 If you're listening to this on YouTube, this episode is one week delayed. Up to date, tech show but friendly episodes are on Spotify, Apple Podcast, or Google Podcast. This is Tech Show But Friendly, Hardware Sugar's podcast, and I'm your host Anton, and we'll jump right into it with the story of how the PNP got hacked. Although the government is disputing that it was actually hacked, which might not be a good thing. I mean, you think, okay, there was a hack, no it wasn't a hack, then that's better, but actually it might even be worse. So what was hacked or what information was accessed? Apparently over 1.2 million records of people who applied to work with the police or are actually working at the PNP were all in a publicly accessible database. So this database was not secured, it was not password protected, it was not encrypted. Apparently anybody who strolled over to the PNP employment portal could access it. Not to say that there were links pointing to this database, it's not clear from the security analyst to discover this flow how exactly you could uncover the database, but it's clear that the database was publicly accessible. And what was in this database? So over 1.2 million records, record spanning, birth certificates, grades, transcript of records, marriage certificates, tin numbers, so basically all of the basic kind of documents that you would forward to a potential employer. We're talking passports, driver's license, really all of these basic documents that have all of our details that we use to authenticate ourselves. Per the foreign security analyst to discover this flow and perhaps it's not accurate to call it a flow, more like a vulnerability, or basically you have a valuable which you failed to lock up, which you left outdoors. So I wouldn't even call that a security flow, more like a blunder, a mishap, something that was, you know, you were supposed to do something and you forgot to do it. So not even the most basic of encryption was on this database with over 1.2 million records. And according to the foreign analyst who did find this mishap, this was open to the public, publicly accessible for at least six weeks before the database was hidden behind some kind of security. And so that's why per our DICT it wasn't a hack, meaning there wasn't a intrusion into a purportedly secure network because it wasn't secure to begin with. I mean literally this data was just hanging out in the open for anyone to access. So yes, I mean if you want to split hairs, you could argue that there wasn't a hack because a hack implies that there was security and security was breached. In this case, there was no security. But if you define a hack more broadly as the access of information by people who should not have access to the information, which I think would be a generally accepted definition of hacking, maybe not in the strict sense, but definitely in the intrusion of privacy sense, then yes, there was a hack. But even more so than was it a hack or not, you know, let's not split hairs anymore. It's not in question that there was a lot of personal data that was submitted to the PNP, entrusted to the PNP by the people who were applying with them or people who are actually employed with them now. So there was a handoff of data from the individual to the institution and it's clear that the institution had a responsibility to safeguard that data, essentially to make sure that they locked up something valuable. So again to go back to our real world analogy, let's say you have an expensive watch and you just don't leave that watch lying around whatever on the counter, you put it away in a safe. And that just wasn't done here. The data was not properly put away or it wasn't properly secured. And on one hand, what's new, right? I mean we're all used to, if you live in the Philippines, we're all used to government agencies going awry. I mean they request so many things from us, from the citizens of the country, but they themselves are not particularly good at upholding the standards that they themselves put for themselves. Yung sobrang basic lang numaw documents, getting your driver's license renewed for example, getting a business permit. Yung dapat sobrang basic lang na transactions ang hirap pa rin gawin. Even you know where it's 2023, the internet was around 1995. So we've had more than 20 years of attempts to make things digital. Supposedly digital mas madali para sa mga mamamayan. And yet you know it's every simple thing is just so darn hard here. And you hear about something like this and you just shrug your shoulders and you go, well gawin talaga. But actually I don't blame the PNP. So that's that's where the title of this episode comes in like the PNP got hacked but I can't blame them. And it to be honest that's my true sentiment on it because it's very difficult to deal with the public in the Philippines. And I'm not talking about like if we're unruly, if we don't follow the rules, I'm just talking about the number of Filipinos. I think we're around 110 million people and just even and dealing with the basic bureaucracy to set up systems in place to deal with the volume of people that you need to deal with who are asking for NBI clearance, who are applying to the PNP, who are applying to renew your driver's license. And then you're doing it on such a limited budget. I keep bringing up the driver's license thing because it's a perfect example of how difficult it is to do an IT based project that is forward facing. Kumbaga, if the citizens are the customers of government, driver's licenses would be the product. It's something forward facing, something that we, the citizens have to interact with the