Thursday, May 6, 2010
Thursday, April 29, 2010
Friday, April 23, 2010
Saturday, October 24, 2009
對明報副刊《年輕有罪?》一文之我見
原文見於 http://bit.ly/48kFfv
整篇文章借買中環樓入題, 欲以此「冰山一角」帶出階級傲慢知識傲慢云云。
事實上, 醫生買中環樓其實根本冇問題, 只係其人心有不甘。這既非重點, 坊間以及敝人亦都講o左好多, 不贅多言。
對於所謂年輕人處處受擠壓云云, 我實在 O 晒嘴 (注意原文所講年輕人係指三四十歲人, 即包括其他人論調中擠壓後生的第三代香港人)。事實上中環 就係多年輕人 (無他, 有返咁上下年紀要住o個頭都搬o左上 escalator 上面)。Trading floor 勁多青年白髮, 據說有o的係特登染白些少使個 look 襯返佢成就。Trader 之外, i-banker, 甚至做得好o既 IT 人啊 sales 啊, 都係晨早就有 job freedom。哩個年代, 個個發達行業都係狂向年輕人傾斜, 老o的先至係有 handicap, 就連最大o個個餅, 勁多人 end up in o既 middle management, 都係越唻越後生, o的 complacent o左o既阿伯先至要驚。
另外, 起碼我唔會似得原文咁講, 用一個有三十年工作經驗者同一個 fresh grad 比, 事實係即使原文都承認, 以中英古典文學素養做標準, 則三十年前大學生, 平均優於哩一代大學生。當然, 哩一代大學生普遍有更多創意技術出框思想等等, 此乃 trade off, 但三十年前, 會有細路連搭車食飯都拿住部 PSP 唔放嗎? 生活舒服o左確係會令人戰意消磨, 要用更大意志去鞭策自己, 這點應無異議。社會富庶o左, 令新生代較易流於平庸, 但同時富庶社會亦讓精英更能發揮。我完全唔懷疑哩一代最叻o個班, 平均叻過上一代最叻o個班。
至於五十年代出生的人佔着位置不走, 造成後面年代的人不能上位, 哩個根本唔係新聞, 最近八千年都係如此, 唔係, 再早o的, 如 2001: Space Odyssey 第一幕所講, 班識用工具o既猩猩打走班霸住水源o既猩猩上位。
Fair 唔 fair? 班老o野本身唔係叻過人, 憑住生得早, 封殺後輩上位之路, 明明我叻過佢, 但佢高高在上抹殺我一個 fair chance to fight, 唔 fair! 咁我又用返原文做例, 反問一下, 國民黨同軍閥玩晒, 毛澤東周恩來林彪又上到位?
同理, 個社會唔 fair, 官商勾結, 地產商操控全港, 又會有咁多神童 trader 住中環渣波子? 又會有公屋仔白手興家做到上市? 又會有 F.5 畢業做地產經紀做到坐擁成疊樓? 你可以話哩o的都係特例, 咁原文中所舉毛澤東周恩來林彪又何嘗唔係特例? 我o的特例顯然普遍過o個o的革命英雄, 係真真正正o係現今香港搵到o既情況。
先來者有 first to market 優勢, 後來者則有 agility, 原是千古不變之大道, 故國有盛衰, 代有交替。大公司係玩晒, resources 又多過人, 又有 economy of scale, 你蒲個頭出唻佢實用 dumping tactics 趕絕你。哩個係商業現實, 認命吧!
咁 Apple 係點唻? Microsoft 係點唻?
