Sony 4K HDR Bravia X8000D

4k XLocal tech blog YugaTech is doing a giveaway of a Sony X8000D Bravia 4K TV. To be honest I wasn’t sure about using this blog to participate in a promo, but I was already in the market for a new TV since our living room TV is already starting to have some problems.

I checked out the product features of the Sony X8000D Bravia on their website. Some of the features stood out for me specifically:

  • 4K HDR – this means you get to watch high definition 4k videos. Perfect for those who really enjoy high quality displays. The TV also comes with some technologies to enhance your viewing experience such as 4k X-Reality and Triluminos display. And if you have a gamer in the family, this means you can now maximize the Playstation 4 Pro since it supports gaming in 4K resolution!
  • Connectivity – Wifi is a big deal for me because our current TV is a bit old and only supports wired connection. Wifi makes it a lot easier! The TV also has 4 HDMI slots – let me see… that’s one each for the PS4 Pro, Nintendo Switch, and XBox One, plus one more to spare for those times when you want to connect your laptop to a big display (one can dream right?)
  • Android TV – this means all the apps on the Google Play store can be downloaded and run on the TV. That means built-in Youtube, Netflix, etc, without need for a separate device to stream from!
  • Google Cast – oh, I didn’t know this even existed until now! Apparently TV’s can now have Chromecast functionality built-in, without the need for the separate Chromecast device. Awesome! We can just send content from our mobile devices directly to the TV!
  • Netflix recommended – one of the things I’ve been looking for in a new TV is that I want my folks to be able to easily use my Netflix account. Currently the only way they can use it on the TV is through the PS4, which is a bit difficult if you don’t know your way around a controller. Having the TV itself support Netflix will make it a lot easier for my parents to take advantage of Netflix’s library of movies and TV shows!
  • X-Protection PRO – to protect against power surges, this seems like it would be really good especially here in Metro Manila where power supply is not always the most stable. Added protection for your investment!

The model has a lot of other features designed to enhance your enjoyment of audio and video content. With all of these features, the Sony Bravia X8000D could definitely be the perfect home entertainment companion for the modern family!

Internet History

No, not that kind of history, don’t worry.

Twenty-five years ago this month, the first website went up on the world wide web. That was 1991. It took a few years for the Philippines to catch on, the first internet connection in the country was only set up in 1994.

My personal experience with the internet came a bit later, during our freshman year in University, sometime in the schoolyear 1995-1996. Around that time a couple of friends and I would walk out to this computer shop along Katipunan avenue that had internet access. Computer shops weren’t prolific back then, and most of them offered only document editing and printing services. They didn’t even have LAN gaming back then, as DOOM had only come out the year before and Starcraft was just a gleam in Blizzard’s eye. This particular computer shop we trekked to had 2-3 terminals with internet access, which at that time we mostly used to browse anime-related websites and fanfiction (RIP Anime Web Turnpike)

Internet usage grew quickly in the succeeding years. A couple of friends got internet connections first. One of them lived near the University so a bunch of us happened to hang out there often, not just for internet access but also to read manga and watch anime. We jokingly referred to his house as “the Entertainment Capital of UP Village”

I forget when we got our own internet connection at home. I don’t even remember the provider we used. We stuck with one of the monthly plans for a while, but also went through a period of trying out prepaid internet access plans (RIP ISP Bonanza) and sometimes even hacking a free email service to also give me internet access (RIP Edsamail). It was the days of dial-up modems and beeping sounds, when piracy consisted of arcane commands issued in dark IRC channels. (The first time I got pirated music wasn’t off the internet however – for some reason I had gotten an MP3 of Oasis’ Wonder Wall on floppy disks. Yes, multiple disks).