government to get. So parang we're paying the government to get a driver's license. And if it were a private business, madali lang yung di ba? Yung negosyo is testing people and then you get issued a plastic card. For a private for profit entity, that would be easy to do because you're charging the price, the actual cost of the good, the actual cost of testing, of processing people, of issuing the license, of the raw materials for the license, of the IT databases that you need to properly manage this large number of people. But then you have IT budgets for government agencies, which just aren't sufficient to come up with the mechanisms in place. And again, I go back to LTO, the LTO IT provider for the longest time was Stradcom. I think if I remember correctly, the company's name was Stradcom. But the LTO officials decided to terminate Stradcom's license, sorry contract, because they weren't happy with the quality of the service being provided by Stradcom. Stradcom was like, okay, fine, take over. So the LTO did try to take over, but basically found it impossible. Either they couldn't find another provider, their in-house people couldn't do it, because yun nga, coming up with IT systems for this many people, imagine the back end of that, the front end of that, it's a mess. So in the end, LTO had to come back to Stradcom and ask them please come back and please take over the IT services again. And so they had to polish up the contract or something. But that has led to catching up with the data for the period that Stradcom wasn't around. And that doesn't even address the earlier concerns of LTO that Stradcom wasn't providing the quality of service that they needed. Basically it boils down to, mahirap talaga and we don't have the money to properly throw at the problem. Whether it's LTO, whether it's the PNP asking basic employment records and failing to secure those records, it was so bad that the PNP IT was not even aware that they had a database of employee of those records. So whoever was in charge of that operation basically went on a rogue operation, okay we're gonna collect this data, but then didn't properly encrypt it, didn't properly secure it, and didn't even properly run it by their own internal IT department. So mahirap talaga especially since we don't have the funds necessary to come up with a with systems that can properly deal with this volume. I'm not sure about the number of providers yun nga Stradcom was axed by LTO but they couldn't find anybody else willing to take it up maybe for that budget because we don't lack in IT personnel. What we lack perhaps is the experience for large scale systems like that. Again I don't want to overly speculate but large systems like that you know not any run-of-the-mill IT company or developer can do it and it's not just us, a lot of governments even first world countries running to difficulties with establishing IT systems that need to be accessed by their citizenry. Case in point at US during Obama's time he passed a law saying that okay everybody needs to have medical insurance so that was universal healthcare and it was a really big push for the democrats especially the president in particular that was a signature program by him he burned a lot of political capital because when he was first elected there was a lot of goodwill he could have gotten a lot done and you know the US has a lot of problems gun control but defense spending poor school testing scores I mean there are a lot of problems in the US but one of the chief concerns that Obama decided to tackle early on was universal healthcare and it was a very contentious issue but he was able to get the law passed through congress and through the senate. The problem now was implementation and their big idea was you could go to a website any so as an American citizen I'm now required to have health insurance where do I find that para mura I would theoretically be able to go to this website and all of the providers would be there already so I could see at a glance o iteng pinakamura or ito hindi ganang kamura but it has the coverage that I want that I need so it's giving the consumer giving the citizen all the necessary information that he or she needs to make a proper decision ah so it sounds super simple right website that can handle millions of inquiries transactions per minute per second and no problem for the US government which is a budget of gazillions of of dollars I mean you know you don't mind spending 1.2 billion on a fighter jet I'm sure coming up with a website that can deal with that should be easy right but the universal healthcare website I forget the exact URL almost failed before it went live to the public people were testing it and they were saying that this is crap like we we need a website that can handle just for example 100 million simultaneous users probably not 100 million but you know something like that like a website that can handle this heavy load and it just wasn't doing it the the website that the developers or the I forget who the initial developers were though initial product that they came up with was just not doing the job and this was a potential disaster imagine you have you spent so much political capital you've staked your reputation that yes this is the way forward you would be crucified by your political opponents if after all of that effort and argument and budget if the very vehicle by which you can get this law implemented is so faulty is so buggy and in the end what they turned to us I don't know how they got involved I think basically the one of the people with general oversight over the universal healthcare website was like this is crap this is not going to work