Afterword

ThimphuTech was the first technology blog in Bhutan. We started writing it in 2009, just as broadband and mobile internet started to take off. (Although internet in Bhutan was launched in 1999, it was either super-slow or super-expensive, and was only used by a selected few).

In the blog, we wrote about technology and food, but also about plenty of other stuff. The blog became popular and influential in Bhutan. A companion bi-weekly column -- Ask Boaz -- was published for many years in the Kuensel, Bhutan's national newspaper. (The complete Kuensel columns are available as an ebook, Blogging with Dragons).

We stopped updating the blog when we left Bhutan in 2014, but the information within the posts can still prove useful, and thus we decided to keep it online.

We thank all our readers.
Tashi Delek,
Boaz & Galit.

Saturday, February 15, 2014

Domain Ownership (K2 #82)

Question of the week
How can I find the real owner of a website?
— T. Dorji

Answer
Dear T. Dorji,

Indeed, website ownership is often more than meets the eye and some detective work might be needed. Start by visiting the website. If the website has an “About us” or “Contact us” page, the answer to your question might appear right there. Some website owners, however, do not provide that information on the website. In that case, your next best bet is to try and find out who owns the domain name for the website (the domain name is the address that you enter in the browser, for example www.google.com).

The domain ownership information is often stored online in a special database called WHOIS database, and you can use free WHOIS lookup services to query this database. One such free service is the excellent DomainTools. To look up a domain, visit whois.domaintools.com, enter the website address, and hit Lookup. If the lookup was successful, you will find plenty of information about the owner, which might include their address and phone number. For example, when you look up www.google.com, you will find that the owner is (surprise!) Google Inc. in Mountain View, California.

Sometimes the output from the lookup will send you to another website, requiring an additional step to uncover the ownership information. For example, if you search DomainTools for www.bpc.bt, you will get the following response: “For more information, please visit http://www.nic.bt”. That’s the case with all Bhutanese domains. The website www.nic.bt indeed has ownership information for Bhutan-registered websites, and it will tell you that bpc.bt is registered by Pema Tshering of Bhutan Power Corporation in Thimphu.

Some website owners do not like the idea of having their personal details available online, so they use a domain privacy service. In such cases, the website owners’ details in the WHOIS database are replaced by the name of a company which acts as their proxy. Popular domain privacy services include “Domain by Proxy” and “Domain Privacy Services”. To find out who is behind a privacy-protected domain, you will need to contact the owner’s proxy and convince them why you need the name of the domain owner. If you have a good reason (for example, the website is doing something illegal), and a good lawyer, you might be successful.

Readers are encouraged to submit technology-related questions to boaz@thimphutech.com

Here, there and everywhere (K2 #81)

Question of the Week
I bought the Galaxy Grand Duos smartphone but found out that it does not work in Bhutan. What can I do? Will it help if I “root” the device?
— Samten Dhendup, Sr. Survey Engineer, NLC

Answer
The Galaxy Grand Duos model that is sold in India supports the 3G bands of 900, 1900, and 2100. The bands used for 3G by Bhutan’s operators are 850 and 2100. Thus, wherever 850 is used (Thimphu, Paro and a few other locations), your phone will not be able to use 3G. This is a limitation of the phone’s hardware, and “rooting” the phone – which means gaining complete control of the smartphone’s software – will not help. In fact, it often means voiding the manufacturer's warranty as well as running others risks, including making the phone totally unusable. Due to BICMA’s user-unfriendly decision to use the North American band of 850 instead of the standard Asian 900 band, quite a few other Bhutanese customers are in your situation and will need to buy new, expensive phones; if it’s any consolation, they say shared sorrow is half a sorrow.

Question of the Week
Is the Sherig Collection available online? How can I download it?
— Yeshi Choden

Answer
The Sherig Collection is a set of educational resources for teachers and students in Bhutan. It includes offline Wikipedia, thousands of educational videos, Dzongkha dictionaries, e-books, audio books, exam banks and more. It can be installed on any Windows computer - no Internet required. The size of the collection is pretty big - it’s about 25 GB, and it is not available online. Why? Given the speed and stability of broadband Internet in Bhutan, it would take days to download the Collection (assuming that the connection or the power did not drop half way, in which case you’d have to start all over again…). The only practical way to get the software is by copying it using an external hard drive or a 32 GB pen drive. You can get the software in many schools in Bhutan. For more information, register at sherig.rigsum-it.com.

With the new school year starting soon, let me take the opportunity and wish all teachers, students and parents a happy year of learning!

Readers are encouraged to submit technology-related questions to boaz@thimphutech.com

Saturday, February 1, 2014

Social engineering (K2 #80)

Question of the Week
Is it true that Google Apps is more secure than our current email systems?
— C., RGoB

Answer
Lots of resources are often invested in securing computer systems. We recently read about the government’s plan to use an online service called Google Apps to store and manage email and documents for civil servants. It was mentioned that one of the benefits of using this system is increased protection against hacking, as the government’s existing mail servers are considered more vulnerable. While this may be true, the sad reality is that any system is as secure as its weakest link. And the weakest link in information security is usually human beings.

Movies often depict hackers as geniuses (often in wheelchairs, for some reason) who break into computer systems. The truth, however, is that hackers often do not need to have special technical skills in order to break into computer systems. They need to understand human nature, and they can manipulate people into disclosing confidential information, such as passwords, by various tricks. This is known as “social engineering”. For example, a hacker might call an employee by phone and pretend to be the IT administrator, asking for the password in order to “maintain the account”. Or a hacker might “accidentally” drop a pen drive with malicious software near the premises of a targeted organisation, hoping that a curious employee will find the pen drive and plug it into a computer, thus infecting the organisation’s system.

Social engineering techniques take advantage of common human traits such as curiosity, fear, kindness, trust, and greed. Many of the most successful hackers are brilliant “social engineers”, understanding and manipulating human beings. In Bhutan, the levels of trust are high and people do not tend to be suspicious. While it makes for a wonderful social atmosphere, and is certainly great for the happiness metrics, it also means that rogue people with malicious intent can quite easily take advantage of this cultural psyche. Google Apps security is better than existing ones, but human beings are still the same.

Readers are encouraged to submit technology-related questions to boaz@thimphutech.com