Friday, March 30, 2012

Mobile Sim Card for Tourist in New Zealand

If you happen to be travelling to NZ as a tourist, replacing local sim cards would be the cheapest option to communication and be online.

There are 3 vendors in NZ, including VODAFONE, Telecom NZ and recently 2Degrees. There are already several reviews on the first 2 vendors, this post will review only 2Degrees tourist sim package.

2 Degrees Tourist SIM is a SIM card offered for tourists coming to NZ and is sold through tourist and Duty Free stores including JR Duty Free. It offers standard rates for use in New Zealand (44 cents per minute to call other NZ mobiles, 22 cents per minute to call NZ landlines & 2degrees mobiles, 0 cents per text, 50 cents per MB of data). You can still purchase Value Packs using this SIM card. If you want a normal 2degrees SIM card, they're available from dairies, supermarkets, petrol stations and a number of retail outlets across NZ and cost $10.

The current $19 Combo packs is probably the best option recommended as it offers 30 min talk, 300 texts and 300MB National 3G data. The coverage area includes major cities and highway roads throughout NZ.

Another option I like about it is the ability to connect to for free, so you can update your status, view your News Feed, like or comment on posts, send and reply to messages, or write on your friends' Wall absolutely free.

Be sure to keep up to date with their latest news on

Thursday, March 29, 2012

Sugarsync, dropbox killer.

I use SugarSync to bring my files everywhere and share them easily. Join me for 5GB free and 500MB of bonus storage!

Monday, March 26, 2012

To Build Trust, Competence is Key

In our last blog , we discussed the importance of trust. It's the foundation of all you do as a leader and manager. Your ability to influence others, which is your fundamental task, begins with people's willingness to be influenced by you. And their willingness begins with their trust in you — their confidence that you will do the right thing.

We ended that blog by noting the two key components of trust — competence and character — and promising to explore each in subsequent blogs. This post, then, is on what it means to be competent as a boss.

That final phrase — "as a boss" — is critical because all trust is contextual. What's expected of you will depend on the setting, circumstances, roles, and expectations of those involved. Thus, as a boss, you need to know not just what to do and how to do it, but also how to get it done in the organization and the world where you work. We've labeled these three elements of competence technical knowledge, operational knowledge, and political knowledge.

Technical knowledge covers what you need to know, not only about the work performed by your unit but also about the basics of management. If you manage a group of stock brokers, you need to know SEC regulations, as well as something about the financial products your group sells. If you manage a group of mechanical engineers, you need to have a good grasp of mechanical engineering. You needn't be the expert — a trap many managers fall into, especially those who excelled as individual contributors — but you need to know enough to make good decisions, set intelligent priorities, and offer useful guidance. In addition, competence as a boss requires knowledge of management fundamentals. Your people expect you to know how to plan, evaluate performance, and delegate, to name some key management functions.

Operational knowledge might be called "practical" knowledge. It covers not what but how you and your group do what you do. You may understand capital budgeting because you took a course in it, but you still must know how it's actually done in your company — the steps involved, who must approve, and the tests to be met. You may understand the concept of delegation, but you still may not know how to do it effectively in daily work. Technical knowledge will get you a good grade on a test, but you need operational knowledge to do real work. Even for work done not by you but by your people, you still need operational knowledge. Otherwise, you won't understand what they actually do, what support and resources they need, or what you can expect of them.

Political knowledge is the knowledge required to get anything done in a political environment, such as the organization where you work. You may understand capital budgeting, and you may know how it's done in your organization. But getting what you need also requires political knowledge — an understanding of how to justify your capital request in ways most likely to succeed in your organization. For example, you might tie it to one of the company's highest strategic goals or link it to a group that is currently a management favorite. Is this "playing politics"? Not if it's done for worthwhile organizational ends, rather than personal or parochial purposes. Political knowledge is what you need to exercise influence effectively in the political environment that exists in all organizations. Your people expect this of you. Otherwise, you and they will never get the resources and attention you all need to do good work. If you've ever worked for a powerless boss, you understand how and why people's trust in you as a boss depends in part on your political knowledge.

You ultimately build people's trust in your competence through your accomplishments over time — through the knowledgeable decisions you make, your practical understanding of how work actually gets done, and your ability to get the organizational resources needed to do good work. Nothing in the long run can overcome a deficit of accomplishment.

But along the way you can foster trust in your competence through some simple actions:

Talk about the why and how of decisions you make and actions you take. Don't be mysterious. Be open in your choices. That way, people will see your knowledge and understanding even before any results come in. In other words, adopt a practice of explaining yourself. It lets others see what you know and how you think.