so he actually called in friends it was literally a call in your friend moment in his life where you know I know people from Google I know people from you know these really smart guys who are used to handling website systems it databases that can handle this large crush of people and if and you think about it if you're listening to this on Spotify on Apple and Google or on YouTube the amount of data that these private companies need to process per second is tremendous and yet as customers we barely appreciate that fact we complain when it's down but when it's up it's just like second nature to us it's like breathing we don't think about it anymore but actually the uptime of these websites is phenomenal when you go on to amazon and it's just there and it's so fast you search on google yunya we don't think about it anymore but it's a herculean effort to have these kind of databases that can handle that load so this guy called in friends hey they called in the private sector and they're like guys you really need your help this this this website is not working and it wasn't even for compensation if i remember it the story correctly these coders who worked on the healthcare website the public i mean it was it's a public project but they were brought in like literally last minute like it was a hail mary pass to get this website working and they did it like the super smart people who got involved in that to basically volunteer their time and and man hours yunya parang overtime na to parang crunch time kasi may deadline that the website had to be online and they got the job done they were able to overhaul the system which was not working initially and so when the healthcare website launched it was able to handle the volume of traffic that that it experienced and there were very few complaints about from from americans from citizens who were trying to okay i'm now required the law required me now i need to comply this is how i comply by going through this website and actually dun ako na iniis sa gobierno natin it's not so much i understand mahirap talaga to make up to to develop these kind of systems na iniis ako na you're making us comply through these systems that don't work i mean can't we come up with a una if you're making us comply but there's no easy way for us to comply that's not fair that's another good law that's not a good way of governance because all of the burden is shifted towards the citizen na hindi naman dapat we want to comply we want to follow with the law and yet the process by which you're telling us to follow is faulty is super yeah it just doesn't work i mean whether it's getting your license renewed whether it's getting your passport renewed whether it's a business permit i mean sobrang simple lang dapat ng mga toh and yet so many things are required so many hopes to jump through if your it systems are not working then either get us a better it system or don't ask these requirements from us dun ako na iniis and i don't blame the pnp for having this unsecure database which was just basically hanging out there it is hard it at scale is hard but then kung ganon come up with a better system maybe not don't ask us to pass it online if their employment records maybe don't even ask us to submit all of these records does the pnp really need my marriage certificate does the pnp really need my transcript of records and i'm sure somebody in the audience is saying yes we need all of that it'd be good if that's what you need then give us a secure way to upload that di ba yung nga i'm not saying you're the ones who can tell us what you need but if you say that you need those things then give us an easy secure way to give you those things we want to comply we want to follow the law we want to get our driver's license renewed but you know if it's you go through the motions and then you get this laminated thing which apparently may shortage now of the plastic being used for driver's licenses again it's an it thing it's a logistics thing and if you get your license renewed now some people have been reporting basically you get cardboard that's laminated a temporary driver's license i mean what a joke why not just slap a sticker on the old license i guarantee you if you're applying if you're getting your license renewed may license ya ka na may plastic license ka na but pa tayong papatawan na gagawa pa ng cardboard license and then ipapalaminate mas muna pa yung sticker lagay mo lang yung sticker oh the sticker is so easy to fabricate madaling i counterfeit e na tahog mo dyan sa laminated license yun nga it's we find reasons to justify why we need so many things why we need all of these things when at the end of the day if we can't properly receive what the sorry let me rephrase if the government can't properly receive what they're asking what it's asking from its citizens then that's not a valid request i mean it should be something that we the people can comply with and that if we've complied with everything we should get the service promptly and efficiently and not get like again the driver's license i mean come on man this is 2023 yeah i mean i don't it is hard it at scale is even harder lots of richer governments have tried and have failed but then let's be realistic um if we're asking certain things and we can't secure those certain things we can't process the transactions at the speed they should be reasonably expected to be processed at then let's not ask for so many requirements then let's not burden the citizens with requirements that we the government don't even look at don't even secure anyway so di ba parang let's be realistic about what we can do with the budget that we have and let's try to place the same demands on ourselves talk about government that we place on our citizens kung marami kang kiningi from the citizen di dapat ganun din kabilis yung response mo kung gano kahirap yung really require mo sa citizens then dapat ganun din ka efficient yung reply mo on that matter i mean it's it's it seems based on fundamentally unfair that a lot of barriers are thrown in front of us for us just to get basic things and then after we've gone through all of those barriers government can't even give us those basic things in a reasonable amount of time that's what's frustrating and again i can actually sympathize with the pnp it's not again it is hard it at scale is hard but then the solution if it's not an it solution maybe it can be a a human solution let's cut back on the things we're asking for let's focus on the speedy release of whatever permit or application or license is pending before the office we don't have money to throw at the problem but there are other solutions that we can try at this problem compared to just placing the burden on the citizens and just hoping that ah marami tayong rin nerequire so hopefully konti lang yung mag-apply para dito or because we put so many barriers in place the number of people coming to us while the total volume might be the same the staggered volume of how or how many people actually show up per day is less because it's so difficult to get all of these requirements that we're asking for so there are solutions that we can try yung yung i'm not even saying that these are the proper solutions but definitely whatever it is we're doing as a mindset is not working wala tayo pero pang large scale it budget then what can we do to streamline the data going into the it system so that the it system doesn't need to be so big to begin with for licenses maybe extend the validity period auto renewal if you don't have a ticket or something uh actually parang from p&p i've shifted to lto and i do have a lot of frustrations with the lto but i guess that's a thing for another podcast and we'll leave it for now i think i just realized that we're around 20 minutes in or so into the podcast i didn't realize i'd spent so long on that it is a frustrating problem just just last words it is a frustrating problem i don't blame government so much for the inadequacy of its it systems but more for the fact that no one is thinking of solutions how to work with the inadequacy of those it systems parang sa kanila they just keep piling on more needs on the already very strained it systems um and you know maybe we can yeah perhaps the better way would be to try to streamline the data going into the it system in the first place what definitely needs to be streamlined or okay maybe awkward segue but definitely something needs to be done about the 700 7800 x3d and why is that that's the newest cpu from amd i talked about it last week how it's probably the best gaming cpu right now although problems have cropped up there was a post on reddit and where else it's always on reddit that he bought a 7800 x3d this is a very difficult number for me to say i you i've lost track of how many times i've had to edit out because i keep slurring 7800 x3d but anyway the 7800 x3d he paired it with a asus rog 6 7 x670 e mother board so the if you if you saw our video on that makaiba pa yung x670 x670 e so the e version is like the latest and the greatest talaga uh spared no expense and actually we have a build coming up where it's a 7 950 x3d and the rog x670 e cross hair extreme i think or something but we'll talk about that build um on another podcast or in in in another piece of our content but anyway the user paired those two he came home the pc wasn't working upon an inspection the cpu was fried in fact it was so deformed that there was a bulge a notice will bulge in the cpu square and so he posted about it on reddit more people came forward and now gamers nexus has secured the i'm not sure that was the hardware of that particular post or basically some hardware that had the same symptom so an 7800 x3d with an asus mother board the suspicion now is that the asus the bios of these asus mother boards is pumping too much voltage into the cpu they there's some speculation that the bios is overly aggressive in trying to get better cpu speeds this has been fueled in part because the the repository or the list of asus bios for these mother boards has been undergoing a lot of changes a lot of bios versions have been deleted there are only a couple left on hand and then these are constantly or have been replaced quite quickly in the past few days so there is evidence of asus at least there have been reports as well on asrock mother boards but asus seems to be the majority of the reports and there is circumstantial evidence to suggest that asus has been rapidly trying to find a good version of the bios that might prevent this from occurring so again this is very speculative everybody is sort of waiting for the gamers nexus it's kind of amazing i mean if you're not familiar with gamers nexus there's this there this youtube channel that is very hardware focused and they really do deep dive so ltt linostec tips is sort of very general beginner friendly information gamers nexus is a very deep dive it throws a lot of jargon and figures and benchmarking things at you but it's interesting that gamers nexus has become sort of the referee when it comes to things like this so there's been a lot of burning lately for new hardware where of course you know we think about the launch of the nvidia 40 series with the adapter cable for the new type of power connector there the seven thousand series also of amd reported some some fire issues or you know inability to cool issues and now the latest would be the seven eight hundred x3d to be fair it's not clear yet where the fault lies but the advice now is to make sure especially if you have an asus motherboard that your bios is updated on amd's end they were quite clear that we we don't want you to be pushing a lot of voltage into these new chips in fact i think they disabled overclocking or the or i'm not sure if they meant the ec overclock tool that has become kind of widespread lately for the current generation or you know the the cpu sort of come out in the past five years or so this is a niche problem not many people are upgrading it to the seven eight hundred x3d and not too many people would be sporting a rog except x670 e motherboard but the internet was as as as is usual with hardware news and you know you have a lot of hardcore people everybody jumped on it um there's been a lot of jumping on on asus on the qy you know why are your why why is your bios like that your bios is faulty again we're just reporting on the general speculation there's nothing definitive yet but this is a very theoretical problem for a lot of our listeners who probably are not thinking or do not have a seven eight hundred x3d on hand let alone an x670 e mobile from asus that being said if you do please do update your bios and if you do have a hankering for this so hot system that it can literally combust we can get it for you as i mentioned we we actually do have the seven eight hundred x3d now on stock uh we and are about to do a build with the seven nine fifty x3d and the rog x670 e so but we'll be we'll make sure to update the bios on that and of course follow the news to see how we can avoid this very expensive rig i mean i think the seven nine fifty x3d was around 40 plus the motherboard was definitely around 50 plus so that's almost close to 100 000 pesos in hardware that can both potentially go up in smoke without any fault of the user just because the basic programming language of the motherboard i.e. the bios is sending it wrong instructions or you know is sending instructions is sending it suicidal instructions putting that out there but probably talking about it more in the coming weeks when gamers nexus comes out with its findings and the last hardware news for this podcast is that msi released a 30 60 ti card in china which it had to recall on the request of invidia and the reason was not hardware the reason was marketing because msi called this particular 30 60 ti card the rtx 30 60 ti super 3x and if you remember the invidia cards from the 10 series and the 20 series invidia had a bunch of cards that had super attached to them like it was literally part of their name so the 1660 super is different from the 1660 and we do have a video about this in the past and generally when you put super there ganda performance upgrade over that classic version of that card so the 1660 super does a lot better than the 1660 for example and i think there was one exception i can't quite remember but i think it might have been the 20 60 super if i'm remembering correctly we we did a video on that last year on on the entire invidia line and you can check it out um on our youtube channel but msi released this card just in china and invidia it had already gone out so they were they were starting to sell it but then invidia was like hey no stop that um and speculation and i agree with the speculation is probably because invidia was worried that people would get the wrong idea that ui may 30 60 ti super napala which actually doesn't even follow the naming convention because the ti's never get a super version it's usually the vanilla card say for example the 20 60 and then there's a super version of that but i don't recall any ti cards or ti cards as invidia likes to call them that got the super version but invidia complained msi complied although i guess it's hard you really don't have to comply when invidia complains so they pulled the cards from the market i think supposedly what msi was going for was that this was a three fan version of the 30 60 ti so that's why they wanted to you know kind of emphasize that this is a this is a version of this card that you know can handle per four months so it's super except that super already has certain connotations for people who follow invidia cards and it's it's kind of like um it's a mistake that could have been corrected before it was made i mean even if you didn't get specific guidance from invidia you've been making invidia cards for so long you're aware i mean msi is aware of what the super means in relation to the other invidia cards i don't know if this it was just a marketing guy who didn't know his hardware and he was just saying yeah well we want to say that this is great and what better way to boost sales than slapping the word super on it um but you can't buy it anymore msi has pulled it it will probably release the card again but under a different name so a real world example of a rose by any other name would smell just as sweet as shakespeare says and and the point of that line from room you and juliet is that it doesn't matter what you name things a rose by any other name would smell just as sweet like you could name a rose could be called earphone and it would still smell just as sweet but names words do matter and as was seen in the in this contemporary case of msi pulling out the it's 30 60 ti super card so if you ever hear anybody selling you a 30 60 ti super that might be true but it's just in the name thanks so much for listening to talk show but friendly catch us again next week every friday enjoy your day enjoy your week stay safe everyone