Malaysia on keithrozario.com

Contact Tracing Apps: they're OK.

Sun, 10 May 2020 16:46:28 +0000

I thought I'd write down my thoughts on contact tracing apps, especially since a recent BFM suggested 53% of Malaysians wouldn't download a contact tracing app due to privacy concerns. It's important for us to address this, as I firmly believe, that contact tracing is an important weapon in our arsenal against COVID-19, and having 54% of Malaysians dismiss outright is concerning.

But first, let's understand what Privacy is.

Privacy is Contextual

Privacy isn't secrecy. Secrecy is not telling anyone, but privacy is about having control over who you tell and in what context.

For example, if you met someone for the first time, at a friends birthday party, it would be completely rude and unacceptable to ask questions like:

What's your weight?
What's your last drawn salary?
What's your age?

In that context you're unlikely to find someone who will answer these questions truthfully.

But...

Age and weight, are perfectly acceptable questions for a Doctor to ask you at a medical appointment, and your last drawn salary is something any company looking to hire you will ask. We've come to accept these questions as OK -- under these contexts.

You might still not want to answer them, which might mean you don't get the job, or the best healthcare -- but you certainly can't be concerned by them. Far more people will answer these same questions truthfully if you change the context from random stranger at a party to doctors appointment.

So privacy is contextual, to justify concerns we have to evaluate both the context and the question before coming to a conclusion.

So let's look at both, starting with the context:

The problem with Grab

Wed, 06 Feb 2019 00:12:52 +0000

As a company, Grab has done enormously well for itself, and naturally will be the target of some hate.

But I think there's a deeper issue with Grab that needs addressing before it becomes an unsolvable problem.

Grab is a win-win

Let's start with what makes Grab so appealing.

Grab (at least in my mind) is the highest paying hourly wage job in the country. As long as you possess a car, and a valid driving license you can be a Grab driver, earning significantly more than any other hourly wage job.

According to this WOB article (which looks suspiciously like a paid ad), the average Grab driver earns RM5,000 per month, which is crazy money for a unskilled job -- and yes driving Grab is unskilled labour.

For unskilled work in Malaysia, earning RM5,000 per month is a god-send, after all even graduate employees don't earn that much. And like all hourly wage jobs, the more hours you put in, the more money they make -- 5,000 is just where it starts

So this seems like a win-win for everyone, drivers get to earn, and at the same time provide a service that is in high demand.

And in truth, Grab is a win-win -- at least for now.

Fast-forward

The problem is that when you fast-forward 10 years, or just 2 elections from now.

Most Grab drivers I've met aren't doing this part-time. They're driving as a full-time job, and they're putting in serious hours (10-12 a day) to make serious money. That means they've no time or to up-skill themselves, because every hour learning a new skill is an hour they could have been driving.

The cost of learning to them is a double-whammy, first they spend on acquiring the new skill (like everybody else), but also the lose income from their not driving. This for most, will be too high a price to pay.

You might argue that driving isn't un-skilled. But all it takes to be a Grab driver is a driving license and a car, skills don't factor into this. Grab doesn't care if you're a PhD, diploma holder or SPM drop-out, it'll pay the same.

Grab views all of it's drivers as a supplier of the one commodity it needs -- cars to move passengers. The only time Grab pays more to drivers is when they turn on the auto-accept feature, because that makes their algorithm more efficient. The more subservient you are to the algorithm, the better it will reward you -- that is a pretty nasty feeling.

So as more folks join the Grab band-wagon, we're sucking out skilled labour from the job-market. Leaving the entire country, as a whole, worse off in terms of competitiveness. But we're just getting started.

The Malaysian Government isn't watching your porn habits

Sun, 15 Jul 2018 00:10:35 +0000

Recently, there was a poorly written article in The New Straits Times, that suggested the Malaysian Police would know if you were watching porn online.

Let me cut to the chase, the article is shit.

The software in question, aptly named Internet Crime Against Children Child Online Protective Services (ICACCOPS) is used to detect Child Pornography, and Child Pornography only – as the name clearly implies. It is a collaborative effort by Law Enforcement agencies, and is shared with PDRM, probably as a gesture of good will, and also a collaborative effort.

Security Headers for Gov-TLS-Audit

Sun, 08 Jul 2018 22:00:56 +0000

Gov-TLS-Audit got a brand new domain today. No longer is it sharing a crummy domain with sayakenahack (which is still blocked in Malaysia!), it now has a place to call it’s own.

The domain cost me a whooping $18.00/yr on AWS, and involved a couple hours of registration and migration.

So I felt that while migrating domains, I might as well implement proper security headers as well. Security Headers are HTTP Headers that instruct the browser to deny or allow certain things, the idea being the more information the site tells the browser about itself, the less susceptible it is to attack.

I was shocked to find out that Gov-TLS-Audit had no security headers at all! I assumed AWS (specifically CloudFront) would take care of ‘some’ http headers for me – I was mistaken. Cloudfront takes care of the TLS implementation, but does not implement any security header for you, not even strict-transport-security which is TLS related.