Run startup 都知道, 我o地叫哩o的做 disruptive technology, 係 game changing innovation。既得利益者越大越霸道, 必然越擁腫越多包袱, 細公司一線生機就係做大公司唔願做或不屑做o既事。 話說 Apple 初製成, Steve Wozniak 本想賣畀 HP 等佢賣, 囉到上去畀大老細睇, 大老細問: "你件o野真係好正, 但你話台o野插咩普通電視都得, 咁哩個o個個又得唔得? HP o既品牌係建立於賣o既貨都係 well tested, guaranteed to work with 所有 HP 其他產品, 我o地賣你件o野會 tarnish o左個品牌, 拖垮既有生意, 所以你都係自己去賣啦, 我叫 legal 出返封不反對信過你"。
又, 如原文所講, 年輕的確係無價, 當年 Bill Gates 根本冇 OS, 膽粗粗簽好契先囉住 down payment 去買起人o地個 OS, 哩o的勇氣只有兩袖清風o既年青人先會有。同理, 四廿歲人, 仔細老婆嫩, 莫講話 quit o左份工開鋪, 轉份工都驚餐飽啦!
所以, 既得利益者, 與後起競爭者, 根本各有其 edge, o的 game rules 唔 fair, 打低佢囉! 一代打低一代, 社會就係咁進步。
整篇文章借買中環樓入題, 欲以此「冰山一角」帶出階級傲慢知識傲慢云云。
回應支節
事實上, 醫生買中環樓其實根本冇問題, 只係其人心有不甘。這既非重點, 坊間以及敝人亦都講o左好多, 不贅多言。
年輕人受擠壓?
對於所謂年輕人處處受擠壓云云, 我實在 O 晒嘴 (注意原文所講年輕人係指三四十歲人, 即包括其他人論調中擠壓後生的第三代香港人)。事實上中
大學生平均質素下降
另外, 起碼我唔會似得原文咁講, 用一個有三十年工作經驗者同一個 fresh grad 比, 事實係即使原文都承認, 以中英古典文學素養做標準, 則三十年前大學生, 平均優於哩一代大學生。當然, 哩一代大學生普遍有更多創意技術出框思想等等, 此乃 trade off, 但三十年前, 會有細路連搭車食飯都拿住部 PSP 唔放嗎? 生活舒服o左確係會令人戰意消磨, 要用更大意志去鞭策自己, 這點應無異議。社會富庶o左, 令新生代較易流於平庸, 但同時富庶社會亦讓精英更能發揮。我完全唔懷疑哩一代最
主題回應
至於五十年代出生的人佔着位置不走, 造成後面年代的人不能上位, 哩個根本唔係新聞, 最近八千年都係如此, 唔係, 再早o的, 如 2001: Space Odyssey 第一幕所講, 班識用工具o既猩猩打走班霸住水源o既猩猩上位。
Fair 唔 fair? 班老o野本身唔係叻過人, 憑住生得早, 封殺後輩上位之路, 明明我叻過佢, 但佢高高在上抹殺我一個 fair chance to fight, 唔 fair! 咁我又用返原文做例, 反問一下, 國民黨同軍閥玩晒, 毛澤東周恩來林彪又上到位?
同理, 個社會唔 fair, 官商勾結, 地產商操控全港, 又會有咁多神童 trader 住中環渣波子? 又會有公屋仔白手興家做到上市? 又會有 F.5 畢業做地產經紀做到坐擁成疊樓? 你可以話哩o的都係特例, 咁原文中所舉毛澤東周恩來林彪又何嘗唔係特例? 我o的特例顯然普遍過o個o的革命英雄, 係真真正正o係現今香港搵到o既情況。
先來者有 first to market 優勢, 後來者則有 agility, 原是千古不變之大道, 故國有盛衰, 代有交替。大公司係玩晒, resources 又多過人, 又有 economy of scale, 你蒲個頭出唻佢實用 dumping tactics 趕絕你。哩個係商業現實, 認命吧!
咁 Apple 係點唻? Microsoft 係點唻?
