Saturday, July 26, 2008

First Day of BarCamp Malaysia

Was ruined, by my own paranoia, which I will talk about it later.

Quickly run through, my camping started from Gavin Bong's "Google Android" talk. A pure technical talk on Android which got us hanging to decide whether we shall go for this toy.

The second and third talk that I attended fell in the same time in the schedule, Chee Seng "Flex and JRuby on Rails" and Yoon Kit's "The OpenMalaysiaBlog Story", attended just half of each of them. I liked how Yoon Kit's presented the stories in a mind-mapping-like diagram.

As I slept pretty late last night, my brain wasn't in any good condition to absorb more knowledge, I ended up looking for my friend in a Silverlight's talk, by the Silverlight guy. I blogged about Silverlight last year by the way. The product is quite interesting, slides were pretty, but the presentation was pretty screwed as the speaker came late and more than 50% of the slides were skipped.

The fifth talk, "Mobile Future" by Henry from Nokia. This is the talk that got me (bored) to hook into the IRC to chat with the #myoss guys. What went wrong? Henry was not actually being at the wrong place but there were just too many technical guys being in the room to generate him some problems.

IRC? I then realized that I have some applications running and they were trying to authenticate with servers and some of them were using plain text authentication. If they were ever sent, they were sent to the network set up by KageSenshi. Browsing is pretty safe on this laptop, as everything is tunneled over SSH to a server, but not other applications! I was not sure at all how they worked, but I could guess that the applications would check for availability of the servers before sending authentication information.

Now, why waste time guessing if I could just run back home with a cab in 10 minutes? That's how I finished my camping today. Can't blame KageSenshi if he really got my passwords. ;-) Of course, the biggest mistake was ever telling him that it happened. That was really a stupid ~20-minute, everything uses SOCKS now at my end and I feel fitter and happier.

I'm done, first-day Barcamp journey of a newbie wireless user.

- yc

1 comment:

David Chui said...

Communicating via IRC (or any other plain text protocol) is like passing a private note to someone. The only privacy protection is the paper fold. To read the message, one needs only to be in the 'delivery path'.

This is not too much of a problem (maybe not a problem at all) with SSL. You're sure who you are talking to and no one, other than you and the recipient, will be able to understand the conversation.

However, not all sites are SSL enabled. That's when I think pools of passwords categorized by the sites' security would be useful. For instance, accounts with SSL-enabled web sites will use passwords from a particular pool, while non SSL-enabled web sites from another.

That way, if an account gets compromised, you don't risk losing any other account that shares the same password.

Occasional password changes will help too.