So unsurprisingly, a newly created cloudfront distribution, using the reference AWS implementation, fails miserably when it comes to security headers.

I guess the reason is that HTTP headers are very site-dependant. Had Cloudfront done it automatically, it might have broken a majority of sites And implementing headers is one thing, but fixing the underlying problem is another – totally bigger problem.

But what security headers to implement?

The GREAT .my outage of 2018

Sat, 23 Jun 2018 11:22:30 +0000

[caption id=“attachment_6436” align=“aligncenter” width=“550”]

Boy, that’s a lot of RED![/caption]

Last week, MyNic suffered a massive outage taking out any website that had a .my domain, including local banks like maybank2u.com.my and even government websites hosted on .gov.my.

Here’s a great report on what happened from IANIX. I’m no DNSSEC expert, but here’s my laymen reading of what happened:

.my uses DNSSEC
Up to 11-Jun,.my used a DNSKEY with key tag:25992
For some reason, this key went missing on the 15-Jun, and was replaced with DNSKEY key tag:63366. Which is still a valid SEP for .my
Unfortunately, the DS record on root, was still pointing to key tag:25992
So DNSSEC starting failing
15 hours later, instead of correcting the error, someone tried to switch off DNSSEC removing all the signatures (RRSIG)
But this didn't work, as the parent zone still had a DS entry that pointed to key tag:25992 and hence was still expecting DNSSEC to be turned on.
5 hours after that, they added back the missing DNSKEY key tag:25992 (oh we found it!), but added invalid Signatures for all entries -- still failing.
Only 4 hours after that did they fix it, with the proper DS entry on root for DNSKEY key tag:63366and valid signatures.
That's a 24 hour outage on all .my domains.

So basically, something broke, they sat on it for 15 hours, then tried a fix, didn't work. Tried something else 5 hours after that, didn't work again! And finally after presumably a lot of praying to the Gods of the Internet and a couple animal sacrifices, managed to fix it after a 24-hour downtime.

I defend my fellow IT practitioners a lot on this blog, but this is a difficult one. Clearly this was the work of someone who didn’t know what they were doing, and refused to ask for help, instead tried one failed fix after another which made things worse. As my good friend Mark Twain would say – it’s like a Mouse trying to fix a pumpkin.

I don’t fully understand DNSSEC (it’s complicated), but I’m not in charge of a TLD. It’s unacceptable that someone could screw up this badly – and for that screw up to impact so many people, and all we got was a lousy press release.

The point is, it shouldn’t take 24 hours to resolve a DNSSEC issue, especially when it’s such a critical piece of infrastructure. I’ve gone through reports of similar DNSSEC failures, and in most cases recovery takes 1-5 hours. The .nasa.gov TLD had a similar issue, that was resolved in an hour, very rarely do we see a 24 hour outage, so what gives?

I look forward to an official report from MyNIC to our spanking new communications ministry, and for that to be shared to the public.

The Malaysian Ministry of Education Data Breach

Mon, 18 Jun 2018 22:44:08 +0000

Ok, I’ve been pretty involved in the latest data breach, so here’s my side of the story.

At around 11pm last Friday, I got a query from Zurairi at The Malay Mail, asking for a second opinion on a strange email the newsdesk received from an ‘anonymous source’. The email was regular vulnerability disclosure, but one that was full of details, attached with an enormous amount of data.

This wasn’t a two-liner tweet, this was a detailed email with outlined sub-sections. It covered why they were sending the email, what the vulnerable system was, how to exploit the vulnerability and finally (and most importantly!) a link to a Google Drive folder containing Gigabytes of data.

The email pointed to a Ministry of Education site called SAPSNKRA, used for parents to check on their children’s exam results. Quick Google searches reveal the site had security issues in the past including one blog site advising parents to proceed past the invalid certificate warning in firefox. But let’s get back to the breach.

My first reaction was to test the vulnerability, and sure enough, the site was vulnerable to SQL Injection, in exactly the manner specified by the email. So far email looked legitimate.

Next, I verified the data in the Google Drive folder, by downloading the gigabytes of text files, and checking the IC Numbers of children I knew.

I further cross-checked a few parents IC numbers against the electoral roll. Most children have some indicator of their fathers name embedded in their own, either through a surname or the full name of the father after the bin, binti, a/l or a/p. By keying in the fathers IC number, and cross-referencing the fathers name against what was in the breach, it was easy to see that the data was the real deal.

So I called back Zurairi and confirmed to him that the data was real, and that the site should be taken offline. I also contacted a buddy of mine over at MKN, to see if he could help, and Zurairi had independently raised a ticket with MyCert (a ticket??!!) and tried to contact the Education Minister via his aide.

Obviously neither Zurairi nor myself, or any of the other journalist I kept in touch with, could report on the story. The site was still vulnerable, and we didn’t want someone else breaching it.

The next morning, I emailed the anonymous source and asked them to take down the Google Drive, explaining that the breach was confirmed, and people were working to take down the site. Hence there was no reason to continue exposing all of that personal information on the internet.