Aside from the piracy and the fanfiction, the internet was a treasure trove of information. I quickly learned the usual web development skills – HTML and CSS were relatively easy, and I had a geocities website set up back in the day, a strange green-text-on-black-background kind of thing (I was never particularly good at web design). My email address for most of the university years was a Yahoo one (RIP Yahoo 2016), which I often used to join discussion groups on various geeky topics like video games and anime and what not – these days we have reddit for that.

Today, internet in the Philippines has come a long way and is a big part of daily life for most people. There’s still a lot of improvement to go – broadband here is still very expensive and very slow compared to other countries and there is no real competition yet, something hopefully to be solved soon.

What was your first encounter with the internet?

Password Security for Application Developers

In the modern era of online services and applications, it is getting more and more common to hear of databases and systems being hacked and user data being exposed. The most dangerous of this data is the user’s password since it may allow access not only to your own service but to other services as well. As an application developer, the below is probably the bare minimum you need to know when handling user passwords:


Never store passwords in plain text! This is the most important rule. It means that if your database is ever compromised, the password information will not be exposed

This is true even if your application doesn’t contain sensitive data or would not otherwise cause any problems if compromised. This is because many users will tend to re-use the same password across different services (although they really shouldn’t!)

Use a strong one-way cryptographic hash function to store the passwords. One-way hashes can still be brute-forced, but the idea is that the computational effort to do so will be so large to make it not worth the effort. The most commonly used/recommended algorithms are bcrypt and PBKDF2. One of these should suffice, but take note to check every few years or so if better cryptographic hash algorithms emerge; as technology and hardware evolves and computational power increases, at some point in the future stronger algorithms may be needed (it might take a while though, bcrypt has been good since 1999)

Cryptographic hash functions are designed to be collision-resistant, meaning the result of the hash function will almost certainly be unique. When the user submits a password for authentication, you simply hash it using the same method and compare the hash against the one stored in the database

Use a unique salt per password before hashing. Salting means that you don’t hash the password by itself, you instead combine it with another string before hashing. Not only does this increase the length and complexity of the hashed string, but reduces vulnerability to so-called dictionary attacks and rainbow table attacks. The salt should be different for each user, probably some combination of personal data like the username and a key like the user id stored in your system

Never send passwords in plain text either. You may be tempted to send out an email with the password in plain text on a password reset request. The common practice now is to just generate and send a unique user-specific link to allow the user to set his own password manually


Force good password practices on your users. This means requiring sufficiently strong passwords. Many modern services provide quick feedback on how strong the input password is. Optionally you can also require that the password contains a varied amount of lower case letters, upper case letters, numbers, and other special characters, but this is not really necessary if the passwords are of sufficient length. Also consider requiring users to change their passwords after a set period

You should disallow the most common passwords. A list of the most commonly used passwords (such as “password” and “123456”) are available from previously leaked password hacks. Microsoft has recently started to roll out this sort of check now in their services. Actually, one good idea I’ve heard of before is to have a uniqueness check on the password field – disallow users from having the same password as any other user, but this may not be feasible depending on how you hash the passwords


If your application has a large number of users or is especially critical (anything involving money transactions is a good candidate), you should also consider implementing some sort of two-factor authentication. Most common implementations these days use email, SMS or a mobile application as the second factor


These practices won’t prevent your application from being hacked. In truth, probably nothing can really prevent hacks 100% especially against determined hackers. These are simply mitigation practices you need to be aware of as the application developer to protect your users in case your application does get hacked. Other methods of securing your system may be the responsibility of other roles such as system administrators/engineers or dev ops

Password Security for Dummies

Around the first week of June 2016, Mark Zuckerberg, well-known nerd and founder of Facebook, was hacked. If even the founder of the world’s largest social network can be hacked, anybody can! So it might be a good idea to review how you manage and secure your online passwords

 


 

