate @ 25 sen/min
  • International (IDD) call: normal rate

Let's Talk 108

  • Monthly fee: RM108
  • Local calls: free unlimited
  • National (STD) calls to TM's fixed lines: free unlimited
  • Calls to mobile & other fixed lines: free 90 minutes/month, thereafter flat rate @ 20 sen/min
  • International (IDD) call: up to 80% discount. The discount is based on destination country.

Click here for information of the IDD normal and discount rate.


From the "2008 Q1 Communications & Multimedia - Selected Facts & Figures" bulletin published by the Malaysian Communications and Multimedia Commission (MCMC, a.k.a. Suruhanjaya Komunikasi dan Multimedia Malaysia - SKMM), we can notice that TM feels the challenge in sustaining their fixed line subcriptions, while the cellular phone subscription has been growing steadily.




I believe the declination in fixed line subscription could be even greater if not sustained by the Streamyx broadband service which relies on the fixed line infrastructure. However, the emergence of faster and more stable wireless Internet technologies such as 3G Mobile, Worldwide Interoperability for Microwave Access (WiMAX), High-Speed Downlink Packet Access (HSDPA), and so on, will definitely introduce new challenges to the fixed line business of TM.




It is good to know that TM realises their situation, and has taken some action to try to maintain their fixed line business which they have been dominated in the country.

You might probably also interested to read my other article about "is it wise to change your phone plan to Let's Talk?".

Thursday, November 20, 2008

Cellular phones penetration rate

10 years ago, you might find only 1 or 2 out of 10 people around you had a cellular phone. Today, the scenario has reversed, you can hardly find anybody around you without a cellular phone, especially those above 18 years of age.

The graph below shows the number of cellular service subscription in Malaysia over the years.






We can clearly see that prepaid subscription greatly outnumber postpaid subscription. The sum of them in 2007 is already very close to the population of Malaysia.

The graph above can be converted into the one below to show the enetration rate per 100 inhabitants in Malaysia.


As you can see, we have a penetration rate of 85.1% in year 2007, which is quite a high figure. Let's break down that figure by state, and we have the penetration rate in each state for year 2007 as below.





We have a high penetration rate in urban area, such as Kuala Lumpur, Selangor, Penang, etc. Melaka also has a high penetration rate of 85.5% by 2007. The penetration rate in East Malaysia (Sabah & Sarawak) is the lowest, probably caused by the lack of coverage of cellular network in rural areas there.

The next graph compares the penetration rate among ASEAN as well as some other countries. It is a very interesting graph.




In 2007, among the ASEAN countries, Singapore has the highest cellular penetration rate, followed by Malaysia and Thailand.

Notice that in certain places such as Singapore, Australia, Taiwan, UK, Hong Kong, etc., the cellular penetration rate has already gone above 100%. This mean that in those regions, there are quite a lot of people subscribed to more than one cellular number at the same time. Hong Kong has a really high penetration rate that out of 2 people on the street, you can probably find 3 mobile phones from them.

All raw data is obtained from the "2008 Q1 Communications & Multimedia - Selected Facts & Figures" bulletin published by the Malaysian Communications and Multimedia Commission (MCMC, a.k.a. Suruhanjaya Komunikasi dan Multimedia Malaysia - SKMM).

Wednesday, November 19, 2008

How many SMS did you send out last year?

According to data provided in the "Communications & Multimedia - Selected Facts & Figures" bulletin published by the Malaysian Communications and Multimedia Commission (MCMC, a.k.a. Suruhanjaya Komunikasi dan Multimedia Malaysia - SKMM), total amount of SMS sent out by cellular phones in Malaysia in 2007 is 56.8885 billion or 2,590 per subscription SIM card.

This means that on average, we sent out 7.1 SMS per day last year. If you sent out more than 7 SMS everyday, you are contributing more than average to the figure.

The graphs below show the growth of SMS amount sent over the years.



Assuming that each SMS is charged for 5 sen, this will be a hefty RM2.85 billion business for telco operator in 2007, which is still growing exponentially.

Tuesday, November 18, 2008

Simple way to confirm a long term trend reversal

The term "trend reversal" is very common in technical analysis for share, index, commodity, derivative, or other kind of securities. Technical analysis has many kind of complicated signals to catch the "trend reversal" based on price movement, trade volume movement, and/or the combination of both.

