Kode Komunikasi

Sebagai makhluk sosial, komunikasi merupakan kebutuhan utama manusia untuk melakukan hubungan dan sosialisasi terhadap lingkungan dimana dia berada. Prinsip dasar komunikasi adalah adanya pemahaman yang sama terhadap informasi yang disampaikan oleh sender terhadap receiver sehingga receiver dapat mengerti maksud yang ingin disampaikan oleh sender dan kemudian melakukan respon dalam bentuk feedback. Untuk mendapatkan kesamaan persepsi, perlu dilakukan persetujuan antara sender dan receiver tentang bentuk dan kode komunikasi yang digunakan.

Secara tradisional, telah ditetapkan beberapa kode komunikasi untuk menyampaikan pesan dan informasi kepada orang lain yaitu dengan menggunakan kentongan. Cara memukul dan frekuensi pukulan kentongan sangat efektif dalam menyampaikan informasi kepada masyarakat di lingkunagn tertentu. Sebagai contoh dengan frekuensi pukulan tertentu, kentongan dapat menyampaikan informasi tentang tindak pencurian, bencana alam, adanya pengumuman dll. Dengan kode-kode pukulan kentongan tersebut informasi yang ingin disampaikan oleh sender dapat dipahami dan dimengerti oleh receiver dan kemudian receiver melakukan respon dengan suatu tindakan tertentu. Namun komunikasi ini juga sangat rentan terganggu oleh noise yang menyebabkan ketidakjelasan tentang kode yang disampaikan. Hal ini tentu sangat menganggu relevansi informasi yang ingin disampaikan sender kepada receiver.

Dalam bentuk yang lebih maju, digunakan kode morse dalam melakukan komunikasi. Kode morse pertama kali di ciptakan sejak tahun 1800-an oleh F.B. Morse berkebangsaan Amerika. Istilah lain dari kode morse adalah Telegrafie atau disebut juga dengan istilah kata sandi morse. Kode morse biasanya digunakan pada komunikasi maritim, perhubungan darat/laut, angkatan bersenjata dan amatir radio. Pada Zaman Perang dunia I & II Kode morse sangat dibutuhkan pada setiap Negara karena, kegunaannya untuk dinas rahasia Negara, karena lebih singkat, lebih cepat dan masih dapat diterima sinyal pancarannya yang sangat lemah sekalipun. Disinilah kelebihan dari kode morse itu, namun kelemahannya bahwa orang beranggapan bahwa untuk belajar kode morse sangat sulit dan membutuhkan waktu yang tidak sedikit.

Dalam perkembangannya, tentu dapat diciptakan kode-kode komunikasi lain yang lebih kompleks seperti bahasa pemrogaman dan networking. Kode-kode tersebut diciptakan agar komputer bisa membaca perintah yang diberikan kepadanya. Menurut pendapat saya setiap orang bisa menciptakan kode-kode tertentu dalam berkomunikasi asalkan sebelumnya telah terjadi kesepakatan antara sender dan receiver terhadap kode-kode yang dikirimkan sehingga informasi yang diberikan dapat dimengerti secara efektif oleh receiver. Hakekat dasar komunikasi adalah sampainya informasi dengan baik kepada receiver dan kemudian receiver dapat memberikan feedback atas informasi tersebut. Kemudian hal yang perlu diperhatikan adalah adanya noise (gangguan) pada komunikasi. Hal ini dapat menyebabkan kesalahan intepretasi antara kedua belah pihak sehingga terjadi miskomunikasi. Untuk itu perlu dibuat suatu mekanisme yang dapat melaporkan adanya error dalam komunikasi.

Sebagai contoh kode dalam komunikasi internal adalah sebagai berikut:

1-1 : Hubungi per telepon
1-4 : Ingin bicara diudara (langsung)
3-3 : Penerimaan sangat jelek/orang gila
3-3L : Kecelakaan korban luka
3-3M : Kecelakaan korban material
3-3K : Kecelakaan korban meninggal
3-3KA : Kecelakaan kereta api
3-4-K : Kecelakaan, korban meninggal, pelaku melarikandiri
4-4 : Penerimaan kurang jelas
5-5 : Penerimaan baik/sehat
8-4 : Tes pesawat/penerimaannya
8-6 : Dimengerti
8-7 : Disampaikan
8-8 : Ingin berjumpa langsung
10-2 : Posisi/keberadaan
10-8 : Menuju
2-8-5 : Pemerkosaan
3-3-8 : Pembunuhan
3-6-3 : Pencurian
3-6-5 : Perampokan
8-1-0 : Pembunuhan
8-1-1 : Hidup
8-1-2 : Berita agar diulangi (kurang jelas)
8-1-3 : Selamat bertugas
8-1-4 : Laporan/pembicaraan terlalu cepat
8-1-5 : Cuaca
8-1-6 : Jam/waktu
8-1-9 : Situasi

Kode-kode tersebut hanya dimengerti oleh suatu komunitas tertentu yang telah menyepakati kode-kode tersebut. Hal ini efektif untuk menyampaikan informasi yang bersifat rahasia karena orang diluar komunitas tersebut tidak akan mengetahui isi informasi yang disampaikan. Gangguan dalam komunikasi mungkin terjadi apabila tarjadi kesalahan dalam penulisan angka dan karakter sehingga akan menyebabkan kesalahan intepretasi oleh receiver. Jadi untuk informasi dengan menggunakan kode, ketelitian merupakan hal yang penting karena kesalahan satu karakter akan menyebabkan terjadinya bias dalam pemahaman informasi yang disampaikan yang akan berdampak buruk bagi pengguna informasi tersebut.

