Taiwan Citizen Digital Certificate

Taiwan has a very interesting attitude towards technology (for better or worse), and it is fun to try out anything new that comes up here (for a certain definition of “fun”). When the news hit late last month, that the National Immigration Agency opens Internet ID application to foreign residents, I was there to get mine as soon as it was available. The “Internet ID” refers to a “Citizen Digital Certificate”, also called MOICA, a smart card that supposed to make a lot of services available through a web browser or other government-produced software (e.g. filing taxes online). For Taiwanese citizens MOICA seems to be available at least since 2003 (according to the news report I’ve managed to dig up), but this is the first time it available for us foreigners living here.

In this rather graphic post I try to summarize the process of getting a MOICA card as a foreigner in Taiwan, setting it up, and some (opinionated) lessons to learn from it.

The Process

The process of getting and setting up the card is outlined in this leaflet that I’ve picked up.

MOICA Application English
Click to see large scan. Wow.

Though – not surprisingly – in practice everything is a lot more complicated than these 8 bulletpoints.

Continue reading “Taiwan Citizen Digital Certificate”

Taiwan WWII Map Overlays

A while ago I came across the Formosa (Taiwan) City Plans, U.S. Army Map Service, 1944-1945 collection, in the Perry-Castañeda Library Map Collection of the University of Texas in Austin. I’m a sucker for maps, enjoy learning about history a lot, and I have a lot of interest in my current home, Taiwan – so you can call this a magic mix of cool stuff.

There are 26 maps in the collection, made by the US Army by flying over different parts of the island, and mostly I guess stitching together aerial photographs. The maps themselves were not that easy check in an image viewer, since there’s no context, zoom is clumsy, and have no idea where about half the places should be located. Instead, I thought it would be great to have them as an overlay on top of current maps and satellite imagery on Google Maps.

The result is Taiwan City Maps overlays, which does exactly that. Feel free to click the link and explore right now! In the rest of this post, I try to first show how that page was made, and also some history lessons I gained by making it.

Continue reading “Taiwan WWII Map Overlays”

Taiwan Bank SSL Continuous Monitoring

My previous post, titled SSL status of Taiwanese banks: a sad affair sparked a lot of visits and lot of discussion, clearly touching on something important. It was great to bring to light how well (or badly, in this case) these organizations are doing, as internet security should be one of their key focus.

Many of the organizations improved their setup since then, and it became quite troublesome to manually check each bank and each change, update the table and so on. It’s also good to have not just a snapshot in time, but a continuous record of how they were doing.

Thus I’ve hacked together some monitoring scripts, put the results online, and here’s the Taiwan Financial Institute SSL Status page.

TaiwanBankSSL
Click to check the current results

Page features include:

This is quite a bit more than “minimal features”, but wanted to make something that is actually useful.
Continue reading “Taiwan Bank SSL Continuous Monitoring”

SSL status of Taiwanese banks: a sad affair

Today there was a story on Hacker News, how someone tweeting a screenshot of a bank’s SSL certificate got harassed by the bank in Greece. This got me thinking about the status of the banks here in Taiwan, especially how this place is so wired and online now. So I took a list of taiwanese banks and run each of their sites through the SSL Test. From past experiences I haven’t had my hopes up, but boy is the result ugly…

SSLTest_F
The usual result of this exercise

SSL Test Overview

I had a list of 43 banks, and for a quick overview I took into account a few key features only. The first is whether there are any active vulnerabilities against the site according to the test (these were mostly CRIME, FREAK, and POODLE attacks). The second is whether RC4 encryption was enabled, as it is now prohibited, and having it on is an automatic Payment Card Industry Data Security (PCI) compliance failure, according to one of the commenters. Other various warnings are mentioned when something really stands out, they are not crucial but more nice to have (though I’d contend that Forward Secrecy and HTTP Strict Transport Security is more than “nice” for anything financial).

Edit: Since publishing this post, there’s a brand new password recovery attack against RC4, so it’s even more urgent to switch it off.

Continue reading “SSL status of Taiwanese banks: a sad affair”

Make the most of solar power

It didn’t take the arrival of a horrendous electricity bill to the Taipei Hackerspace to start thinking about reducing my electricity footprint. In the last half a year there were two solar power projects on Kickstarter that I signed up for: the Solar Pocket Factory (SPF), and the Foldable USB Solar Cell (FUSC). Generally there’s a lot of sunshine here in Taiwan (when we don’t have a typhoon), and even if I cannot power my laptops from it, could certainly try to power my smartphone…

It turned out that I needed both Kickstarter projects to make one good device.

The Foldable USB Solar Cell looks awesome and not bad at 7W and 5W (the two pieces I have). The voltage output doesn’t seem to be very stable, or has strange behaviour as it doesn’t charge my attached phone when there’s too much direct sunshine. Thus I cannot really use this directly with devices.