They agreed, and wiped the drive clean, and shortly after I got confirmation that the SAPSNKRA website had been taken down. So with the site down, and the Google Drive wiped cleaned, it seemed the worst was behind us.

Danger averted…at least for now.

But, since Data breaches last forever, and this was a breach, we should talk about what data was in the system. Zurairi did a good job here, but here’s my more detail take on the issue.

3 times GovTLS helped fixed government websites

Sat, 16 Jun 2018 09:21:52 +0000

Couple months back I started GovTLSAudit. A simple service that would scan .gov.my domains, and report on their implementation of TLS. But the service seems to have benefits above and beyond that, specifically around having a list of a government sites that we can use to cross-check against other intel sources like Shodan (which we already do daily) and VirusTotal.

So here’s 3 times GovTLSAudit helped secure government websites.

That time Yayasan Islam Terengganu was used a phishing website

I used virustotal's search engine to see if they had extra .gov.my domains to scan, and found a few rather suspicious looking urls including:

paypal-security-wmid0f4-110ll-pp16.yit.gov.my appleid.corn-security2016wmid7780f4-110ll-16.yit.gov.my paypal-security-wmid7110f4-110ll-pp16.yit.gov.my

This was an obvious phishing campaign being run out of a .gov.my domain. Digging further, I found that the IP address the malicious urls resolve to was local, and belonged to Exabytes. And while the root page was a bare apache directory, buried deep within the sites sub-directories was a redirect that pointed to a Russian IP.

I took to twitter to report my findings – I kinda like twitter for this, and the very next day Exabytes come back with a followup that they were fixing it. That’s good, because having a phishing campaign run on .gov.my infrastructure isn’t exactly what you’d like.

There’s a lot more details in the tweet about how I investigated this,– click here to follow the thread. A warning though – I regularly delete my old tweets. So get it while it’s there :).

Look ma, Open Redirect on Astro

Thu, 07 Jun 2018 23:03:17 +0000

If you’ve come here from a link on twitter – you’d see that the address bar still says login.astro.com.my, but the site is rendering this page from my blog. If not, click this link to see what I mean. You’ll get something like this:

Somehow I’ve managed to serve content from my site on an astro domain. Rest assured, I haven’t ‘hacked’ astro servers and uploaded my page, but I’ve performed an equally sinister attack called open redirect.

Here's one thing that's already changed post GE14

Fri, 11 May 2018 20:54:02 +0000

In 2015, I was invited to a variety program on Astro to talk about cybersecurity.

This was just after Malaysian Airlines (MAS) had their DNS hijacked, but I was specifically told by the producer that I could NOT talk about the MAS hack, because MAS was a government linked company, and they couldn’t talk bad about GLCs.

Then half-way through the interview they asked me about government intervention, and I said something to the effect of “Governments are part of the problem and should refrain from censoring the internet”, that sound-bite never made it to TV because it was censored.

Gov TLS Audit : Architecture

Sat, 14 Apr 2018 00:47:40 +0000

Last Month, I embarked on a new project called GovTLS Audit, a simple(ish) program that would scan 1000+ government websites to check for their TLS implementation. The code would go through a list of hostnames, and scan each host for TLS implementation details like redirection properties, certificate details, http headers, even stiching together Shodan results into a single comprehensive data record. That record would inserted into a DynamoDB, and exposed via a rest endpoint.

Initially I ran the scans manually Sunday night, and then uploaded the output files to S3 Buckets, and ran the scripts to insert them into the DB.

But 2 weeks ago, I decided to Automate the Process, and the architecture of this simple project is complete(ish!). Nothing is ever complete, but this is a good checkpoint, for me to begin documenting the architecture of GovTLS Audit (sometimes called siteaudit), and for me to share.

What is GovTLS Audit

First let's talk about what GovTLS Audit is -- it's a Python Script that scans a list of sites on the internet, and stores the results in 3 different files, a CSV file (for human consumption), a JSONL file (for insertion into DynamoDB) and a JSON file (for other programmatic access).

A different script then reads in the JSONL file and loads each row into database (DynamoDB), and then uploads the 3 files as one zip to an S3 bucket.

On the ‘server-side’ there are 3 lambda functions, all connected to an API Gateway Endpoint Resource.

One that Queries the latest details for a site [/siteDetails]
One that Queries the historical summaries for the site [/siteHistory]
One that List all scan (zip files) in the S3 Bucket [/listScans]

Finally there's a separate S3 bucket to serve the 'website', but that's just a simple html file with some javascript to list all scan files available for download. In the End, it looks something like this (click to enlarge):

Gov.My TLS audit: Version 2.0

Mon, 05 Mar 2018 23:28:15 +0000

Last week I launched a draft of the Gov.my Audit, and this week we have version 2.0

Here’s what changed:

Added More Sites. We now scan a total of 1324 government websites, up from just 1180.
Added Shodan Results. Results includes both the open ports and time of the Shodan scan (scary shit!)
Added Site Title. Results now include the HTML title to give a better description of the site (hopefully!).
Added Form Fields. If the page on the root directory has an input form, the names of the fields will appear in the results. This allows for a quick glance at which sites have forms, and (roughly!) what the form ask for (search vs. IC Numbers).
Added Domain in the CSV. The CSV is sorted by hostname, to allow for grouping by domain names (e.g. view all sites from selangor.gov.my or perlis.gov.my)
Added an API. Now you can query the API can get more info on the site, including the cert info and HTTP headers.
Released the Serverless.yml files for you to build the API yourself as well :)

All in all, it's a pretty bad-ass project (if I do say so myself). So let's take all that one at a time.