Sedikit tambahan dari gw :

Police Letters Alphabet




Thanks to:
- Arek2 Laboratorium Jaringan Telekomunikasi
- Delta_Echo_Whisky_India

Why Google Chrome Frame won't help

So Google just announced a new open source project: Chrome Frame.

Google Chrome Frame is an early-stage open source plug-in that seamlessly brings Google Chrome's open web technologies and speedy JavaScript engine to Internet Explorer. With Google Chrome Frame, you can:

• Start using open web technologies - like the HTML5 canvas tag - right away, even technologies that aren't yet supported in Internet Explorer 6, 7, or 8.
• Take advantage of JavaScript performance improvements to make your apps faster and more responsive.

Just to clarify: I don't think it hurts anything, and I applaud Google's intentions to rid us all of supporting such a piece of shit like IE. It looks like a cool piece of technology and the most creative effort I've seen since the Mozilla ActiveX control.

But it'll do jack shit to get around supporting IE in all of its broken glory.

I'll ignore the current requirement of adding a meta tag to a page in order to trigger the plugin, and also the fact that this extremely young and experimental project doesn't have things like deployment tools for IT departments to use. They just announced this, and want feedback from developers at this point so they can continue working on it.

Google Chrome Frame will do jack shit, because the stick-in-the-mud companies that can't part with IE6 won't install a browser in a plugin. If the companies didn't have ignorant, self-defeating, head-up-their-fucking-ass rules about what level of corporate hell they'll ban you to for trying to install something on your machine, they would simply let you install the browser itself. None of the companies currently threatening their employees with fines or even firing will consider for a second adding an entire browser via a plugin. Employees might try to install it on their own in order to try to hide the fact that they get more work done when not using a complete piece of shit, but that will just prompt more companies to learn how to block people from installing browser plugins.

One of the reasons even the more laid back companies would probably let people install a whole other browser before installing a browser in a plugin: support. If you have employees using web applications that take advantage of Chrome Frame and they hit a bug either in the web application itself or something more severe like a browser crash (or maybe the always entertaining BSOD), that will fucking suck to figure out what happened. And if you installed Chrome Frame without their knowing, then call up support with a "my browser fucking crashed on me again" that turns out to stem from Google's crap code, your employer will fuck you. Shit, once they finally upgrade to IE8 they'll have enough of a problem with browser engines.

We instead need to find out what products companies use that require IE and either get the distributer to stop that shit, or provide alternatives. This will take a fucking long time, so I expect we'll also need to educate some of these dumbasses who think that they'll stay more secure by using an ancient fucking version of the least secure browser in existence, so they'll at least let one of the better choices onto the machines. Then employees will still have IE6 for the ten-year old shit software that requires it, and something else to use that actually works with the rest of the world.

Left brain, Right brain, and the other half of the story

In my head, this post and yesterday's post on risk and opportunity are deeply connected, but logically they needed to be split apart.

The theory of the left-brain / right-brain split is that the left hemisphere of our brain handles linear, logical processing (cold logic) while the right hemisphere is more emotional, intuitive, and holistic (evaluating the whole picture instead of considering things one component at a time). Naturally, some people are more left-brain dominant while others are more right-brain dominant. This divide is discussed quite a bit elsewhere -- I recommend starting with the TED talk by Jill Bolte Taylor, a neuroanatomist whose left hemisphere was damaged by a stroke, causing her to become right-brain dominant.

I'm actually somewhat skeptical that the left-brain / right-brain split is as real as people assume, however it seems to be metaphorically correct, so for my non-surgical purposes, it's "good enough".

To me, one of the most interesting aspects of this right/left divide is that many people seem to identify strongly with one side or the other, and actually despise the other half of their brain (see here for a few examples, and even Jill Taylor seems to be doing it to some extent). This seems kind of dumb. My theory is that both halves of our brain are useful, and that for maximum benefit and happiness, we should learn how to use each half to its maximum potential.

This is where I link in to yesterday's post on Risk and Opportunity. My suggestion was to simultaneously seek big, exciting opportunities ("dream big"), while carefully avoiding unacceptable risks ("don't be stupid"). In my mind, that is the right/left divide.

The left-brain ability to carefully double-check logic and evaluate the risks is very important because it helps to protect us from bad decisions. When we imagine the kind of person who believes things that are obviously false, falls for scams, ends up joining a cult, etc, we probably picture a stereotypically right-brain person.

