Wednesday, July 29, 2009

Tree Office

The Chief Secretary proudly presented the Report of the Task Force on Tree Management in June. It has a sub-title People, Trees, Harmony. First, the basic. We are all aware that the task force is a bureaucratic response to several tragic incidents of tree collapses, leading to the death of a girl in Stanley, right in the middle of a busy street. There was a public outcry that the government is accountable because tree safety is her responsibility. It is well expected that the standard response of the bureaucrats is the setting up of a group to find a way to improve, using collective responsibility. This high-power task force led by the Chief Secretary comprises representatives of four bureaux and ten departments. However, it is actually the brainchild of the Development Bureau. Its terms of reference is mainly on the risk of trees, plus the supporting role of government organization structure and resources. The report can be read from the website of the Development Bureau.

I must admit it is a beautifully written report. I am especially impressed by the flowery description on our love of trees, how they benefit the environment and how they should be preserved. We all know that our mothers are women. The public has no question about that. Their concern is on safety, both people and trees.

The Task Force aptly identified the problem. There are many departments each responsible for trees under their purview. The demarcation is simple: Leisure and Cultural Services Department is responsible for trees in parks and roadside landscaped areas, Highway Department for expressways and slopes assigned to it, Housing Department for public housing estates, Agriculture, Fisheries and Conservation Department for country parks, other departments for lands allocated to them, and Lands Department for unallocated land. The problem is said to be a lack of co-ordination among them.

As a result, the Task Force recommends the setting up of a new Tree Management Office within the Development Bureau. As such, the bureau will expand by having twenty one more officers including one directorate level two officer, two directorate level one officers, six assistant secretary level officers, two Senior Executive Officers and two Executive Officers II. As for departments, they will remain status quo except Lands Department where a tree unit may be set up.

We will see the bureaucracy grows as a result. The threat of government negligence has been turned into an opportunity for growth. This is a good illustration of the Peter Principle at work. As for the fundamental concern of the danger to the public from tree collapses, it still remains status quo. The new tree office in the bureau has a higher purpose. It looks after policy, standard, and committee work on greening, landscaping and liaises with department on tree management. After all the fuss, I do not see how the public are better protected from the collapse of trees.

To effectively improve the situation and avoid the danger, a better solution is the Occam's Razor principle: To deal with the obvious problem with the simplest approach. As I see it, to remove the danger to the public from tree collapses, there are three steps: First, a diligent surveillance of the condition of trees in close proximity to the public; Second, ability to diagnose and cure sick trees, and Third, removal of trees which are in danger of collapsing.

For the first step, departments have been doing it for a long time. It does not require specialized skills. Common sense and basic training will enable an ordinary person to distinguish a sick tree. It is just a matter of the awareness and diligence of departmental front-line staff in watching out for sick trees as a small part of their regular duties.

For the second step, it is a shame to admit that the government does not have professionals in arboriculture. There are Forestry Officers who are scientists in botany. There are also skilled plant technicians in the government plant nurseries in the Agriculture, Fisheries and Conservation Department, and the Leisure and Cultural Services Department. Most sick trees can be handled by the departments, and not many of them are within striking distance to the public. For special cases, the help of the academic sector can be sought. It is better for the professionals in the field to advise on the health of trees, rather than one sitting in the office of the bureau.

For the third step, it is even simpler. While the two departments above have tree cutting teams, most departments use contractors for the removal of trees. It is just a matter of timely decisions and swift actions.

The tree office in the bureau is unnecessary.

Tuesday, July 14, 2009

網上銀行保安措施

電腦保安是一個重要課題。一直以來大家都知道除了已公開的資料外所有資料都需要保密。資料 通常是記錄在文件上,而文件檔案有各種方法收藏,不過一向以來都常有文件遺失或失竊事件發生。進入電腦時代,資料保存有了新方法,從好的方面看,資料可以保存得更好,用很少的資源就可以儲存大量資料,存取很方便,而且有很多加密方法。其缺點亦是因為方便而使資料使用者減低了介心,又一旦失竊時大量資料可同時被盜取;這個情況因為資料在互聯網上流動而更為嚴重。

資訊科技界和電腦竊匪之間有永不完結的較量。我們只能希望自己走先一步,可以使用最新的電腦保安方法。安慰的是使用電腦者數以億萬計,而不幸被竊者仍只屬少數,其或然率比家居失竊要低很多。

幾年前各國曾有數宗銀行電腦資料失竊事件,使銀行界要提升網上銀行保安措施,以挽回顧客的信心。當時並無好的方法,銀行唯有倒退到石器時代,要顧客自行攜帶一個密碼產生器 Token,用以進行網上交易。我在2005年已指出這個做法和先進網上服務的概念相反,而當時亦有更佳和更準確的保安方法。如果你有興趣,可以看看我在2005年寫的博文。有些銀行選擇用 token,其實是向電腦竊匪投降,自動將網上服務的便捷性降低。

