There was a comment by someone on one of my recent posts titled "Future of the Maldives: blurry?". The person mentioned the now famous magic number "27", which is used handsomely by the political opposition to refer to the time in office held so far by our beloved President Gayyoom. Now, this 27 year thing everyone shoots off so easily really pisses me off. I would challenge anyone who does this and for good reason too.

Truth of the matter is, it is not only under current ruler that we have suffered. Moreover, it would be unfair to blame the current state of our society entirely upon one person however easy it is. I admit, the boss has to take most of the responsibility, however the blame falls on each of us too. Every citizen is to be criticized for letting it run this far. I recently snapped at a government employee with a high status job. Like everyone these days, he was whining about how pathetic our society has become and how this is to be blamed on one person. I firmly, with gritted teeth, told him to shut up and look to himself. As a member of the older generation he has failed to take stand in his time and in doing so helped pass a society escalating towards self-annihilation. As a member respected in society he has failed to use his influence to better the lives of the people. As a person educated and with resources, he has failed to do his duty to the country and to the rest of us less fortunate. How dare he go whining on and on? This situation wouldn't have come about if it was snipped in the bud before it got out of control. But then, that is bringing in the ?if"s which is quite pointless now...

Maldivian people were under a larger suppressive force under the dictatorship of Nasir. To name one, the Thinadhoo incident where innocent unarmed civilians were SHOT, where children and pregnant women were FORCED to flee to the cold lagoon at dawn are part of more serious atrocities committed then. I have listened to recounts of the event by surviving Thinadhoo people of the time and each time I cannot believe this is an event that took place on such a scale and in such recent times. I have no choice but to listen to them in utter amazement and share their anger that lingers on. Such events in our history have silently been swept under the carpet, to be forgotten. Moreover, thanks to the "richness" of our literature and "effectiveness" of our educational and media institutions, few of the younger generation are aware of these dark times even in our recent history. (If anyone of you have personally experienced this or have close family who did, do feel free to share the experience with the rest of us. I for one, would be interested in hearing more about it.)

Maldives really sickens me at times. Our ancestry begins with pirates, prostitutes and criminals who either settled here or were banished here. Our history has been forged - dark times and the cruelty of people and rulers hidden and locked away in the unmanifest, for heaven forbid that our history have anything but heroics and bravery. Fantasy and magic have been introduced to full the void. The list goes on...

So please, do away with the twenty-seven. Let us all work toward the Utopian Idealistic Society we all dream of.

I am concerned about the state of our country. Concerned about where Maldives is heading towards. We are walking in unchartered territory - politically and socially. I doubt anyone has a clue of the future that may bear any resemblance to the actual outcome of all this.

It is not only the final outcome that we have to be wary of. We also have to be careful of the price we have to pay, the losses and the suffering we may have to endure, as we proceed through this current sea of change. To make matter worse, much of the changes seem to be brought in a haste being propelled by a insistent agitated community who really have no idea on what needs to be done and how it needs to be done. The ramifications of the changes being instigated may cause more harm than any of us expect. But then again, this is what it is all about. Isn't it? Taking chances... Leaping from the stagnant state we've hibernated in... Or maybe not? Certainly not!

While we all quietly hibernated and kept our lips sealed so as to not speak of the discontentment, the country had slowly distilled into polarities. Divided into the poor and rich, educated and ignorant, hardworking and lazy, powerful and weak - with the gap now large enough for the moons of Jupiter to be squeezed in. However, the struggle for betterment has now started to amplify. In the now abundant campaigns to appeal and silently subjugate masses to do their bidding, between the wonders of technology spitting out propaganda of the rich and the elite, there comes a cry of help - a cry for real freedom. Freedom from poverty. Freedom from oppression and suppression. For equality. To be treated with respect and honour. For a decent meal. For education and knowledge. Cries for opportunity to climb out of the rut much of the Maldives live day in and day out.

Sadly, it is the bellows of the rich, the powerful, the violent and the obscenely loud that are heard most. It is what is being catered for. It is the less meaningful, less effective, less beneficial transformations/changes that is being given the spotlight. This may be only my view. However, conversations with almost anyone seem to hint of the unspoken cries I mentioned. In chats with closer friends, the despair is no longer caged and they cry - wailing with the same desire to be unleashed from the mental and social prison we've all been herded in and treated unfairly and unjustly.

For now, the future of Maldives is in question and will probably continue to lie in the unmanifest for quite sometime to come.

We live at a time where we have little or no privacy. All information about us is recorded, from birth to death. The quality and quantity of details logged may differ from society to society but the details collected about a person extend beyond the visible and the obvious.. To make things worse, we tend to rely and store private and personal information on the products of the digital revolution - mobile phones, PDA's and of course computers, all of which are subject to confistication and interception.

Let me impart some information on how to battle this belittling of the individual and gain a bit more privacy and security for your computer data and Internet communications.

TrueCrypt
Say you have a lot of documents, photos and emails that you don't want to be accessible by all. Say you want to be able to securely store data somewhere on your harddrive or USB data device. Then TrueCrypt is the answer. It is a free, opensource utility available for flavours of MS Windows and is available at http://www.truecrypt.org/

Now, aside from most of the technical mumbo-jumbo it may present to you, the utility is pretty easy to use. The concept it operates on is that it creates a special encrypted file and uses that file to store all of your data inside that single file. So all you have to do is, "mount" the encrypted file with the program and suddenly, your system should show a new disk drive. This drive is now fully secure and you can continue working; saving and editing the files on the drive as you would with any other files. When you are done working simply "unmount" the drive with the program. You can choose to carry the encrypted file on your USB storage device and even move the encrypted file between computers.

The encryption used is pretty secure and several types of encryption are available including 448bit Blowfish. The access to the encrypted files is gained by means of a passphrase, which of course has to be wisely chosen. Follow the general password rules - combination of characters and numbers and make it long.

Eraser
When you delete a file using the standard Windows delete facility, you expect the file to be gone for good. However, files deleted using this method can be easily recovered in full by anyone with access to your system/drive! Enter Eraser. This is a nifty free, opensource utility for MS Windows that specializes in deleting files securely. It is available at http://sourceforge.net/projects/eraser/

It supports several deletion methods, including two US Department of defense standard deletes. To make the deleted data nonrecoverable, the utility writes over the data to be deleted with random garbage. This is done enough of times to ensure there is no recoverable residue of the data that was deleted.

To delete a file securely, right click on the file and select "Erase". This is a habit you have to get used to, otherwise you may just end up with the standard "Delete" button deletes.

VPN
Every time you connect to the Internet, you are effectively entering into a warzone in your birthday suit. If you are in the Maldives, then your browsing data passes through either the proxy servers at Focus Infocom or Dhiraagu. The data is logged and will be used against you whenever required to.

How do you get out of this? Well, an ideal answer would be a cryptographic VPN. However, this may go beyond the technical or financial abilities of many. If you are really paranoid about the security of your internet traffic, I suggest you look into the many VPN service providers. Quite a few of the web hosting companies provide it as part of their deal. Or if you are the technical sorts, you can simply rent your own server located anywhere remote in the world and install and run a VPN server.

A VPN basically creates a virtual network on top of the network you are actually connected to, which in this case is the Internet. The data then seems to flow from your computer to the VPN server but uses the actual network to carry it. The VPN can be encrypted to make the data secure and private and prevent snoops from keeping tabs on you. If you do get around to setting up a VPN, I recommend IPSec encryption for your VPN. If not SSL can be an alternative.

Here is a couple of interesting sites/software regarding VPNs: VPN Labs , iOpus iPig, OpenVPN

Tor
When you are on the Internet, anyone from the ISP, the government to a variety of other services you connect to on the Internet may keep data on you. They keep track of your Internet traffic and effectively intrudes on your privacy and anonymity needs by checking where you go and when you go.

Tor is a free, opensource utility that can combat traffic analysis. It is available at http://tor.eff.org/ and versions for Windows, Mac and Linux exist. Tor uses a method called "onion routing" to bounce your traffic several times with different hosts on the internet before going to the final destination. This way the origin and the destination are kept secret and helps keep prying eyes at bay. It runs in the background, silently working to secure you internet traffic as you generate it.

Proxy
If your ISP makes you go through a proxy to access websites then the sites you visit, the emails you send and read, the porn you jack off to late at night and even the political sites you sneak into but know you shouldn't access, are probably all logged. If you are a Maldivian, using the Dhiraagu proxy server as your browser proxy then you are letting Dhiraagu store all communications you make on the WWW. This is true for Focus Infocom customers as well.

In this case, one of the easiest methods to add more security to your internet communications is by the use of an alternative proxy server. Now depending on your ISP and their proxy configuration you may not be able to use proxy servers running on various ports. Head over to http://www.atomintersoft.com/proxylist/ and select a proxy server of your liking. You may need to test out a few for speed and accessibility. Generally, you should avoid proxies running on port 80 for reasons I am too lazy to type right now. If you don't know how to change your proxy server in your browser, head over to http://www.proxz.com/tutorial.php

Well, I guess that is enough "advice" for now. Enjoy!

Dhiraagu WebSMS has been a dear friend to a lot of us. Some of us see it as a means of communicating with friends cheaply when we are strapped for cash while some others use it for more malicious purposes. Anyway, I took a different interest in it since its introduction some years ago.

Once upon a time...

When WebSMS was introduced, Dhiraagu relied on the interface scripts provided by Comverse for their SMS system purchased from Comverse. One part of the web interface had minor changes brought to sport Dhiraagu logos and copyright lines and was offered to the public as WebSMS. It was free for use and had no limits and no Dhiraagu signature lines appended. It was total fun! Ofcourse the fun was just beginning and I forayed into the scripts and ended up with access to the rest of the system that "websms" was actually part of... Dhiraagu then started to bring changes. I suspect these changes were politically influenced rather than being for their own financial or technical reasons.

First, Dhiraagu had a signature line appended to messages. The message was easy to get rid of by merely modifying the form data being submitted to the server. Ofcourse, Dhiraagu fixed it (sorta) in due time.

Next up, they decided to add user registration. It was still free thankfully. This was the first in a step of moves they've made to gather more and more specific data on the users. This initial user registration allowed anyone with an email address to open an account. This ofcourse meant, you can use throw-away free emails and aliases to open WebSMS accounts without revealing any real info on yourself.

Then few months later, the registration with email addresses was scrapped and people were required to have a mobile number to register. The old accounts were ofcourse purged after this change. This new change ruled out random people opening accounts and sending SMS - you needed to be their customer to send SMS via the web.

Sometime late 2004, they decided to limit the number of SMS to 10 per day per account. Now to implement this, they used a messed up implementation of sessions and cookies. When you login, you got assigned a cookie that set a key "Dhi" with a value of the form "12345%2cWanker%2cWho". Simply by altering the "12345", which is probably something meant to act as a session id, one could override the 10 SMS per day limit. By changing this value, you effectively assume the identity of another user - but all without any authentication! Simply change the number and you are good for another 10 SMS. Interesting thing was that user/session id didn't need to exist on their server - you could very well use 1000000 and move onto 1000001, 1000002 and so on for more SMS. I had the pleasure of getting my server blocked/ignored by Dhiraagu after I added this 'hack' to my Email2SMS service offered at the time via maldivianunderground.net - but the block wasn't placed until after my Email2SMS service had dispatched around 2000 SMS total using the 'hack' by the second/third day after they brought the "upgrade".

I should mention there were other interesting but less trivial flaws in the WebSMS system - like being able to reset the password for (all) users on the system via SQL injection. The database table they had, had the following fields (amongst others) : userid, username, password, mobileno. The login and password change facilities had SQL injection and logic deduction possibilities...

Soon after the 10 SMS limit "upgrade", in May 2005, Dhiraagu made another of its upgrades to make the messages that were being sent via the system seem to originate from the number of the WebSMS account holder. Uptil then, the originating number was "+000". This new upgrade killed the anonymity of messages being recieved by a WebSMS recipient. It killed the fun ofcourse and I had to find some way to get around it - just to piss off friends. It turned out Dhiraagu had simply appended the account holder's number to the cookie that is set when a user logins - and then uses that number from the cookie to represent the originating number whenever a SMS is sent. If you are having a hard time imagining how it looked, the cookie was of this form: Dhi=12345%2cJawish%2cJaa%2c770000. This opened up new possibilities! I could make SMS appear to originate from any number. I could make it that of a friend's or foe's. I could make the number an international one or even a landline one. Seeing my dad stare at the phone in disbelief when he received an SMS from himself was fun enough! Hehe.

Sadly, these "features" were fixed when Dhiraagu upgraded the system yet again in August 2005. No wild originating fun for now. I haven't messed around with it yet - much.

Psst. Tricks!

To finish off this lengthy post on Dhiraagu WebSMS, I'm sharing two neat tricks that you may like and still works on Dhiraagu WebSMS as of today.

No signature line: Don't want the "(Dhiraagu WebSMS)" line to appear in messages you send via the WebSMS system? Then simply add a equal sign ("=") as the last character in your post!

Long messages: Do you have some looonnggg message to send to someone and it's hard to fit in the 140 character limit that WebSMS imposes on you? Worry no more. You don't need to split the message into bits and send as separate messages and risk decreasing that dreaded 10 SMS limit you have for the day. All you need to do is disable JavaScript support in your browser temporary (It is an easy feat - consult your browser documentation on how to do this). When you type in the messages now, the limit counter will stay the same and you can go on typing forever. The messages are sent to the recipient as discrete SMS messages of text limit ~140 characters each. However, you will be penalized for only one SMS in the WebSMS daily limit counter.

Enjoy!

Update (14 Oct 2005): Dhiraagu has fixed the bugs that made possible the two tricks revealed above. Too bad

The Muslims around the world are looking up for the moon to see if tomorrow is the 1st of Ramadan... While in the depths of the Indian ocean, in the scattered islands of the Maldives the Muslim populace silently wait looking up at their "moon" (better known locally as ---moon) to see if tomorrow is Ramadan or not.

I remember this particular "moon sighting" event back from the days I slogged for the President's Office with a diminutive salary but unique job title of "Web Developer". It was the first Eid during my time at the PO and as always I had to work late. Then around evening, I receive a press release from the "Press Unit" for publication on the President's Office website. I read the press release and just stood there in utter shock. Here with me was the press release regarding the moon sighting event that would be held that night and yes - the outcome of this colourful, televised/broadcasted live ceremony as well! There written in detail was the events of the ceremony complete with snips from any speeches. This was better than astrology. This was living the future right then and there.

Are even religious events and holy days rigged? Are they preset and predetermined for political benefit? I snapped out a fake reality and burst out of another bubble - I knew better from then on. I watched in amusement as whole events - with no exemptions for the holy - be planned and orchestrated with brilliant precision. I watched as everyone was hoarded in rooms and halls, dressed in their best attire and silently be made a fool of themselves. Oh well, just another exciting tale from my days at PO...

Anyway, let me steal a few lines from http://www.moonsighting.com/ regarding the start of Ramadan:

"Sighting Possibilities for Ramadan 1426
Ramadan: The Astronomical New Moon is on Monday October 3, 2005 at 10:28 Universal Time. Looking at the visibilty curve one can understand that the moon is in the Southern Hemisphere. The moon is about 15 hours old and being too low on the horizon for North America will set in 14 min. after sunset on west coast. It cannot be seen in North America nor anywhere East of USA October 3. On October 4, it will be visible in most of the world except most of Asia and Europe, where it will be 24 to 31 hours old and less than 2 degrees above the horizon, still not visible. In Europe and most of Asia, it cannot be seen until October 5, when it will be 48 to 55 hours old. Accordingly, the first day of Ramadan will be on Wednesday, October 5, 2005 for North America and most of the world, except most of Asia and Europe, Insha-Allah."

TTFN.

[Trring triing]
Hello, this is Jaa. I'm away right now, please leave a message at the beep.
[Beep!]

Hey ya! I'm calling in from Reading (UK) from the (dis)comforts of my room in a university accomodation hall. I flew in to Gatwick via Doha from the Maldives on Qatar Airways. The trip was bothersome and the planes were really a disappointment, really. The wait at Doha was terrible more so contributed by the horrible airport itself. The fellow at the boarding gate took a clean 5 minutes looking at my passport. At first I thought he had something in his eye and was using my passport as mirror - he surely had it up close to his eyes! Then he started eyeing me up and let me go after ages of waiting and getting wierd looks from fellow passengers. Just as I thought the hassle was over, the fellow came over as I was sitting the boarding lounge and took away my passport for another 15 minutes, all without a mention of what was up. Later he came back with it and was courteous enough to let me know there was something "abnormal" about my passport. Oh well, the Maldivian government issued the passport so I should let them know there is something abnormal with their passports...

On arrival to Gatwick, Qatar Airways had managed to loose my luggage somewhere - hopefully not into a deep ocean. I continued my journey to Reading -minus my luggage- on a train on which I kept falling in and out of some wierd reality. Maybe the lack of sleep the previous night contributed to this yet again "abnormal" event. I took a cab from Reading Railway Station to my accomodation hall. Ofcourse, this was no easy feat when I kept feeling wierd realities mixup with each other but I finally stumbled into some university representatives that pointed in me the correct direction and rid me of using my intellectual faculties at all.

The accomodation hall is quite wicked and I love it. The building is quite new, modern looking and beautifuly decoured. (Coolest of all, all access to building areas including my room are controlled by RFID cards). There are 7 other tenants in the flat block I am in. All of them British and none of them study any science. Oh yes, there are girls too and some(one?) quite yummmyyyy delicious too.... sigh.

It is the fresher's week now and lots of stuff happening. The enrolment stuff and faculty and course introductions going on as well as lots of fun social activities. While I am trying not to be anti-social, I don't think I'm making much progress in being sociable. My eyes are bloodshot from continuous wear of contact lens - part induced by the lack of spectacles and lens cleaning solution with me.

I'd post some pictures but I don't have the camera cable either. Oh well I guess I shall continue wearing the same clothes for a little more while too! All these thanks to Qatar Airways. These airline buggers have been crawling at the speed of snails. They are being really really careless and have not located my luggage still.

On a slightly more optimistic cheerful note, I am liking it here. I really am. I guess I'll have to wait for uni studies to start to make a solid comment though.

Toodles.

Much of the Male' populace goes out in the streets on vehicles as the time approaches midnight. This occurs without fail every night, much similar to the night creatures that crawl out when the sun drops and the moon rises. Now, this may happen for a variety of reasons but I am not going onto a discourse on the wierd lives led by Male' residents; not this time anyway.

Anyway, tonight I too came out of my shell and roamed the streets of Male' on the back of a motorbike with my kid brother in the driving seat. On the backseat, yes, because I had decided to take the risk of looking totally ridiculous carrying a laptop and an antenna which was hooked onto my 802.11 b/g card. It wasn't the least bit easy feat to pull off, especially when I had to carry the laptop on my lap and the antenna with one of my hands with the rest of the useless gear inside my laptop backpack strapped onto my back!

Warriding
Yes. This is what you call wardriving, or maybe warriding in this case. I chose not to go in a car because while I could have been sitting much more comfortably inside a car, the narrow, crowded streets of Male' ain't too welcoming to a wardriver driving at 15mph. Additionally, I was using a Cantenna as my antenna which happens to be directional thus limiting angles and maneouvarability inside a car.

The Gear:
+ Laptop with MS Windows 2003 Server.
+ ORiNOCO Gold 802.11 b/g PCMCIA card.
+ 12 dBi commercial Cantenna.
+ NetStumbler 0.40


Scanning:
While I did not cover the entire island, I presume I did cover much of the business and government office areas. We went once around Male' - starting the scan near the Maldives Ports Authority, travelling on Boduthakurufaanu Magu till Lonuziyaaraiy "kolhu" and then travelling down Ameenee Magu uptil the turfed football field at "ohggaa" stadium where we made little detours to cover Kalhuthuhkalaa Koshi and the new Faculty of Health Sciences building and SHE building, then continuing on Boduthakurufaanu Magu going past Indira Gandhi Memorial Hospital, Maldives Centre for Social Education and ending near the new STO building. The scan continued till I reached home.



Results:
The little trip picked up 73 Access Points and 4 Peer-to-Peer networks. Of this total, half of them had encryption off! Majority of the networks seemed to be "b" networks and the prevailing brand of APs happen to D-Link. There were 11 APs with the default SSIDs. Most of the WIFI networks bore the name of the office or home it belonged to, thus making it easily identifiable.

Looking at the results, it is good to see that atleast half of the networks are protected by some form of encryption. The fewer number of SSIDs with default names suggest that in most cases someone atleast took to the task of properly setting up the WIFI network. How secure these networks really are, however, remains to be tested. I intend to do a more thorough wifi investigation around Male' soon, with Kismet (under Linux) and an omni directional antenna. Check here laters for updates on that.

By the way, here is the NetStumbler file generated by this wardriving session.