However, what the left brain has in cold, efficient logic, it lacks in passion and grandiosity.

When I wrote about evaluating risks and opportunities, it was as though we use a logical process when make decisions, but of course that's not actually true, nor should it be. Our actual decision making is much more emotional (and emotions are just another mental process).

The right-brain utility is in integrating millions of facts (more than the left brain can logically combine) and producing a unified output. However, that output is in the form of an intuition, "gut feeling", or just plain excitement, which can sometimes be difficult to communicate or justify ("it seems like a good idea" isn't always convincing). Nevertheless, these intuitions are crucial for making big conceptual leaps, and ultimately providing direction and meaning in our lives.

So to reformulate yesterday's advice, I think we do best when using our right-brain skills to discover opportunity and excitement, while also engaging our left-brain abilities to avoid disasters, find tactical advantages, and rationalize our actions to the world. Left and Right are both stuck in the same skull, but not by accident -- they actually need each other. (the same could probably be said for politics, but that would be another post)

Coincidentally, I just saw another good TED talk that mentions these right-brain/left-brain issues in the context of managing and incentivizing creative people. It's worth watching.

Terorisme, Sebenarnya Perang Melawan Siapa?

Istilah terorisme telah mengglobal dan dibicarakan oleh hampir seluruh kalangan. Bahkan istilah atau kata terorisme telah dipergunakan oleh Amerika sebagai instrumen kebijakan standar untuk memukul atau menindas lawan-lawannya dari kalangan Islam. Perang melawan terorisme telah menjadi teror baru bagi masyarakat, khususnya kaum Muslimin yang berdakwah dan bercita-cita menjalankan syariat secara kaaffah. Lalu apakah pengertian sebenarnya dari istilah terorisme ini? Siapakah teroris yang sebenarnya?




Definisi Terorisme

Masalah pertama dan utama dalam perdebatan seputar "terorisme" adalah masalah definisi. Tidak ada satu definisi pun yang disepakati oleh semua pihak. Terorisme akhirnya menjadi istilah multitafsir, setiap pihak memahaminya menurut definisi masing-masing, dan sebagai akibatnya aksi dan respon terhadap terorisme pun beragam.

Sebenarnya, istilah terorisme bukan suatu hal yang kompleks, bahkan secara bahasa istilah ini tidak mampu memberikan arti secara menyeluruh. Lalu kenapa orang lambat sekali dalam menempatkan definisi istilah ini?

Dari fakta yang ada, terdapat sebuah kedengkian di balik semua ini, karenanya dibutuhkan definisi yang menyeluruh termasuk variasi komponen-komponennya dan batasan-batasan yang diperlukan dari aspek yang berlawanan dengan komponen tersebut. Dalam fikiran banyak orang sekarang ini justru membutuhkan banyak kalangan untuk mendefinisikan istilah ini supaya tidak menjatuhkan hukuman pada orang yang tidak bersalah atas sejumlah tindak kejahatan dan sejumlah kebenaran yang disimpangkan.

Terorisme menurut Badan Intelijen Pertahanan Amerika Serikat adalah �Tindak kekerasan apapun atau tindakan paksaan oleh seseorang untuk tujuan apapun selain apa yang diperbolehkan dalam hukum perang yang meliputi penculikan, pembunuhan, peledakan pesawat, pembajakan pesawat, pelemparan bom ke pasar, toko, dan tempat-tempat hiburan atau yang sejenisnya, tanpa menghiraukan apa pun motivasi mereka.�

Oxford�s Advanced Learner�s Dictionary, 1995 mendefinisikan Terorisme adalah Penggunaan tindak kekerasan untuk tujuan politis atau untuk memaksa sebuah pemerintahan untuk melakukan sesuatu (yang mereka tuntut), khususnya untuk menciptakan ketakutan dalam sebuah masyarakat.

Badan intelejen Amerika CIA mendefinisikan Terorisme Internasional sebagai terorisme yang dilakukan dengan dukungan suatu pemerintahan atau organisasi asing dan atau diarahkan untuk melawan nasional, institusi, atau pemerintahan asing.

Dalam Oxford Dictionary disebutkan : Terrorist : noun person using esp organized violence to secure political ends. (perorangan tertentu yang mempergunakan kekerasan yang terorganisir dalam rangka meraih tujuan politis).

Dalam Encarta Dictionary disebutkan : Terrorism : Violence or the threat of violence carried out for political purposes. (Kekerasan atau ancaman kekerasan yang dilakukan demi tujuan politis).

Terrorist : Somebody using violence for political purposes : somebody who uses violence or the threat of violence, especially bombing, kidnapping, and assassanition, to intimidate, often for political purposes. (Seseorang yang menggunakan kekerasan untuk tujuan politis: seseorang yang menggunakan kekerasan, atau ancaman kekerasan, terkhusus lagi pengeboman, penculikan dan pembunuhan, biasanya untuk tujuan politis).

