The Unofficial Lite Edition of the Brunei Times’ E-Paper

The Brunei Times has their official E-Paper which is a digital version of their actual daily print edition but it’s based on Flash and it’s pretty cumbersome to navigate and read the papers. So I managed to extract the URLs of the images and create…

The Unofficial Lite Edition of the Brunei Time’s E-Paper

Perfect to load up the Complete version, let it load and have the entire newspaper right in front of you to start off your day.

Update (19/Nov/09): Seems that Brunei Time is blocking direct image loading. While a fix is being worked on, use Brunei Times E-Paper Downloader to get the news.

Baiduri FAST not fast at all

So I decided to try Baiduri Bank’s phone banking system called FAST to see how it is and I can say my experience was a total hassle. I’ll give them props that they allow users to apply online but ~~lucky~~ unlucky me had to sign up through the ATM.

I did receive the letter from them a long time ago with my PIN and procedures but like any lazy person I put it somewhere and forgot about it and lost it somewhere. So I had to get my PIN reset. This wasn’t much of a problem, just had to go down to Baiduri and wait for the new pin to arrive. My own fault, I admit so no worries. So I got my new PIN the day following my request (good response time Baiduri), logged into the FAST system and tried doing some bill payment and got the error that I didn’t have any account linked to my FAST service. Looking back on it, it could have been stated in the initial documents I got telling me I had to register for the account. I called the FAST hotline and was told I would be able to get the accounts activated right away. So off to Baiduri I went again to link up my accounts. I was told I had to wait a few days for it to get activated.

So here I would like to bring up the inconsistencies between the person on the phone line and the person behind the counter serving me. I had a similar experience with AV Electronics and I really annoys me when two difference sources from the same business tell me two different things. I don’t mind understating and over delivering but overstating and under delivery is never good in the business world.

Anyway so I wait for a few days, and try the FAST service several times only to get the “there are no accounts linked to your FAST service” automated voice coming from my phone. So I finally called the hotline to tell them my situation which I had to re-register my account numbers with them and within 20 minutes they called me saying that my accounts were linked up. Finally I thought, but that wasn’t the end. So I log into the FAST service, and finally happy not to hear that I have no accounts linked to FAST and proceeded to try pay DST and Telbru bills. And what do I get? The automated voice telling me that the payment failed (I have more than enough cash in my account for the transaction to go through). I was so annoyed with that I proceeded to an ATM to pay the bills without issue. My Baiduri experience seems to be getting more frustrating from their ‘over secure’ iBanking system leading me to forget my login credentials once again.

Baiduri I love the fact that you have the functionality of bill payment via phone / ATM / iBanking. I love the fact that the response to my PIN reset request was swift. So moving away from the technical side, try work on the user experience and making it easier for the user to get what they want to get done because if your customers aren’t happy something is really wrong

OS X Snow Leopard in Brunei

Now a Mac user for a week (thanks to the special educator’s discount =D) I knew Snow Leopard was coming and apparently it’s coming sooner than expected, on the 28th of August 2009. So I sent a tweet to AV Electronics asking them for the prices and availability in Brunei and their response was:

B$48: Single user
B$78: Family Pack (5 Apple computers in one household. Non-commercial use)
B$268: Single Mac Box Set (for non-leopard users)
B$369: Family Pack Mac Box Set (for non-leopard users)

Snow Leopard Enhancements and Refinements

Estimated time of arrival 31st August, so go book your copy at AV Electronics
Kiulap: +673 2237650/1
Mall: +673 2456436
Email: info_AT_ave.com.bn

Update 1 [2009/08/28]
So today I got a response from AV Electronic’s Twitter feed that they will have the Up-to-Date program for recent Mac owners. So recent Mac owners (Mac bought on or after 8 June 2009) should be able to get Snow Leopard at an even a greater deal. Currently in Singapore it’s S$18 so here’s hoping it will be like B$20 here.

AV Electronic's response regarding the up to date program

Funny thing though. I personally went to AV Electronics yesterday and ask them if there are any offers for recent Mac owners. And the person told me ‘no’. After that to find out today that they do offer such an offer, it makes me, as a customer, feel cheated of the facts. I would have felt even more cheated had I pre-ordered Snow Leopard at B$48 only to later find out I could have got it for cheaper. It’s not the price but the principle of the matter. Hope AV will work on their inter staff communication on their business activities to help provide customers the better service with accurate information to make the best choice.