Avoid using short, simple, or commonly-used passwords! These are subject to so-called “brute force” attacks where bad actors just try a whole lot of passwords until they find one that works. You don’t actually have to use numbers or special characters (unless the service requires you to do so). What can really hamper password attackers is password length, the longer the better, since the length of the password increases the computational time needed for a brute-force attack. For the most important services, I would suggest a password length of at least 20 characters (although some services won’t allow you to have passwords this long, which deserves a glare from me). If not required to use numbers or special characters, you can simply use a pass phrase composed of multiple English words. This has the pleasant side effect of being easy to remember. As with many things, this is best illustrated by XKCD:

Take note that it’s important to choose passwords or phrases that are not related to common personal information such as birthdays, names of relatives, or anniversaries. This is all information which any attacker might be able to acquire from other sources. This is how Michael Caine’s character in Now You See Me got hacked by the Four Horsemen!


Avoid using the same passwords for every service! This is one of the cardinal rules that Zuck broke causing the hack. A few years back, data from LinkedIn was accessed by hackers including passwords, and the hackers were able to use Zuck’s LinkedIn password to log in to his Twitter and Pinterest accounts

You probably don’t have to use unique passwords for every service – I have a few “low-security” passwords that I use whenever I don’t care about the account being compromised. Most common usage for me is when I need to ask a question on some programming forum (for the rare case that StackOverflow does not suffice)

You need to identify which services are critical to you – the ones you can’t afford to have compromised. Typically (for me at least), this includes financial services (online banking websites), email and social media accounts you use on a regular basis, and probably government services (I don’t have any of those at the moment). For these services you should use different passwords for each one, to protect the other accounts in case one of them gets compromised

In the past few years many major services such as LinkedIn have had their password data exposed (If the programmers were doing their job right, the hackers wouldn’t have been able to decrypt the password data even if they accessed it – but that’s material for another post), so if you’re using a lot of online service, the odds of some of your data getting hacked at some point is quite high

The problem is: most people have trouble remembering one password, how can they be expected to remember multiple passwords and match them to the corresponding service? There are a few of strategies:

  1. Use a password manager program such as LastPass. These programs will randomly generate and store a new password for you for each service you use. A lot of commenters online swear by this, but I’m not a fan of it because (a) I need my passwords everywhere, anywhere, any time. LastPass has an option to sync passwords across the cloud, but it requires a premium account; (b) additional steps when you need to create or store or remember a password; (c) if you lose access to the password manager, you also lose everything else
  2. Use a procedurally-generated password for each service. This is my preferred option. It means that for each service, you construct a password using a fixed set of rules, with the rules taking into account the service itself. A simple example would be using a base password + the service name: with a base password of “horseradish”, you would use “horseradishYahoo” for Yahoo mail and “horseradishFacebook” for Facebook and so on. Of course, if your Yahoo mail account is compromised the hacker can still easily guess your Facebook password, so it needs to be more complicated than that. A better example would be: base password + your favorite Transformer whose name starts with the third letter of the service: for Yahoo it would be “horseradishHound” and for Facebook it would be “horseradishCliffjumper”
  3. Keep a list of password hints written down. Either on paper or on a softcopy document somewhere you can access all the time. Now obviously, if you keep a list of the passwords themselves you risk someone finding that list and accessing all your services. What I like to do is maintain a list of cryptic password hints that really only make sense to me
  4. Memorize them! For the most important accounts (probably the ones that allow access to other services via forgot password mechanisms), you should generate a unique password and eventually memorize them

I use some combination of #2 and #3: for most social media services I use #2 but for more critical services like online banking I use some variation of the procedural rules and maintain a list of cryptic hints that describe how I varied the rules. #2 works fine for social media accounts since I can reconstruct the passwords mentally wherever I am without need to reference a list. For online banking services, I don’t use them that often but they need to be more secure so it’s okay for me to have to reference a list if I forget the passwords. For my primary email accounts, I have a very strong password that I have committed to memory with no hints anywhere


Some random other tips:

  • Change your passwords on a regular basis. Regularly changing passwords means older passwords can’t be used against you in case they are hacked. It can be as simple as changing your password when you log into a service for the first time in a new year
  • Don’t share passwords with anybody! Well okay, maybe you can share some passwords with select family members as necessary. But basically don’t give your passwords to anyone you wouldn’t confess murder to. There are still scammers who pretend to be authorities in order to collect passwords and other information from you. Be wary of strangers!
  • Don’t use any browser feature that remembers the passwords for you. I suggest typing out your passwords every time. Typing them out makes it easier for your brain to remember your passwords. But more importantly, if your machine is compromised by malware, your passwords can be accessed from the browser’s data store
  • Not really password-related but you should take note anyway: Use two-factor authentication whenever it is available. This is where whenever you login to a service, it will also send you a secret code via another channel such as SMS or email. You then need to input that secret code in the service in order to proceed. This is so that even if your password is compromised, hackers still can’t access your account. This is starting to become more and more common among the widely used services: Google, Facebook, Twitter, and Steam all provide 2FA. Modern online banking services will even require you to use two-factor authentication. (Sadly not all local banks do so)

Well, that post turned out longer than I expected! It might seem like overkill to have overly complicated passwords or password management schemes. If you use any online services which contain important data you can’t afford to have compromised, it’s a necessary evil and well worth the effort

iPad: First Impressions and Snap Judgments

So, through a complicated series of circumstances where I initiated the process but actually managed to get myself surprised, I now own an iPad Wifi+3g 64GB (yes, it’s the most expensive model, don’t worry it did not break the piggy bank). It was purchased from Singapore and brought to me by a friend last Friday. I’ve used an iPad before (during the CCS trip Baguio), but this is the first time I’ve had the chance to customize the applications and content, and have it exclusive for my own use. I’ve had it for about a day and half, here are my snap judgments and quick impressions:

General usage
  • The USB cable used to connect the iPad to a PC is also the one used to connect it to a plug for charging via an electric outlet. This is all kinds of brilliant and literally had me with my jaw open for a few seconds.
  • Charging via USB is extremely slow, around 10% per hour, and the iPad will even lie about it and say “Not Charging”. Charging via outlet is much faster.
  • Typing on the virtual keyboard is ok for short form fields or notes type of things, but I can’t imagine doing it for longer typing tasks such as blog posts (I will probably try it as some future time). I find myself typing most comfortably using one hand as it can reach across the keyboard quite easily. The lack of tactile feedback will take some getting used to. As my friend noted the virtual keyboard has touch type indicators on the F and J keys for some reason!
  • Storage: 64gb might be overkill, probably 32gb would have been enough. I don’t see myself using the video watching functions when I’m at home (there are better options for that), so I only need to load enough videos on it to be able to have something to watch when I have downtime outside of home. On the other hand, I haven’t really delved that much into downloading apps and podcasts, there’s a good chance I may be able to fill up the space eventually
  • 3G: I have not yet used the 3g. According to @Talk2Globe, the prepaid microsim will not work with an iPad (I won’t be able to reload it I guess) and I have to use their unlimited data plan microsim (P999 a month). That’s actually not so bad, but I think I’m going to check first with Smart whether their prepaid microsim can be used. @SmartCARES has not yet replied
  • There is no easy out of the box way to use the iPad’s 64gb as an external flash drive. There should be!
  • The volume when watching videos is not very good unless you are using earphones
  • For home usage, the most awesome thing is really internet usage at the bed. I have not yet started up my laptop since I came home with the iPad. I would guess that I would only use the laptop for coding or writing work from here on.
iTunes and Syncing
  • iTunes is not a very intuitive piece of software for someone who has never used an iOS device before.
  • When you add a folder or files to the media library, there seems to be no indicator if some videos are not compatible (I did not know the compatibility requirements at first)
  • The default mode is to sync the local library completely and automatically with the device contents; this seemed totally ridiculous to me as it means all the content will be duplicated on both devices. I have more than 64gb of content on my desktop!
  • In the file sharing dialog, not clear you can use the delete key to remove files shared with your apps. Actually, sharing files with apps in general feels unwieldy, especially if you plan to share a lot of files. There are no organization options like folders or whatever, and it must be done using iTunes.
Apps
  • I’ve only tried a few apps, and have not yet paid for anything on the App Store. Must resist impulse buys!
  • The best app I’ve seen so far from a visual wow-factor awesome-features point of view is Flipboard. My Mom picked up the iPad while I had Flipboard open and was like “Wow!” for maybe five to ten minutes.
  • Twitter apps: the official twitter app seems ok, but I’m using Twitterrific at the moment. I heard Tweetdeck is buggy.
  • Facebook: The facebook app on the app store is for iphone only, so I have to do the 2x size thing. It doesn’t look very good (and doesn’t seem to rotate well)
  • VLC: Supposedly the solution to the lack of supported video formats in iTunes, it is a bit immature. At first I tried loading a lot of files into it (gotta maximize the 64gb!) but then it wouldn’t launch and would just crash back to desktop. It turns out it cannot handle MKV files very well, it worked when I only loaded AVIs
  • Stanza: PDF and comic book reader. The reading mode is pretty good, but it looks like it’s going to be unwieldy if managing a large collection
  • I haven’t settled on a feed reader app yet (not sure if there are any good free ones), Google Reader via Safari seems to be fine at the moment
  • I’ve just downloaded a few free games to try them out

