About me

About Me

I’m a engineer seeking truth about health, spiritual enlightenment and tech.

There are too much misinformation out there that is not benificial to many problems.

This site is to log my journey into what I have found out so far.

Profile: Able to provide technically creative solutions to address a variety of situations coupled with “hands-on” IS and networking expertise. Focused on achieving both bottom-line results while formulating and implementing technologies.

Selected Achievements:

  • First Online Web E-commerce in Singapore generating S$330,000 in one week. Sales of 2300+ units of the AWE32 sound card in 1997 and shipped to 23 countries. (1997)
  • Software monitoring solution that had supported various products that were sold 230 companies in 2 years. (2000)
  • Creating Checkpoint FW-1 appliance. (2003)
  • Product management of new and unique products.(2008-2009)
  • Developing DNSSEC compliant DNS server product (2014)
  • Developing next generation Truauth product. Improving performance by 5 fold.



Advance Network Technologies (Antlabs) – Singapore

Product Specialist:

Developing and improving existing Truauth family of products. Currently I have improve performance of Truauth by 5times. Developing customisation for Carrier class customers. Working on moving products to an Openstack environment to provide increase flexibity and scalability.

Customisation for Smartone (HK), Singtel S2a projects.
Senior System Engineer (Team Leader)
Support Division (Project)
My primary role is to manage the principle support engineers for projects which are deployments done for the following Telcos (SingTel, M1, Starhub, Omantel, Etistalat, CAT(Thailand), Nawras, IBS(Indonesia).
Several large deployments are supported like Wireless@SG, and large scale user gateways (20,000 simultaneous logins) for National Stadium, Melbourne Convention center, Dubai mall.

This involves arranging for schedules and support recovery procedures for various projects. It involves also in-house testing of patches for each of the projects before deploying on staging or live servers.

The secondary role is to manage service desk training and escalation procedures. This covers training documentation, Wiki sites for knowledge retention and training videos to demonstrate specific situations for a more common problems.

The different projects have different requirements and some Telcos have multiple projects running at the same time. I don’t have a standard procedure that is applicable to all projects. In general, the roles that I do for the projects are:
a)    Provide troubleshooting and bug fixing for problems both within the system and from other network devices.
b)    Reports analysis when there is need to isolate problem segments.
c)    Capacity planning guides and reports for upgrading purposes.
d)    Managing engineer resources to do operations and to aid them in investigations.
SingTel – This project involves authentication done by all cell phones that needs to do 2G,3G and GPRS connection. Currently they have about 2million subscribers and planning to do upgrading to 3million subscriber systems. Antlabs provides radius servers for authentication of these subscribers. They are currently doing about 1-2k TPS (transactions per second) and upgrading to about 5K TPS by end of the year.

SingTel – The other primary project for SingTel is that we provide radius servers and proxies and SSGs (Service selection gateways) (all these are our own products) for Wireless@Sg and other similar networks (icell, Starhub, M1 etc). As they are the primary access point for most of the free/paid public wireless access, we have about 20 servers catering for about 8 geographical segments. We manage internet bandwidth and authentication.

Singtel Satelite – This is a very unique project, where data analysis based on packet captures and capture breakdowns are used to generate reports for thousands of ships that use Internet. This is provide billing accountability for each ship usages.

Singnet – Their new Wifi offload for their new plans are managed by our TruAuth and Map gateways to communicate with their telephone HLR systems. Wireless@SG also taps on this setup for the 802.1x login profiles.

Starhub – Similar to SingTel, we provide SSG gateways however, they manage their own Radius servers.  My role is:
a)    Provide troubleshooting when problem arises
b)    Provide help in configuration when there are new marketing campaigns where the SSG can redirect to custom pages for advertising efforts. In short they require assistance whenever they have new marketing campaigns and we have to assist whenever they deploy new webpages..

M1 – Fiber Broadband
Although the project is called fiber broadband it is actually cable broadband access. These include systems from Juniper (E320 (broadband server router), MX960 (universal edge router)), F5 (BigIP for load balancing), Radius, DNS, web portals and web proxies.

My roll is primarily
a)    Provide troubleshooting of problems.
b)    Upgrade of systems (OS and others)
c)    Upgrade of functionality (Scripting or changes in configuration).
d)    Increasing bandwidth between systems.

This by far is the most complicated setup. The E320 is a product that Juniper has relatively few experienced support personnel which makes asking for support rather slow. This E320 provides client bandwidth access management. When a new cable user is detected, various policies can be applied until the user logs in via the web portal. At which time, a new policy is applied to the user to set bandwidth and any other customization for that plan. The traffic from the user is then either pass through directly or redirected to the http proxies.