Sounds of Hope, Brunei

The following text is taken from their Facebook Page
Sounds of Hope website URL: www.sohbrunei.com
Sounds of Hope’s BIDB Wish

It is a network of Young People in Brunei Darussalam who volunteer their time, talent and resources in helping Families in Poverty in Brunei Darussalam by giving them hope, assisting them to get back on their feet to have a better life. The group of young volunteers aim to create a community of youths against poverty.

Mission
Help achieve HM’s vision of “Zero Poverty by 2035” by mobilizing young Bruneians to engage in positive activities that will help fight poverty, all in the spirit of volunteerism and community service.

Brief Beginnings
Ms. Amalinah Abdullah invited her friends to visit some families in poverty in the various districts in Brunei Darussalam. The visits began in early March 2009. She and her friends were deeply moved with the varying situations of these families in poverty that the team wanted to help in any way they can. By just simply donating money will not be enough.

Ms. Amalinah and her friends founded “Sounds of Hope”. It is just a small informal group of young volunteers who came forward to accept the challenge of finding out the poorest among the poor in Brunei and look for creative ways to help them. They are now informally called as the SOH Team of Young Volunteers. Ms. Nur Judy Abdullah was taken in as volunteer “adviser” for the team.

Supporters
In the visits that SOH has done, the Ketua Kampong (Village Head), District Office, Officers from the Community Development Department and Islamic Religious Council were kind enough to share with us their list of people in poverty who receive monthly support from the government.

Partners
There is an upcoming Charity Gala Night which SOH is organising in partnership with the Women Business Council of Brunei Darussalam. The Charity Gala Night has been approved by the Ministry of Home Affairs this coming 3rd October 2009. The aim of the event is to raise more funds for families in poverty and assist them in various ways specifically in the areas of skills training and further education.

SOH is open to partner with other relevant NGOs and GOs on activities related to poverty reduction.

Get Involve

Mobilize
We hope to mobilize the youths in Brunei to take an active role in advocating for poverty reduction in their own communities. SOH will soon expand its team of young volunteers to the four districts of Brunei Darussalam.

Educate
Road shows/ conferences/ exhibitions will be done in the future featuring the many faces of poverty in Brunei to inform and make the youths aware on how they can participate in meaningful activities that will make a difference in the lives of families in poverty in Brunei Darussalam.

Volunteer
The spirit of volunteerism will be promoted among the young volunteers through the sharing of their time, talent and resources. The youths will be the future leaders in their own community and the best way to enhance their social consciousness level is through involvement on poverty reduction activities.

Raise Funds
Creative activities to raise funds for families in poverty will be spearheaded by SOH Team of volunteers.

Care – A community of caring volunteers

Photos
We are working on a website to post photos of our volunteer efforts and the families we have helped.

Videos
We have taken videos of our visits and will continue to document our various efforts for the benefit of the volunteers, families in poverty, government agencies and donors.

Facebook /Twitter/Blogs
A community forum in the internet will be developed to allow the youths in Brunei to voice out their ideas and advocacies in relation to HM’s titah on “zero poverty in 2035”.

Initial Programs of SOH Brunei

Adopt a Family in Poverty
A donor/sponsor can adopt a family in poverty and SOH team of volunteers will help facilitate the funding for a specific project like home repair, payment of debt (if qualified), buying of boat (for some fishermen who depends on fishing for living), buying of wheelchair for disabled people, hearing aid for the deaf, or walking cane for the blind.

Sponsor a Child’s Educational Needs
There are children who cannot go to Religious school because they cannot afford the uniform. Others cannot afford the books, bags and school projects and other fees in school.

Sponsor a Skills-Training Program for Women
Low educated women who are divorced or widowed can create or supplement their income through home-based self-generating income activities. They can only do so if they are trained in various skills such as beading (doing beadworks for clothes), massage, cooking skills, gardening, handicraft making etc.

