:: MIS Insights ::

Once upon a time, there were ten employees in a big, bhg, bpg company. These ten employees, hailing from the same department, decided to go out for a noontime feast one day. Among the ten brave souls that dared to eat outside the department premises, five of them brought their magic identification cards. The rest didn’t.

Now these magic identification cards were bestowed upon them by the all-powerful Human Resources department to empower them during their quests - most of which had a minimum 2.5 year fellowship bond. Legend has it that if the magic cards were placed near the correct scanners, doors that led to untold treasures would open for them.



10 value meals and 1 hour later, the ten employees went back to the company to resume their quests. The first five with identification cards easily got in. With a 180-degree, crescent-shaped swiping motion of their magic identification cards over the department door’s scanner, the door unlocked with a loud “bzzzt!”



Then there was the other half that didn’t bring their magic card. They thought that, “Hey, fellow adventurers, you can let us in when you get in right?”

Well, the five cardless dolts were wrong. Their fellow prudent adventurers didn’t let them hitch a ride back inside to the department. They knew that the magic identification cards were there for a reason - to prevent, or at least minimize, unauthorized entry. One cannot even begin to imagine the horrors that would be unleashed if a cracker got inside to mess with the systems or if an intelligence spy got access to the company’s treasured information chest. Such careless behavior should not be tolerated. After all, who better can implement the company’s security program, other than the employees themselves?

The five boy/girl scouts wanted to teach the five rascals a lesson. However, the guard waiting at the lobby proved to be the weak link in the company’s security plan. With a persuasion spell of Pleasus Openus the Doorus Maximus, the guard promptly used his magic card to let the employees in to the department.

End of Story.

Truly, companies could do more with their security measures. This is an example of a security breach that used social engineering (guard) to thwart two of the pillars of IT security - authentication and authorization. In my honest opinion, either companies start implementing what they have on paper or scrap the whole program all together. With roughly US$3 per magic card and a hefty US$1,000 per scanner, the money could have been put to better use for the sake of the stockholders.

Information Technology roughly has six principles that it follows. For any organization that wants to have a secure system, most Consultants, System Administrators and Software Engineers look at the following checklist:

1. Authentication is the process of identifiying someone or something. It is the process which makes sure that only the right people get in to a system.

2. Authorization determines what users can or can not do with the system. Think of it as your list of privileges.

To illustrate the difference between Authentication and Authorization, think of Alice who works at the Accounting department of Stoned Company. Alice can be authenticated or identified with an ID that she has, allowing her to enter the company building. However, Alice might be authorized only with access to the floor where the Accounting department is located.

3. Non-Repudiation is one way to make sure that messages are sent and received by the involved parties. The sender cannot later deny that she sent a message and a receiver cannot deny receiving message.

For instance, if Alice sends an e-mail to Bob, Alice cannot say that “she did not send an email to Bob.” Bob, on the other hand, cannot say, “I did not receive anything from Alice.”

This contractual setup is particularly useful in tracing transactions between parties and assigning responsibility to the people involved.

4. Integrity is making sure that data never gets compromised or changed while in transit between Alice and Bob’s mailboxes. Whether data is unintentionally corrupted along the way due to lost packets over the internet or a cracker intentionally alters the message, Integrity mechanisms must be in place to make sure that the message arrives the way it was sent.

5. Confidentiality, on the other hand, is making sure that only the intended recepients receive the message. If Bob sends a message intended for Alice, Eve must not be able to read the message. Eve might intercept it, but must not be understandable for her. This is usually accomplished by using Cryptographic technologies.

6. Availability. The availablility of services anytime is one of IT’s main selling points. That’s why hardware and software solution providers are working hand-in-hand to craft solutions that bring consumers the most nines (ex. 99.999999% uptime).

This is just an introduction of the big topic that IT Security is. Stay tuned as we go through each of the principles along the way.

When I was driving on my way to Ateneo this morning, I got behind a car whose plate number plaque was covered with dark plastic. The plastic was dark enough to render the plate number unreadable even under broad daylight. This isn’t the first time I’ve encountered illegible (non-readable) car plaques on the road. I’ve noticed that more and more people are following suit and I think that this isn’t good for the Philippines.

Having an unrecognizable plate number is a license to kill in the Philippines. The possibility of speeding away without getting identified after an accident is quite distressing for me. My slippery-slope prediction? An increase in non-readable plate numbers will also trigger an increase in “hit and run” situations in the road. This will make the Philippines more undesirable, attracting less investors and venture capitalists.