The tiny solar panels in the Solar Pocket Factory are very fragile and I couldn’t really make them into an actual working cell yet. On the other hand, it came with a 2000mAh battery and a circuit called Li-Po Rider Pro, by Seeed Studio. This circuit us solar cell or USB input to charge a battery , plus have a good output circuit to charge a USB device either from the battery when there’s no sunshine or from the input when there is.

Putting together the Foldable USB Solar Cell and the Li-Po Rider Pro, we have something that kicks arse indeed! Since I only have one circuit and Seeed doesn’t seem to sell it separately, I thought I could improve on things if I use both solar

USB adapter for parallel panels

The easiest idea I could come up with is creating a USB adapter to connect the panels in parallel (thus practically summing them up as current sources).

USB connector wiring, from the Tech Support Guy forums
USB connector wiring, from the Tech Support Guy forums

This plan needs two male USB A connectors (the “cable” type on the picture) to plug into the panels, and one female USB A (the “device” type) to provide the single output. Then female VCC pin is wired to both male VCC pins, and the GND pin similarly to the GND pins. The D-/D+ pins are not in use in this case.

Parts on the working desk
Part for the solar panel connector. One female and two male

The connectors came in as $0.40 each, the wire I don’t remember but probably a few cents. I fortunately had both black and red to use with the GND and VCC. Things are better colour coded.

Soldering together the middle two pins, and hook the ones on the side with wires (here the black wire for the Ground line)
Soldering together the middle two pins, and hook the ones on the side with wires (here the black wire for the Ground line)

First the middle two pins of a male and a female connector is soldered together, just to provide mechanical support. The end of the cable is stripped and hooked around the touching pins (the GND pins on this picture). The two pins + wire is then soldered together, with enough solder to stay, but not that much that the other pins could touch.

Finished soldering, a bit too much solder, but at least it holds
Finished soldering, a bit too much solder, but at least it holds

Did the same thing for the VCC pins + red wire. Finally added some more solder to the central pins. It was pretty stable like this, though I guess it would be better to have some sort of external housing for it or another way to increase the mechanical rigidity of the connection.

The extension cord to the extra male connector
The extension cord to the extra male connector

Finally the other connector is soldered, making sure that the right pins are connected (the same as the other male USB). The connectors are then wrapped in a bit of duck tape for some rough insulation. These parts will be outside, both in sun and rain, nothing much can break, but better not test whether I’m right about this particular point…

Cover and plug into the secondary solar panel
Cover and plug into the secondary solar panel

Plugged into the secondary (5W) solar panel, and into the primary (7W) one as well. Duck taped everything down onto the roof well enough that they are not blown away too easily (though I’d better check on them in a bit, the wind is howling just now outside).

Primary solar panel with the adaptors
Primary solar panel with the adaptors

As an aside, the duck tape doesn’t seem to like the sunshine. It sticks its sticky parts on everything, that part doesn’t seem to spell fun for the future.

Ready to charge

When everything is connected, the panels will get pretty good sunshine for the bigger part of the day. I don’t think they reach max capacity, because the angle is never ideal, but from the practical point of view, they get enough sunshine to max out the attached 2000mAh battery between device charges.

Hold the panels down, plenty on sunshine (at least this afternoon
Hold the panels down, plenty on sunshine (at least this afternoon

The Li-Po Rider Pro circuit is under the roof, so it doesn’t get any rain (at least I hope!), and has a little ledge to charge a phone safely as well.

solar8
Charging circuit and filling up my phone

Since all the devices were pretty much full when I checked in the Hackerspace after I finished this setup, the test whether combination of the two solar panels does indeed increase the power is not foolproof. Otherwise I would have charged a device from a low battery level to a bit higher with one panel, then later switch to two panels and see the different slope of the batter charge versus time. Normally at high charge levels (90%+) the slope is varied by the charging circuit (to preserve the lithium battery’s life), thus that level is not really good to test the difference between the single / dual panel situations.

One thing does suggest, though that the plan worked. Before this modification, charging a phone discharged the Li-Po Rider Pro’s own battery (there’s a touch switch on the circuit to get an approximate charge level, indicated by the lighting up of 0 to 4 LEDs on an LED bar), even in full sunshine. This time it seems that both the phone and the storage battery is charged up, indicating larger incoming power than before. I will check it again next time, though (the Nexus 7 tablet we have will be great for that, it has much larger internal battery than my HTC Butterfly phone)

Possible improvements

There are a few things I could improve on the setup, focusing on usability.

I hope to get a longer USB cable to reach from the roof to inside the Hackerspace, and set up a charging station within the room. This way people don’t have to keep their devices out of reach while charging, and there’s no chance of being ruined by a sudden rain.

I hope to get a larger capacity Li-Po battery. 5-10.000mAh could be good, then it would likely have enough power all the time to keep charging people’s devices, and not standing idle being full when not charging something, while easily emptied by a single device.

The roof also has plenty of more space, so getting a bunch of other panels, combined with the first two upgrades, would make it really beneficial. These foldable panels would be better portable, and keeping them in one place feels a sort of waste.

Ultimately it would be awesome if I could have a purely solar-powered phone. Because it would mean some money saved, but also, and mostly, because I can.