Jailbreaking

  • I don’t have any plans to Jailbreak the iPad at this time. I have not explored the possibility at all, but I’m not really inclined to yet. Maybe I’ll change my mind later.

That’s my iPad experience as of now. I actually also started a thread on Reddit to help me get jump started. Overall, very impressive and such an awesome toy, we’ll see how it stacks up in terms of how much I use it in the coming months.

If anyone has any tips or suggestions to help me enjoy the new toy, feel free to comment 😀

The Setup

A while back I started reading The Setup, which is basically a collection of interviews with various tech/creative guys about what sort of hardware and software they use. I always enjoy this sort of thing – it feeds my tech envy when they describe cool setups or gadgets I don’t have. (A lot of them have Macs!)

I actually purchased a new desktop computer a while back without posting any details, so I thought I’d something similar to The Setup so that I have a record of what I’m using now.

What Hardware Do You Use?

Desktop – my desktop is primarily for gaming, is a custom-built setup. Prepackaged and branded desktops aren’t really popular here in the Philippines, at least among techies. I actually had my brother put this one together, just gave him the budget and told him to maximize it.

09062010075

Specs:

  • 2.67 gigahertz Intel Core i5 750, 4GB ram, 1TB HD, ATI Radeon HD 5770 (1GB onboard memory)
  • I also have a pair of crappy speakers – I have to adjust the connector every so often when watching eps because the voice tracks get filtered out for some reason.
  • I have never solved that 5×5 Rubik’s Cube.

Laptop

09062010078

My laptop is an Acer Aspire 4920G that I purchased around 2 years ago. Core2 Duo 1.8GHz, 3gig ram, 160GB HD, ATI Radeon X2500 video card. It’s old and not really that portable – I seldom bring it outside the house, but it’s a workhorse and gets the job done. It’s my primary machine at home for random internet surfing and coding; I usually have it mounted on a breakfast tray (shown in the picture) so I can use while lying down on the bed. It can also act as a secondary gaming machine in a pinch, although it tends to overheat and crash if I use it for an extended gaming session.

Gaming Console

09062010076

It’s an 80GB original model PS3 hooked up to a 22″ Samsung HD monitor. We have the Rock Band 2 set provided by chowtimer, plus a couple of arcade fight sticks for Street Fighter IV. There’s an SD-only TV beside the PS3, so we can usually watch whatever is on TV same time as playing PS3 games.