Microcredit Program for Unemployed Women
When the women gain skills after the training, they will need some small capital to start their business. A microcredit scheme will be most helpful to jumpstart their small business.

SOUNDS OF HOPE Charity Gala Night

Fund Raising Event

” Sounds Of Hope ” (SOH) is organizing a charity gala night , which is supported by the Women Business Council of Brunei Darussalam. The SOH charity gala night is held to raise public awareness for the Brunei families suffering from poverty. The organizer is working on raising funds to help these families in easing their financial burdens as well as improving their living conditions and their daily life.

If all goes well and as planned, the charity gala night will be held on October 3, 2009 at the Jerudong Park Amphitheater around 7pm.

The Visits – An eye-opener for most young volunteers

The team, made up of Brunei’s own concerned youths, had recently visited homes of Brunei families in poverty and will continue to visit more homes within the four districts over the next few months. The visit is aimed at giving SOH young volunteers to have a first hand experience on the living conditions of families in poverty.

What the team found was disheartening. There are families that need immediate help and these families seem to have been overlooked by the Bruneian community. The families that SOH is helping are not only Brunei Malay Muslims but also those who are permanent residents.

Volunteers of SOH got a glimpse of their living conditions and their daily lives. Through interactive discussions with members of the impoverished families, SOH found out what these families needed and realized what actions can be taken to give them immediate help.

This initiative is a response to a Titah made on 4th of March 2008 during the opening ceremony of the first meeting of the 4th session of the Legislative Council by His Majesty the Sultan and Yang Di Pertuan of Brunei Darussalam, where the monarch expressed his desire for the country to achieve zero poverty rate by 2035.

SOH became aware of the lack of a specific non-government organization in Brunei to help those suffering from poverty.

SOH feels that they need to take the first step to address this issue. One of the ways they feel that they are able to help is by organizing a charity concert to raise funds to help these families.

At the same time, sounds of hope wishes to promote local talent through this charity concert.

Auditions have been held and potential performers have been selected to perform for this charity event.

After the Charity Gala Night , the funds raised through out the charity drive will go towards helping these families in poverty wherein a special committee for SOH will be formed to managed donations and funds raised.
Regular updates on where the funds go and who are the beneficiaries will be posted in the website of SOH.

Before the recipients of the funds are selected, their living conditions will be monitored and their background will be examined and at the same time all caution will be taken to ensure that only those who truly need the help will receive assistance.

Sounds Of Hope feels that it is time everyone gets together to address poverty in Brunei.

For further details, please contact:

soundsofhope.brunei_AT_gmail.com

YOU WANT TO BE A VOLUNTEER?

For those who wants to become an SOH Volunteer, please email to soundsofhope.brunei_AT_gmail.com your answers to the following questions: How do you define poverty? What does poverty mean to you? Do you have the time, talent and resources to be an SOH Volunteer? If yes, please describe how you can help. Please leave your name, brief profile, why you are interested in the issue on poverty and contact details.

Using your phone as a Bluetooth modem in Linux

Software Package Requirements:

wvdial
bluez
bluetooth

Install packages for Ubutun/Debian systems
sudo apt-get install wvdial bluez bluetooth