Dr. F. Budi Hardiman dalam artikel berjudul "Terorisme: Paradigma dan Definisi" menulis: "Teror adalah fenomena yang cukup tua dalam sejarah. Menakut-nakuti, mengancam, memberi kejutan, kekerasan, atau mem�bunuh dengan maksud menyebarkan rasa takut adalah taktik-taktik yang sudah melekat dalam perjuangan kekua�saan, jauh sebelum hal-hal itu dinamai �teror� atau �terorisme�.

Istilah �terorisme� sendiri pada 1970-an dikenakan pada beragam fenomena: dari bom yang meletus di tempat-tempat publik sampai dengan kemiskinan dan kelaparan. Beberapa pemerintah bahkan menstigma musuh-musuhnya sebagai �teroris� dan aksi-aksi mereka disebut �terorisme�. Istilah �terorisme� jelas berko�notasi peyoratif, seperti juga istilah �genosida� atau �tirani�. Karena itu istilah ini juga rentan dipolitisasi. Kekaburan definisi membuka peluang penyalahgunaan. Namun pendefinisian juga tak lepas dari keputusan politis."

Mengutip dari Juliet Lodge dalam The Threat of Terrorism (Westview Press, Colorado, 1988), �teror� itu sendiri sesungguhnya merupakan pengalaman subjektif, karena setiap orang memiliki �ambang ketakutannya� masing-masing. Ada orang yang bertahan, meski lama dianiaya. Ada yang cepat panik hanya karena ketidaktahuan. Di dalam dimensi subjektif inilah terdapat peluang untuk �kesewenangan� stigmatisasi atas pelaku terorisme.


Amerika Memanfaatkan Terorisme Untuk Melawan Islam

Noam Chomsky, ahli linguistik terkemuka dari Massachussetts Institute of Technology, AS, telah menyebutkan kebijakan Amerika dan Barat terhadap Dunia Islam dengan isu "terorisme" ini sudah begitu kuat terasa sejak awal 1990�an. Tahun 1991, ia menulis buku "Pirates and Emperor: International Terrorism in The Real World."

Dalam artikelnya yang dimuat oleh harian The Jakarta Post (3 Agustus 1993), dan dimuat ulang terjemahannya oleh harian Republika dengan judul "Amerika Memanfaatkan Terorisme Sebagai Instrumen Kebijakan", ia menulis bahwa Amerika memanfaatkan terorisme sebagai instrumen kebijakan standar untuk memukul atau menindas lawan-lawannya dari kalangan Islam.

Jadi, kebijakan Amerika dan Barat untuk memerangi dunia Islam dengan menggunakan isu "perang melawan terorisme internasional" sudah digulirkan sejak awal 1990-an, jauh sebelum kemunculan Taliban, apalagi Al-Qaeda, tragedi WTC maupun berbagai pemboman di sejumlah kawasan di dunia Islam.

Demikianlah, perang melawan terorisme yang digalang oleh Amerika, Barat dan antek-anteknya, sejatinya adalah perang malawan Islam dan kaum Muslimin. Targetnya adalah umat Islam, sampai kepada titik mengganti kurikulum pendidikan agama agar sesuai dengan nilai-nilai dan keinginan Barat. Upaya apapun untuk mengkaburkan hakekat ini, justru kontra produktif dan menguntungkan mereka-mereka yang membenci Islam.


Bagaimana Dengan Islam ?

Dalam Islam, istilah terorisme sendiri tidak pernah dikenal. Jikapun dicari padanan kata terorisme, maka yang dikenal adalah istilah Al Irhab, yang menurut Imam Ibnu Manzhur dalam ensiklopedi bahasanya mengatakan: Rohiba-Yarhabu-Rohbatan wa Ruhban wa Rohaban : Khoofa (takut). Rohiba al-Syai-a Rohban wa Rohbatan : Khoofahu (takut kepadanya).

Bisa difahami bahwa kata Al-Irhab (teror) berarti (menimbulkan) rasa takut. Irhabi (teroris) artinya orang yang membuat orang lain ketakutan, orang yang menakut-nakuti orang lain. Dus, setiap orang yang membuat orang yang ia inginkan berada dalam keadaan ketakutan adalah seorang teroris. Ia telah meneror mereka, dan sifat "teror" melekat pada dirinya, baik ia disebut sebagai seorang teroris maupun tidak; baik ia mengakui dirinya seorang teroris maupun tidak.

Dalam Islam, tidak diperbolehkan untuk melanggar kesucian kehidupan seseorang, baik secara lisan, fisik, maupun finansial, tanpa ijin atau hak dari Sang Pencipta, Allah SWT. Setiap Muslim memiliki kesucian jiwa, harta, dan kehormatan, sebagaimana Sabda Rasulullah SAW :

�Barangsiapa membantu orang untuk membunuh kaum Muslimin bahkan dengan sebuah ucapan atau kurma, maka dia kafir.�

Kalau demikian adanya, maka apa namanya ketika tentara Amerika datang dari jauh ke Irak untuk membunuh dan menawan kaum Muslimin, seraya mengklaim bahwa mereka memerangi teroris, yang diartikan (menurut) mereka dengan menghancurkan masjid-masjid, menawan para Muslimah, menginjak-injak Al-Qur�an sebagaimana mereka melakukannya juga di negeri-negeri kaum Muslimin lainnya ? Tindakan inilah yang merupakan akar permasalahan terorisme yang hingga saat ini terus berlanjut.

Amerika, The Real Terrorist

Ungkapan di atas adalah fakta yang tidak terbantahkan. Terlalu banyak dan panjang catatan peristiwa sejarah Amerika yang dapat membuktikan bahwa Amerika adalah teroris sejati. Amerika dengan dukungan sekutunya NATO, berhasil menekan PBB untuk mengembargo Irak, pasca Perang Teluk Kedua (1991). Kaum Muslimin menjadi korban, tidak kurang 1,5 juta orang meninggal. Belum lagi mereka yang cacat dibombardir tentara Multinasional dalam Perang Teluk Kedua ini.

Setelah lebih dari 12 tahun embargo, tahun 2003 Amerika dengan sekutu-sekutunya menginvasi Irak, menggulingkan pemerintahan, dan membentuk pemerintahan boneka. Dalam aksinya ini, Amerika telah membunuh ribuan kaum Muslimin, baik anak-anak, orang tua, maupun wanita. Semuanya demi kepentingan Amerika dan sekutunya. Apakah aksi-aksi brutal ini bukan sebuah bentuk teror, bahkan puncak dari teror ? Dus, Amerika dan sekutunya adalah teroris bahkan teroris sejati? Sayangnya media massa menyebut warga Irak yang mempertahankan negaranya dari agresi Amerika itulah yang teroris, fundamentalis, ataupun pemberontak.

Contoh serupa terjadi di negeri-negeri kaum Muslimin lainnya, seperti Afghanistan, dan Pakistan. Bahkan contoh kasus negeri Muslim Palestina yang dijajah sejak tahun 1948 oleh Israel atas restu Amerika dan sekutunya, lebih menunjukkan lagi bahwa Amerika benar-benar teroris sejati. Serangkaian teror yang dilakukan agresor Israel atas kaum Muslimin Palestina tidak pernah mendapatkan sanksi. Tentu saja karena Israel dibesarkan dan dibela oleh Amerika. Setiap tahun, Amerika memberikan bantuan ekonomi kepada Israel tak kurang dari 3 miliar dolar USA. Ini belum terhitung bantuan militer yang dipergunakan untuk melakukan politik terornya kepada bangsa muslim Palestina yang tak bersenjata.

Jadi, semuanya sangat tergantung kepada definisi teror dan terorisme yang saat ini didominasi oleh definisi yang dibuat Amerika dan sekutu-sekutunya. Seandainya mereka membuat definisi standar "teror dan terorisme" yang dapat diterima semua pihak, mereka (Amerika) adalah pihak pertama dan teratas yang menempati daftar teror dan terorisme.

Jika definisi teror adalah membunuh rakyat sipil yang tak berdosa; anak-anak, wanita dan orang tua, maka mereka adalah teroris paling pertama, teratas dan terjahat yang dikenal oleh sejarah umat manusia. Mereka telah membantai jutaan rakyat sipil tak berdosa di seluruh dunia; Jepang, Vietnam, Afghanistan, Iraq, Palestina, Chechnya, Indonesia dan banyak negara lainnya.

Jika definisi teror adalah membom tempat-tempat dan kepentingan-kepentingan umum, mereka adalah pihak yang pertama, teratas dan terjahat yang mengajarkan, memulai dan menekuni hal itu.

Jika definisi teror adalah menebarkan ketakutan demi meraih kepentingan politik, maka merekalah yang pertama, teratas dan terjahat yang melakukan hal itu di seluruh penjuru dunia.

Jika definisi teror adalah pembunuhan misterius terhadap lawan politik, maka mereka adalah pihak pertama, teratas dan terjahat yang melakukan hal itu.

Jika definisi mendukung teroris adalah membiayai, melatih dan memberi perlindungan kepada para pelaku kejahatan, maka mereka adalah pihak yang pertama, teratas dan terjahat yang melakukan hal itu. Mereka bisa berada di balik berbagai kudeta di seluruh penjuru dunia. Aliansi Utara di Afghanistan, John Garang di Sudan, Israel di bumi Islam Palestina, Serbia dan Kroasia di bekas negara Yugoslavia, dan banyak contoh lainnya merupakan bukti konkrit tak terbantahkan bahwa The Real Terrorist adalah Amerika dan sekutu-sekutunya!


Terorisme, Perang Melawan Siapa?

Kini menjadi jelas siapa sebenarnya teroris sejati. Amerika bersama sekutunya telah melakukan teror kepada Islam dan kaum Muslimin sejak lama, diketahui bahkan direstui oleh dunia internasional. Ini sungguh tidak adil. Dunia diam saja dengan jumlah korban yang mencapai ratusan ribu dari umat Islam, namun berteriak-teriak lantang dan dipublikasikan luas jika dari pihak Amerika dan sekutunya yang terbunuh.