Others

  • My cellphone is a Nokia 5800. It’s handy and since I don’t text much most of my prepaid load gets eaten up by internet data usage when I’m outside of the house. It’s also my only camera, so I can’t take a picture of it.
  • For mobile gaming I have a first-generation silver Nintendo DS and a purple PSP-3000.
  • I have a couple of nonworking desktops lying around the house – we need to figure out what to do with them.

What Software Do You Use?

The desktop runs Microsoft Windows 7 Professional, while the laptop dual-boots between Windows 7 Professional and Ubuntu 10.04, which is my primary OS for internet and coding.

The programs I use most are Google Chrome/Chromium for internet browsing (Firefox if I’m doing any web coding) and Tweetdeck for the twittering. For coding on Ubuntu I have Eclipse for Java and good ‘ol gedit for Python. Any document editing is usually done using Google Docs and my email is using GMail (yeah, I like Google!)

All the images in this post are available as a flickr set:
http://www.flickr.com/photos/zroytang/sets/72157624234499706/

Imeem

My brother pointed me to a new (to me at least) online music service called imeem. The website caught my interest for two reasons.

1. It uses Adobe Flex, a technology which I’ve been using for the past year or so. Any Flex developer knows it’s Flex just by looking at the widgets. (Click to enlarge the screenshot!)



2. The service allowed me to find an mp3 which I’ve never found before and have used as a benchmark for how good an mp3 search service is. The song is the Tagalog opening for Shaider! (Now I need to find a new benchmark)

Bayan DSL Proxy

If you’ve been having trouble with Bayan DSL web connections to some websites (which we have for the past few weeks or so), you may be surprised to know that they have an HTTP proxy server you can use. Strange, considering that when reporting such problems to their trunkline, they never ask whether you’re using that proxy server or not. I don’t recall ever being told about it by the Bayan DSL staff.

My brother found out about it last night and lo and behold! The websites we’ve previously had trouble accessing, such as Yahoo Mail, Multiply, Flickr, etc. have become accessible and Youtube videos now stream well, etc.

The settings are:

HTTP proxy server: proxy.skyinet.net

Port: 3128

You can set these in the options dialog of Firefox, under Advanced -> Network -> Settings.

Blogged with the

Flock Browser

Social Networking


“Robert suggested we create Facebook accounts, I think in an effort to establish that we were “down” with whatever “new jives” the kids were flexing on the mean streets. I refused. Gabriel buckled, and the bullshit that ensued verified my initial assessment: that maintaining Facebook would quickly constitute another job. Of which I already have several.”

— Tycho, Penny-Arcade

I never really bought into social networking (because I am of course antisocial) But lo and behold! I now have a Facebook account! And I discovered just now that I cannot link to it. You have to search for me there or something.

Social networking always felt so frivolous to me. And I was right, more or less. But as a friend told me, “At least it’s ala carte frivolous.” This whole facebook apps thing, if you’re not aware, means that any company can make apps that run inside Facebook. I don’t know if the competing networks like Friendster or MySpace have anything similar, but if they don’t they’re certainly not going to win. (Whatever it is these networks are supposed to win.) The facebook apps give the site a lot of random entertainment value, everything from internet memes to trivia questions to scrabble is available to waste your time. And as Tycho implied, it eats up a lot of time as well.

There was some brouhaha lately about Facebook and privacy, but it seems to affect only those people who purchase stuff from partner sites. I just wish I could disable all the emails it sends me and just let me subscribe to notifications through a feed.

The Miracle PC

My computer died last night, refusing to boot. Ubuntu would complain of being unable to read the root filesystem. Windows XP would say that there’s a corrupted DLL. I immediately arranged to borrow both an Ubuntu LiveCD and a Windows XP install disk the next day to help check the problem.

When I got home today, the computer had been miraculously fixed. My brother said he’d been using it no problem.

I knew before that the internet had the capacity to heal itself. I’m surprised my PC also this capacity.

I have no idea if I need to do any sort of diagnostics on this machine.