當時銀行的錯誤信念,是以為只使用一次的密碼萬無一失,其缺點只是要顧客小心保管,和定時更換 token。事實並非如此,下面的報導說有電腦竊匪可以截取密碼,而又在密碼未失效前轉走存款。回到基本電腦保安ABC,各位有必要為電腦安裝並更新最新防病毒軟件,並要小心防範可疑的電郵和網站,不要以為有 token 就很安全。如果銀行有提供 SMS 確認服務就要從速登記使用,並要檢查所有該等訊息都是正確。既然使用網上銀行服務,大家就不妨天天都上網看看戶口活動記錄,一來可以監察是否有可疑活動,二來可以欣賞自己的銀行戶口結餘。

*************
加強網上銀行服務的保安措施
2009年7月13日(星期一)
香港時間18時25分
下稿代香港金融管理局發出:
鑑於近期本港及海外網上銀行騙案所涉及的行騙手法愈來愈先進,香港金融管理局(金管局)今日(七月十三日)發出通告,要求所有認可機構加強網上銀行服務的保安措施。
金管局注意到,近期騙徒的行騙手法是趁銀行客戶登入網上銀行時,透過客戶已受特洛伊木馬軟件感染的電腦來套取客戶的登入認證資料(包括用作雙重認證的只用一次的密碼)。騙徒利用這些登入認證資料進行屬高風險類別的網上銀行交易,例如轉帳至未經登記的第三方戶口。
金管局發言人表示:「由於有關的行騙手法愈來愈先進,認可機構有需要加強保安措施以打擊網上銀行騙案。其中一項重要保安措施,是認可機構須在完成一宗高風 險的網上交易(如將資金轉帳至未經登記的第三方戶口)後,即時連同交易詳情以手機短訊或其他有效方式通知其客戶。金管局強烈鼓勵銀行客戶充分利用這項服務,核實交易詳情,如發現有任何未經授權的可疑交易時,則馬上通知其銀行。我們相信只要銀行客戶和銀行均採取適當的保安措施,使用設有雙重認證的網上銀行 服務仍然是安全的。」
金管局將繼續與香港警務處及銀行業界合作,監察與網上銀行騙案有關的最新科技發展及趨勢。金管局會不斷加強網上銀行保安及消費者教育活動,為香港網上銀行建立一個安全及方便的環境。
*************

Saturday, July 11, 2009

The Forty Mystery

I mean the forty mystery, not forty mysteries, because it is about forty, not forty things. Last week I was watching the news on the protest march in Iran, and that it was spreading from Tehran to Isfahan. I recall visiting Chehel Sotoun in Isfahan a few years ago.

Chehel Sotoun means the Palace of Forty Pillars. I searched my photo archive and found two photographs of the palace below.



The Palace of Forty Pillars was so famous that the first thing I did was to count the pillars. There were no forty pillars. The Iranian guide explained that there was a pond in front of the palace, and the reflection of the pillars in the pond had to be counted as well. There were six rows of pillars, and each row had three pillars, making a total of eighteen pillars. Including the reflection, there were only thirty six pillars. I asked the guide again, and he finally revealed the mystery. The word forty in ancient language in the middle east has a broad meaning. Besides the number forty, it just means many. Chehel Sotoun means palace of many pillars. He said similar to other languages which congratulate people living to one hundred years old, hundred years simply means many years instead of the number hundred. It means longevity, not wishing people dying at one hundred. Many people are actually breaking this record.

He cited an example of an ancient Arabic proverb: "To understand a person, you must live with him for forty days." In the proverb, forty days do not mean one month plus ten days. It just means one has to live with a person for a long time in order to understand him.

However, when translated to other languages, such meaning of forty is not apparent. Thus forty becomes a mystery appearing in many stories and myths.

One famous story is Alibaba and the forty thieves. No one knows who the forty thieves were. Actually there were no forty thieves, but Alibaba could have a large gang. As time passed by, when the story was told in other places, or when it was presented as drama and movie, people made up forty thieves in number.

The word forty appears in the bible many times. It makes one wonder why god has a special favour for the number forty. Biblical stories were told according to this misunderstanding and many rituals were made up following the wrong translation. There are many incidents.

Genesis told the story of the big flood for which Noah built an ark to save his family and many animals. Genesis 7:12 "And the rain was upon the earth forty days and forty nights." I do not know whether raining for forty days and nights could flood the whole world. It could be very heavy rain which we have yet to see. But forty could just mean many and that it just rained for a long time.

The misery of the Israelis in the journey led by Moses away from Egypt was recorded in Numbers. The Israelis were so bad that God cursed them as told in Numbers 14:33 "And your children shall wander in the wilderness forty years , and bear your whoredoms, until your carcases be wasted in the wilderness." It really took the Israelis many years before settling down in Palestine. Forty years are many years, not necessarily forty in number.

According to Exodus, the Israelis were unruly in the journey, and Moses left them and went up Mount Sinai by himself. Exodus 24:18 "Moses passed into the midst of the cloud as he went up on the mountain; and there he stayed for forty days and forty nights." I wonder how much supplies did Moses bring with him. It was difficult to last for forty days and nights on what he could carry. In any case, he could have left for the mountain for many days, enough to carve the stone tablets of the ten commandments.

Matthew told the event where Jesus was in the wilderness for forty days. Matthew 4:2 "He fasted for forty days and forty nights, and afterwards he was hungry." Fasting for forty days and nights was a miracle. No human could endure such period of time in the desert without food. This could be a record of history of Jesus going into the desert for many days.