Sekilas realita teror dan terorisme ini cukup memberi contoh bentuk teror yang hari ini wujud di pentas dunia. Perang terhadap terorisme yang dikampanyekan oleh dunia internasional hari ini, di bawah arahan Amerika, tanpa memberi definisi dan batasan yang jelas terhadap "teror dan terorisme" telah menjadi alat efektif kekuatan pembenci Islam, untuk memerangi Islam dan kaum Muslimin. Melalui kampanye media massa dan elektronik internasional, "teror dan terorisme" telah didistorsikan dan dikaburkan sedemikian rupa; definisi, batasan, substansi, tujuan dan bentuk kongkritnya.

Adapun jika definisi teror dan terorisme distandarisasi, maka mereka yang akan menjadi pihak yang paling pertama, teratas dan terjahat yang terkena definisi tersebut. Oleh karenanya, mereka enggan memberikan definisi teror dan terosrime. Satu-satunya hal yang bisa dipahami seluruh umat manusia di dunia saat ini, bahwa "teror dan terorisme" versi hukum internasional (PBB yang mewakili kepentingan Amerika dan negara-negara adidaya lainnya) adalah Islam dan umat Islam, terutama umat Islam yang ingin hidup di dunia ini dengan merdeka penuh, bertauhid dan membela orang bertauhid, serta ingin menjalankan Islam secara kaafah.

Wallahu�alam bis Showab!.


By: M. Fachry
Arrahmah.Com International Jihad Analys

Ar Rahmah Media Network
http://www.arrahmah.com
The State of Islamic Media
� 2009 Ar Rahmah Media Network

Evaluating risk and opportunity (as a human)

Our lives are full of decisions that force us to balance risk and opportunity: should you take that new job, buy that house, invest in that company, swallow that pill, jump off that cliff, etc. How do we decide which risks are smart, and which are dumb? Once we've made our choices, are we willing to accept the consequences?

I think the most common technique is to ask ourselves, "What is the most likely outcome?", and if that outcome is good, then we do it (to the extent that people actually reason through decisions at all). That works well enough for many decisions -- for example, you might believe that the most likely outcome of going to school is that you can get a better job later on, and therefore choose that path. That's the reasoning most people use when going to school, getting a job, buying a house, or making most other "normal" decisions. Since it focuses on the "expected" outcome, people using it often ignore the possible bad outcomes, and when something bad does happen, they may feel bitter or cheated ("I have a degree, now where's my job!?"). For example, most people buying houses a couple of years ago weren't considering the possibility that their new house would lose 20% of its value, and that they would end up owing more than the house was worth.

When advising on startups, I often tell people that they should start with the assumption that the startup will fail and all of their equity will become worthless. Many people have a hard time accepting that fact, and say that they would be unable to stay motivated if they believed such a thing. It seems unfortunate that these people feel the need to lie to themselves in order to stay motivated, but recently I realized that I'm just using a different method of evaluating risks and opportunities.

Instead of asking, "What's the most likely outcome?", I like to ask "What's the worst that could happen?" and "Could it be awesome?". Essentially, instead of evaluating the median outcome, I like to look at the 0.01 percentile and 95th percentile outcomes. In the case of a startup, the worst case outcome is generally that you will lose your entire investment (but learn a lot), and the best case is that you make a large pile of money, create something cool, and learn a lot. (see "Why I'd rather be wrong" for more on this)

Thinking about the best-case outcomes is easy and people do it a lot, which is part of the reason it's often disrespected ("dreamer" isn't usually a compliment). However, too many people ignore the worst case scenario because thinking about bad things is uncomfortable. This is a mistake. This is why we see people killing themselves over investment losses (part of the reason, anyway). They were not planning for the worst case. Thinking about the worst case not only protects us from making dumb mistakes, it also provides an emotional buffer. If I'm comfortable with the worst-case outcome, then I can move without fear and focus my attention on the opportunity.

Considering only the best and worst case outcomes is not perfect of course -- lottery tickets have an acceptable worst case (you lose a $1) and a great best case (you win millions), yet they are generally a bad deal. Ideally we would also consider the "expected value" of our decisions, but in practice that's impossible for most real decisions because the world is too complicated and math is hard. If the expected value is available (as it is for lottery tickets), then use it (and don't buy lottery tickets), but otherwise we need some heuristics. Here are some of mine:

• Will I learn a lot from the experience? (failure can be very educational)
• Will it make my life more interesting? (a predictable life is a boring life)
  
• Is it good for the world? (even if I don't benefit, maybe someone else will)

These things all raise the expected value (in my mind at least), so if they are mostly true, and I'm excited about the best-case outcome, and I'm comfortable with the worst-case outcome, then it's probably a good gamble. (note: I should also point out that when considering the worst-case scenario, it's important to also think about the impact on others. For example, even if you're ok with dying, that outcome may cause unacceptable harm to other people in your life.)