Run startup 都知道, 我o地叫哩o的做 disruptive technology, 係 game changing innovation。既得利益者越大越霸道, 必然越擁腫越多包袱, 細公司一線生機就係做大公司唔願做或不屑做o既事。 話說 Apple 初製成, Steve Wozniak 本想賣畀 HP 等佢賣, 囉到上去畀大老細睇, 大老細問: "你件o野真係好正, 但你話台o野插咩普通電視都得, 咁哩個o個個又得唔得? HP o既品牌係建立於賣o既貨都係 well tested, guaranteed to work with 所有 HP 其他產品, 我o地賣你件o野會 tarnish o左個品牌, 拖垮既有生意, 所以你都係自己去賣啦, 我叫 legal 出返封不反對信過你"。
又, 如原文所講, 年輕的確係無價, 當年 Bill Gates 根本冇 OS, 膽粗粗簽好契先囉住 down payment 去買起人o地個 OS, 哩o的勇氣只有兩袖清風o既年青人先會有。同理, 四廿歲人, 仔細老婆嫩, 莫講話 quit o左份工開鋪, 轉份工都驚餐飽啦!
所以, 既得利益者, 與後起競爭者, 根本各有其 edge, o的 game rules 唔 fair, 打低佢囉! 一代打低一代, 社會就係咁進步。
網上交易, 用家之責任何在?
有人認為, 既然行出街冇著避彈衣被槍殺, 罪不在自己, 那未做好防護措施或不小心引致網上交易出事, 怎麼要負上責任?
其實, 用『冇著避彈衣出街比人槍殺』做 analogy 係未盡然恰當, 因為網上交易出事, 通常你唔會瓜老襯, 卻必定會累街坊。
以 credit card fraud 做例, 隨手搵個 T&C, 卡主合理地乜乜物物, 則最高賠償僅為幾舊水 (e.g. 星加坡卡限賠 SGD100, ref: http://bit.ly/2ZsWum )。如是者, 你失卡被盜用, 受傷的卻是商戶或銀行, 即使賠償轉嫁予保險公司, 仍會反映於增高了的保費之上。(當然, 假如你非常黑仔成為 identity theft victim, 也何因此毀了一生。)
因此, 網上交易之責任, 很大程度上應來自「不連累他人」。
其實, 用『冇著避彈衣出街比人槍殺』做 analogy 係未盡然恰當, 因為網上交易出事, 通常你唔會瓜老襯, 卻必定會累街坊。
以 credit card fraud 做例, 隨手搵個 T&C, 卡主合理地乜乜物物, 則最高賠償僅為幾舊水 (e.g. 星加坡卡限賠 SGD100, ref: http://bit.ly/2ZsWum )。如是者, 你失卡被盜用, 受傷的卻是商戶或銀行, 即使賠償轉嫁予保險公司, 仍會反映於增高了的保費之上。(當然, 假如你非常黑仔成為 identity theft victim, 也何因此毀了一生。)
因此, 網上交易之責任, 很大程度上應來自「不連累他人」。
Sunday, September 13, 2009
On personal data
Lately, the Hong Kong Personal Data (Privacy) Ordinance (PD(P)O) is up for review. There has been quite a bit of controversies surrounding a number of issues, one of them is the special treatment given to biometric measurements.
I want to illustrate the need to distinguish between a common PII such as name + dob + phone + address, and a PII that can be used alone as an authentication factor such as password or thumbprint biometric measurements.
The primary threat that can come from PII leakage PII is identity theft, as PII by definition (the NIST definition) can potentially be used to convince a third party that the bad guy is actually the identity theft victim. Leakage of a common PII is bad enough, but leaking a PII that can be used alone as an authentication factor is even worse, as this can potentially let the bad guy directly assume the identity of the victim.
Consider two scenarios:
An even more interesting phenomenon is the changing PII hierarchy. If you follow my rationale above you see that passwords are more important than name + dob + phone + address, but what if the hypothetical bank operator above really was so naive as to have fallen for the impersonator, reset the password and release it to him? Does it not make these more-widely-shared information more permission-granting than "unique" passwords?