Steps to get your Bluetooth modem working

Turn phone’s Bluetooth connection and set to discoverable mode
Scan for your device:
sudo hcitool scan
Result:
Scanning ... 00:11:22:33:44:55 MyPhone
Search device to see if supports Dial-Up Networking (DUN) for use as a modem. Look out for RFCOMM channel
sdptool search --bdaddr 00:11:22:33:44:55 DUN
Result:
Searching for DUN on 00:11:22:33:44:55 ... Service Name: Dial-Up Networking Service RecHandle: 0x1000f Service Class ID List: "Dialup Networking" (0x1103) Protocol Descriptor List: "L2CAP" (0x0100) "RFCOMM" (0x0003) Channel: 4 Language Base Attr List: code_ISO639: 0x454e encoding: 0x6a base_offset: 0x100 Profile Descriptor List: "Dialup Networking" (0x1103) Version: 0x0100
Bind the modem on the RFCOMM Channel to a device
sudo rfcomm bind /dev/rfcomm0 00:11:22:33:44:55 4
Dial and connect (ensure your wvdial configuration is correct, for sample see below)
sudo wvdial dstbt
Result:
--> WvDial: Internet dialer version 1.60 --> Cannot get information for serial port. --> Initializing modem. --> Sending: ATZ ATZ OK --> Sending: AT+CGDCONT=,,"dst.internet" AT+CGDCONT=,,"dst.internet" OK --> Modem initialized. --> Sending: ATDT*99# --> Waiting for carrier. ATDT*99# CONNECT ~[7f]}#@!}!} } }2}#}$@#}!}$}%\}"}&} }*} } g}%~ --> Carrier detected. Waiting for prompt. ~[7f]}#@!}!} } }2}#}$@#}!}$}%\}"}&} }*} } g}%~ --> PPP negotiation detected. --> Starting pppd at Wed Aug 19 23:45:04 2009 --> Pid of pppd: 17558 --> Using interface ppp0 --> local IP address 10.84.2.128 --> remote IP address 10.6.6.6 --> primary DNS address 202.152.64.27 --> secondary DNS address 202.152.64.28
You’re connected! Surf and enjoy the Internet!

Sample wvdial configuration file

Stored in ~/.wvdialrc
Change “dst.internet” to your provider’s APN

[Dialer dstbt]

Modem = /dev/rfcomm0 # modem device
Baud = 115200 # 921600 / 460800 / 115200 / 57600

Init = ATZ # far card with no PIN
# Init = ATZ+CPIN=”0000″ # for card with PIN, replace 0000 with your PIN

# If you know your ISP’s APN, specify it instead of YOUR_ISP_APN below.
# There’s also an APN table at https://wiki.ubuntu.com/NetworkManager/Hardware/3G .
# use one of the following 3 options. change to your providers APN
Init2 = AT+CGDCONT=,,”dst.internet”
#Init2 = AT+CGDCONT=1,”IP”,”YOUR_ISP_APN”
#Init2 = AT+CGDCONT=1,”IP”

# Most services/devices dial with *99# . A few seem to require *99***1#
Phone = *99#

# These often suffice, but your ISP might require different details. They’re
# often dummy details used for all users on the ISP, frequently the ISP’s
# name, but some ISP’s do require you to use a real username and password.
# any details possible
Username = internet
Password = internet

PS: bmobile customers change APN to “bmobilewap”

Brunei.fm

I stumbled upon Brunei.fm one day on Twitter and was wondering what exactly they were up to. My brother mentioned it looked a lot like Yahoo before the current design change. A portal service as seen from the wealth/clutter of links, it was hard to understand what they are trying to do.

Brunei.fm vs Yahoo Homepage:

I guess the one of the main attractions of the site would be the Brunei search engine of local content. A huge feat to try to compete against the behemoth that is Google. I tried searching for a few terms such as "ministry of health", "ministry of education", "ministry of finance" and "anti corruption bureau" and found that Google provided much better results especially with the "pages from Brunei (halaman dari Brunei)" option.

Brunei.fm Search Engine:

Google’s Brunei content search:

Brunei.fm seems to be searching through a list of known Brunei websites which could be a good thing for Brunei websites with good content but not good Google Juice.

Brunei.fm has a ton of features and some interesting ones are

Brunei Community Directory: a list of communities/organizations in Brunei
Yellow Pages: the yellow pages with ability to add your own entry
Your News: user submitted content
News: regular news stories nicely categorized
Online office: have your operating system / desktop with all your files available to you anywhere with Internet access, with ability for word processing and personal information management features

Running on Joomla, WordPress (with Buddypress), eyeOS, Jamroom, osTube and possibly other solutions, Brunei.fm is making use of currently implemented technology to provide a wealth of features. The site as a whole is still pretty in an on-going process as I’ve seen many things that aren’t working either giving links to non-existent pages (404: Services > Contact Us) or non working features (Yellow Pages registration not working). Relying on different underlying technologies one hopes that they would unify the login process but alas this isn’t the case making Brunei.fm a portal of disjointed services, each requiring a login of its own. They need to try to implement OpenID authentication for each of the services.

But all in all Brunei.fm is an interesting portal to keep an eye on to see what else they are going to be up to.