Sayakenahack: Epilogue

Fri, 24 Nov 2017 19:00:29 +0000

I keep this blog to help me think, and over the past week, the only thing I’ve been thinking about, was sayakenahack.

I’ve declined a dozen interviews, partly because I was afraid to talk about it, and partly because my thoughts weren’t in the right place. I needed time to re-group, re-think, and ponder.

This blog post is the outcome of that ‘reflective’ period.

The PR folks tell me to strike while the iron is hot, but you know – biar lambat asal selamat.

Why I started sayakenahack?

I'm one part geek and one part engineer. I see a problem and my mind races to build a solution. Building sayakenahack, while difficult, and sometimes frustrating, was super-duper fun. I don't regret it for a moment, regardless of the sleepless nights it has caused me.

But that’s not the only reason.

I also built it to give Malaysians a chance to check whether they’ve been breached. I believe this is your right, and no one should withhold it from you. I also know that most Malaysians have no chance of ever checking the breach data themselves because they lack the necessary skills.

I know this, because 400,000 users have visited my post on “How to change your Unifi Password”.

400,000!!!

If they need my help to change a Wifi password, they’ve got no chance of finding the hacker forums, downloading the data, fixing the corrupted zip, and then searching for their details in file that is 10 million rows long – and no, Excel won’t fit 10mln rows.

So for at least 400,000 Malaysians, most of whom would have had their data leaked, there would have been zero chance of them ever finding out. ZERO!

The ’normal’ world is highly tech-illiterate (I’ve even talked about it on BFM). Sayakenahack was my attempt to make this accessible to common folks. To deny them this right of checking their data is just wrong.

But why tell them at all if there’s nothing they can do about it? You can’t put the genie back in the lamp.

Why does SayaKenaHack have dummy data?

Wed, 15 Nov 2017 00:49:17 +0000

Why does sayakenahack have dummy data? If I enter “123456” and “112233445566” I still get results.

I was struggling with answering this question, as some folks have used it to ‘prove’ that I was a phisher. We’ll get to that later, for now I hope to answer why these ‘fake’ IC numbers exist in the sayakenahack.

Firstly, I couldn’t find a good enough way to validate IC numbers as I was inserting them into the database. Most of you think that IC numbers follow a pre-define pattern :

6-digit birthday (yymmdd format)
2-digit state code
4-digit personal identifier, where the last digit is odd for men, and even for women.

But, there are still folks with old IC numbers, and the army have their own format. Not to mention that the IC Number field can be populated by passport numbers (for foreigners) and Company registration IDs. So instead of cracking my head on how to validate IC numbers, I decided to pass them all in.

The only ’transformation’ I do is to strip them of all non-AlphaNumeric characters and uppercasing any letters in the result. This would standardize the IC numbers in the database, regardless of source file format.

Had I done some validation, I might have removed these dummy entries – but fortunately I didn’t.

Upon further analyzing the data, I went back to the original source files and notice something strange, the account numbers belonged to some strange names. And then it made sense – this was Test data.

Test data in a Production Environment to be exact.

And when the Database for the telco was dumped, the telco’s didn’t remove these test accounts from their system. So what we have is a bunch of dummy accounts, with dummy IC numbers.

SayaKenaHack.com

Sun, 12 Nov 2017 18:50:11 +0000

On the 19th of October, Lowyat.net reported that a user was selling the personal data of MILLIONS of Malaysians on their forum. Shortly after, the article was taken down on the request of the MCMC, only to put up again, a couple of days later.

Lowyat later reported that a total of 46.2 Million phone numbers were exposed, and the data included IC numbers, Addresses, IMSI, IMEI and SIM numbers as well. In short, a lot of data from a lot of people.

Cyberwar assessment of Malaysia vs. DPRK

Sat, 01 Apr 2017 01:15:41 +0000

Would North Korea ever declare war on Malaysia?

Probably not.

But nothing is predictable when you’re dealing with a erratic despot who killed his own uncle with an anti-aircraft gun.

Realistically though, few nations have the resources and political will, to launch a war, half-way across the world. And neither Malaysia nor North Korea are one of those ‘few’ nations. But what if, instead of moving armies we just moved malicious code? What if we fought a cyberwar with the North Koreans, how would it look like, and could we win? Let’s find out.

Cyber is new domain of war

Cyber is a new domain of warfare, and this domains involves new ways of thinking and paradigm shifts. In the 18th and 19th century, the most powerful nation on earth, Great Britain had the worlds greatest Navy, and that allowed the empire to control the trade that flowed through the seas, and protect the island nation. Strategically Britain's Navy was essential to the protection of Britain, and the projection of its power around the world.