However, technical analysis might be too difficult to master for layman like you and me. The "simple way" that I'm going to discuss here is indeed a very simple way. It is so simple that can be described in the sentence below:

"A trend reversal is very possible if a bottomed price doesn't drop beyond its bottom made, or a topped price is unable to produce another record high."

You might want to question that what's so special with the above sentence, every Tom, Dick and Harry also know about it.

But I notice many people doesn't know how to apply this simple and straightforward sentence to their investment strategy.

Believe me, it is really as simple as that, and its accuracy is no worse than using technical analysis. Especially when looking for long term trend, it is particularly effective.

To apply this simple saying to your investment strategy, you need to determine the nature of your target. You need to find out from its historical record that, does it has high volatility with drastic price movement (high beta), or does it pretty stable with low beta?

Then, add in the time factor into the sentence by determining a suitable time period. Your sentence should now sound like this:

"A trend reversal is very possible if a bottomed price doesn't drop beyond its bottom made after X number of days, or a topped price is unable to produce another record high after X number of days."

If the beta is high, apply a larger X factor, otherwise, you may apply a smaller X factor. Your X should not be too large that it takes too long until every Tom, Dick and Harry also know the trend has reversed, as you will lose the opportunity to buy/sell at a less risky position.

A good X value for common stock is 1 month, which you need to adjust based on the volatility of your target. Beware that X would be of not much meaning if it is higher than 3 months.

Let's take an example. ICAP (5108) made a bottom on 29-Oct-2008 at the price of 1.15. Let's say you give it a 2 months period for your observation. Therefore, if by 29-Dec-2008, the price of ICAP is still all the way staying above 1.15, and there is no short term tendency sign for it to fall back to 1.15, you can predict that 1.15 made on 29-Oct-2008 is its bottom, and you can start accumulating it at the price near to its bottom.

Of course, this is just a simple and stupid method, which is not bullet proof. But it is a good method, because by the time your simple "signal" triggered with this method, you will notice that almost all the technical analysis indicators are pointing to a bullish position, since technical analysis is meant to sense the trend in a much faster timeframe. So, technically speaking, you are quite unlikely to be wrong, unless market affected by unforeseen sudden factor.

Disclaimer: This article is intended for sharing of point of view only. It is not an advice or recommendation to buy or sell any of the mentioned stock counters. You should do your own homework before trading in Bursa Malaysia.


Friday, November 14, 2008

Top 10 CIO priorities for 2009

Recently, the US National Association of State Chief Information Officers (NASCIO) released the US State CIO's Top Ten Policy and Technology Priorities for 2009 based on their annual survey done.

The lists has reflected the budgetary uncertainty faced by state governments in the face of an extended economic downturn. But by prioritizing their IT strategies, the lists can serve as a good reference and roadmap for ICT solution providers hoping to grow their US state government business.

The Top 10 Priority for Strategies, Management Processes and Solutions are:
  1. Consolidation: Centralizing; consolidating services, operations, resources and infrastructure.
  2. Shared Services: Business models, sharing resources, services and infrastructure.
  3. Budget and Cost Control: Managing budget reduction, strategies for savings, reducing or avoiding costs; activity based costing.
  4. Security: Security safeguards, enterprise policies, data protection and insider threat.
  5. Electronic Records/Digital Preservation/E-Discovery: Strategies, policies, legal issues, opportunities for shared services and emergency preparedness.
  6. ERP Strategy: Acquisition, implementation, expansion and upgrade.
  7. Green IT: Policies, energy efficiency, power management, green procurement and e-waste.
  8. Transparency: Open government, performance measures and data, and accountability.
  9. Health Information Technology: Assessment, partnering and implementation.
  10. Governance: Improving IT and data governance.

The Top 10 Priority for Technologies, Applications and Tools are:

  1. Virtualization: Storage, computing and data center.
  2. Document/Content/E-mail management: Active, repository, archiving and digital preservation.
  3. Legacy application: Modernization and upgrade.
  4. Networking: Voice and data communications and unified communications.
  5. Web 2.0: Services, collaboration technologies and social computing.
  6. Green IT: Technologies and Solutions.
  7. Identity and Access Management.
  8. Geospatial Analysis and Geographic Information Systems (GIS).
  9. Business Intelligence and Analytical Applications.
  10. Mobile Workforce Enablement.