Whereas we see things like credit card numbers generally protected (e.g. encrypted in accordance to PCI-DSS), I haven't seen many people taking very proactive measures protecting your mother's maiden name and your first pet's name. We all know it's entirely plausible that given those "secret" information alone a bad guy can gain access to your account (perhaps via a password reset) and make purchase on your behalf with your "properly protected" credit card number (think one-click purchase).
Go figure.
PII vs. PII that can be used alone as an authentication factor
I want to illustrate the need to distinguish between a common PII such as name + dob + phone + address, and a PII that can be used alone as an authentication factor such as password or thumbprint biometric measurements.
The primary threat that can come from PII leakage PII is identity theft, as PII by definition (the NIST definition) can potentially be used to convince a third party that the bad guy is actually the identity theft victim. Leakage of a common PII is bad enough, but leaking a PII that can be used alone as an authentication factor is even worse, as this can potentially let the bad guy directly assume the identity of the victim.
Consider two scenarios:
- Call up phone banking, say you forgot the password and respond to the operator's challenge by correctly stating the victim's name + dob + phone + address, having "proven" you are who you claim to be, proceed to operate on the victim's account, and
- Log into e-banking with the victim's login name + password.
- From an audit trail / forensics / monitoring perspective, the e-banking compromise vector is the "normal" way of access, making detection much more difficult.
- From an authentication soundness perspective, pedantically speaking the bank probably should not have given trust to someone based solely on the fact that he can state an account holder's name + dob + phone + address, because none of these PII is private to the individual only (e.g. a receptionist of a hotel that the victim stayed in before probably could have access to his name + dob + phone + address).
On the changing PII hierarchy
An even more interesting phenomenon is the changing PII hierarchy. If you follow my rationale above you see that passwords are more important than name + dob + phone + address, but what if the hypothetical bank operator above really was so naive as to have fallen for the impersonator, reset the password and release it to him? Does it not make these more-widely-shared information more permission-granting than "unique" passwords?
Whereas we see things like credit card numbers generally protected (e.g. encrypted in accordance to PCI-DSS), I haven't seen many people taking very proactive measures protecting your mother's maiden name and your first pet's name. We all know it's entirely plausible that given those "secret" information alone a bad guy can gain access to your account (perhaps via a password reset) and make purchase on your behalf with your "properly protected" credit card number (think one-click purchase).
Go figure.
Wednesday, September 9, 2009
Dual-booting Windows 7 x64 and Ubuntu 9.10 x64 on Intel Matrix RAID'ed hard disks, with TrueCrypt
- Install Windows 7.
- Encrypt system volume with TrueCrypt.
- Boot a Linux live CD with support for isw (Intel Matrix RAID), e.g. Ubuntu 9.04.
- Plug in a thumb drive, mount it on /media/thumb
- dd if=/dev/sda of=/media/thumb/truecrypt.mbr count=1 bs=512
- Install Ubuntu 9.10, DO NOT REBOOT JUST YET because grub2 does not support isw, we want to install grub1
- mount --bind /dev /target/dev
mount -t proc proc /target/proc
mount -t sysfs sys /target/sys
cp /etc/resolv.conf /target/etc
chroot /target /bin/bash - apt-get update
apt-get install grub - mkdir /boot/grub
cp /usr/lib/grub/x86_64-pc/* /boot/grub
grub --device-map=/dev/null
device (hd0,5) /dev/mapper/isw_xxxxxxxxxx_Volume05
root (hd0,5)
setup (hd0) - Plug in the thumb drive where you put truecrypt.mbr, mount it on /media/thumb
- cp /media/thumb/truecrypt.mbr /boot/grub
- Add this to /boot/grub/menu.lst:
title Windows 7
rootnoverify (hd0,5)
makeactive
chainloader /boot/grub/truecrypt.mbr
Subscribe to:
Comments (Atom)