I've been told that I'm extremely cynical. I've also been told that I'm unreasonably optimistic. Upon reflection, I think I'm ok with being a cynical optimist :)

By the way, here's why I chose the 0.01 percentile outcome when evaluating the worst case: Last year there were 37,261 motor vehicle fatalities in the United States. The population of the United States is 304,059,724, so my odds of getting killed in a car accident is very roughly 1/10,000 per year (of course many of those people were teenagers and alcoholics, so my odds are probably a little better than that, but as a rough estimate it's good). Using this logic, I can largely ignore obscure 1/1,000,000 risks, which are too numerous and difficult to protect against anyway.

Also see The other half of the story

10 reasons Websites get Hacked

Below you will find list of top 10 web vulnerabilities classified by OWASP, here is also description of the problem and some examples.

I will just give you the list in case you missed it before, i will not comment on any of these as there is already hot discussion about this matter on several sites/forums.

So here it starts:

1. Cross site scripting (XSS)

The problem: The �most prevalent and pernicious� Web application security vulnerability, XSS flaws happen when an application sends user data to a Web browser without first validating or encoding the content. This lets hackers execute malicious scripts in a browser, letting them hijack user sessions, deface Web sites, insert hostile content and conduct phishing and malware attacks.

Attacks are usually executed with JavaScript, letting hackers manipulate any aspect of a page. In a worst-case scenario, a hacker could steal information and impersonate a user on a bank�s Web site, according to Snyder.

Real-world example: PayPal was targeted last year when attackers redirected PayPal visitors to a page warning users their accounts had been compromised. Victims were redirected to a phishing site and prompted to enter PayPal login information, Social Security numbers and credit card details. PayPal said it closed the vulnerability in June 2006.

How to protect users: Use a whitelist to validate all incoming data, which rejects any data that�s not specified on the whitelist as being good. This approach is the opposite of blacklisting, which rejects only inputs known to be bad. Additionally, use appropriate encoding of all output data. �Validation allows the detection of attacks, and encoding prevents any successful script injection from running in the browser,� OWASP says.


2. Injection flaws

The problem: When user-supplied data is sent to interpreters as part of a command or query, hackers trick the interpreter � which interprets text-based commands � into executing unintended commands. �Injection flaws allow attackers to create, read, update, or delete any arbitrary data available to the application,� OWASP writes. �In the worst-case scenario, these flaws allow an attacker to completely compromise the application and the underlying systems, even bypassing deeply nested firewalled environments.�

Real-world example: Russian hackers broke into a Rhode Island government Web site to steal credit card data in January 2006. Hackers claimed the SQL injection attack stole 53,000 credit card numbers, while the hosting service provider claims it was only 4,113.

How to protect users: Avoid using interpreters if possible. �If you must invoke an interpreter, the key method to avoid injections is the use of safe APIs, such as strongly typed parameterized queries and object relational mapping libraries,� OWASP writes.


3. Malicious file execution

The problem: Hackers can perform remote code execution, remote installation of rootkits, or completely compromise a system. Any type of Web application is vulnerable if it accepts filenames or files from users. The vulnerability may be most common with PHP, a widely used scripting language for Web development.

Real-world example: A teenage programmer discovered in 2002 that Guess.com was vulnerable to attacks that could steal more than 200,000 customer records from the Guess database, including names, credit card numbers and expiration dates. Guess agreed to upgrade its information security the next year after being investigated by the Federal Trade Commission.

How to protect users: Don�t use input supplied by users in any filename for server-based resources, such as images and script inclusions. Set firewall rules to prevent new connections to external Web sites and internal systems.


4. Insecure direct object reference

The problem: Attackers manipulate direct object references to gain unauthorized access to other objects. It happens when URLs or form parameters contain references to objects such as files, directories, database records or keys.

Banking Web sites commonly use a customer account number as the primary key, and may expose account numbers in the Web interface.

�References to database keys are frequently exposed,� OWASP writes. �An attacker can attack these parameters simply by guessing or searching for another valid key. Often, these are sequential in nature.�

Real-world example: An Australian Taxation Office site was hacked in 2000 by a user who changed a tax ID present in a URL to access details on 17,000 companies. The hacker e-mailed the 17,000 businesses to notify them of the security breach.

How to protect users: Use an index, indirect reference map or another indirect method to avoid exposure of direct object references. If you can�t avoid direct references, authorize Web site visitors before using them


5. Cross site request forgery

The problem: �Simple and devastating,� this attack takes control of victim�s browser when it is logged onto a Web site, and sends malicious requests to the Web application. Web sites are extremely vulnerable, partly because they tend to authorize requests based on session cookies or �remember me� functionality. Banks are potential targets.

�Ninety-nine percent of the applications on the Internet are susceptible to cross site request forgery,� Williams says. �Has there been an actual exploit where someone�s lost money? Probably the banks don�t even know. To the bank, all it looks like is a legitimate transaction from a logged-in user.�

Real-world example: A hacker known as Samy gained more than a million �friends� on MySpace.com with a worm in late 2005, automatically including the message �Samy is my hero� in thousands of MySpace pages. The attack itself may not have been that harmful, but it was said to demonstrate the power of combining cross site scripting with cross site request forgery. Another example that came to light one year ago exposed a Google vulnerability allowing outside sites to change a Google user�s language preferences.