I wonder if any similar survey has been done for government and corporates CIOs in our local region.

Thursday, November 13, 2008

Bill Clinton to give lecture in Malaysia

Great news! There is an opportunity to listen to the lecture of Bill Clinton (former president of US) in Malaysia, and the ticket will be given free of charge.

On 6 December 2008, Clinton will present the inaugural BC Sekhar memorial lecture organised by the Sekhar Foundation (founded by Datuk Vinod Balachandra Sekhar, president and founder of Petra Group) and the Asian Strategy & Leadership Institute (ASLI).

In that event, he will also receive the BC Sekhar Medal for Transformational Leadership, a new award given to individuals who have demonstrated a lifetime of commitment to bringing about positive change in the world. The medal would be awarded to Clinton for his tireless work to tackle the root causes of poverty in the world. Other factors included his steadfast commitment to foster understanding in divided communities and his determination to see people working together in friendship to bring about change.

Clinton will be in Kuala Lumpur for about 2 days right after the Clinton Global Initiative meeting in Hong Kong.

If you are interested in attending, just send an email to clintonlecture@petragroup.net with your name, address, contact number and MyKAD or passport number from 1pm today (13 November 2008). Up to 500 members of the public will be given seats for the lecture.

Wednesday, November 12, 2008

Malaysian household monthly income distribution 2007

Today, there is a report in the Chinapress newspaper which provides us a set of figures about the Malaysian household monthly income distribution based on Household Income Survey (HIS) done in year 2007 by the Department of Statistics Malaysia. Here are the figures:



With the data above, we can derive the constituent of household by ethnic which has participated in the HIS 2007, as shown below. The percentage is pretty much in line with the ethnic group percentage of population of Malaysia.


And we can interprete the data in the table with a bar graph like this:

You can compare this graph with the one in my earlier article posted on 18 September 2008, which is based on data from a different source. With no surprise, they look very alike. The graph above is able to show more information. What can you see from it?

Remember there is another pie chart in my earlier article posted on 18 September 2008? You can compare it with this one which is based on our new set of data. They are pretty much the same, aren't they?

Now look at another graph to reveal more information. What can you see from it?

If you see each of the income group vertically, you can actually rank how each ethnic group performs for each of the income group. The Kadazan and Orang Asli have a big population in the lower income group, and very low percentage in the higher income group. Majority of the Chinese are in the 5k-10k income group.

You can also clearly see the "M shape" in the Chinese and Indian lines, and the formation of "M" in other ethnic groups can also be sensed.

What else can you see from the graphs above?


Satyam acquires Motorola software development center (SDC) in Cyberjaya

India's Satyam Computer Services Ltd, which is the 4th largest IT solutions and service provider and has its own building block in Cyberjaya Malaysia, has just initiated an acquisition to its Cyberjaya neighbour - the software development center (SDC) of Motorola in Malaysia.

On the recent Monday, the 128 staff in Motorola SDC were briefed about the acquisition, that all of them, together with the SDC’s assets, will be diverted from Motorola to Satyam by the end of the year. Anyhow, they are assured by the management that their contractual bonus for the year will not be affected.

The SDC is part of Motorola's Home and Network Mobility business and focuses on network management system development. After the acquisition, Motorola will outsource the business to Satyam and get the same level of service as before.

Both Satyam and Motorola are listed in New York Stock Exchange (NYSE). To date, Satyam has a staff strength of over 500 in Malaysia.

Monday, November 10, 2008

WPA Wi-Fi encryption cracked!

If you are using a wireless network, especially in office environment, you should be well awared that running Wi-Fi without any encryption is a big no-no, and that the depreciated Wired Equivalent Privacy (WEP) encryption is extremely weak and can be cracked within seconds. As such, you probably are using Wi-Fi Protected Access (WPA) encryption to protect your Wi-Fi from unauthorized access and/or information stealing/leaking.

But now, bad news is that 2 German researchers - Martin Beck and Erik Tews - have found a way to crack the Temporal Key Integrity Protocol (TKIP, which was supposed to fix all problems with WEP) of WPA encryption within minutes, and they are going to share their cracking tools to the public during the PacSec Conference in Tokyo this 12-13 November 2008. In fact, some of the code used in the attack was already quietly added into the Aircrack-ng Wi-Fi encryption hacking tool about two weeks ago.