If MMDA and LTO don’t get their act together to put a stop on this, our roads will be infested with reckless drivers. Fixing this kind of problem later will be much more expensive. It will be more expensive for the MMDA because it will have to acquire implements to catch the violators (i.e. motorcycles to chase them). Ultimately, it will be more expensive for the people once MMDA figures out the costing of such violation (cars getting towed, tickets, etc). Though I have a feeling this might not be such a bad business proposition for MMDA+LTO… Get more dark plaques out there, then we can start farming the roads … *Ahem!* … going back…

Audience Rebuttal : Whoever said that having dark-colored plates equates to reckless drivers? Is there a study for this?

I’ve seen it on the road. Filipino drivers will do anything crazy on the road if there is no police officer around. Tricycles counter-flowing / going the opposite direction of the road. Jeepney drivers taking a U-turn in non-designated U-turn slots. Buses stalling along Edsa to wait for passengers, creating bottlenecks that usually stretch from Megamall to Kamuning. And let’s not even talk about the privately-owned car drivers whose driving ethics doesn’t include giving way to others.

Do you really think that ALL people who get dark-colored plastic covers for their plate numbers will only use it for fashionable purposes? Just like how students don’t want to wear identification cards in school these days?

When you’re building a team, it is always a good idea to aim for diversity. In this way, a team can avoid groupthink (when everybody thinks the same, little value is added in being part of a team). It also allows a team to have more perspectives and skill sets at their disposal.

In my experience, I’ve found it useful to surround myself with different people once in a while. Not only does it make things a lot interesting, but such environment has also taught me more than I could have ever learned alone or with the same group over and over.

Some might argue that this setup doesn’t always work. Having all the right skills (competent teammates) and enough resources (assets and budgets) can sometime prove insufficient. This is where a team leader comes in handy. A team leader can share in the work but he must of prioritize two things: lead (set a goal or direction for the team) and manage (maintain movement towards the set goal).

This seems to be the direction for automotive company Ford: Diversity and Leadership. Bill Ford recently stepped down as CEO and got replaced by Alan Mulally, the man responsible for turning Boeing around and making it a profitable company again.

That’s why many people have been asking, what’s an airline dude like Mulally going to do with an automobile business? Can Mulally bring the diversity needed for Ford to make a comeback? Will this usher in a new breed of flying cars like what we saw in the Jetsons?

I’m keeping my fingers crossed.

Google is now offering its search services for news archives. From the Google’s mouth:

News archive search provides an easy way to search and explore historical archives. Users can search for events, people, ideas and see how they have been described over time… Search results include both content that is accessible to all users and content that requires a fee.

Though according to BusinessWeek, Google won’t get any payments for offering the service. Whatever prices the articles fetch, the article providers get all of it.

There’s No Such Thing as a Free Lunch
I don’t have anything against Google - not a day goes by without me using Google. It has made information (and sadly, trash) from the web more accessible. So, thanks, Google! However, hearing the “free service” on the part of Google makes me wonder, is it really free? From my Economics 101 class a few years back, Mr. Cielito Habito told us that there’s no such thing as a free lunch. There has to be something in it for Google…

• Ads. Most of online news websites survive or thrive by selling ad space over the internet. After taking Google’s News Archive Search for a ride, I found out that around 3 out of 5 results had Google Ads in the site. If the site didn’t have any Google Ads, there’s a high probability of the in-site search being powered by Google. Leave it to Google to increase the visibility of their products.
• Quasi-Portal. Unlike Yahoo! and MSN whose portals push content to the customer, Google is doing everything to make their services do the opposite - Google wants the customer to pull content. Following the “Customers want everything Customized” principle, this makes the Google user experience more attractive than the others. Hell, I even stumbled upon Google Alerts this morning while I was checking this service out!
• Libraries. If Google proves successful in this service, the mastery they will get out of this free service will allow them to charge for their services on government and university libraries in the future. Imagine the prospects of digitization and archiving of all the old news stored in microfilm. Think of how much aid this can be for students and researchers.

I don’t mean to sound sarcastic nor do I intend to sound like a Google-fanboi. However, the ability to harness data into meaningful information is something that has made Management Information Systems a real reality today. My mornings are dedicated to reading magazines, informative blogs and online gazettes. If Google News works the way it was intended to be, then my daily “Connect-the-dots” routine will be a lot easier, if not faster to accomplish.

Slashdot pointed me to an article that demonstrated how to crack a Diebold self-service voting machine.

A couple of untrained 54-year old women from Black Box Voting bought $12 worth of tools and in four minutes penetrated the memory card seals, removed, replaced the memory card, and sealed it all up again without leaving a trace.

Is it really that easy to crack voting machines? Is that the main reason why the implementation of an electronic election system has been put off so long despite having all the necessary materials ready?

News Flash:

Last 2003, Mega Pacific eSolutions Inc. was awarded with a contract worth PhP1.3 billion (US$25.27 million) by the Comelec. The agreement was for around 2000 Automated Counting Machines to be used in the May 2004 elections. Later on, Comelec paid and Mega Pacific delivered the machines. There was no e-voting during the 2004 elections. Why? At January of 2004, the Supreme Court nullified the contract between Comelec and Mega Pacific because of some legal technicalities.

So for the past two years, the Philippine government has been asking Mega Pacific to return the money. Mega Pacific has yet to comply with such request.

Supreme Court
Why the H didn’t the Supreme Court step in a lot earlier before the PhP 1.3 billion transaction was made? I hope this wasn’t part of an orchestrated plan for a system that wasn’t bound to work at all from the beginning. Think about it, from a technical standpoint, e-voting is easy to implement. However, from a cultural perspective, e-voting will be a pain in the arse to implement in the Philippines.

• Education. The Filipinos aren’t educated yet on how the system works.
• Apathy. The deal was for 40 million Filipino votes. That’s almost half of our local population. How many of them actually go out and vote?
• Accuracy. The machines were proven to be accurate. I think some politicians didn’t like the idea of a voting system that was too accurate. If 40 million votes out of 80 are hard enough, imagine 40 million unique votes…

Sour Loser
Or could this be a case of a sour loser? Did the losing bidders get something out of the deal too by being quiet for a while? Or did they specifically wait for the Comelec and Mega Pacific to get entrenched too deeply first before bringing this up?

Cheated-Cheater
As with most government biddings, there are always two sides of the camp. Those who won and those who got cheated. Did the other bidders really got cheated when it lost to a 2-month old corporation? Was Mega Pacific eSolutions created to address real problems or to cheat us out with virtual solutions? Who was cheated? The bidders? Comelec? Mega Pacific? The politicians? The Supreme Court? None of the above. It was the Filipino People. The people who are paying e-vat so that there’ll be a bigger budget to craft real solutions for the people.

However, enough of this negative investigative journalism. We already have too much of that out there on the net. I’m not looking for cheaters or mistakes. I’m looking for opportunities and strengths to leverage.

With the 2007 local elections coming up, it seems that there’s no hope for an electronic voting system on the horizon. Until then, it seems like quick counts will be done manually. Since the machines are already there, I hope a little common sense wafts into the room and make them realize that the best thing that they could do is go out and use it. Maybe not on 2007, but hopefully soon. The longer we keep them stocked up, the more money that the Philippines loses through storage costs, inflation, opportunity cost and depreciation. Or we could do as Botswana does…

In Botswana, until 1999, voting was done by colored marbles. Polling places had jars of marbles for the candidates. Each candidate’s jar had marbles of a different color. Voters filed through, picked a marble from their candidate’s jar, and dropped it into a box. At the end of the day, the marbles in the box were sorted and counted.

It’s been around 6 years since I’ve really watched anything on television. The last thing that I really followed was Samurai X and that other show. I’ve never really grown fond of television.

Maybe it’s because of…

• my childhood school training (No TV during weekdays)
• the blackouts (It’s very irritating to have a power outage right after the opening of X-Men the Animated Series)
• my interest in other things (Books and computers win over televsion anytime)
• my impatience (the suspenseful 7 day wait for each episode kills me)
• my brother (television is one of the things he really enjoys. Under my watch, he gets priority over the remote control)

So, for the past 6 years, 10 minutes of channel surfing every week was more than enough television for me. However, there is one show that could make me stop whatever I was doing. It’s Crocodile Hunter. [don’t bother clicking though, the site is currently down]

Steve Irwin was one of my Television heroes alongside McGyver, Fox Mulder and Shaider. He’s probably the main reason for my fascination with snakes and crocodiles. Too bad I won’t see new episodes from him anymore.

Steve Irwin, the ebullient Australian whose catch cry of “Crikey!” helped him rise to global fame as television’s the “Crocodile Hunter,” was killed Monday by a stingray while filming on the Great Barrier Reef. He was 44.

Irwin was in the water at Batt Reef, off the remote coast of northeastern Queensland state, shooting a segment for a series called “Ocean’s Deadliest” when he swam too close to one of the animals, which have a poisonous barb on their tails, said John Stainton, a friend and colleague.