As we move from trading over the seas to trading over network cables, the parallels of having a Cyber-Navy become more apparent by the day. After all, the data that pass through our networks have an inherent value above and beyond the physical goods they may represent.

Let’s say you’re buying a new laptop online, you enter your password into the online shopping portal, and then inevitably your credit card details. Your password and card information has value, inherent to itself, regardless of the laptop the transaction represents. We still ship physical goods via sea-lanes and air-freight, but the data transversing the internet has tradeable value.

More apparent when you consider that the vast majority of ‘money’ is traded in digital form, over the internet. Just ask the Bangladesh Central Bank, that lost millions of dollars (which could have been Billions) to hackers who infiltrated their network, and issued electronic instructions to wire money.

But there are things far more important than money.

In today’s world of ‘fake news’ and election tampering, it could be argued that having a Cyber Army is a necessity not just to protect trade and finance, but the very core of a country’s democracy.

And there we see the first issue with Cyber defense of critical infrastructure–is it a civil or military function?

Private companies in any country run their own security guards, banks hire private firms to protect the cash in the safe. If a bank gets robbed, the manager calls the police, and the entire apparatus is a civilian function. But a private company in Malaysia (or anywhere else) isn’t worried about military attack. After all, armies don’t attack banks or companies don’t they?

On the internet, everyone is fair game.

Strong evidence suggest that state sponsored actors have attacked banks, stolen secrets from chemical companies, even attacked Facebook. In a non-cyber world, having an army attack civilian infrastructure in peace-time would be insane! But that is the norm on the internet.

So whose job is it to protect civilian infrastructure from military attack during peace time?

The Americans have drawn clear delineation, that the Department of Homeland Security (DHS) protects civilian government infrastructure (and helps private companies when called upon), while US Cyber Command protects the Military infrastructure. Malaysia (and most other countries) have no such delineation–and the problem is that governments get hacked all the time, even ours, and it’s unclear to me which Malaysian government agency is actually responsible for the security of our infra.

But before we evaluate our defensive capabilities, let’s evaluate the North Korean defense.

Relax dear-citizen your contactless card is relatively safe---ish

Sat, 31 Dec 2016 10:37:17 +0000

As Malaysia slowly (but surely) migrates to Chip and Pin, some banks have taken the opportunity to issue not just new Pin-enabled cards, but contactless-enabled ones as well.

To be clear, Banks are only mandated to issue new Pin cards (replacing the signature cards you had before), but are taking the opportunity to also embed contactless capabilities into them as well. After all they’re already issuing new cards to every (single!) card holder, might as well get them on the contactless bandwagon while they’re at it.

The reason for being so gung-ho about contactless is purely economical. Research suggest that the easier payment methods become, the more money people are willing to spend. People with credit cards spend more than people with just cash, and 0% interest schemes have been a godsend to retailers. Contactless payments, which don’t involve cumbersome Pins or signatures, are clearly the next evolutionary step, with one research paper suggesting they increase customer spending by nearly 10%.

Banks make money from small percentages per transactions, the more transactions at higher amounts, the more money they stand to make. So if an extra dollar worth of electronics in a contactless card increases revenue by 10%–why not?!

Pins are for security, Contactless is for convenience

But while PINs are a security feature, contactless is all about convenience. And conveniences trade-off security, so it stands to reason that contactless cards are less secure than regular 'contact' ones.

The question is whether that trade-off is worth the increase in convenience. After all, nothing is absolutely secure, and in today’s criminally infested internet, keeping your money under the mattress is safer than keeping it in a bank–but nobody does it because the mattress would be too inconvenient.

So what convenience are you getting with a contactless cards?

For one thing, no more waiting for a receipt printout to sign on, or bending down to an inconveniently placed pinpad to type in your PIN. Plus, for someone with gigantic fingers like me, I jump on the opportunity to avoid having to fidget with pinpads that must have been designed for dwarf children after they’ve been struck by the ray gun from Honey I shrunk the kids.

But that’s about it–the only convenience contactless cards provide is that you can do contactless payments–up to a specified amount.

The question now is what security trade offs are you making for this remarkable feature?

Two years on, teaching coding in schools declared a success

Sat, 30 Jul 2016 11:08:19 +0000

KLANG: Two years on, the the pilot initiative to teach coding and digital security as an SPM subject has been touted as a resounding success, and the government is mulling a move to make it compulsory by 2020.

The announcement shocked parents, as out of 10,000 students who took part in the pilot program, only 10 had scored an A while the rest had failed with a grade of F.

Education Minister, Dato’ Seri Java, said that this reflects the current IT market, where out of 10,000 security consultants, only 10 will ever give you good advice.

“We benchmarked against the industry, and set the grading curve accordingly, so only a 10 students getting an A was the intention!! We can’t have cases where students just memorize a textbook and then score an A, this is not History or Geography, this is an important subject” he said, while further mocking drama and English literature under his breath.

Deputy Director of Education, Perl Ramachandran further added that instead of focusing on the 9,990 students who failed, the public should instead focus on the ‘A’ students who showed exemplary work and are were ‘bright spots’ in the dark abyss which is the Malaysian education system.