In short: WPA is no longer secured!

So what can you do to safeguard the security of your wireless network? Ensure that your wireless access points and equipments support WPA2, and switch over to it. WPA2
implements the mandatory elements of IEEE 802.11i standard, and is still uncracked by now, if it doesn't make use of the TKIP, and is instead set to use Advanced Encryption System (AES) with its Cipher Block Chaining Message Authentication Code Protocol (CCMP).

Click here to read more about this new crack on WPA Wi-Fi encryption.

Hardening PHP security with Suhosin

Suhosin (수호신) is a Korean word that means “guardian-angel”, originally developed by Stefan Esser, a German developer who loves Korean language.

Originated from the Hardened-PHP project, Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core.

There are 2 parts in Suhosin:
  • Patch to PHP that hardens the Zend engine to protect from possible buffer overflows and related vulnerabilities.
  • Standalone Suhosin extension module for PHP to provide many security features that are not present in PHP itself.
Both of them can work together, or the extension module alone can be used.

Some of the features of Suhosin are:
  • Logging of errors to syslog or arbitrary logfiles
  • Create blacklists and whitelists per virtual host
  • Filter on GET and POST requests, file uploads, and cookies
  • Transparent encryption of sessions and cookies
  • Set memory limits
  • ... and many more
If your web applications are developed in PHP, you should seriously consider installing Suhosin to harden its security. It is already included in most major Linux distributions. Search for "php5-suhosin" or "php-suhosin" in your Linux distribution to install it.

For more information about downloading and installing Suhosin, click here.


Securing Apache web with ModSecurity

If you are hosting your websites with Apache web server, which is mostly the case if your web server is running on Linux platform, you should seriously consider installing ModSecurity to provide intrusion detection and prevention for your web applications.

ModSecurity is an open source, free web application firewall (WAF) Apache module. According to Forrester Research, it is the most widely deployed web application firewall nowadays.

WAFs are deployed to establish an external security layer that increases security, detects and prevents attacks before they reach web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection, cross-site scripting, path traversal, etc.

Features of ModSecurity includes:
  • HTTP Traffic Logging - ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged.
  • Real-Time Monitoring and Attack Detection - ModSecurity can monitor the HTTP traffic in real time in order to detect attacks. In this case, ModSecurity operates as a web intrusion detection tool, allowing you to react to suspicious events that take place at your web systems.
  • Attack Prevention and Just-in-time Patching - ModSecurity can also act immediately to prevent attacks from reaching your web applications.

ModSecurity supports the following security models:
  • Negative Security Model - Looks for known bad, malicious requests. This method is effective at blocking a large number of automated attacks, however it is not the best approach for identifying new attack vectors.

  • Positive Security Model - When positive security model is deployed, only requests that are known to be valid are accepted, with everything else rejected. This approach works best with applications that are heavily used but rarely updated.

  • Virtual Patching - With ModSecurity, applications can be patched from the outside, without touching the application source code (and even without any access to it), making your systems secure until a proper patch is produced.

  • Extrusion Detection Model - ModSecurity can also monitor outbound data and identify and block information disclosure issues such as leaking detailed error messages or Credit Card Numbers, etc.

ModSecurity is included in all the major Linux distributions. Look for "libapache2-mod-security" or just "mod_security" in your Linux distribution to install it.

Click here for detailed documentations about ModSecurity.


Friday, November 7, 2008

Lower EPF contribution from 11% to 8% for 2 years from Jan 2009

Following an announcement made by Deputy Prime Minister and Finance Minister YAB Datuk Seri Najib Tun Abdul Razak during the winding up speech for the Ministry of Finance on the 2009 Budget on Tuesday 4 November 2008, the Employees Provident Fund (EPF, a.k.a. Kumpulan Wang Simpanan Pekerja, KWSP) has now made an official statement on the execution of this decision.

The reduction of the employees’ contribution to EPF from 11 % down to 8 % will be made automatically, effective from January 2009 until December 2010 wage. The employers' 12% contribution remains the same.

This means that if you don't explicitly inform EPF to maintain your 11% contribution as before, by January 2009 onwards, your contribution will be automatically reduced to 8% for the next 2 years. If you intend to maintain your 11% contribution, or any portion other than 8%, you have to inform your employer, as well as submit the "Form KWSP 17A (AHL) - Khas" to EPF office.