“He came on top of the stingray and the stingray’s barb went up and into his chest and put a hole into his heart,” said Stainton, who was on board Irwin’s boat, Croc One, at the time.

This is a very sad day… Crickey…

Remember, remeber, the Third of September,
The night which changes everything
The age of Rich Text Editing.

A few hours ago, I decided to dissect WordPress. After being stuck with paperwork for the past 2 weeks, I was more than willing to tackle any kind of technical job that can come my way.

Actually it’s more of a configuration rather than something technical. Though I don’t mind however we call it - whatever gets monotype fonts and Dreamweaver back to my blood stream is good. Nonetheless, allow me to share one of the happiest moments of my programming career.

You see, for the longest time, I’ve been deploying online Content Mangement Systems (i.e. blog) with my own html text upload form. Yes, that’s the primitive <input type=”textarea”>. It’s simple, elegant, it works, but I must admit, it sucks. After three years of putting up with such limitation, I decided to see tonight how WordPress can help me.

15 minutes into the Wordpress documentation, I was already publishing WP-created content in my web pages! Mwahahahaha!

Goodbye “To have text in bold, enclose the text in <B></B> tags!”
Hello user-friendly image and text uploading!

Goodbye basic html textareas!
Hello rich text editing!

Goodbye hours of customizing CMS!
Hello hours of getting to do more!

I love WordPress. This discovery greatly improves my ability to deliver products and services the way my customers want it.

Mark 7:14-15

Jesus called the crowd to him and said,
“Listen to me, everyone, and understand this. Nothing outside a man can make him ‘unclean’ by going into him. Rather, it is what comes out of a man that makes him ‘unclean.’”

Nouveau-riche

Nouveau-riche - Characteristic of someone who has risen economically or socially but lacks the social skills appropriate for this new position.

Everyone in this world can be wealthy. Though not everyone in this world knows how to handle wealth. Today’s bible passage is not asking “Did you do something bad with what you have?” It’s asking us “Did you do something good with what you have?”

You who can spare a pack of crackers for the street beggars, when was the last time that you did?

You who don’t tolerate mendicancy, when was the last time you voted for someone who had actual solutions for the poor?

You who can spend 100 pesos (US$2) on a drink, when was the last time you gave to charity?

Do you know how to handle your wealth for the benefit of the people? Are you really rich where it matters?

Philips is currently developing a Skype phone that will no longer require a personal computer.

This is a big step in addressing one of the biggest challenges of VoIP proliferation in the market. With the Philips VOIP841, all you need is a broadband connection via a router, and you’re set. The same goes for Netgear’s Skype Phone, which was introduced earlier this year.

Will this shift in the winds of technology help increase VoIP popularity in the Philippines? Will VoIP be the next big thing for our country’s ICT infrstructure? Only if VoIP service providers can address the current communications infrastructure of the Philippines.

• Analog Telephones. Our current telephone system works fine the way we need it. If VoIP service providers can target long distance callers, then they’ll have a chance of making it big with the families of 8 million OFWs abroad.
• SMS. Text Messaging has grown to be one of the most popular means of communication in the Philippines. Though intended for SHORT messaging, trust the FilipnoP0et2wrkArndSchPrblm. If VoIP could integrate SMSoIP, now we’re talking.
• Mobility. Mobile people would rather use cellular phones for portability and coverage. This is most useful when you have to move around a lot (ex. sales agent) or if you don’t really have your own office space (ex. laptop-powered workforce). The internet connection requirement currently limits the mobility of VoIP phones. If we could develop a Wireless Metropolitan Area Network…
• E-mail. E-mail is cheap, fast and dialogue is asynchronous. Hmm…
• Telco. With one big telco company running the show for both analog telephony and digital subscriber lines, DSL-dependent services that can eat through their telephony business profits are not really welcome in the ICT ecology.

However, as with most capitalist economies, if there is a need, there will be a supply. Is there a need for VoIP in the Philippines?

If there is, maybe not in the consumer market right now.

If there is none, maybe the government can help in improving the use of our current ICT infrastructure. We might be doing well against our Asian neighbors in terms of tech level, however the advanced technology is limited mainly to foreign companies and their offices here. For instance, Quezon City touts itself as the ICT capital of the Philippines. I don’t think having the most number of call centers in the country is an indicator of ICT-ness from a profitable business perspective. We have a 3-5 year telco advantage among other Asian countries. I hope we could develop programs that take advantage of the benefits of our ICT infrastructure.

//picture borrowed from flickr. thanks.