Involve others in the way you manage. Invite people's participation in decisions and the resolution of group issues. Use their technical and operational knowledge. You retain ultimate responsibility, of course, but giving people a say allows you to incorporate their competence into your own. They will worry less about what you yourself know if they're confident you will take advantgage of what they know.

Ask good questions that reflect real understanding of the work and its purposes.

Don't try to fake knowledge. If you claim or assume knowledge you don't really possess, those who truly know will see through you instantly. Ask for clarification. Admit ignorance and ask questions that will help you learn. Admit mistakes, as well, and talk about what you learned from them. Demonstrate a willingness, even an eagerness, to learn.

Don't try to be the expert. It's almost always an impossible goal for a manager, and inevitably it will lead to dysfunctional competition between you and your people.

Above all, be honest with yourself about what you know and don't know. If you lack important knowledge, learn it as quickly as you can. Ask an expert on your staff to tutor you, for example. We know managers whose ability to influence their people went up when they admitted what they didn't know and asked for help learning.

Competence is critical for building trust, but by itself is not enough. What you do with your smarts — your intention — is just as important, and that's character, the topic next time.

Tuesday, March 20, 2012

Why crm is important in sales.

Most companies nowadays rely a lot on crm systems to be the center of communication logging of all contacts between the company and clients. Updating the clients information is the key to success if it as if the information isn't up to date, loss and mis communication happens causing loses to business and opportunities.

Actually, in terms of tangible lost, an invoice or bill could get lost if it is sent to the wrong address or person. One  of the latest cases I have seen is that an accountant refuses to update the crm blaming that it is the customers that has to inform the company that the address has changed. Lost invoice went lost in this case.

It would be such a shame for the business if the process was broken at the end when bills could not be collected, despite all the work that the other teams have completed. It is the need of the management to see this as a threat to profitability of the company, rather than piles  of uncollectible bills waiting to be collected, hence lesser AR aging days.

Saturday, March 17, 2012


ของแพงทั้งแผ่นดิน รัฐหันไปพึ่งศาลพระภูมิ.. เหนื่อยใจแท้ คนเก่งๆมันหายไปไหนหมด

Back to school for top corporate executives


Guess no one is too old to go to school.

Friday, March 9, 2012

Acute Exposure Guideline Levels for Selected Airborne Chemicals: Volume 11


AEGLs represent exposure levels below which adverse health effects are not likely to occur and are useful in responding to emergencies, such as accidental or intentional chemical releases in community, workplace, transportation, and military settings, and for the remediation of contaminated sites. Three AEGLs are approved for each chemical, representing exposure levels that result in: 1) notable but reversible discomfort; 2) long-lasting health effects; and 3) life-threatening health impacts.

Friday, March 2, 2012

How MySQL Protects Your Password

When it comes to protecting user passwords, MySQL offers a lot of options, from minimal to incredibly robust.  Of course, password encryption is not a one-size-fits-all type solution.  It all depends on your data and what priority you place on its safety.  To that end, today's article will cover a few different encryption algorithms supported in MySQL that will help you make a sound decision as to which suits your needs best. 

Using the Default Password Encryption

MySQL stores passwords in the User table, along with all things user:

mysql> SELECT host,user,password FROM mysql.user; +-----------+------+-------------------------------------------+ | host      | user | password                                  | +-----------+------+-------------------------------------------+ | localhost | root | *D4FA16B3275E6619F3029FDDBA9A90EBA0DDFBEA | +-----------+------+-------------------------------------------+

Smartly, MySQL doesn't store passwords as plaintext, but rather, as a hashed value that is calculated by the Password() function.

A hash is a special one-way encryption algorithm that produces an encrypted value for a given string. 

When you log into MySQL, it runs the supplied password through the same encryption algorithm and compares the result to the stored value in the User table. Being a one-way algorithm makes it harder to crack because even MySQL can't derive the plaintext string from the hashed value! (Note to self: don't forget password.) Before MySQL 4.1, these were 16 bytes long. 
Since then, the Password() function has been modified to produce a longer – and more secure - 41-byte hash value.

When we create a new user account using the CREATE USER command, MySQL takes the IDENTIFIED BY value and runs it through the Password() function behind the scenes:

mysql> CREATE USER 'robg'@'localhost' IDENTIFIED BY 'test1234'; 0 rows affected, 0 rows found. Duration for 1 query: 0.328 sec.   In fact, you can't set the password directly using an INSERT or UPDATES statement:   mysql> UPDATE 'user' SET Password = 'test1234' WHERE User = 'RobG'; /* SQL Error (1364): Field 'ssl_cipher' doesn't have a default value */

Using the Password() function to encrypt passwords is a whole lot better than nothing, but you can use stronger encryption if your data requires it.  The MySQL docs explicitly state that Password() should only be used to manage passwords for MySQL accounts and that you should not use it in your own applications.  For that purpose, they recommend going with something a little more potent like MD5 or SHA1.

MD5 creates a hash string of 32 hex digits.  SHA1 produces a 160-bit checksum for the string, according to the RFC 3174 (Secure Hash Algorithm) spec, resulting in a string of 40 hex digits. Of the two, SHA1 is considered to be more secure than MD5.

MySQL already has built-in MD5() and SHA1() functions.  All you have to do is call them, but use a regular INSERT or UPDATE statement for those.

For instance, this won't work:

SET PASSWORD FOR 'robg'@'localhost' = MD5('newpassword');

However, this will:

UPDATE User SET Password = MD5('newpassword') WHERE user = 'robg';

To store passwords encrypted with SHA1, you'll need to be able to store 40 characters. When in doubt, the CHARACTER_LENGTH() function will tell you how large the password field has to be:

mysql> SELECT CHARACTER_LENGTH(MD5('newpassword')); +-----------------------------------------+ | CHARACTER_LENGTH(MD5('newpassword'))    | +-----------------------------------------+ |                                      32 | +-----------------------------------------+

Exploits have been documented for both the SHA and MD5 ciphers, so if you want to get ahead of the curve, you might consider going to SHA-2, using the SHA2() function. It calculates the SHA-2 family of hash functions, which include SHA-224, SHA-256, SHA-384, and SHA-512, using two arguments: the cleartext string to be hashed and the desired bit length of the result.  The latter must have a value of 224, 256, 384, 512, or 0 (which defaults to 256).  The function returns a hash value containing the desired number of bits:

mysql> SELECT SHA2('newpassword', 224); +-----------------------------------------------------------+ | SHA2('newpassword', 224)                                  | +-----------------------------------------------------------+ | 4a574b42e32e03846eda8fc71b667a527c3840614896f0376bfca92b  | +-----------------------------------------------------------+        
mysql> SELECT SHA2( 'newpassword', 384); +-----------------------------------------------------------------------------------------------+  | SHA2('newpassword', 384)                                                                      | +-----------------------------------------------------------------------------------------------+  |0f60c17a9c7df029682066d18836e4213803b62f766b1555efaf14e8b0cf61b81b838deb56ef3397c07e7b7bb8e96df| +-----------------------------------------------------------------------------------------------+

I think we're gonna need a bigger field!

Using Two-way Encryption

Using two-way encryption on passwords is somewhat controversial because it opens the door – at least in theory – for obtaining the original password string from the encrypted version.  Two-way ciphers also require an extra crypt_str argument, so be prepared to take on some additional key management overhead.

One such encryption scheme is DES. It uses the Triple-DES algorithm to encrypt a string with the supplied key. The syntax for the encrypting and corresponding decrypting function is:

DES_DECRYPT(crypt_str[,key_str]) DES_ENCRYPT(str[,{key_num|key_str}])

As the following example demonstrates, two-way ciphers produce binary encoding:

mysql> SELECT DES_ENCRYPT('text','newpassword'); +--------------------------------------+ | DES_ENCRYPT('text','newpassword');   | +--------------------------------------+ | sN"                                  | +--------------------------------------+

Likewise, the AES_ENCRYPT() and AES_DECRYPT() functions were added in MySQL 4.0.2 to enable encryption and decryption of data using the Advanced Encryption Standard (AES) algorithm, also previously known as "Rijndael." Encoding is effectuated using a 128-bit key length because it is much faster and it is secure enough for most purposes, but you can extend it up to 256 bits by modifying the source.

Here's an SQL statement to encrypt a password using AES encoding:

mysql> SELECT AES_ENCRYPT('text','newpassword'); +--------------------------------------+ | AES_ENCRYPT('text','newpassword');   | +--------------------------------------+ | ` [1]P] s                              | +--------------------------------------+

Again, binary output is produced.

AES_ENCRYPT() and AES_DECRYPT() are considered to be the most cryptographically secure encryption functions currently available in MySQL.

Note that the SHA-2, DES, and AES functions require MySQL to be configured with SSL support.

Some Additional Caveats

What ever encryption algorithm you choose to go with, be aware that the statements that invoke encryption functions may be recorded by MySQL in server logs or in a history file such as ~/.mysql_history, meaning that the original plaintext passwords may be read by anyone having read access to that information!  Good to know!

Very rarely, a hashing function can produce the same value for two different input values. If you want to be able to detect such collisions, one way to do that would be to make the hash column a primary key so that the database will reject duplicates.

For more information on hashing, be sure to visit the National Institute of Standards and Technology (NIST) Computer Security Division Secure Hashing page.

See all articles by Rob Gravelle

This article covers a few different encryption algorithms supported in MySQL