One such exemplary student was 17-year old lass Siti Pintu bt. Belakang, she had managed to install a backdoor into the MOE exam system and downloaded the question paper days before the exam. A backdoor is an application that allows an attacker unfettered access to the compromised system, and Siti managed to code one from scratch specifically for this purpose.

Already Russian cyber-criminal organizations are offering her scholarships to prestigious universities, Perl further added.

Then there Godam a/l Rajakumar, who instead of stealing exam papers, simply hacked into the MOE grading system and gave himself a ‘A’.

The Internet is slow because of illegal downloads

Sat, 18 Jun 2016 12:20:54 +0000

Let’s start with the quote that set off the rage in my heart—

“You can see today that our Internet is slow. Not because it itself is slow but because a lot of people are using it,” he said
The government agency chief blamed this on illegal downloads hogging Internet bandwidth here, adding that this does not happen in countries like Germany due to stricter enforcement.

“In Germany, the Internet is fast because if you download illegally, you will be charged by the authorities.

“You can’t download illegal movies, songs and pictures there, you need to pay but we here, anything also we download illegally right up to the pictures of our grandfathers.

“That is why the Internet highway is slow but we blame the government. The government has created proper Internet highways but we don’t know how to use it. Millions have been spent on this by the government,” he explained.

So apparently, Datuk Ibrahim Saad, the National Civics Bureau (BTN) chief thinks that the internet is slow in Malaysia (it’s not that slow), because illegal downloads are hogging up the pipelines.

Let’s start with his first sentence, an substitute the word ‘internet’ with the name of any Malaysian highway you choose, personally I like to use the LDP:

You can see today that our LDP is slow. Not because it itself is slow but because a lot of people are using it

Hmmm, I guess in his infinite wisdom that makes sense to the BTN chief, but to me that just sounds like the highway wasn't built properly.

Let’s go to the 2nd statement:

In Germany, the Internet is fast because if you download illegally, you will be charged by the authorities.
“You can’t download illegal movies, songs and pictures there, you need to pay but we here, anything also we download illegally right up to the pictures of our grandfathers.

“That is why the Internet highway is slow but we blame the government

Now we come to the crux of the issue. If Malaysians weren’t illegally downloading, they’d have faster internet.

Here’s 4 reasons why he’s wrong.

This is how Pedophiles get caught

Sun, 12 Jun 2016 15:24:43 +0000

This will easily be the most controversial blog post I ever wrote, so consider yourself warned.

It’s controversial, because it touches on multiple taboos in our society, sex, child abuse and security theater. You see, there’s been a growing call for a national sex offender registry, especially in the wake of news that a British Pedophile had sexually abused up to 200 children in Malaysia.

The news is especially shocking for Malaysians, who are still coming to grips with the fact that a foreign ‘mat salleh’ abused our children, in our country, right under our fucking noses, and we’re only now learning about it….years after the abuse had taken place and even then, the details are sketchy.

As I said,many have renewed the call for a Sex Offender registry. The idea being, that if we start registering sex offenders, we could more easily monitor them, and be able cut-off their ability to further abuse children. It’s a great idea, but it wouldn’t have saved these 200 children, simply because Richard Huckle wasn’t convicted of any sexual abuse, he wouldn’t have been on the registry even if had one.

Then we have calls for better screening procedures of people who work with children. Another great idea, but again wouldn’t have stopped Richard Huckle. Maybe a extremely thorough and in-depth screening process that interviewed his parents, grandparents and fourth grade history teacher would have uncovered something about his psychology that may have triggered some alarms–but that level of screening is both unrealistic and a gross invasion of privacy.

Finally we have calls for better sex-education in schools, which I’m 100% in favor off. Proper sex education may have prompted one of Huckle’s victims to speak out and report the issue, which may prompted his arrest at a much earlier time–but ultimately these were impoverished children who were not given access to proper education anyway, so sex education in public schools probably wouldn’t have helped them.

But are we forgetting something obvious?

When bad advice comes from good people

Thu, 07 Apr 2016 19:48:41 +0000

What happens when a government agency tasked with providing cybersecurity “guidance” and “expertise” gives you advice like “avoid uploading pictures of yourself to avoid the threat of black magic”?

And then goes into damage-control claiming that it “was just a casual remark and did not represent the federal agency’s official position on the matter”, only to follow-up with more ridiculous advice like “passwords should be changed constantly to prevent identity theft and hacking”.

Sometimes I sigh so often my wife gets worried—or annoyed, maybe both :)

First-off you know my view on black magic, and for an agency under MOSTI to make such an anti-science remark is just appalling. Secondly, from a security point of view, changing passwords regularly doesn’t help, and they cause more harm than good by encouraging users to use easy to remember passwords that they transform after every iteration. Think superman123, then superman456…etc.

In fact, research from Microsoft suggest changing your passwords regularly isn’t worth the effort, and the best one can do is use a password manager that would allow you to have passwords that are both unique and hard to remember across all online services you use.

