Saturday, December 21, 2013

All I Want For Christmas Is Ant Poison

My last post to share an effective ant poison I found became one of the most shared posts this blog has had. Since there is such surprisigingly strong interest, I thought it only right to update that I had found an even better one.

For those reading this for the first time, this is the source of my irritation: these tiny ants that crawl all over the home and are even attracted to water - and are not interested in traditional ant bait. You can read more about them in the previous post.

So I was happy to find Maxforce Ant Killer Bait Gel, which worked perfectly. After I blogged, I got several requests to borrow the ant poison. However, the problem with Maxforce is that it comes in a tube and requires a special gun to apply - the entire setup costs about $50 from Amazon (excluding international shipping).

I still thought it would make a good Christmas present for my loved ones, and that's when I discovered Terro Liquid Ant Baits. There are two kinds - one comes in a squeeze tube and the other is packaged much like traditional ant bait, a pack of six that you can break apart and place wherever you want.

So why Terro? There are a few good reasons!
  • It's cheap - $3.49 for the tube or $5.67 for the pack of 6 baits
  • It has free international shipping from Amazon with orders of more than $125
  • It is the #1 ranked pest control lure on Amazon
The only downside I've found compared to Maxforce is that Terro is a liquid, while Maxforce is a gel. This means it is possible to spill the Terro if you are not careful and make a mess. You also can't just squeeze it into a wall or corner like what we did with Maxforce.

So if this got you interested and you want to try it out, check out some other free shipping ideas to make up your $125 shipment. And if you know anyone with ant problems, you can share this with them too!

Thursday, December 12, 2013

Where Do Army Songs Come From?

Our Army songs (also known as cadences) have been passed down for generations. But where do they actually come from? It is my pleasure to unveil some of their origins, and you may cringe at the truth. But perhaps this will spur some local creativity? I'm not going to name the songs in the short video clips below, but I'm sure anyone who has gone through NS will be able to pick them out in an instant.

Photo credit: cyberpioneer

My Rifle, My Pony and Me
This song has already gotten quite a bit of attention lately, but I think it was still a surprise to many where the song actually came from. It was recorded in 1959 by Dean Martin as a country song and movie soundtrack, as shown below.


But as I said, the origins of some of these songs will make you cringe, and maybe you won't feel quite so macho anymore after the next few ... most of which I discovered while listening to 150 Fun Songs for Kids. In a recent exchange over questionable song lyrics, one online commenter joked that perhaps the ladies would rather soldiers sing nursery rhymes, and I informed him, "we already do".

Camptown Races
Undoubtedly one of the most popular Army songs of all time! It was popularised by American minstrels in the 1850s and now lives on as a kid's song.


Gee Ma, I Wanna Go Home
This tune has been taken almost wholesale, although of course the lyrics have undergone major surgery. The original was sung by Canadian soldiers in WWII and today, is sung by this cat below.


Que Sera Sera
This oldie has been translated seamlessly into the military career planning context. It was written in 1956 by Jan Livingston and Ray Evans. Most recently, I saw it accompanying the wedding slideshow of a fellow officer!


The Ants Go Marching In
This one is for all the warriors out there...


This reminds me of a passage in a senior military officer's memoirs (I think it was Colin Powell), who expressed his amusement when he was the Guest of Honour in a foreign country's parade and the Guard of Honour turned out to "How much is that doggie in the window". Sometimes the tunes sound great until you learn the original context of the song!

When Johnny Comes Marching In
To be fair, the above is probably a case where the children's song evolved from the the military tune, which originated from the Unionists in the American Civil War in the mid 1800s. Here is are two more original military renditions - the first is a very grand instrumental (which I included because I really liked it) and the second includes the lyrics.


We Shall Not Be Moved
No prizes for guessing what this song became. It's not clear who the original artiste is, but it started as an African American gospel song. It was used as an anthem by slaves, and in the American civil war, and now is sometimes sung in place of Berhenti during Hentak Kaki.


Why Do We Need Cadences?
Marching cadences serve a very important function, apart from getting people to walk in step - they build camaraderie, keep spirits up and morale high. Try walking 24km in silence and you know the psychological difference a good song can make - whether it be a traditional cadence or the latest pop song.


Personally, from my own experiences training overseas, the best cadences are a brilliant mix of storyline and either humour or more sentimental emotions, against a catchy tune. Here are some other good examples from from the wide selection available on YouTube. And none of them need profanity or obscenity to motivate their men.


This list is still far from complete, and I'd love to discover the origins of some of my favourite songs like "Far, far away in the South China Sea..." and "Training to be soldiers..." These may be the truly original ones, or perhaps the lyrics have just changed beyond recognition, making them difficult to Google.

So where do we go from here? We've been singing the same cadences for a long time, and I think it would be really refreshing if we started to come up with our own. Our soldiers have already demonstrated no lack of ingenuity in borrowing old tunes and twisting lyrics, I wonder if we can take it to a new level?

If anyone has the history behind any other songs to contribute, do leave a comment below!

Sunday, December 8, 2013

The Best of Amazon's Free International Shipping (Parent's Edition)

Christmas came early this year when Amazon started shipping selected items internationally, for free! This opened up the opportunity to buy many great value-for-money items, that in the past would not have been worthwhile to ship using freight forwarders like Borderlinx. And it was no difficulty at all to make up the minimum $125 order for international shipping.

So my kids are getting many great presents from Amazon for Christmas this year, and here are just a few samples to whet your appetite. These include items that are selling for dirt cheap in the US, and would usually have been too bulky for cost-effective shipping. (At one time this even included strollers, but unfortunately they have since been removed from the list.) This post might be of particular interest to parents with kids under 5, like mine.

First there are the books - basically pretty much any book that is fulfilled by Amazon seems to ship for free internationally. And to find other great deals on free shipping items, I use this wonderful site 125andup which first got me started on the free Amazon shipping in the first place ... And if anyone else has suggestions and examples of what you have bought, do leave a comment and I will add to the list!

Anyway, here are some parent-specific examples, in no particular order ...

Educational Insights Geosafari Jr Bugwatch

My son loves the great outdoors and I've been hunting high and low for a science kit to encourage his interest in nature and insects. Toys R Us didn't have anything suitable - but Amazon does!

Rhode Island Novelty Assorted Jumbo Dinosaurs - Up to 6" Long Toy Figures

Huge toy dinosaurs and free international shipping go so well together.

Braun Thermoscan Ear Thermometer with 1-second readout, IRT3020US

A good ear thermometer is a parent's best friend. This one sells for almost $100 in Singapore, about half the price is the US.

Schwinn Infant Helmet, Unicorn

It has been impossible to find my toddler a helmet that fits - but again Amazon has come to the rescue, and it's a pink Schwinn! It fits her perfectly and it's so light that when I showed it to her at breakfast, she refused to take it off ... all the way through the meal, getting dressed and until she was finally out on her skate scooter.

If this list has whetted your appetite and if you're looking for more items, check out


Monday, November 18, 2013

Beyond Purple Light

I remember quite clearly the discomfort I felt when we were ordered to stop singing one particular verse of a marching song. I am not referring to the recent controversy sparked by AWARE, this actually happened back in 2011, and the song was not Purple Light. A senior commander heard some of my soldiers singing that offensive verse and orders swiftly came down to halt the singing.

The episode stuck quite strongly in my own memory because it prompted quite a bit of soul-searching. As a Christian, I also found that verse offensive, but I had done nothing. As a commander, had I betrayed my own values by letting the song carry on, until a senior officer put a stop to it? The dilemma I faced then was where do you draw the line between following your own moral code and imposing it on others? I do not use the work fuck and I don't smoke, should I also impose these beliefs on others around me? I suspect other commanders have been placed in the same situation, and allowing others the freedom of speech is certainly different from condoning their songs. However, the recent Purple Light saga has made me realise this is not about my personal moral code - it is about upholding the organisation's values.


There has been a great deal of anger at AWARE among servicemen over this whole Purple Light issue. But let's not confuse the message with the messenger, whatever you may think their agenda to be. I believe that if we put AWARE aside for a moment and consider this issue, most men would agree that we have become desensitised over time, and that rape is really not a laughing matter to sing about. We should thank AWARE for bringing this issue into focus because when you actually think about it, we need to re-examine some of the lyrics that we have been singing.

I did not come to this conclusion lightly. In fact, I spent several conversations online over the weekend trying to explain to (mostly female) friends why commanders didn't just stop this behaviour, and that the situation isn't so simple. For one thing, such songs have been in the Army longer than I have. In fact, I heard much more graphic songs when I was in the uniformed group of an all-boys school (which suggests to me that maybe this is a phase we just need to grow out of). For an outsider confronted with this for the first time, it may seem like awful behaviour. But for countless males who flowed through NS, it just seems like part of the whole experience and in fact, it is part of our societal culture. (The psychological condition for this is called conformity, and it has been used to explain far more shocking behaviours than song). Because as I pointed out, exposure to such song starts before NS. And let's not forget the songs on the radio. There was a brilliant article on this recently, "Eminem Terrified As Daughter Begins Dating Man Raised On His Music". Now that is one person certainly guilty of glorifying violence against women. And many other very talented artistes too.

So I think most of us servicemen may have become blinded or desensitised to this, and once the issue was raised to MINDEF, they did the right thing by telling the rest of us to stop. Again, it's not about the messenger, but because this was the right thing to do. Because singing about rape is contrary to our values as an organisation. And no matter what society or popular culture's stand may be on this, while we are in uniform we should hold ourselves to a higher standard. And this standard is above raping women or killing girlfriend-snatchers. It is also above sexual acts. I don't need to judge what people do in private, but we should be mindful of what we sing or do, especially in uniform.

So what about pushing terrorists into rivers (from the Top 10 hit A is for Airborne)? This is where I think we are entering the grey area. After all the military does necessarily involve inculcating our men with a certain aggression. We do not want to go overboard and decide we should all just sing nursery rhymes. (Not even the violent ones like Humpty Dumpty or Three Blind Mice.) Violence and aggression still has a place, but it need not be mindless nor out of control.

I'm pretty sure all our commanders will be listening out to all the marching cadences with extra attentiveness over the weeks to come. But let's not stop at Purple Light, or even at songs. Let's take this opportunity to re-examine how we conduct our business, and ensure that everything we do is in keeping with our values. And of course, it's also really important to explain why changes are made as well. Because it's the right thing to do, and not because of some order from above. It may not always be easy to know where to draw the line, but I'm sure we can each find it within us once we focus.

My Chief back in 2011 did, and in future I will too.

Saturday, November 16, 2013

Toys You Don't Want To Buy

If you're shopping for a toy, whether for your own or as a present for a friend, strike any items off the list that match the following criteria.

1. The Space Filler


No matter how fun, space is a premium. Toys like this are much better rented than purchased.

2. Zillions of Itty Bitty Pieces


Parts of the toy will end up all over the house. This includes toys you assemble yourself from multiple parts, which happily disassemble themselves.

3. The Odd Book



Any weird book that doesn't fit into the bookshelf neatly, whether because it is a strange shape or has parts sticking out

4. The Electric Light Orchestra



Anything that allows the child to make a lot of noise, or worse makes a lot of noise on its own.

5. Made in China and Looks the Part

They fall apart very quickly and worse, they are a safety hazard.

I am certainly not trying to say that we should only buy expensive toys. Kids can amuse themselves with the simplest and cheapest of things. But if you see an item that matches one or more of the above descriptions ... think very hard before buying it, especially if it's main selling point is that it is "so cheap"!

I should also caveat that this is from the parent's perspective, because my kids generally like any toy you give them, and worse they even do get genuinely attached to them. But every time we cull through their toys, these are the toys I wish we'd never owned, because they are an eyesore and so difficult to get rid of.

The Ideal Toy


The best toy for boys - Cars - cheap, compact, durable


If you have money to burn - Cars(TM) - and they have eyes too!

Sunday, October 27, 2013

The Day I Spanked an Elephant (A Poison That Kills Tiny Singapore Ants)

There was a soldier in uniform in the camp carpark, doing some funny dance with a big stuffed elephant. No wait, he was spanking the elephant, while doing some funny hopping dance. What a weirdo. Aiyah, too bad I had no camera phone or I would STOMP him.
Yup, that was me, and I shudder to wonder what went though the minds of anyone who saw me. That was the day I opened the door of the car to find, to my horror, that an entire colony of ants was trying to move in, carrying their eggs and everything. Most of them had decided to settle down in Ollie's fur, which is what led to that most embarrassing scene.
Tiny little ants infesting the house (and car) have been the bane of our existence. No matter how clean we keep the place, they come - even if it's just for water. (And it's really hard to keep the home spotless when you have young kids.) Nothing seems to work - we've tried all the ant bait on the store shelves (Combat, Baygon, etc). The two ants in question - the Pharaoh Ant and the Ghost Ant - are probably just too small to pick up the bait; or they're just not interested. And even getting a professional exterminator is only a temporary solution, because they re-appear after a while.

So I was really excited to discover Maxforce Ant Killer Bait Gel. I can't remember now how I first came across it. But I'm going to put it down here for posterity, for everyone. Because this stuff works. After one day, there was a noticeable drop in the number of ants in the usual spots, and in less than a week they were almost completely gone. And there is nothing more satisfying than to watch the mound of gel quickly diminish, unlike other solid baits that sit there untouched.

Unfortunately, it doesn't seem to be available in Singapore. But if you hate ants as much as we do, it's definitely worth the international shipping. And don't forget to buy the applicator gun as well!

If anyone else has other suggestions on how to get rid of these annoying ants, do leave a comment below!

Afternote: a more affordable alternative has been found!

Saturday, October 19, 2013

NS Man's Search for Meaning (5 Ways Conscription is like a Concentration Camp)

Man's Search for Meaning is a literary classic by Viktor E. Frankl who uses his holocaust experience as a canvas to illustrate his observations about human nature in suffering.

Many friends had recommended it to me, and I am glad I finally got down to reading it. I highly recommend it to everyone, because suffering is a part of daily life. We all feel trapped at times - whether it be at work, at school, by rebellious kids or ailing parents, or even a permanent disability - and Frankl's writing gives us a perspective on how we should face our sufferings.

I'm sure there are hundreds of reviews of this book out there, but I liked it so much I wanted to write something. So I will apply it to the closest experience that most Singaporean males will face -  2 years of forced labour in National Service. There has never been a time I felt so trapped in fear as I did during my days in OCS - that's probably the closest to a concentration camp I ever got.

1. The Last of Human Freedoms: Attitude

We who lived in concentration camps can remember the men who walked through the huts comforting others, giving away their last piece of bread. They may have been few in number, but they offer sufficient proof that everything can be taken from a man but one thing: the last of the human freedoms—to choose one's attitude in any given set of circumstances, to choose one's own way.  
And there were always choices to make. Every day, every hour, offered the opportunity to make a decision, a decision which determined whether you would or would not submit to those powers which threatened to rob you of your very self, your inner freedom; which determined whether or not you would become the plaything of circumstance, renouncing freedom and dignity to become molded into the form of the typical inmate. (p75)
They can shave your hair and take away your identity, but you alone retain the choice of how you want to face an ordeal like a concentration camp or conscription. You alone can choose whether you want to run from every kind of hardship, even at the expense of your companions, or if you face your fate with pride and dignity. And in the process, you will determine whether you win the respect or condemnation of the people around you.

2. Paying it Back in Suffering

During this psychological phase one observed that people with natures of a more primitive kind could not escape the influences of the brutality which had surrounded them in camp life. Now, being free, they thought they could use their freedom licentiously and ruthlessly. The only thing that had changed for them was that they were now the oppressors instead of the oppressed. They became instigators, not objects, of willful force and injustice. They justified their behavior by their own terrible experiences. (p97)
I've always been curious why NSF, who have gone through some difficult phase of training and are then placed in charge of the next batch, seem to derive sadistic pleasure out of inflicting the same torment on those after them. Are practices like initiations really necessary? I guess this explains it.

3. Decent and Indecent Men Are Everywhere

From all this we may learn that there are two races of men in this world, but only these two—the "race" of the decent man and the "race" of the indecent man. Both are found everywhere; they penetrate into all groups of society. No group consists entirely of decent or indecent people. In this sense, no group is of "pure race"—and therefore one occasionally found a decent fellow among the camp guards. (p94)
A valuable reminder not to stereotype any group of people, and also an explanation why you hear so many differing accounts of the NS experience. Some people are probably luckier to have met more decent folks than others. And whatever your situation, which of these two types of people do you want to be?

4. Finding Meaning in Life

There is nothing in the world, I venture to say, that would so effectively help one to survive even the worst conditions as the knowledge that there is a meaning in one's life. There is much wisdom in the words of Nietzsche: "He who has a why to live for can bear almost any how." (p110) 
This is really the central theme of Frankl's book. The best way to survive an experience like NS and be better for it is to understand the meaning and to know the sacrifice has a purpose. This begs the question what is the meaning of NS? Perhaps the need for NS and the dangers that the country faces needs to be explained more clearly. Perhaps the commanders in every unit need to make the experience more meaningful.
Most important, however, is the third avenue to meaning in life: even the helpless victim of a hopeless situation, facing a fate he cannot change, may rise above himself, may grow beyond himself, and by so doing change himself. He may turn a personal tragedy into a triumph. (p147)
But Frankl lists three ways to find meaning, and none of them is that the government or other people should give you meaning. True to the spirit of his book, he examines how each person can choose his own attitude, and find meaning even in a hopeless situation, to make himself a better person. He also writes:
... empirical evidence is also available which supports the possibility that one may find meaning in suffering. Researchers at the Yale University School of Medicine "have been impressed by the number of prisoners of war of the Vietnam war who explicitly claimed that although their captivity was extraordinarily stressful—filled with torture, disease, malnutrition, and solitary confinement—they nevertheless . . . benefited from the captivity experience, seeing it as a growth experience."

5. Unavoidable Suffering 

But let me make it perfectly clear that in no way is suffering necessary to find meaning. I only insist that meaning is possible even in spite of suffering—provided, certainly, that the suffering is unavoidable. If it were avoidable, however, the meaningful thing to do would be to remove its cause, be it psychological,
biological or political. To suffer unnecessarily is masochistic rather than heroic. (p119)
The NS experience is an opportunity for great personal growth precisely because it is unavoidable. Since we are forced to enlist, we can make a heroic effort to serve with dignity for those two years. But we all know that given the choice, very few would enlist, and the heroes become zeroes in the eyes of their friends if they choose the experience willingly.

Conclusion

These are some of the key lessons I have learned from the book, which I have applied in the NS context. But it really has applications for every difficult situation. I really recommend everyone to read this book, and I note that there is a free PDF available here. This is also the version that I have matched my page number references to.

Friday, August 23, 2013

Being a Social Media Ambassador

This post is an excerpt and adaptation from a presentation I delivered at MINDEF's 11th CIO Seminar on 1 Aug 13. I am sharing it here for the rest of my MINDEF/SAF comrades (NSF, NSman, Regular or DXO), especially if you are proud to be a part of this organisation.

An ambassador is someone who acts as a representative of an organisation. It could be in a social setting, such as when someone talks about NS at a dinner gathering. Or it could be online, such as when a friend shares a link to an article about the SAF. All of us, as members of MINDEF/SAF, can be ambassadors of the organisation - if we choose to speak.

Why Organisations Need Ambassadors

In a social media environment, organisations have lost their voice. In the past, organisations spoke loudly because they were the ones who can pay for commercials and press coverage, to publish their views. Today, anyone can write a blog and have it shared on Facebook or Twitter, the more controversial the better. And most of us have erected a personal message shield to help us cope with the overload of information. It works like this: all advertisements and official statements are lies! The mainstream media is a government mouthpiece. I only trust things that my friends say or share.
Ken Chow's mother would only believe what her brother says
An adaption of the Personal Message Shield by Social@Ogilvy

And so, just like that, MINDEF/SAF and most other large faceless organisations have lost their voice. Anything they say is met with cynicism and skepticism. When there is criticism online, accusations from any private individual, or even online taboids like The Real Singapore, it is difficult for the organisation to respond. It is like fighting terrorists or an insurgency; you cannot ask Public Affairs to respond to every negative comments, or an armoured battleground after every insurgent. And that is where we, as ambassadors, can step in. We can be the special forces.

But Won't I Get in Trouble?

However, most of us don't step in. In a recent survey I conducted over the MINDEF intranet, I asked respondents to complete the sentence, "If I see something negative about MINDEF/SAF Online …"

About 20% of respondents would act as ambassadors to clear the air, however 70% never thought to respond, or were afraid that they would get in trouble. The good news for us is that you won't get in trouble for defending the organisation. You may not even get in trouble if you criticise the organisation (more on this later). And in this, we are much more liberal than other government ministries and even many commercial companies. However, the important thing is to ensure you do not reveal any classified information. The detailed guidelines can be found in the MINDEF/SAF Social Media Code of Conduct available on eSILK.

5 Things Ambassadors Can Do

Being an ambassador doesn't mean you have to start a blog. You should really just be yourself, and depending on your comfort level, extend your personality online.

Just Be Yourself

When you hang out with friends, do you hide in the background, silently watching and listening? Not all of us are the life of the party, but most of us would chip in a comment here and there, and join in the laughter. However, I've noticed both through surveys as well as personal observations that MINDEF/SAF folks are very conservative online. Most of us are what I call silent cyber stalkers - we stalk our friends and leave no traces.

In my intranet survey, I found that almost half of MINDEF/SAF folks are silent stalkers. And only 10% post daily. But I personally believe the benefits of being active online far outweigh the risks, as long as you think before you post.
How often do you post something on Facebook?

Many leaders and commanders are finding social media to be an invaluable channel for engagement, especially for the current generations of NSF who are often more expressive online than in person. Online interactions can provide great openings for offline engagement - "I saw you were at The Killers over the weekend, how was the concert?" Often, Facebook statuses may also be the first indication that something is wrong, or that a soldier may be struggling with some personal issues and may need support.

Sometimes these casual online conversations can also yield unexpected results. One very fond memory I have occurred about a year after I handed over command of my battalion. One of my soldiers posted a company photo they had taken with me, as he was about to ORD. Of course I wished him well, and thanked him for his service, just as I would have done if I had seen him in person. I also complimented him on his positive attitude and energy - as a Singaporean who grew overseas and returned for NS, I was always encouraged by his passion to do his best in NS. And when he mentioned that he would be returning to Canada after watching his younger brother enlist, I said I hoped his brother would have a similar positive attitude.

What made this memorable was when a third person joined the exchange - his mother - who thanked me for my kind words.

I like to think that through this simple interaction, I helped both the younger brother and the distant mother start NS on a positive note. We spend some much money and effort on family engagement, but perhaps these are the simple and sincere things that really make the difference; not necessarily the open houses and home visitation programmes (which this mother could never have participated in anyway).

So the next time you see something of interest on a friend's timeline, perhaps you should consider hitting the LIKE button or leaving a comment, if you don't already do so. Overcome the inhibitions against trying something new, but be yourself.

Correcting Untruths

Another basic act of being an ambassador is to correct untruths. If your friends said something factually wrong about the SAF over dinner, you would correct them right? So why not do it online as well?

For example, MoneySmart recently had an article titled "5 Benefits that National Service Should Have (But Doesn’t)". There are some tempting ideas on that list that I would love to have, but they are just impractical. But then there are also things on the list that we already have, and to say we do not is to do MINDEF a disservice. So it was great that several servicemen stepped forward to correct the factual errors, such as the example below.


Similarly, there have been other instances where false rumours go around about accidents or suicides. If you are on the scene and you know it isn't true, why not say so? Our responses matter, because typically the first 5 comments that any post receives will set the tone for the rest of the commenters. So if the first 5 people are venting and complaining, with no reasonable voices, the rest will follow too.

Sharing Stuff Online

Parties are great places to share a joke and make everyone laugh. Some of us are better at this than others, and it just takes a bit of practise to open up. Similarly, Facebook is a great place to share things that make us laugh, provide useful information or provoke thought. There is a lot of personal value to online sharing, but that deserves a blog post on its own, so here is a very short teaser. According to The Psychology of Sharing by the New York Times, some of the top reasons people choose to share information are:




Every now and they, you see a really heart-warming story on Facebook. National Service especially is a time when ordinary people do extraordinary things. When you see something like that, why not share it with your friends? There is also a Facebook page called defence.sg for sharing such Singaporean defence-related items, which you may like to join. Remember, the value of this community is only as much as what people (like you) share on it!

The original status message, before SGAG turned it into a viral meme

Sharing Experiences

Apart from just sharing things from others, a more pro-active approach is to share your own experiences online, especially for those in the units. Tell your friends what a great day you had, or something inspiring that happened at work!



Even better, include pictures (as long as they don't breach OpSec). The picture below is a great example of what 3 SIR has been doing to engage their soldiers over Facebook. After one of their exercises, they came up with "Core Value Awards" which the CO posted on his personal Facebook. The recipient is tagged, and the post includes a short write-up of what he did to deserve it. If I was 3SG Seck, I would feel so proud if my CO did this to say why he appreciated my efforts.


This is a great start, but with an understanding of how social media works, it could be even more effective to help the public understand NS. Firstly, this post is Friends-Only, which means only Wilson's friends can see it. If it was made public, all of 3SG Seck's friends and family could see it as well. Secondly, he only tagged 3SG Seck. If he had tagged the others in the photo, it would have appeared on their Facebook Timelines to their friends too. With these two simple actions, you could increase the reach of the photo by 100 times, sharing the commendable actions of 3SG Seck to inspire others, and show them what really goes on in NS. This is the side of NS we would like the public to see more of, not the self-serving venting that goes on in HardwareZone or Temasek Review.

Sharing Opinions

Occasionally an issue comes along that you are so passionate about that you want to tell all your friends about it, and hope that they will share your views. The online equivalent would be a blog, or for those who don't want to maintain a blog, a Facebook Note or even a Photo/Status Update would suffice. This takes a little more work, but if the issue matters to you, why not? For example, I really enjoyed a sharing by 3SG Benjamin Wong on Being an Instructor in the Military Police - it helps you appreciate the professionalism and dedication that our NSF have. And who can forget In Polite and Vehement Objection to 'Singaporeans Too Weak? LOL' - only someone with ground experience could write with such passion and authority.

Ambassadors are Not Yes-Men

I think it's important to stress that ambassadors are not cheerleaders or Yes-Men for the organisation. We should share what we believe in, not blindly trumpet positive messages. If we do that, we simply damage our own credibility as thinking individuals.

While I am proud to be a member of MINDEF/SAF, that does not necessarily mean I agree with everything it does. Expressing dissenting views is a grey area, but I believe there is a space for such constructive discussion, and I think it is positive for the organisation as well. So I cannot share clear guidelines on this, but I can share some personal examples which have not gotten me in any trouble.

A few months ago, a friend publicly posted on my Facebook timeline asking why MINDEF wouldn't let NSmen bring in phones with screens larger than 4.3". I was pretty blunt, "I think it's dumb too".

My friends all know that I take a very dim view of the way we manage our IT Security, which I believe will hurt the organisation in the long run. I think MINDEF is overly conservative, and I have expressed this openly to leadership of the highest levels. I have also shared my opinions online, so others can consider and build on the arguments. In fact, more than a year ago I wrote a Facebook Note (before I started by blog) titled "IT Security Policies I Don't Understand". Among other things, I question the logic behind restricting devices to 4.3" screens, and requiring cameras to be removed by the Telco. I think such incomprehensible policies will eventually translate into lower engagement and losing good people. You can access the link above if you are my friend and an SAF regular (yes, Facebook lets you do that).

Similarly, I am not shy to share my views that I think NS is its current form will not survive the changes our society is undergoing. In 2009, my essay "NS 2065: NS By Invitation Only" won the COA Essay Competition, but POINTER declined to publish it. (I was told in private that it was the most polarising article the editorial committee had ever discussed.) So in early 2013, I decided to put that essay on my blog as well, to spread awareness of the issues.

I don't have clear guidelines, but my advice for anyone considering this is to be polite, objective, and be sure that you are writing with the right intentions (e.g. not for personal venting but rather to improve the organisation).

Where Do You Start?

If you've read this far, I hope it means you have found this interesting, thought-provoking, maybe even a little contentious. If you have always been a silent stalker, and you see the value in being more active, why not start here? Leave a comment below! Disagree with me? Leave a comment below! You can also use the icons below to SHARE it on Facebook or other social networks.

Sunday, August 11, 2013

3 Ways to Remember Strong Passwords

This post has been updated (17 Aug 13) based on lots of useful feedback received from my Facebook friends.

The Irony of Strong Passwords

Passwords are the bane of my online existence. Every time I see a screen like this, my opinion of the policy maker behind the system drops a few notches. And it gets worse if the cycle repeats itself every month. Allow me to rant a bit and try to educate these administrators, before I get to the solutions.


People are not good at remembering strings of letters, numbers and funny characters. What happens is that if you impose such requirements on them, they will resort to writing it down. And the likelihood is that they will paste it beside their computer. How is that supposed to make the system more secure? I've been a system administrator before ... and when we generated super duper passwords for all our users to comply with the guidelines imposed, that is exactly what happened.

In my mind, there are a few characteristics of strong passwords
  1. They are easy to remember
  2. They are long
  3. They are not comprised of words in a dictionary
None of those requires the mix of upper and lower case, or the funny characters. Beyond a certain point, you are just increasing the likelihood that the user will open up some other security loophole such as writing it down and sticking it on his monitor. Or that you will be flooded with password change requests that just annoy everyone involved.

The problem, I have come to realise is that us users and them system administrators are trying to manage two different kinds of security risks. The system administrator is trying to prevent the embarrassing scenario where someone breaks into their system and steals the database of user information, such as when hackers accessed the passwords and credit card data of up to 100 million Sony Playstation users. Needless to say, this is extremely embarassing and expensive for the system owner. Since this data is encrypted in their system, they would want to make the passwords as difficult to crack as possible, hence the minimum length, special characters, upper and lower case letters all increase the number of possible permutations and amount of time needed to crack each password. Qin Chuan shared a great article from Arstechnica that explains a little more how such hackers work.

On the other hand, users are more concerned with preventing their password from falling into the hands of people around them. Which is why ideally you want a password that you can remember, rather than write down. Because most logins are protected by 3 attempts anyway, so someone accessing your terminal can't sit there and try a few million different possible password permutations. 

Unfortunately, the system owners set the rules, and the users have to work around them. And frankly, it's not a problem for the system owner if one or two independent accounts are broken into. So they will guard againts the threat to them, and we have to solve the problems they create for us.

3 Ways to Remember Strong Passwords

Method 1: Patterns

The method I use today is to draw patterns on the keyboard. This is not a common method. In fact I learned it form my sister, and I have yet to find anyone else who uses it. But I find it works the best.

For examples, let's say I choose the shape of the letter "N".
I can start with the password "aq12wsde3".



For systems that are really pick and require upper case letters and special characters, I can hold down the shift key for the middle three characters. This gives me "aq1@WSde3".
The beauty of this is that you just need to remember the starting letter and shape, which can be any pattern of your choosing. If you need to change your password every month, just move across the keyboard to "sw2#EDfr4".


Victor has since pointed out to me that this type of password, while easy to use, can also be quite vulnerable to dictionary attacks, since there aren't that many memorable patterns on the keyboard. So it goes back to which type of security risk you are most concerned about.

Method 2: Phrases

A much more common way to generate a strong password is to turn a memorable phrase into the password. This is the official strategy recommended by Microsoft as well as my own employer. I find it much easier to use the lyrics of a song. For one line of the song, you just take the first letter of each word and mash them together.

For example, let's take "Goodbye" by Air Supply.
I can see the pain living in your eyes
And I know how hard you try
You deserve to have so much more
I can feel your heart and I sympathize
And I'll never criticize all you've ever meant to my life
"I can see the pain living in your eyes" becomes "Icstpliye" which is 9 characters. You can add a digit for good measure: Icstpliye1. For systems that require repeated new passwords, you can either increment the number, or move on to the next line of the song. That would be a password acceptable on most systems, except those that require special characters. For those, you could substitute a special character, for example "|" for "l" gives "Icstp|iye".

The problem with this last substitution is that it is not intuitive. The next time you come back, you might remember the phrase, but you might try substituting the "|" for "i" instead of "l". Next thing you know, you are asking for your password to be reset again. And that's why I think systems that require these special characters are idiots. It sounds like a good idea, but in effect you are making things less secure and less user-friendly.

Another great suggestion from David is to use bible verses. So for example
Psalm 23:1 - The Lord is my shepherd; I shall not want
becomes "P23:1-TLims;Isnw"

That's a great password because it is pretty long and has all kinds of characters in it. According to Gibson Research Corporations' calculator (thanks Wayne!), it would take at least a few million centuries to crack this one. Of course, you need to make sure you are consistent with the capitalisation and punctuation. But I would say that this is the overall best solution against both types of security risks.

Method 3: Apps

If all else fails, rather than writing your password down on paper, you can store it in a Password Manager App. There are both free and paid variants; all of them will use a master password to encrypt the rest of your passwords. Some of them allow you to sync across multiple devices through the cloud.

I've been using the open-source KeePass for almost ten years, and it has followed me across a variety of operating systems from PalmOS to Windows Mobile and currently Android. No complaints so far. The folks at LifeHacker are big fans of LastPass. There are plenty of options, so pick one that suits your needs best.


Moving On To ... Password Reset Questions

Clueless Password Reset Questions

If there is one thing worse than a ridiculous password policy, it is ridiculous password reset questions. Let's recap the purpose of such questions: it should prompt you to enter some uniquely identifiable detail of your life, so that the system will send you your new password.

There are some really dumb password reset questions out there...

What was the first school you attended?
And I can never remember if it is "Nanyang Primary School", "Nanyang Primary" or "NYPS". Or maybe I should put in my kindergarten. Hmm...
What is your favourite food?
That is the dumbest question to ask a Singaporean. It is KFC, black pepper crab, (Hainanese) chicken rice, unago sushi, etc etc all at once! Which answer should I key in?
What is your mother's maiden name?
Ok, there is only one answer to this. But if someone was trying to hack my account, I don't think this would be that difficult for them to find out.

And then there is HSBC ...


Faced with options like this, I just want to skip the whole process. Because I know that if I ever forget the password, I'm definitely not going to remember which was the cartoon character or wild animal I used as a reminder.

The Best Password Reset Questions

The best password reset questions have only one answer, which only you should know. Whenever the option is presented, I will set my own question. Because I grew up in a generation without mobile phones, one fail-proof tactic I have devised is to use the old phone numbers of my childhood friends. These are numbers that are ingrained in my brain, but you couldn't find in any telephone book today. For example, "What do you call Jonathan?" would be my clue to myself that I want Jonathan's old telephone number, without giving away to any would-be hacker that he should use a brute-force attack of digits to crack the hint.

If you don't have phone numbers in your brain, you might consider the license plate number of an old car, or anything else that has only one way of writing it.

Apart from my own personal experience as a user, my perspective on this is drawn from my past work as a network systems administrator and as a Certified Ethical Hacker.

Saturday, July 13, 2013

Review of UP by Jawbone - Great Design, Dubious Efficacy

A few people have been asking me about this thing I've been wearing around my wrist for the past month. The Jawbone UP is "is a wristband and app that tracks how you sleep, move and eat—then helps you use that information to feel your best."

Here are my thoughts on how well it works.

Sleep

My main interest was in understanding my sleep better. The UP claims to measure your sleep cycle, in terms of light sleep, deep sleep and waking. By knowing how well you sleep each night, you could figure out how daily activities such as diet and exercise contribute to your sleep. You can see the screenshot below.
It was quite addictive at first, and every morning I would plug the UP into my phone's headphone jack to download the previous night's sleep data. I would find out that I had woken up even though I didn't remember, and how much deep sleep I got. When my toddler asked me to help him put his diaper on in the middle of the night, the UP registered the disruption.

But after a while, I realised a problem. While I cannot verify light sleep or deep sleep, I certainly remembered some of the times I woke up. In the screenshot above, it was a particularly restless night and I woke up 3 times between 1 and 5 am, but the UP did not register any of it. If it can't tell when I woke up (and checked the time on my watch, which is situated right next to the band), how can I trust it to tell light from deep sleep?

Move

The UP is supposed to be a very advanced pedometer, and for an urban lifestyle it helps you set a goal (e.g. 10,000 steps) to ensure you have sufficient activity. It also comes with a workout mode, and the first time I tried it on a 2.4km run, it measured 2.3km! I was suitably impressed, especially since this was the run I was using to calibrate the distance. Subsequently, it measured another 6km run as 11km... not so impressed. (This could be because I switched from a mid-foot running style to a fore-foot running style, changing the length of my stride and arm swing, but that's not an excuse!)

Eat

Tracking calorie intake is not easy, and the UP doesn't particularly stand out in this. Apps try to tackle the biggest problem, which is that a lot of the food you eat doesn't come labelled with nutritional values. They do this by loading preset items for you to select from. However, the two challenges that remain are firstly that portion sizes are not always accurate, and even for a given type of food the calorie count can vary greatly. Just take a look at the array of choices MyFitnessPal provides for something simple like a chocolate chip cookie or a local delight like char kway teow.


Unfortunately, UP doesn't come even close to MyFitnessPal in tracking diet. The interface is beautiful with lots of colourful photos, but ultimately you are on your own to figure out the nutritional value.


 Conclusion

The UP is very well-designed, both the band and the app are a pleasure to use. The band is waterproof and inconspicuous, the battery lasts at least a week and it is almost effortless. The app is well-designed and easy to use. My only issue is that it is not particularly useful. I'm not sure why the sleep and movement measures are so inaccurate, because Jawbone keeps the technology behind it tightly under wraps. So the only way to try it is to buy it - and I'm afraid I can't recommend others to do so.