As at 31 December 2007, the total membership of EPF stood at 11.69 million. A total contributions amounting to RM28.93 billion were made during year 2007. Assuming the figure does not change too much in 2009 and 2010, a 3% reduction will mean (RM28.93 billion/23% x 3% x 2 years) = RM7.55 billion to be freed up for spending in the economy, in the optimistic case that all EPF contributors opt for the rate cut and don't maintain the 11% contribution rate by submitting the "Form KWSP 17A (AHL) - Khas".

This is not a high figure to stimulate the national economy, but it does facilitate a similar effect of lowering the bank interest rate, which is happening in many other nations right now. This also hints that the Malaysian government is trying hard to avoid an interest rate cut, which would probably further weakening the forex exchange rate of Malaysian Ringgit.

As an employee, this change in contribution rate means that if your monthly salary is RM2k, you will have an additional RM60 monthly disposible income; if your monthly salary is RM5k, then your figure will be RM150; and if your monthly salary is RM10k, it will be RM300.

Should you opt for the lower contribution rate, or should you submit the "Form KWSP 17A (AHL) - Khas" and maintain your normal 11% contributions? One thing to consider is that since the economic climate is not so favourable this year, we won't expect a good dividend payout by EPF to be announced.

I would say that it is not a bad idea to reduce your EPF contributions, and spend your money wisely to make more value from it. For example, you can use it for personal development (education, books, workshops, ...), investments, insurance, etc. just to name a few. However, if you think that you are not a wise person in money spending, you might want to opt for maintaining your 11% contributions to EPF as a form of "force saving".

What do you think?

Click here to download the "Form KWSP 17A (AHL) - Khas" for individual employee.

Click here to download the "Form KWSP 17AA (AHL) Khas" for employers who wish to apply on behalf of more than two employees.

Tuesday, November 4, 2008

Watch Honda ASIMO live in road tours

Honda ASIMO (アシモ), named after "Advanced Step in Innovative Mobility", is an intelligent multifunctional robot of 130cm tall with 54kg weight, made of magnesium alloy covered with plastic resin.

It is an innovative result from 22 years of R&D in Honda, showcasing their determination and belief in the Power of Dreams.

Today, ASIMO can run up to 6km/h and in circular pattern, walk at various speed up to 2.7km/h, climb stairs, and is able to recognise distance, position and details of people with Honda's IC Tag.

ASIMO can also perform the task of a receptionist, information guide or carry out delivery service using a tray or cart. It can also act in sync with people, for example, walking with you while holding your hands.

Eager to watch ASIMO in action? You can meet with him in the upcoming road tours as follow:
  • 14-16 Nov 2008 - New Wing, 1 Utama Shopping Centre, Selangor.
  • 20-23 Nov 2008 - City Square Shopping Centre, Johor Bahru.
  • 27-30 Nov 2008 - Queensbay Mall, Penang.
There will be exciting games, ASIMO prizes and limited edition of ASIMO goodies available during the road tours.

Click here to learn more about the wonders of ASIMO.

Sunday, November 2, 2008

Pairing Sony Ericsson P1i with HBH-PV710 bluetooth headset

Sony Ericsson HBH-PV710 is a mid-range bluetooth headset with 3 buttons, one for call handling, another 2 for sound volume control. It does not have fancy features such as automatic sound adjustment, background noise reduction, etc. However, for a retail price of only RM128, it is still a good pick and value for money.

It can share the same charger with my Sony Ericsson P1i handphone, as well as using the CDS-65 Desk Stand that comes along with P1i as its charger. Of course, it also comes with its own charger, which can also be used by P1i.

The printed user guide of HBH-PV710 is written in 4 languages, which the layout is quite inconvenient for the reader. The flow of document is also quite confusing. Therefore, I decided to reproduce the guide here in a more readable way, for my future reference and also for other HBH bluetooth headset users' reference. Here is it:

After purchase, before usage:
  • You need to charge up the bluetooth headset for 8 hours before usage.
  • In future, when you see the headset's red light is flashing, it is time for it to recharge.

First time usage:

  • Turn on the bluetooth function in your handphone.
  • Make sure the bluetooth of your handphone is visible to other devices.