The fact, that the head of cybersecurity Malaysia is giving advice that most people in the security community consider obsolete doesn’t exactly calms your nerves.

Keith's on BFM Talking about spyware--again!!

Wed, 10 Feb 2016 12:05:17 +0000

Today, I was on BFM talking about Hacking Team, the audio for which is below, and more comments and thoughts below that.

Your browser does not support native audio, but you can download this MP3 to listen on your device.

This is my last ditch attempt to get a conversation started about the use of surveillance software by the Government—and these conversations should take place a the higher (and more powerful) levels of goverment. Talking about it to myself on this blog isn’t taking it anywhere.

Forcing journalist to reveal sources will be bad--for the government!

Tue, 09 Feb 2016 19:21:19 +0000

Our spanking new, hand-picked Attorney-General is proposing life imprisonment for journalist who refuse to reveal their sources.

And surprisingly, my favorite Member of Parliament,Dato Azalina Othman, has supported the move, saying it was ‘high-time’ Malaysian did something. Fortunately, some calmer more rationale heads, like Dato Paul Low have criticized the A-G for his short-sighted stupidity.

Putting aside the fact that anonymity of sources is a core component of Press freedom, it’s easy to extrapolate how harsher punishment for journalists who keep their sources anonymous will back-fire spectacularly for the Government.

If sources know that Journalist will be pressured to reveal their identities, most sources will stop speaking journalist, thereby stemming the leakages from the government, and keeping the status quo.Or so the theory goes…

Being Terrified: The price of terrorism

Mon, 08 Feb 2016 18:58:35 +0000

Next week, I’ll be on BFM for an interview about spyware, which will be my last Hail Mary play to get a conversation started about the use of surveillance software by the Government. If a radio interview on a popular station won’t do it, nothing on my blog will possibly be able to anyway :)

In any case, this post is a pre-emptive response to a slightly controversial idea that I cover (very briefly) in the interview, and hopefully it can be articulated better here than in a radio segment. To be honest, I haven’t fully thought this through, but I believe it at least some some aspects of truth that deserve further attention.

The Idea comes in 3 parts:

Terrorism has changed dramatically with ISIS (or Daesh)
Our conventional approach to surveillance will be ineffective against this new threat
Our surveillance-based response to the new threat may end up hurting us more than ISIS ever could

Let's go through them one at a time

Netflix is setting back Piracy and Security

Thu, 28 Jan 2016 20:33:58 +0000

Malaysian rejoiced last month when Netflix announced that they would be coming to our shores. We were all salivating over the massive amount of content we would finally have access too…except that it wasn’t so massive.

Malaysia would enjoy less than 20% of what was available to Netflix users in the US or even in the UK, and that looked like an especially lousy deal since we were paying the same amount for our subscriptions.

I wasn’t that interested in the news, after all, I had already subscribed to Netflix for more than 2 years, and used a VPN to enjoy US and even UK content. I loved Netflix because it had a lot of interesting content, but what really sealed the deal for me was Pocoyo and Dora the explorer…I’m a father of a 2-year-old, and having a video on demand service that lets me address my toddlers demand was a life-saver.

Netflix was far more effective than youtube for videos for my kid, first of all, the content was pure, and I could be sure that nobody was messing with it or adding commentary, but more importantly, it had no adverts, and when you have a 2-year-old the last thing you want them to watch is adverts.

Medium blocked: Collateral Censorship vs. Collateral Freedom

Sun, 24 Jan 2016 16:53:23 +0000

So the buzz around twitter is that Medium.com has been blocked by the Malaysian Authorities, and guess what? It’s true.

It was expected, after all Medium is where the ‘infamous’ Clare Rewcastle Brown uploads her articles to circumvent censorship of her own site, the equally diabolical SarawakReport.org.

A lot of successful writers and bloggers have taken to Medium to host their content, including Stephen Levy, the author of In the Plex, one of my favorite books on Google. He's using it (and only it) to start a Tech Hub for his content, and placing it alongside millions of other articles contributed by both professional and amateur writers.

So it made sense for SarawakReport to take their content to Medium. After all, most of their readership is Malaysian, and since Malaysian ISPs ‘censored’ their content, using a neutral ‘un-censored’ platform like Medium was a perfect solution—well almost perfect!

It’s a phenomenon called ‘collateral freedom’, and for a while SarawakReport readers, and Malaysian internet users enjoyed that collateral freedom, Medium was free and un-censored, which made Sarawark also free and un-censored as long as it was on the platform.

Questions we need to ask about spyware

Mon, 11 Jan 2016 08:01:57 +0000

If you believe (as I do), that the government bought spyware, then here are some pertinent questions

Question 1: Do these government agencies actually have investigative powers?

While the police might have the legal authority to investigate someone, does the PMO, MACC or anyone else share that authority. If a government agency has no right to investigate someone, then why is it buying spyware?

The conversation should end here, as I don’t believe the PMO has any authority to use spyware, but the next question actually goes even further and ask if anyone has the legal authority to use it.

Question 2: Is spyware legal?