Secondary roles involve support of our hospitality products (Inngate) which are captive gateways. Here my role is to help the help desk do the support. When they get a problem they cannot solve, me and my team of engineers will troubleshoot and if necessary bring up the problem to the product development people for help.

I do management of staff resources for the purposes of achieving 24-hour online service. Scheduling of training and off site visits.

There are some special projects which I have been doing.
a)    Overall upgrading of knowledge of the helpdesk. This is an indepth training of various protocols like DNS, DHCP, SMTP, HTTP, arp and networking protocols to the Help Desk. This training is specific to helping them troubleshoot via using the Inngate products.
b)    Provide a knowledge diagnostic framework to ensure that the help desk will ask the correct questions and provide correct answers in a fast and consistent manner. This is done via a Wiki project which has a diagnostic tree of questions and verification techniques the help them arrive at the correct answers.
c)    Create a new framework for data collection of project and product system statistics. Currently, any statistics collected are either condensed in a week/month/year basis which means it losses granularity. This project is to provide
a)    Longer term storage of statistics data in theory any granularity that the customer wants for an indefinite time frame.
b)    Data mining for the purpose of capacity planning. For example, breakdown of handphone types that connect. Breakdown of plans popularity or anything that they could want.
d)    A webbased automated system to submit requests which will execute specific procedures on remote Inngates. These kind of procedures include
a.    Healthcheck
b.    Specific software recovery procedures for rare issues.
c.    Hot fixes before official patches are release.
The good thing is that it also captures various statistical information about remote Inngate systems that allow us to plan for severity prediction of vulnerable systems or how prevalent certain configurations are, usage patterns.

Omantel, Etisalat,CAT – They both have the Singtel Wifi setup where phones can seamlessly switch to Wifi with their EAPSIM profile on their phones.

DNSSEC  Server – I have single handed created a product for the company to support DNSSEC complainant server/recursor. This system has an internal loadbalancer that can be configured to support multiple instances of the internal services to handle high loads. This was designed to support 140K regular DNS requests/second.


Han Technology – Singapore
Senior Development Consultant
Actually my titles depend on whom I will meet. My boss suggested that I use the above when the customer would want more customized products or to build a new solution. Or the other one below when we most likely selling existing products that don’t require much customization, just deployment and education. This is because compared to the rest of the tech employees; I have more in depth programming background.

Directing product development and testing of various products. In general, my roles in these products are one of these three functions. To manage the development of it, or to provide testing environment and lastly to provide support to end users.
•    Exboot – Unique backup solution, that allows the backup to be directly booted from an external enclosure. This provides a failsafe in the event that an internal harddisk fails, it provides immediate access to programs and data without having to do a restoration first. This software is developed to work in Windows OS environment. This has become popular among larger companies like FedEx and is being bought in quantities by the various ministries for use by Ministers and the upper level personnel on their travels.
•    RestoreLive – Another unique product that backs up a system to its own drive. It does not make sense on the surface. However, any backup and restoration takes time. A simple update failure (update of Microsoft or antivirus) could potentially wrack the system. Restorelive can be managed centrally to receive backup commands from a central console before any update is done. A single reboot is all it takes to restore a system to any backup. Literally recovery in a minute. This software is developed to work in Windows OS.
•    Pincode encrypted enclosure – Encrypted enclosures come in all forms. Some with tokens. Some with finger print. However, there are cases, where the token is left in the enclosure or a finger is cut off to do authentication. Pincode is a simple number sequence to unlock encrypted data from a hard disk. Simple and easy to use.
•    Provide support for extensive scheduler called 24×7 Automation Suite(www.softtreetech.com). This scheduler provided not only more control and management of jobs but it also provides scripting languages that could query and control how the jobs performed. I managed and sold this product to DBS Vickers who have since deployed it site wide to monitor and proactively fix problems via scripts.
•    Creating a appliance which integrated F-Secure’s Linux Gatekeeper product into an in-line scanning appliance that filters virus for HTTP, POP,SMTP and FTP protocols. (Using Linux, kernel patches, scripts in perl, bash). This system was created with a minimum of RPMs required to run the solution. A installation CD was created to facilitate installation into appliances. This was done largely with perl and bash scripting. Since this product is an in-line scanner, the emphasis for development is two fold. One is the hardening of the OS and the other is to optimize network throughput. In the first case, the work is similar to the earlier Celestix work where I made sure only relevant software is running and each is locked down to prevent intrusion. The second, is to ensure the OS is optimized in terms of packet handling and memory and caching of virus signatures to speed up scanning of anything passing through the system.
•    Setting up a open source Sugar CRM system for the company to track sales and customers.

Senior Product Specialist
•    Provide support for F-Secure’s anti-virus products to both end users and corporate customers like DBS(7000+), MHA(3000+), HDB(10,000+), BASF (10,000+ users). Here we provide several levels of support. In some cases, we create documentation for users like DBS on installation, update procedures for their systems. Even how to update an OS image that they install into various systems. In other cases, its more hands off like in BASF case, where they have very competent engineers and only require support for more complex procedures.
•    Provide support for WRQ Reflection (formerly known as F-Secure SSH products). This software is the defecto standard in the Singapore Government, it is used by all the ministries and many of the companies that have direct need to transfer data securely with the ministries. Here we provide different levels of support. In some cases, we provide onsite installation services and direct support in terms of making sure security keys are installed correctly. In other cases we provide just phone support to do the same.  However, we do help in debugging scripts that they use for file transfers.
•    Unique throttling solution to manage anti-virus updates (sometimes up to 2-5Mbyte), through 64kbit connection to about 60-70 branches.
•    Provide support for iScsi (Open-E) and Nas (Windows Storage server and ReadyNas) deployment for customers. Customers include Mindef and other organizations.
•    Manage internal VMWare and Citrix Zen servers for internal operational servers and testing of new products. Generally we use Zen more mainly because we run mostly linux OS and Zen runs a little Linux a bit faster then Vmware.
•    Manage Veritas Volume Manager, file and Cluster for a hosted application for customer. Used primarily to cluster web and mail services for customers who find housing mail servers locally is cost too much for a dedicated lease line for large number of branches scattered across many countries. It was backed by a data store using a pair Open-E NFS with replicated volume nodes.

Celestix Networks    Singapore, US
Tech Support Manager
•    Setup a tech support department in the US. This won some magazine commendation of efficiency and completeness of support. Here I managed a small group of support engineers in the US for about 2 years.
•    Provide support for both multifunction appliances and specific appliances like Checkpoint firewalls and their associated products like Rainfinity.  Our appliances are custom designed motherboards with multi network ports (usually 4-8 ports) with Raid systems built in. The Rainfinity products that I worked with then is more of network traffic management unlike their current products are more geared towards VM management.
•    Returning to Singapore, I rejoined R&D and helped develop a Linux OS that could switch different sets of libraries and products depending on which was needed. This was needed if the customer wanted to test a new version of the software and needed a failsafe to return to an old configuration. (Custom Linux distribution, with perl, bash, and some C coding). This Linux OS we developed is based on Redhat OS or equivalent Centos OS. These products was designed to support (firewalls and other security products) requires considerable hardening by having only the minimum required software to run the OS and to lock down various components to ensure that it cannot be broken into. Backup and recovery is done on two fronts. We created our own backup recovery scripts to store the backups automatically either to a file share (Ftp or windows file share).   I built a special SNMP library specifically for this appliance so that all the functions could be monitored and managed remotely.
•    These activities require skills in building RPMs for linux and build a software solution for Tech support problem tracking. (Perl, bash, and various scripting)


Lightspeed Technologies    Singapore
Manager of Software Development
•    Create an infrastructure to facilitate monitoring of unlimited systems. A central reporting system where a variety of systems report status and it allows pushing of updates to report servers. These servers sending reports are the following products created. The products below are generally built using Linux, perl,bash and various software that is inherently available in Linux).  Do note that this was done way before software like Nagios or OpenNMS or Zenoss.
o    We created our own push mechanism for sending updates to all our servers (listed below) to provide new updates or new error detection mechanism.
o    Each time a failure has occurred, after diagnostics we would develop a detection script or program that we will push to all our customers machines so that advance or immediate warnings can be received before or when the problem occurs. For example, we created a multi-point mail loop testing that makes sure that each system can send out and receive emails within a specified time period. If the time period is exceeded it setups an alert for us to detect. This works from both the customer’s machine outwards and from ours inwards to their machines.
o    Other examples are alert/warnings from various logs are monitored continuously on systems. Alerts such as SMART errors, samba login errors or even intruder detection (using Tripwire) are sent immediately so that we can take action.
o    We have added over a hundred customized warning/alert scripts to detect all kinds of unusual activities that needed attention. The goal is to fix the problem either via the script itself or alert us immediately of the problem so that we can fix it remotely.
o    The benefit to the customers were that all systems tasks were managed by us. Adding accounts, special configurations, changing shared directories and so on were only a call or an email away.
•    PicoNet – This was a system consisting of a firewall, VPN and intrusion detection. It’s the first system put into most companies, and it allows detection of potential problems within the network. This was equipped with squid an http proxy. This speeded up web access by caching and in some cases, the customers requested various access controls like, by time, by users, by locations and to block access to certain websites. This was achieved with primarily with squidguard. In some cases, this was implemented as a transparent proxy to hide the functions from the staff.
•    PicoMail – This was a pop3/imap mail system with Mcafee anti-virus scanning. It also provided archiving of emails and email broadcasts for marketing purposes. This system uses sendmail either postfix the smtp engine. There are special customers with unusual requirements. One unusual customer wanted a cell groups within the organization that would get copies of emails sent to anyone within the cell group to be sent to all members of the cell group. Corresponding, any emails sent out from the cell group to be copied to the cell group. This was to facilitate anyone within the group to be able to respond to any query from customers. Some of these were done with aliases, proc procedures, and special m4/cf file milter configurations. The more common ones simply required virtual domains, users, support of multiple domains. SmtpAuth was deemed mandatory for all our customers this reduced the chance of having their mail servers become spam machines.  In most customers however, we prefer postfix as its easier and less resource intensive for to manage. It is easier to specify anti-spam options to reduce the acceptance of spam and to intergrate anti-spam scanners.
•    Picoshare – This was essentially a network file server. However, it had the ability to mirror itself to other similar file systems both local and remote. Provide workgroup scheduling, forums and trouble ticketing functions.
•    PicoFax – This was a centralized fax system that allows routing of fax to emails. This reduces paper wastage and provides reduce change of missed faxes due to paper jams. It provided desktop print to fax services as well.
•    These systems combined were sold as products to about 230 companies in about 2 years. We even had customers like Singapore Tourism Board and National Library
•    I had a team of 7 engineers, 3 for R&D and 4 for technical support for the customers. My role is more for the R&D and deployment management. In many cases, standard deployment procedures are adequate. However, some customers require specialized configurations where in becomes my job to scope it out and either do it myself or manage one or more of my engineers to develop it.

Confrere Solutions    Singapore
Senior Manager
•    Providing SI services to assemble firewalls, mail servers and various other Internet related servers and products.
•    Created an online maid application to provide reviews of maid profiles and inquiry system for the owners. (linux, php,mysql)
•    Online monitoring and reporting of Church cell group activities. (Linux, php, mysql)
•    Developed a prototype system for Changi General Hospital to track members and provide online updates of upcoming events like talks and seminars. (Windows, ASP)

Creative Technology Ltd    Singapore
Associate Manger in Interactive Marketing Department
•    First Online Web E-commerce in Singapore generating S$330,000 in one week. Sales of 2300+ units of the AWE32 sound card and shipped to 23 countries.
•    First Online software ecommerce sales. S$160,000 in 3 days of 10,000 software licenses. (IBM commerce server and custom code to manage modem Visa transactions. There were no online gateways available in Singapore then).
•    Social Network web activities for data/statistics collection and dissemination of new updates information for software and device drivers (Windows,Linux, asp,php, perl)
•    Guerrilla marketing activities to create “unaffiliated” review sites that promote Creative products fame and quality.
•    Virtualisation of Tech support centers for unified support between US and Singapore. (Lotus Notes)
•    Online sales support infrastructure to manage from purchase, inventory, packing, and tracking of shipping of products to end-users directly. (Lotus Notes)
•    These activities were done with me leading a team of 3 engineers.
R&D Engineer
•    Design of device drivers for CDRoms, sound cards and graphic cards for DOS, WinNT, OS/2, Autocad and NEC 9800. (Mostly C and assembly programming).
•    Design of software players for Creative products. (Mostly C,C++)

Sixth Meditation Class

Mar 13, 2002 – Sixth Meditation Class 

This class began with a reading on each of us about our havingness. We were told what sort of problems we are having with our havingness. Dale did one for me. He told me that there is a lot of family resistance to me having havingness. I told I agreed. This was mainly that my family was never really well off but we were comfortable. Everything had to be earned and nothing was free so to speak. So resistance for me was that the family has put a resistance that “No you are not that lucky, you have to very very hard to achieve anything” type of energy in my space. Dale was saying, I’m already working on removing that resistance which is good. 

The class then started proper by us telling our ‘growth’ period. Initially, I felt that I had none to report, but as I listened to the rest of the students, I realised that I had stopped enforcing my way on others and stopped healing each and everyone that I meet. This came to mind because that day, my female colleague that I felt put too much pressure on herself to achieve and that it created lots of dissatisfaction in her life. I wanted her to change that, but now I felt I didn’t need to change everyone and that they created this experience and they had to do their own resolving. Subconsciously I think she felt my pulling back and she was complaining over the week that “You don’t support me anymore”. I didn’t understand the impact until during the class.
Jeff also explained that the experience (that I described below) is a spirit-body communication. Its such that the body is telling the spirit what the problem is and how its affecting the body. So during my meditation, I was able to understand what is kept in my space for so long and with ‘destroying roses’ technique I have started to remove it. This was extremely interesting to me because it confirms what Carolyn Myss was talking about. Biography is biology. She preaches that what a person does energetically can affect the body both in good and bad terms. What a person thinks, does and what the society needs are, are reflected physically in the body. With this new found ability, learning what is causing discomfort physically can lead to understand my life(and past lives), my decisions and the society’s decisions can affect me and there is a way to repair it.

Jeff then taught us about mockups. Mockups to me(personally not Jeff’s words) are like Wish spells. I wish for xxx to happen to me. Unfortunately, sometimes these wishes goes astray or sometimes it goes right for someone else. Sometimes, it happens but in a general way that you don’t see it. For example, you may wish for money, then someone offers you a great job, few hours great pay. But to you your wish didn’t come true. But it DID! Unless you are extremely specific sometimes it comes to you in ways you don’t expect it. On the other hand, being too specific limits the way in which it can arrive to you.

Basic way of creating a mockup.
1. Create the image of what you want, as specific or as general a you deem fit.
2. Put this image into a rose and ground it. Let all your and other people’s energy drain from it.
3. Put up a gauge that represents the ability to have this image. Ground it, let all the resistance to having it drain down the grounding cord. Now push the gauge to 100%. Let it become fixed like putting glue, put it into a notch or some other image.
4. Put up another gauge, this one represents your confidence if it appearing to you. Again ground it and push it 100% and fix it.
5. Now put the image, the 2 gauges into a rose.
6. Now create a golden sun of NEUTRAL energy. Let this energy fill this rose and washout all other energy down the grounding cord.
7. Now release it out into the world/heaven. This important if you cannot let go of it that means you still have resistance to having it or you still have your own or other people’s energy. So repeat the steps until you can release it. By releasing, its allowed to go out to get the item for you.

Now, ideally try not to create conflicting mockups. Like making a mockup to travel then making another mockup to stay put. Or something like that. Note that if you create mockups that affect other people, they have a conscious choice to say yes or no, this is because they have their own paths to follow and it may or may not coincide with what you want.


Fifth Meditation Class

Mar 06, 2002 – Fifth Meditation class

This class covers 2 basic things. Detecting lies and “havingness”. Detecting lies was straight forward. Ground yourself, put up a protection rose to absorb /defect energies directed at you. Put up a second grounded rose, this time will this rose to react to lies being directed at you. The idea case is that when lies are directed against you, it will react in some way. Change color, fall apart, move .. just about anything instead of remaining the way it was. During the class Jeff was saying many lies and we were asked to determine if it was a lie. This worked fairly well but requires practice. 

The second session was about having-ness. This is basically your ability to have something. In most cases, we have have been brought up in a situation where we are always told what we can have and what we cannot have or what is not due to us. To increase your own personal havingness is to visualize a gauge for any particular thing. For example, a gauge for being in love, for having money. Let the position of the gauge to represent the amount of havingness for that item. Now create a grounding cord from the upper portion, (eg, if you see 60%, put a grounding cord in the balance 40%). Let the grounding cord drain out all the resistance from having it. Now put it in to your gold sun and imagine recalling all the energy that is required to achieve that 100% and more. Then let that energy fall into you filling up your every cell.
Mar 12, 2002 – Experience Updates
My experiences seem to be getting stranger. I’ve seen those white/blue orbs again. This time one of them gave me an image of a Japanese lady in a kimono sitting in a large building. Her lips move and I hear her saying she’s was my mother once. The next odd thing, is that I can now look at my body and see energy flows. Usually, when I started meditation, I have to imagine the energy flow, now I feel that I see it, I don’t have to imagine it anymore (except maybe to start the movement process). I’ve found various regions where ache appears as red glows. I found one in my chest, that seems to be having aches for a while. So I flipped it over and immediately I got an image of me not crying during my fathers funeral. It had a guilty type of feeling over it. So I put this glow in to a rose and blew it up. A couple of days later, that ache disappears for a while but comes back. I guess its too strong to let go of it easily.