  • Press and hold the "call handling" button of your bluetooth headset for 3-5 seconds, until you see the indicator light flashes red and green.
  • If the headset only flashes green, press and hold both the "volume control" buttons of your bluetooth headset for 3-5 seconds, until you see the indicator light flashes red and green.
  • Your handphone should now find the bluetooth headset, and lists it in its bluetooth device listing. Tap on it and connect to it. When passcode is asked, key in "0000".
  • The headset beeps and the indicator light flashes green when the pairing is successful. It is ready to use now.
  • To turn off the headset after use, press and hold the "call handling" button of your bluetooth headset for 3-5 seconds, until the flashing indicator light turns off.

Subsequent usage:

  • Turn on the bluetooth function in your handphone.
  • Turn on the bluetooth headset.
  • The pairing should occur automatically. Here are the screens of P1i before and after the pairing. Note that the bluetooth icon in the taskbar will change to headset icon when the headset is in use.

        Before pairing                            After pairing


Using the headset:
  • Answer incoming call - press the "call handling" button once.
  • Reject incoming call - press and hold the "call handling" button for about 2 seconds.
  • Making call - use your handphone to dial the number and talk with your headset.
  • Using voice command to dial, redial, answer and reject calls - record and enable voice commands in your phone. Say the "magic words" to your headset.
  • Transfer audio between headset and handphone - selection can be made on the phone.

Friday, October 31, 2008

Ubuntu Linux 8.10 (Intrepid Ibex) has been released

Ubuntu, the most popular Linux distribution (according to DistroWatch.com ranking) has officially released their stable version 8.10 (code name "Intrepid Ibex") for both Desktop and Server editions.

As you know, Ubuntu is usable in the form of LiveCD (boot from CD and use, no need installation) as well as installable to the harddisk as your computer's operating system (which can be co-exist and multi-boot with other operating systems in the computer). The minimum memory requirement to run Ubuntu 8.10 is only 256MB.

This new 8.10 release features:
  • 3G network support.
  • It can now also be put into USB thumbdrive which is convenient to carry everywhere, plug and use on any machine.
  • It introduces "Guest sessions" feature to allow users to lock down a session easily, so a guest (eg. at conferences, cafes, parties, etc.) can use the full system without interference with programs or data.
  • As a bonus, all Ubuntu 8.10 users will be able to enjoy streaming programmes from the BBC multimedia network.

Here are some of the interesting features in the Server Edition of Ubuntu 8.10:
  • Virtualization built on the Just Enough Operating System (JeOS). Apache Tomcat 6.0 and OpenJDK are now a fully supported options.
  • ClamAV and SpamAssassin are now available from the main repository providing a supported solution for spam detection and virus filtering for mail infrastructures.
  • Provides support for SATA "software" RAID controllers via DMRaid.
  • Administrators can now easily set-up an Ubuntu system to provide encrypted private directories which are automatically mounted when users login locally or via ssh. Sensitive data is kept secure even if the system is stolen.
  • The tool chain used to compile Ubuntu has been updated to include even more security features such as glibc function call fortification. Bugs in applications are even harder to be turned into exploitable vulnerabilities.
  • Uncomplicated Firewall makes it easier to manage a host firewall thanks to the addition of application profiles. Common services such as apache, bind9, cups, dovecot, openssh, postfix or samba declare which ports they use so that the administrator only enables a network service rather than a set of ports.
  • Bundled Landscape client provides a free reporting function at each login. Landscape is Canonical's lightweight system management tool for Ubuntu systems that allows automated deployment and monitoring.
Version of some commonly used software that comes with Ubuntu 8.10 are: Linux kernel 2.6.27, Compiz 0.78, CUPS 1.3.9, Evolution 2.24.1, Thunderbird 2.0.0.17, Firefox 3.0.3, gcc 4.3.1, GIMP 2.6.1, glibc 2.8, gtk+ 2.14.4, OpenOffice 2.4.1, OpenSSH 5.1p1, Apache 2.2.9, MySQL 5.0.67, postgreSQL 8.3.4, perl 5.10.0, PHP 5.2.6, Python 2.5.2, postfix 2.5.5, samba 3.2.3, xorg-server 1.5.2.

Click here for more information about the features of Ubuntu 8.10.

Ubuntu is downloadable from their website as well as using the BitTorrent P2P. You can also request for free distribution CD (original from Canonical) to be sent to you by postal mail. Click here for more information about how to get Ubuntu.