How to protect users: Don�t rely on credentials or tokens automatically submitted by browsers. �The only solution is to use a custom token that the browser will not �remember,�� OWASP writes.


6. Information leakage and improper error handling

The problem: Error messages that applications generate and display to users are useful to hackers when they violate privacy or unintentionally leak information about the program�s configuration and internal workings.

�Web applications will often leak information about their internal state through detailed or debug error messages. Often, this information can be leveraged to launch or even automate more powerful attacks,� OWASP says.

Real-world example: Information leakage goes well beyond error handling, applying also to breaches occurring when confidential data is left in plain sight. The ChoicePoint debacle in early 2005 thus falls somewhere in this category. The records of 163,000 consumers were compromised after criminals pretending to be legitimate ChoicePoint customers sought details about individuals listed in the company�s database of personal information. ChoicePoint subsequently limited its sales of information products containing sensitive data.

How to protect users: Use a testing tool such as OWASP�S WebScarab Project to see what errors your application generates. �Applications that have not been tested in this way will almost certainly generate unexpected error output,� OWASP writes.


7. Broken authentication and session management

The problem: User and administrative accounts can be hijacked when applications fail to protect credentials and session tokens from beginning to end. Watch out for privacy violations and the undermining of authorization and accountability controls.

�Flaws in the main authentication mechanism are not uncommon, but weaknesses are more often introduced through ancillary authentication functions such as logout, password management, timeout, remember me, secret question and account update,� OWASP writes.

Real-world example: Microsoft had to eliminate a vulnerability in Hotmail that could have let malicious JavaScript programmers steal user passwords in 2002. Revealed by a networking products reseller, the flaw was vulnerable to e-mails containing Trojans that altered the Hotmail user interface, forcing users to repeatedly reenter their passwords and unwittingly send them to hackers.

How to protect users: Communication and credential storage has to be secure. The SSL protocol for transmitting private documents should be the only option for authenticated parts of the application, and credentials should be stored in hashed or encrypted form.

Another tip: get rid of custom cookies used for authentication or session management.


8. Insecure cryptographic storage

The problem: Many Web developers fail to encrypt sensitive data in storage, even though cryptography is a key part of most Web applications. Even when encryption is present, it�s often poorly designed, using inappropriate ciphers.

�These flaws can lead to disclosure of sensitive data and compliance violations,� OWASP writes.

Real-world example: The TJX data breach that exposed 45.7 million credit and debit card numbers. A Canadian government investigation faulted TJX for failing to upgrade its data encryption system before it was targeted by electronic eavesdropping starting in July 2005.
How to protect users: Don�t invent your own cryptographic algorithms. �Only use approved public algorithms such as AES, RSA public key cryptography, and SHA-256 or better for hashing,� OWASP advises.

Furthermore, generate keys offline, and never transmit private keys over insecure channels.


9. Insecure communications

The problem: Similar to No. 8, this is a failure to encrypt network traffic when it�s necessary to protect sensitive communications. Attackers can access unprotected conversations, including transmissions of credentials and sensitive information. For this reason, PCI standards require encryption of credit card information transmitted over the Internet.

Real-world example: TJX again. Investigators believe hackers used a telescope-shaped antenna and laptop computer to steal data exchanged wirelessly between portable price-checking devices, cash registers and store computers, the Wall Street Journal reported.

�The $17.4-billion retailer's wireless network had less security than many people have on their home networks,� the Journal wrote. TJX was using the WEP encoding system, rather than the more robust WPA.

How to protect users: Use SSL on any authenticated connection or during the transmission of sensitive data, such as user credentials, credit card details, health records and other private information. SSL or a similar encryption protocol should also be applied to client, partner, staff and administrative access to online systems. Use transport layer security or protocol level encryption to protect communications between parts of your infrastructure, such as Web servers and database systems.


10. Failure to restrict URL access

The problem: Some Web pages are supposed to be restricted to a small subset of privileged users, such as administrators. Yet often there�s no real protection of these pages, and hackers can find the URLs by making educated guesses. Say a URL refers to an ID number such as �123456.� A hacker might say �I wonder what�s in 123457?� Williams says.

The attacks targeting this vulnerability are called forced browsing, �which encompasses guessing links and brute force techniques to find unprotected pages,� OWASP says.

Real-world example: A hole on the Macworld Conference & Expo Web site this year let users get �Platinum� passes worth nearly $1,700 and special access to a Steve Jobs keynote speech, all for free. The flaw was code that evaluated privileges on the client but not on the server, letting people grab free passes via JavaScript on the browser, rather than the server.

How to protect users: Don�t assume users will be unaware of hidden URLs. All URLs and business functions should be protected by an effective access control mechanism that verifies the user�s role and privileges. �Make sure this is done � every step of the way, not just once towards the beginning of any multi-step process,� OWASP advises.


Written by Jakub Maslowski | zone-h.org