Local Brunei Content

I’m always on the look out for what content Bruneians or people in Brunei are producing. From Adam Groves’ episodic The Jo & Jul Show to David Cheok’s Cinematography and the many photos of the many other Brunei bloggers.

Recently I discovered Akinari Production (thanks to @oxba). Comedic performances with good music to set up the scenes. Nicely done. Below is one of their episodes/shows entitled “Don’t mess with Hafiz”. Enjoy!

SMARTER Brunei Charity Walk

Via anakbrunei.org tagboard in response to his post

SMARTER Dad: Those interested to join the ” Charity Walk ” please contact this number 8743777 ( Malai ) , 8734427 ( Hajijah ), 8865646 ( Major Talip ) 8769264 ( Edwin Chong ) , 8732046 ( Hj Yusuf ) … You all can join the walk from one stop or another on 2 May or 3 May . Walk for Charity …8 stop altogether the shortest being 3 km only …Reeda you can join the last to GIANT ..

Calling all people in Brunei to help SMARTER raise the B$1.9 million needed for their new building. Too bad I’ll be in Singapore attending a friends wedding, would have loved to join in this event

Brunei Recycling Bins Part Deux

As a follow up to this post and in light of Earth Hour and An Inconvenient Truth we should all pitch in to help Earth sustain generations present and generations to come. So what I have is a list and location of…

Recycling bins in Brunei

You can contribute by sending me a photo and giving me a link to the location of the place. To find out the location try using Show Me Where’s It’s At!, a little something I created to help show people where a particular place is.

A Lesson in Web Application Security Part 2

**Read Part 1 to get the full picture of post**

Notice that there is no user confirmation that the phone number is correct and that I really do want to receive the results via SMS especially because receiving the results comes at a cost of B$3.00! Yes it does give a cancellation code which I could have sent back to not receive the results SMS. The delay between the 2 SMS’s was 3 minutes which is ample time to send a reply, if you are actively checking your phone.

Exploit #1: Overwhelming a single person with many result SMS, and having them be charged at $3.00 a piece. If the person is using a prepaid plan, you could effectively use all their credit creating a denial of service attack. If they are using a post paid account they could just rack up the charges.

Solution: Request users to send a confirmation SMS saying they do indeed want to receive the results.

Taking things a bit further I tried a few things like putting invalid data. Good enough they did validation of the data I put in.

Validation error

After some investigation I found that the problem of this validation is that lies solely on the fact that they used Javascript alone to do the validation check. Javascript being a client side processing means that it can be subject to change. Firefox users have Greasemonkey and Opera users have user scripts. Or you can do what I did and view the source of the page, copy it to a local file, make the necessary changes to the source, load it up without validation checks and send the form on. And what did I do? I registered a my friend’s foreign mobile phone number. My friend confirmed that he received the results SMS despite the fact that he is not in Brunei. This leads to exploit #2 which could effectively rack up foreign SMS charges to SMS gateway that is providing this service.

Exploit #2: By pass client side validation of data

Solution: Use server side validation of data, in this case in the PHP code

This exploit relies on the fact that the application assumes that the information it receives is valid data. This should never be the case. You cannot assume that the user will input the correct information, you must sanitize the data accordingly to ensure that you only have valid data in your application. It is things like this that lead to SQL injection which could cause catastrophic results on your server and even information theft. So whenever designing and implementing any system, you as a developer should do you job properly and factor this in and ensure your application does not suffer from this flaw.

PS. This being my first vulnerability disclosure was indeed an experience but and it didn’t go too well I have to say. After I emailed them regarding this issue they didn’t even get back to me. I had to call them up 2 weeks after that to ask if they got it and apparently my email just happened to disappear somewhere. Go figure… So the guy I was talking to gave me his direct email address and he thanked me for my input saying that there are some things that they could change and some things they couldn’t. After another month and 2 emails I sent asking for updates, there was still no word from them. But 3rd times a charm and I finally got a reply saying that they fixed some of the Javascript. Despite that not being the best solution I felt I had waiting long enough and came to disclose the problem. It’s not even a hard fix to implement. Oh well. I shall wait for a reply from the next organization who I sent another security concern too. So far no reply after 3 days.. So I wait….

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: