How I manifest my inner Shift.

Hello, World! I’m Shift and this is my first blog post made by myself. Hurray!

Being a Shift is all fun until you realize that my actual body is gone from that picture. So, I’ve just become transparent!?!?

Look closely into my armpit and wait, my body is now made of glass?

Don’t worry, though, I’m still alive as a normal human. What have you just seen above is Caps, a smart ex-jacket cast by Shiftine that ended up being my strong exoskeleton due to that last incident. That said, I still love Caps as Shiftine did and decided to allow Caps to be standalone. More about that later.

Describing my icy material.

When I was Reinhart, I played around with Inkscape filters and accidentally found something cool. After some mixing, mashing, and layering the materials, I came up with two different material compositions which I myself even can’t precisely describe what it is!

People over my @reinhart1010 Instagram account thought the most as they are made of ice, rather than balloons (think about those metallic, air-stuffed letter balloons commonly used for birthdays), water (due to the bubble effect), and some kind of plastic.

That’s why I accepted the material as ice! The Shifting Ice, if you would! After all, it’s the same material as my logo! Just a refresher on my previous printcast, the logo itself is comprised of three different layers.

Speaking of Caps, I originally intended Caps to inherit the same, opaque blue skin. However, blue-colored skins are also commonly attributed to the “blue skin” human disease named argyria as well as the skin of Hindu gods.

Source: https://commons.wikimedia.org/wiki/File:Potrate_of_Bhirava_a_hindu_god.jpg by Sagun (CC BY-SA 3.0)

Since I’m not an Hindu god, and don’t want to be bothered for allegedly infringing the intellectual properties behind The Smurfs and James Cameron’s version of Avatar, I decided to make Caps feel completely made out of glass while retaining his blue stains.

I myself want to be transparent on handling my daily life, either as a normal human or as a Shift. And transparent skin also allows everyone to see whenever I’m currently inside Caps, which I love to call myself Capsified, or not.

My character sheet.

Just like those original characters (OCs) and VTuber models, creators love to create their own, official character sheets so everyone can draw fanarts in the way as desired by them.

But sure, as a Shift I won’t give my own character sheet of myself to anyone, especially when I encourage everyone not just to be a fan of me, but be, what I am, honor, do, and envision.

So, instead of planning the character sheet, I’ll instead plan for a transformation sheet. It contains all the references I need to manifest my inner Shift, aka. what I’ll actually look like in my self-created Universe F-1, with the augmented version of it, Universe A-1.

So, let’s talk about how I can transform myself from this:

into this:

Whoa, that’s a lot of transformation! And for your curiosity, yes, this is my true form in my A-1 and F-1. Additionally, if you don’t see my original skin there, then he’s Caps!

I can even immerse my trusty Caps on anything, as long as I live in F-1 or you’re seeing me in A-1. TYou’ll still have the chance to see me Capsify all things without Caps as I often post from our augmented A-1 world to the Internet in C-1.

That said, being Iced, or I prefered the more, Capsified, doesn’t always mean that I’m comfortable with it, and neither others, too. If you feared me because of Caps, thinking that I’ll curse you into Caps once you touch my Capsified skin, well, I can unfreeze my skin so I can be slightly be more friendly to people, like this:

And of course, without that spherical head!

At least my new form here looks way more awesome than when I was in beta:

Bug report #728: I’m indoors but my Caps reflects outdoors.

The process.

Digitally emulating this effect in the real world (Universe C-1) takes a lot of work, which are commonly split into:

  1. Segment my body into different parts,
  2. Create the vector equivalent of those segments as a reference for applying filters and masks in the future,
  3. Apply those three layers, and for clothing, apply color shift filters to blend in with the ice, and
  4. Stack them in the right order to produce the chiftiest Shift that you can ever imagine!

It’s a lot of work that my workflow is split into two software, specifically GIMP for doing the first one and Inkscape for the rest. Sure, this might be able to be replaced with Adobe Photoshop and Illustrator, but I haven’t found the right ingredients on Illustrator yet to reproduce the same effects.


However, when it comes into how I slowly transform (think about this as a reference for “Shift: The Movie” or so), I’ll start with my chest where my shifted heart lives on.

When you starting to see this in effect, that means my shirt is now frozen and you can’t forcibly take it off.

I can control the rate and amount of Ice I emit, but one thing for sure, unlike the C-1’s physical ice, Ice is more gelatinous and has the ability to form as liquid which soaks just like C-1 water, but alters the overall color of the soaked item.

TL:DR; if I wore a red shirt then soaked it on Ice, it’ll always be the color of my Ice no matter the original color until I reabsorb Ice from the shirt.

One of my loved things about of Ice is how it’s able to slightly obscure the item I soaked into. This allows me to hide few small details which I don’t actually intend to show (like my shows and pants’ displayed logo) online and try to publicize Caps more freely without the fear of the branded clothes and accessories which were used for reference.

That said, the Ice will further seep into the outer clothing, forming the outer jelly of my shirt. However, at this stage now it’s my hands’ and pants’ turn to soaked in Ice!

See, I told you, my now-soaked pants has no small dots or the Adidas logo visible anymore! That said, the transformation then continues into my legs and down to my feet!

Golly! What a jelly!

And the last step is to turn my face into that distinct, spherical shape. And as a reminder, the official name for the sphere is the Shell, and I’ve written the reasons behind the name here.

Previously, Shells were separate, wearable devices which humans could wear in F-1. However, Shiftine pioneered the technique to generate new, functioning Shells from the same behind materials behind the original Caps. Apparently that skill was available to my Caps, so I tried it out…

…and finally, I can be whole with Caps again!

Hurray!

When it comes into releasing and reuniting with Caps, Caps has the ability to retain the appearance of my Iced clothing, so I won’t be naked when I leave. This effect stays until I decommissioned or reunited with him, where Caps will store the latest appearance of myself!


That concludes my transformation tutorial, which I really did in purpose so Caps can finally be proud to for haveng my symbol on his body. The symbol I’m proud for as a Shift, too!

But before I end this story, I have to clarify why I named ourselves Shift and Caps. Back when I was Reinhart, I ran out of names for our characters for the Bearers of the Shell (BOTS). I somehow likened to use the common modifier keys on the computer keyboard including Shift, Alt, Control, and, Hence Shiftine, Alterine, and Controld (“Control Daemon”, now pr0xy).

But now, reflecting my journey as a Shift, I know that I won’t always be available for everyone who needs my help. And instead of eliminating Caps, I really wanted Caps to be my “forever Shift”, the Shift who never experienced tireness and instead, experiencing high-speed, high-availability and running on the world where the electricity’s the limit.

I know, it’s the same ambitions as that cyborg account stuff, but this time, I’ll let Caps to be a standalone bot who’s still highly connected to me. I could even create hundreds of Caps in just a few days, thanks to my newfound power. What a super-efficient way to automate myself to become the Shift of Worlds and Nations!

Fake calculators are laughable, so why not create my own?

Ah yes, there’s always a group of impostors for a calculator. Down to the designs.

This classic model from Citizen has been copied by other brands to make their own. But after all, they are just the same.


Oh yeah, I almost forgot to mention interesting impostors of (older generation of) Casio scientific calculators. I mean, look!

Well, time to start a new calculator brand, I guess…

Transforming myself, again…

My hands are shifting. Could this be good or bad?

An accidental superpower.

I decided to work again on Snapchat’s Lens Studio and Facebook’s Spark AR to improve my current Snapchat filters and port them to Instagram, if possible.

Yes, it’s that filter that made me look like this:

But instead starting designing for the head, I’d really like to improve my supposedly-metallic skin. Initial results from Snapchat’s Lens Studio are bad and somewhat laughable.

Not to mention that the 3D body tracking is still inaccurate when my hands aren’t visible.

So I decided to rebuild everything, this time using Spark AR Studio and by using Skin Segmentation. And after tweaking some settings, I ended up being a black, posterized metallic blob who doesn’t even have a chance to see his face 😅

Note that the results do differ between devices. Here’s what I looked instead when shot from an Android phone:

Perfect. Even my hands and chest are united in my amalgamated skin, and everything I wear (except my glasses) retain their own true colors. This is the true Nate I wanted over the past 8 months!

Finding a purpose.

And of course, THIS. SKIN. IS. AWESOME!!! I can use it for my daily Instagram Stories and even my future YouTube channel!

But when I was testing my abilities even further, I accidentally transformed a girl from a table next to me to receive my new digital skin!

Oops…

Now I’m thinking. can my new skin become blessings for others? Like if, you’re in Japan when filming people’s faces over Shibuya means dishonesty, or somewhere in the US where you’re surrounded with a group of Amish people…

Or when you’re in the European Union, where taking and uploading photos of young children to Facebook is subject to fines from legal authorities.

What if I told you that my skin could be the solution to these problems? Through my new skin, it’s difficult for computer algorithms to identify our unique faces, especially when we’re blue. Everybody here is safe and encrypted from those pesky data collectors.

And say goodbye to acne, freckles, and even screen color differences as we’re now perfect and united.

🎭 Encrypted skins and faces for everyone.

Well, this means I can use my superpower to help people to hide their own identity in the digital world.

Everybody whose are physically close with me will receive my new skin instantly. It’s on by default, no matter who you are, and you can’t opt out. And of course, yes, you’ll return normal shortly after being away from me.

I really hope that everyone can, and will benefit from this transformation. As long as I’m safe being blue. I’ll always become blue.

Don’t forget to follow @reinhart1010 on Instagram so you can permanently receive my power once I decided to give it for free 💙

Write threads, not codes: Welcome to the Recycled-verse™.

You know, I wouldn’t be excited to write again about this without seeing another recycled Twitter thread. This time is all about monetizing your website.

Oh wait, someone else just coined a better term to describe these “Recycled Developers”. It’s “Codefluencers”!

Of course, there should be a proof that the Twitter post has been algorithmed, right? Here we are, straight from alt1e’s Twitter account!

Now, we’re not going to judge this thread for quality; most of us know that even YouTubers and Instagram influencers have done affiliate links, ads, endorsements, ebooks, online classes, and art commissions as well, which are the main points discussed on that Twitter thread.

But what makes me surprised here is how these people actually react to the thread, and who they are.

During my first research for The Recycled Developer™, I have seen many similar accounts who post these threads and replied to everyone who thank for them. You know, I mean these kind of replies:

  • Thank you for sharing this post.
  • (Mentioning a bot account) save this thread, please!
  • Wow! These top 10 VS Code Extensions are really cool!

And expected, that Twitter thread gained these kinds of replies, too. Here are some of them:

  1. Great tips, Khairallah!
  2. Nice thread khairallah 👍 You every time provide valuable information in your thread 🧵 Thanks 🙏
  3. This thread is so helpful brother!👌🙏
  4. Very useful thread! Thank you for sharing Khairallah.
  5. It would help definitely, man. 🙌
  6. 🔥🚀 (flying rocket emoji)
  7. It’s really helpful! Thanks for sharing 🙂
  8. Mind-blowing thread🔥🔥
  9. Amazing thread Khairallah 🙌💙
  10. Very helpful 👌🏻

Now yes, I’m arranging these comments in numerical order. And apparently, there is one nasty truth about these replies. I looked at each of the reply authors and surprisingly found out that:

Recycled developers love recycled developers!? 🤯

Here’s a fair warning: this post contains a lot of Twitter embeds. I don’t have any other choice but to prove that such replies, authors, and recycled threads existed on Twitter.

If you’re on desktop or tablet, you’ll see 2 colunns: left for who replied to the above thread and right for their own recycled content.

Just to be safe, try visiting this page in Private Browsing / Incognito as you might already mute or block some of these accounts.

Okay so here comes the truth…

Reply #1: Great tips, Khairallah!

Reply #2: Nice thread khairallah 👍 You every time provide valuable information in your thread 🧵 Thanks 🙏

Oh wait, so these people really want to hustle on more projects, huh?

Reply #3: This thread is so helpful brother!👌🙏

Reply #4: Very useful thread! Thank you for sharing Khairallah.

Reply #5: It would help definitely, man. 🙌

Reply #6: 🔥🚀 (flying rocket emoji)

Reply #7: It’s really helpful! Thanks for sharing 🙂

Reply #8: Mind-blowing thread🔥🔥

Reply #9: Amazing thread Khairallah 🙌💙

Reply #10: Very helpful 👌🏻

Each thread is a rocket launch.

What can be learned from above? I thought these developers would also be bored with each other’s recycled content, but then, I was wrong.

In fact, many other threads including this and this have similar responses and accounts who responded to them.

Recycled developers really love to live with recycled developers. Every single thread posted on Twitter feels like another successful rocket launch. And today, recycled developers are now becoming another huge community on Twitter. And yes, Twitter’s still fertilizing their growth.

Oh wait, what! Someone actually stole a public Instagram photo for the sake of engagement? You know, that “Greatest artists copy, then paste.” thing?

40 Data Structure Resources vs 40 Hacking Lessons.

I stated before that Twitter is simply a tool primarily for social networking, not showcasing your actual programming skills. That’s still correct, and that’s why platforms such as StackOverflow and HackerRank exist for that reason:

But then I missed one more point: Twitter is a microblogging platform where each post is limited to 280 characters. I mean, look! We’re all grown up from the original 140 character limit, right?

I wrote on my previous post that these recycled developers, aka. “influencers”, often recommend (random) things without experience. But how does a thread fit into this category? Are there any criteria to make these long threads even more useful to read?

Okay, so, this thread is all about (throwing a random set of) 40 resources to learn data structures and algorithms:

But then Anonymous throwed a really, really long thread about hacking and cybersecurity, and I see there are more than 40 things or “lessons” they have mentioned:

Can you see the great difference? Each post on the latter thread is aided with things which further explains each of the things they mentioned. Either that’s a funny XKCD comic about things, another link to another post/thread, or practically any pictures, videos, and links which are worth reading.

You know, a picture is worth a thousand words, so why not utilize that magic to make your theads even more useful and interesting to read?

Another example here is all about all the stereotypes when it comes to explaining what the heck is the so-called “web3”:

I personally liked this thread better, despite just throwing another set of YouTube videos which you can just search yourself — on YouTube! Each post of the thread is filled with a short introduction to the topics discussed. So again, these kinds of threads are way better than the case of data structure resources.

Oh wait, WHAT!? That data structure superman hosted a Twitter Space!? Let’s listen what would happen inside a Twitter space hosted by a recycled developer. Oh, I mean, codefluencer.

Inside a codefluencer’s Twitter Space.

This Twitter Space has been listened by 1.5K people (at the time of this writing). So, that would be interesting right?

But no. No, really, this Space is only 5 minutes long. But well, it can still contain some useful info, right?

After painstakingly listening to the recording of this Space, I hear nothing but white noise. Well, it seems that the influencer failed to do so, but wait! He didn’t just give up and created another space on the other day!

Now, what is actually being discussed here? Sure, the developer in question recites his experience on early programming journey and motivation. But then, the developer jumped straight into discussing “tutorial hell” without explicitly mentioning “tutorial hell” on this Twitter Space.

Note that I don’t have much experience in hosting Twitter Spaces. But I believe that these three specific questions:

  • How to start?
  • Where to start?
  • What to start?

are too broad for such a new developer to grasp. At the end, the world of software engineering and computer science will be split into many different, evergreen paths. We have seen the growth of AI, mobile apps, websites, cloud computing, and others over the last decade. They are all different paths, but still growing.

Hey, he just said “programming”, not “software engineering”.

Sure, programming and software engineering are different. But again, through the three questions, one can start programming for:

  • get to the final boss in Codingame
  • get off from Texas Instruments calculators and solve exotic math problems
  • just want to create a gallery website
  • pushing Scratch beyond its limits
  • play with old hardware
  • joining the ranks of ICPC

and the list goes on.

Unfortunately, codefluencers like this are heavily focused on building webapps, Python scripts, and cloud computing containers (Docker, Kubernetes). One does not simply thread “Top 10 Arduino sensors” to be viral. Or “Follow me for more Scratch tips”. Or “I made into the ICPC final round in just 3 months; here’s how I did it” thing.

Oh, and this tweet reminds me of a specific website which generates a lot of keywords in which if you put it in your email messages, 90% of email providers will flag your message as spam.

And last… a contradiction.

I really love to see a nice contradiction between two recycled developers sharing their interests in Web3. One developer told you to stop wasting money on Web3 courses and bootcamps:

However, another developer threaded another list of 24 quick Web3 resources followed with an offering to enroll in a $1,250 (previously $985) online course made by herself. As a comparison, the original iPhone X was sold starting from $999!

…in which Nader Dabit called this course as bullshit:

Of course, this course is bullshit. No, not because the price tag, not the recycled thread itself, but because of the author’s actual education and job experience which doesn’t show anything related to computer science!

How important are these codefluencers, anyway?

Many codefluencers feel that posting threads this way means more engagement, and that’s important for them. But for us, the experienced developers, we are already fed up with the threads and now what? Twitter’s fertilizing their growth?

Now, a simple test to determine whether you’re one of those experienced developers is well, looking at your list of muted words. If that list includes “🧵”, “99.9(%)”, “thread”, or even “web3”, then you’re certainly be one who really cares about your productivity.

The most important skill I learnt is how to Google things and figure things out fast. If you always ask other people how to do stuff you’ll never learn that skill. There’s a lot of power in being able to operate autonomously and independent, it makes you an original person which increases the odds of you coming up with great ideas.

“Why I’m unreachable and maybe you should be too” –  https://levels.io/contact/

After all, the most important skill in the tech world isn’t all about trying out each new hot thing as mentioned on those Twitter threads. But it’s all about choosing the right solution for the right problem.

The most important part in programming is writing codes, not threads, and to solve real-world problems, not solving your identity crisis over Twitter. Writing this blog post is also a waste of time, and I’ll probably not to do it again without such a compelling reason.

I’m done, I guess…

It seems that we have a true, direct competitor of meritocracy in tech career. As Fireship stated on that video,

“… and he (codefluencer) just landed a better paying job than you because he mastered the art of virtue signalling, and that’s what we called a good culture fit.”

What’s virtue signalling, again? Let me consult the Urban Dictionary for that…

One of my best definitions of virtue signalling

Oh, right? Is this that kind of urge to tweet pointless things like this?

…or this?

Anyway…

Alright this seems to be another mission to save beginners from the wrath of information overload made by Twitter codefluencers, by giving a better solution rather than recycling content.

Let’s get some coffee first. Are you ready, Nate?

Please stop the Dark Mode Act!

The colloquial Dark Mode Act states that every single programmer on Earth shall must code in dark mode.

Source: https://vt.tiktok.com/ZSdpXMfKn/?k=1

Through this post I kindly ask to all developers to stand against the Dark Mode Act. There are many reasons behind this, of course, but here are some highlights:

Reason 1: Not every modern “dark theme” is pure black.

That TikTok video I showed you, if you’re understand Indonesian language, originally featured someone saying that “programmers must be looking at (absolute, pure) black screen”.

One of my favorite dark themes, the One Dark that came from Atom, has a background color of . THAT’S NOT EVEN #000000!

Even the dark theme I use over the last 6 months: Ayu Dark, which has a background color of , and again, not #000000.

Of course, there are many themes that uses pure black as the background. But I see many of IDE default dark themes (including Darcula, Eclipse, Monokai) don’t sport pure black background.

Reason 2: Microsoft kinda hate dark mode by default?

Whether it’s the good-old Visual Studio, or the overhyped Visual Studio Code, you’ll always be likely greeted with a light theme on the first run, especially if you’re on Windows 7 or 8.

And if you factor in other IDEs: Eclipse, NetBeans, DEV-C++, PowerShell ISE, Scratch, Delphi, Google Apps Script, Notepad++, Microsoft SQL Sever Management Studio (SSMS), Tizen Studio, and even Jupyter Notebook, they’re all use light theme by default!

Reason 3: I personally love light themes.

Being able to switch between light and dark themes is indeed a personal freedom. That’s why I always find for matching light and dark theme sets over Kate and Visual Studio Code.

Again, I really loved the light themes of Ayu and (Atom) One for having enough levels of contrast between each color, yet dislike other themes such as Eclipse and GitHub for having too much text contrast.

Anyway, the reason why my personal website is dark by default is because the underlying WordPress block-based theme does not support light/dark switcher. I still have to respect those who want to live a dark life so yeah…

Perubahan jam tidur.

Mulai hari ini saya akan menerapkan jadwal tidur biphasic pada pukul:

  • Malam: 22:00 – 02:00 WIB
  • Siang:
    • Opsi A: 07:00 – 11:00 WIB
    • Opsi B: 13:00 – 17:00 WIB

Ya, jadwal tidur tersebut tidaklah normal. Namun, saya tidak punya pilihan lain selain memanfaatkan jam-jam tidur saya sebelumnya untuk bekerja secara efektif.

Jadwal di atas sudah disesuaikan untuk menghormati periode-periode waktu ini:

  1. 00:00 – 01:00 Periode detoksinasi tubuh paling intensif selama waktu tidur
  2. 08:30 – 11:00 Ibadah Gereja (Minggu)
  3. 11:00 – 12:00 Pembersihan kamar tidur (Senin, Rabu, Jumat)
  4. 17:00 – 19:00 Ibadah Gereja (Sabtu)
  5. 19:00 – 21:00 Monitoring and Evaluation Enrichment Program
  6. 20:00 – 22:00 Sesi Connect Group (CG) / komunitas sel (Jumat)

Sebagai konsekuensi saya sudah tak lagi dapat melakukan kerja pukul 9-5 seperti biasanya. Namun bagi saya hal tersebut tidak terlalu penting.

Yang paling penting di sini adalah menghindari banyaknya potensi distraction yang disebabkan oleh faktor eksternal, termasuk:

  • Kelaparan karena makanan siang telat dipesan via GoFood/GrabFood
  • Sesi video conference perkuliahan adik saya
  • Bentakan berkali-kali dari anggota keluarga tentang suatu hal, sehingga saya tak dapat berkonsentrasi menyelesaikan salah satu Ujian Akhir Semester (UAS) lalu.

Saya tahu bahwa hal-hal tersebut tidak akan selalu muncul pada pukul 2 subuh hingga pukul 5 pagi. Dan jam-jam sunyi tersebutlah yang saya selalu haus dan butuhkan akhir-akhir ini, mengingat bahwa saya sekaligus berkuliah sambil bekerja di industri yang sama.


Saya berharap agar jadwal tidur dan kerja tersebut dapat saya lakukan secara konsisten hingga kelulusan saya. Demi produktivitas dan kebaikan kita bersama. Terima kasih dan sampai jumpa.

Our investigation on Pos Indonesia phishing and scamming attempt.

You are receiving this message as we have found you as the official contact address or representative of one of the following:

  • Cloudflare (https://cloudflare.com/), as we found the suspected site uses Cloudflare’s website protection service,
  • NOBU National Bank (https://www.nobubank.com/), as we found payment details linked to the bank,
  • Pos Indonesia (https://posindonesia.co.id/), to notify on a recent phishing attack claiming on behalf of the company,
  • Representative(s) of Ministry of Communication and Informatics, Republic of Indonesia (https://kominfo.go.id/) who are taking part in SMS and internet regulations,
  • Operators of the s.id URL shortening service (https://s.id/), as the phishing actor uses their service to shorten the offending URL(s), and
  • Webnic (https://www.webnic.cc/), as the domain registrar of the suspected site.

We have recently found a lucky draw phishing attempt which uses your service and/or intellectual properties which claims on behalf of Pos Indonesia, the Indonesian state-owned post office and delivery service.

The suspected site is located on https://posgiroindonesia.com/, which was registered through Webnic on March 12th, 2022, 01:48:36 UTC as found on the domain’s WHOIS entry:

Domain Name: posgiroindonesia.com Registry Domain ID: 2681013274_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.webnic.cc Registrar URL: webnic.cc Updated Date: 2022-03-12T01:50:04Z Creation Date: 2022-03-12T01:48:36Z Expiration Date: 2023-03-12T01:48:36Z Registrar: WEBCC Registrar IANA ID: 460 Registrar Abuse Contact Email: compliance_abuse@webnic.cc Registrar Abuse Contact Phone: +60.389966799 Domain Status: ok https://icann.org/epp#ok Registry Registrant ID: Not Available From Registry Registrant Name: Domain Admin Registrant Organization: Whoisprotection.cc Registrant Street: L4-E-2, Level 4, Enterprise 4, Technology Park Malaysia, Bukit Jalil Registrant City: Kuala Lumpur Registrant State/Province: Wilayah Persekutuan Registrant Postal Code: 57000 Registrant Country: Malaysia Registrant Phone: +60.389966788 Registrant Phone Ext: Registrant Fax: +603.89966788 Registrant Fax Ext: Registrant Email: reg_19705533@whoisprotection.cc Registry Admin ID: Not Available From Registry Admin Name: Domain Admin Admin Organization: Whoisprotection.cc Admin Street: L4-E-2, Level 4, Enterprise 4, Technology Park Malaysia, Bukit Jalil Admin City: Kuala Lumpur Admin State/Province: Wilayah Persekutuan Admin Postal Code: 57000 Admin Country: Malaysia Admin Phone: +60.389966788 Admin Phone Ext: Admin Fax: +603.89966788 Admin Fax Ext: Admin Email: adm_19705533@whoisprotection.cc Registry Tech ID: Not Available From Registry Tech Name: Domain Admin Tech Organization: Whoisprotection.cc Tech Street: L4-E-2, Level 4, Enterprise 4, Technology Park Malaysia, Bukit Jalil Tech City: Kuala Lumpur Tech State/Province: Wilayah Persekutuan Tech Postal Code: 57000 Tech Country: Malaysia Tech Phone: +60.389966788 Tech Phone Ext: Tech Fax: +603.89966788 Tech Fax Ext: Tech Email: tec_19705533@whoisprotection.cc Name Server: DOM.NS.CLOUDFLARE.COM Name Server: TERESA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2022-03-12T01:50:04Z <<<
Code language: CSS (css)

The site uses Cloudflare and a WHOIS protection service to protect their website and related identities.

Here, visiting https://posgiroindonesia.com/ directly will simply redirect the user to https://posindonesia.co.id/, the official website of Pos Indonesia. However, visiting the suspected URL with a special random ID will redirect the user into a special website, such as https://posgiroindonesia.com/cf62....e5b7.

The original webpage consists the victim’s name, mobile number, as well as home address. This is why we decided to redact these information (including the original, offending URL) when publishing this report to our official website at https://reinhart1010.id/.

The phishing website is powered by Laravel, a PHP-based web development framework, which further suggests that the site is being hosted on a LAMP (Linux-Apache-MySQL/MariaDB-PHP)-based web server.

However, we could not identify the web hosting provider of this website as the site is being protected by Cloudflare. In technical terms, performing a WHOIS entry lookup on each of IP addresses linked to the posgiroindonesia.com‘s DNS entry will simply return a list of Cloudflare-managed servers, instead of the original web server which runs the website.


When pressing the “Claim” button shown on the above screenshot, the site performs a HTTP POST request to return a valid QR code for use in QRIS, the national QR-based payment system which is based on EMVCo’s QR Code Specification for Payment Systems.

Here, understanding the EMVCo’s specification for merchant-presented payment QR codes is crucial to identify the threat actor. The above QR code contains the following payload:

00020101021226670016COM.NOBUBANK.WWW01189360050300000839560214531186424655810303UME51440014ID.CO.QRIS.WWW0215ID20221563643500303UME5204549953033605409251990.005802ID5903MRS6015JAKARTA SELATAN61051221062770114031300054398220525c6bf0ed4fb2cec5f40ed066cd061920220313165000231530703A016304EFF2
Code language: CSS (css)

Which suggests that:

  1. The QR code declares itself as a dynamic payment QR code (“QRIS Dinamis”), which are more commonly used in payment gateways, EDC machines, and SaaS-based POS systems rather than a static QR code (“QRIS Statis”) which is commonly printed as stickers in brochures and shops.
  2. The QR code was created on behalf of “MRS” instead of “Pos Indonesia”, which is intentional to avoid rejection by Indonesian banks, digital wallets, and payment providers who are eligible to issue new QRIS payment QR codes.
  3. The National Merchant ID (NMID) of the suspected scammer’s merchant is ID2022156364350.
  4. The merchant falls under the “Convenience and Specialty Stores” (5499) category, according to the QR’s metadata. Similarly, we also have a valid static QRIS code (pictured below) which also falls under this exact category, despite declaring ourselves as a “Software house and SaaS provider” when requesting one from our QRIS issuer.
Our official QRIS QR code. Original payload: 00020101021126680016ID.CO.TELKOM.WWW011893600898029003487302150001952900348730303UMI51440014ID.CO.QRIS.WWW0215ID10221477541080303UMI5204549953033605502015802ID5925REINHART PREVIANO KOENTJO6015KOTA JAKARTA PU61051026062220511100027433310703A1763040D45
  1. The QR code was issued by neither any Indonesian state-owned banks (BNI, BRI, BTN, Bank Mandiri) nor Pospay, a digital wallet service owned by Pos Indonesia itself.
  2. Instead, the QR code was issued by NOBU National Bank, a privately-owned Indonesian bank, with the internal merchant PAN of 936005030000083956 and internal merchant ID of 53118642465581.
  3. Since the QR code was created dynamically (see Point 1) and issued by NOBU (see Point 6), we can highly assume that the scammer abuses NOBU’s online payment gateway system to generate dynamic QRIS payment codes for phishing and scamming purposes.

Note that we cannot further identify the scammer beyond this point. However, it is fairly easy for NOBU and legal authorities to further investigate and capture these scammers, as valid Indonesian IDs are still required to request new QRIS codes from authorized issuers, which can be found on https://www.aspi-indonesia.or.id/standar-dan-layanan/qris/.


Here, we decided to notify related parties in the following order to help legal authorities validate this issue before revoking access to both QRIS merchant account and the suspected website.

  1. NOBU National Bank and Pos Indonesia
  2. s.id URL shortening service and Ministry of Communication and Informatics of Republic of Indonesia
  3. Cloudflare and Webnic

We value your cooperation in resolving this issue. In fact, we know that most of our contacted parties are still actively fighting online scams from Indonesia and all around the world. We understand that this type of scam is fairly new, hence stopping this scam website in the first place marks a great start in stopping future QRIS-based online scams.


IMPORTANT NOTE: If you are voluntarily reading this from Indonesia, please do not give donations directly to our own QRIS payment code as shown on this blog post. Instead, you may support us through a number of ways, including sites such as Saweria and Trakteer which also supports payments from e-wallets and QRIS.

Update 1: March 15, 2022

We forwarded the issue to NOBU National Bank via their official WhatsApp account. However, the bank rejected our report for not submitting transaction evidences with the scammer. The bank expects users to report scams after they’re being scammed, or in their own terms, “experiencing financial losses”.

Meanwhile, the website was experiencing 500: Internal Server Error. The site is broken, I guess. But we decided to forward this issue to Cloudflare and Google Safe Browsing as well.

Update 2: March 18, 2022

We’re still curious enough to check whether the scam site is still working. Our Cloudflare and Google Safe Browsing reports didn’t have any effects, though.

However, what’s changing here is that the “Claim” button redirects to a checkout page generated by Xendit, a Southeast Asia payment gateway, in case you’re already familiar with Square and Stripe. This time, the merchant claimed to be “POSGIRO” instead of “MRS”. The original invoice URL is https://checkout.xendit.co/web/6234b85f9820c061fbb94cfd.

What a real Pos Indonesia checkout page look like?

Some people also asked us whether there are clear examples of Pos Indonesia’s real checkout page. Fortunately, we have one answer, on va.posindonesia.co.id, right when we receive an import tax bill to get our Hacktoberfest 2021 prizes mailed to our home address.* Here’s another QRIS for you to analyze:

The original payload here is:

00020101021226740022ID.CO.POSINDONESIA.WWW01189360816100000060050215ID20211150768080303PSO5204931153033605405675005802ID5917POS_INTERNASIONAL6007BANDUNG61054011562220703A010111500707128306304AB3B
Code language: CSS (css)

Which clearly states that this is a dynamic payment QR code (“QRIS Dinamis”) issued right from Pos Indonesia! At least for their own postal and delivery services as well as Pospay merchants out there.

Sebuah review teknikal tentang Leslar Metaverse.

Kali ini saya akan membahas Leslar Metaverse, salah satu proyek token mata uang kripto dan metaverse yang sedang dikembangkan oleh para artis di Indonesia. Awalnya saya hanya ingin membahas tentang ASIX token, atau lebih tepatnya ASÎX, tapi nama “metaverse” yang disematkan di dalam Leslar Metaverse ini sudah cukup membuat saya ngakak.

1. Whitepaper yang bukan Whitepaper.

Si “whitepaper” yang ditunjukkan oleh proyek Leslar Metaverse ini ternyata bukanlah sebuah “kertas putih”, tapi slideshow Canva yang bisa diakses di sini.

Menurut saya, “whitepaper” yang satu ini sangat berbeda jika dibandingkan dengan whitepaper resmi dari Bitcoin, Ethereum, Polygon, dan sebagainya. Selain karena warna latar belakang sang whitepaper yang tidak berwarna cerah, whitepaper dari Leslar Metaverse tidak mengidentifikasi masalah-masalah saat ini yang akan dituntaskan dalam proyek tersebut.

Whitepaper resmi Bitcoin menyatakan bahwa Bitcoin ingin menyelesaikan masalah yang sering dihadapi dalam dunia pembayaran online, yaitu karena adanya pihak penengah atau pihak ketiga (misal: GPN, Visa, Mastercard, atau payment gateway) yang selalu memfasilitasi setiap transaksi di dalamnya. Sedangkan, Ethereum dirancang dengan konsep bahwa blockchain tidak hanya dapat dijadikan sebagai ledger besar untuk menyimpan transaksi moneter layaknya Bitcoin, dan blockchain milik Ethereum juga dapat dipakai untuk menyimpan berbagai data, termasuk custom token seperti token $LESLAR yang dirancang saat ini, serta NFT dan smart contract.

Tapi, masalah-masalah apa yang ingin diselesaikan oleh proyek Leslar Metaverse ini? Sang whitepaper menyatakan bahwa mereka juga berinisiatif untuk mendukung para bayi terlantar untuk pendidikannya. Saya yakin ada banyak perusahaan, organisasi, artis, dan individu yang sudah berhasil mewujudkannya, tanpa merilis koin, NFT, dan metaverse baru. Cukup pakai Rupiah dan fasilitas dunia nyata yang sudah ada saat ini, seperti situs Kitabisa.com.

Semua ini bisa dilakukan tanpa token presale.

Selain itu, Leslar Metaverse juga menyatakan mereka berambisi untuk memperkenalkan dan mengedukasi masyarakat Indonesia terhadap dunia digital. Mohon maaf, jika Anda ingin melakukannya, Anda sebaiknya berpartisipasi dalam meningkatkan literasi digital masyarakat Indonesia, seperti program Pandu Digital dan Siberkreasi ala pemerintah. Bukan merilis $LESLAR atau Leslar Metaverse dan mempromosikannya dengan the power of emak-emak.

2. Hanya akan ada 8.888 fans Leslar sejati di dunia ini.

Leslar Metaverse juga mengenal istilah Leslarian. Namun, istilah tersebut berbeda dengan istilah Leslar Lovers bagi para fans Lesti dan Bilar di Indonesia dan di Asia Tenggara. Sekedar informasi, Leslarian ini akan dirilis sebagai sebuah koleksi NFT dengan total 8.888 karakter unik yang akan dirilis dan diperjualbelikan.

Jika memang sang “metaverse” yang digadang-gadangkan oleh Leslar Metaverse ini sudah siap untuk dilihat dan dikunjungi, saya yakin bahwa Leslarian akan menjadi koleksi yang sangat langka bagi Indonesia dan dunia. Karena NFT tersebut dapat didagangkan sebagai pengakuan dari Leslar Metaverse (dan bahkan Leslar Entertainment juga) terhadap setiap Leslar Lovers sebagai fans resmi yang berhak untuk menikmati apa saja yang Leslar Metaverse tawarkan.

3. Bukan DAO. Tapi monarki digital.

Pengembangan metaverse yang terintegrasi dengan blockchain kini juga mengenal istilah bernama DAO, singkatan dari decentralized autonomous organization alias organisasi otonom yang terdesentralisasi. Artinya, DAO adalah sebuah organisasi digital yang dikelola secara otomatis, serta kepemilikan dan kepengurusan DAO tersebut dapat berubah-ubah sesuai dengan sistem dan ketentuan yang berlaku.

Berdasarkan whitepaper resmi, Leslar Metaverse bukanlah merupakan sebuah DAO. Melainkan sebuah monarki digital di mana Bilar-lah yang menjadi raja dan Lesti menjadi ratu di dalam dunia digital yang mereka kembangkan. Lagian, Leslar Metaverse juga melabel dirinya sebagai perusahaan, bukan organisasi.

Jika Leslar Metaverse benar-benar merupakan sebuah monarki, dengan 8.888 Leslarian yang diakui sebagai warga negara tersebut, Leslar Metaverse bisa saja bergabung dalam proyek Bitnation untuk membuat sebuah negara dan kerajaan digital yang terpisah dari bangsa dan Republik Indonesia, dimana Leslar Kingdom mengakui $LESLAR sebagai alat pembayaran yang sah. Sayangnya, demografik kerajaan ini tidak dapat diukur karena populasinya sangat stagnan, yaitu delapan ribu delapan ratus delapan puluh delapan Leslarian, sebagaimana diatur di dalam Undang-Undang Dasar milik mereka.

4. Ini Leslar Universe. Bukan Leslar Metaverse.

Proyek “metaverse” yang dikembangkan oleh Leslar Metaverse sama sekali tidak menjelaskan apakah mereka akan tetap menghormati hak-hak asasi pengguna metaverse yang sesungguhnya. Salah satu dari hak tersebut adalah hak untuk berkreasi dan membuat dunia sendiri di dalam metaverse tersebut.

Dalam metaverse, “ruang” (misalnya kamar atau rumah) dan “dunia” memiliki perbedaan yang cukup signifikan, sehingga jika Leslar Metaverse hanya memperbolehkan para penggunanya untuk memiliki ruang sendiri, namun harus berada di dalam dunia yang sama (misal: Leslar City), Leslar Metaverse kemudian tidak dapat disebut sebagai proyek metaverse secara sah menurut hukum ruang siber yang berlaku.

5. Siapakah developernya?

Kami juga menanyakan apakah ada developer asli di balik proyek Leslar Metaverse. Khususnya dalam tim pemgembang aset, game developer, moderator metaverse, dan sebagainya. Dan berdasarkan riset kami dalam mengembangkan ExpoSURE, kami yakin bahwa proyek metaverse seperti ini hanya bisa disukseskan melalui game studio dengan sumber daya yang memadai seperti Agate Studio dan WIR Group.

Sedangkan, sang “monarki digital” Leslar Metaverse ini memiliki segenap “tim profesional” dengan nama-nama yang cukup generik: Reza, Anthonius, Kevin, Hanson, dan Wilson. Saya saat ini mengenal belasan orang dengan nama “Kevin”, karena itu saya tidak tahu Kevin atau Kevin yang mana yang merupakan Kevin yang Kevin sebagai Kevin di balik Leslar Metaverse ini.

Kevin yang Tertukar

…kecuali Rudy Salim sebagai “Elite President”. Dengan hobinya dalam dunia otomotif dan pembelian Cilegon United FC dalam portfolio bisnisnya, kembali lagi saya tidak melihat tanda-tanda bahwa salah satu di balik “tim profesional” Leslar Metaverse memiliki latar belakang di dalam pengembangan dunia virtual dan video game.

Selain itu, pihak Leslar Metaverse juga memprioritaskan pengembangan metaverse yang sesungguhnya pada fase terakhir, sedangkan agenda untuk fase-fase sebelumnya sebagian besar diisi dengan propaganda koin $LESLAR dan NFT Leslarian.

Apakah itu berarti mereka memang sedang mencari SDM untuk mengembangkan metaverse yang diidam-idamkan, atau hanya ingin memperlambat pengembangan metaverse tersebut sehingga agenda terselubung dapat mereka jalankan di tengah-tengah perjalanan?

Kesimpulan

Berdasarkan berbagai fakta di atas saya melihat bahwa Leslar Metaverse kini lebih berfokus dalam menjual aset kripto daripada mengembangkan metaverse sesuai visi mereka. Padahal, metaverse lain seperti VRChat, Roblox dan Minecraft kini dapat dinikmati oleh siapapun tanpa perlu pergi ke Indodax atau Tokocrypto dan membeli NFT “Ghozali Everyday”.

Saat ini saya tidak bisa berkomentar apakah Leslar Metaverse adalah penipuan atau tidak, tapi dengan struktur monarki yang mereka terapkan saya yakin proyek “metaverse artis” seperti ini dapat mengalami kesalahan fatal sesuai dengan keputusan dari kerajaannya. Coba kita lihat apakah yang akan dilakukan King Bilar dan Queen Lesti dalam pengembangan Leslar Metaverse nanti.

Update 25 Februari 2022

Beberapa hari sebelum artikel ini dirilis, saya cukup dikagetkan dengan headline ini:

https://www.vice.com/en/article/wxd4w5/web3-developers-have-discovered-a-functioning-metaverse-its-minecraft

Nah, hayo lo, Leslar Metaverse, kenapa harus bikin metaverse lagi kalau Minecraft juga sudah dipilih sama beberapa proyek Web3?

I’m Nate, the blue command-line guy.

So, people are asking me about my shiny blue virtual add-on to my head. Some even called me “blue-helmet” or “balloon-head” for that, even though the official name for that is the Shell.

You know, the “Bearers of the Shell” refers to those who wear shells as identity and power, and I love being shelled this way, especially on social media and internet. There are many reasons why I really liked that, and some of them are:

1. Because I love the command-line.

The inspiration behind this specific shell is the universally-known official logo of the command-line, or “terminal”. Yeah, just compare my shell with the official logos of Windows Terminal, Microsoft PowerShell, macOS’ Terminal.app, GNOME Terminal, Termux, and so on. And they are surprisingly the same!

Sure, command-line is cool, and people over r/unixporn have shown how cool the world of command-line could be. However, the Windows Command Prompt (cmd.exe) sits right next to the Registry Editor (regedit.exe) as the most feared Windows programs by novice users at all time.

Being able to destroy your computer that way doesn’t always mean you should keep off your hands and feet from that. I have many stories to tell when it comes to destroying my Linux installation (which should be OK since Linux is mostly free without activation and licensing stuff) but hey, command-line is the most productive tool I ever have even today when I work in server administration.

2. Because I am the command-line.

My interests in the command-line world transformed me into becoming one with the command-line.

Just kidding, but since:

  1. I hear your inputs
  2. I process and take actions from my mind
  3. I give back the results to you

I’m practically the same as command-line programs and computers in general: processing inputs for outputs. After all these years, I really feel I’ve been the command-line guy for years, advocating the original git command instead of those Git GUIs. And yes, I have done great things through command-line, too!

3. Because I love to be Nate, one of my first OCs.

Before Shiftine, pr0xy, mallory and others came, there was an idea to create a video games about tech. The idea since then was narrowed down into a webcomic, then soon disappeared in favor of great robots that you see today.

The first (couple) of OCs are Nate and Nix. And they have evolved from the generic Alice and Bob as well as “Charlie and Charlene”, aka. the “char-acters”, in 2014. It wasn’t until 2021 when these characters finally show up with shells replacing their heads, especially as in early concepts they were humans with poles which act as their AI assistants. Or perhaps, “magic wands”, if I could say.

But soon I’m proud of my creations. And that’s why I decided to be him.

4. And because some family concerns.

I live in an environment where people don’t want their faces to be publicly recognized. No, we’re not talking about European Union or surveillance capitalism here, but there’s one real case which I need to address here.

Now, look again at this picture.

I really liked the fact that you’re more likely to see Nate rather than my real face here. Just try to see that picture from a distance, and you’ll finally can’t even tell the difference between Nate and myself. Yeah, I feel amalgamated in this picture, too!

If you search for “Reinhart Previano” today, you’ll more likely to see characters like these instead of my face popping on the search results, thanks to our site’s great SEO. This is awesome! That means I’m famous for having my shell stuck on my head, and those who try to threaten my family will be more difficult to find me in real life. Oh by the way, I don’t wear this shell in real life, so good luck finding which real face is mine!

Yeah, I’ll be riding the cursor of my dreams.

So, one cool thing that Nate ever had before is his cursor. You can say that as his primary means of transportation. And as the Nate you know today I gave it to Shiftine for her work.

But today I’m thinking of creating a new one for myself, and possibly for many other bearers out there.

Since I’m also a software developer I’m thinking of creating a loyalty program where you can collect shells and cursors. I bet that would be even awesome if you can have yourself an unique and undefined BOTS experience.

BOTS doesn’t have to take place in the metaverse, anyway. In fact, I heard some rootheads are making their own version of the metaverse. What that could possibly be?

That’s all for now, I’ll gonna sleep and dream and wake up as Nate. Yeah, I love blue, is that a problem for you?