Installing spyware on a laptop or smartphone is far more intrusive than a regular home search, it's like having an invisible officer stationed in your house listening in on everything you say and do. It doesn't just invade the privacy of the victim, but even those that victim communicates with, shares their laptop with or even those that just happen to be nearby.

The MACC act, that governs the powers of the commission, specifically state that a the Public Prosecutor or Commissioner of the MACC can authorize the interception of communications if they ‘consider’ that the specific communication might help in an ongoing investigation. However, spyware from hacking team isn’t really ‘intercepting’ communications, because what is being communicated through the Internet is usually encrypted, Hacking team circumvents this by capturing the data before it is encrypted and then sends that captured data in a separate communication back to its control servers. Strictly speaking, this isn’t interception, its shoulder surfing on steroids.

More worrying, is that the spyware might take screen shots of diary entries and notes that the victim never intended to communicate with anyone, or draft e-mail entries that they later delete are also captured by this spyware. Obviously this falls into a different category than simple ‘interception’, but I’m not done yet.

PMO purchases of Hacking Team software

Mon, 11 Jan 2016 08:00:32 +0000

[caption id=“attachment_5373” align=“aligncenter” width=“550”]

E-mail from Miliserv to Hacking team stipulating the end-customer as the Prime Ministers Department[/caption]

The Prime Ministers Department has denied (twice!) that it has ever procured surveillance software from Hacking Team. Even though hundreds of e-mails in the leaked Hacking Team archive point to it. The latest rebuttal, Datuk Azalina distanced her Ministry from other government agencies, encouraging reporters to seek official statement directly from other agencies accused of procuring the spyware.

In the mean-time though, we’ve now learnt that the MACC has made a ‘semi’ admission that they procured the spyware, and to clear any doubts there’s more proof at the end of this post. But in-spite of this, Datuk Seri Azalina has remained silent.

To be clear, I’m not accusing anyone of anything. I’m merely reproducing what is already in the public domain, in the hopes of us taking this conversation further to address more pertinent points. We are frustratingly stuck on this issue of purchase (or lack thereof) because the Prime Ministers Department denies it bought spyware. I find it quite appalling that the Ministry would issue a simple denial without further clarification when I had furnished many documents, in other words they’ve provided an unsubstantiated denial to my substantiated claim.

So…here’s an e-mail (linked here), showing Miliserv requesting Hacking Team to register the Prime Ministers Department as the End User of the system in the Licensing agreement, and here’s another (below), showing Miliserv preparing to welcome 6 PMO staff to their headquarters in Milan for ‘advanced training’. I have removed the names of the PMO staff (red blocks) as I believe that employees shouldn’t be punished for mistakes their employers commit (but you can search for it online, it comes with passport numbers as well). Why send 6 staff to Milan for training if you didn’t buy the spyware?

The Government doesn't buy spyware--yea right!

Wed, 30 Dec 2015 00:28:44 +0000

The Government has denied buying spyware from hacking team, they really should have checked with me before issuing the statement.

On the 23rd of November 2015, Datuk Seri Azalina Othman Said denied that the Malaysian government had procured spyware from hacking team. In a formal response (in Parliament!!), the Minister simply stated “For your information, no such device was purchased by the Prime Minister’s Department”.

For YOUR information, dear Minister, I don’t like being lied to, and oh look there’s a flying pig by the window.Next time ask your PR guys to call me before you go setting your pants on fire.

Ok folks, here’s a step-by-step on why we can trust the hacking team leak, why there’s conclusive proof Malaysia bought this spyware, and why we should be worried about the manner in which it is being used. So let’s go.

So you think English is the lingua-franca of Science...

Tue, 15 Dec 2015 08:00:23 +0000

I get annoyed when parent associations insist that the Government needs to teach science and maths in English. They argue that because English is the lingua-franca of science, teaching science in English will help students learn more effectively without needing them to translate scientific terms from the vernacular. They add that teaching Science and Maths in English is a great way to improve the standard of English in schools.

It would great if those points were true, but they’re not.

English as the Lingua franca of Science?

Firstly, English isn't the lingua-franca of Science. True, scientific journals are mainly in English and citations in most scientific literature point to English journals only, but shockingly primary and secondary school children don't read the latest publications on the higgs-boson.

Instead, what children learn in school is so dated, that their initial publications were probably in Latin or Greek, with older text going back to Arabic, Chinese or even Indian origin. The most recent ‘findings’ your children learn in physics is Quantum Physics, which is roughly a hundred years old. Even then, they aren’t reading Einstein’s original paper on the Photoelectric effect, they’re reading a textbook that sufficiently distils and simplifies it for their consumption.

In fact, a vast majority of what children learn in Form 4 physics is derived from Principia, which is a collection of 3 books by Sir Isaac Newton who wrote them in Latin. The famous rhyme that “Every action has an equal and opposite reaction” may sound nice in English, but doesn’t exist in the original text, simply because it wasn’t written in English. Going further back in history, the algebra you loved in high school derives its name from a notoriously hard to pronounce book titled “kitāb al-mukhtaṣar fī ḥisāb al-ğabr wa’l-muqābala” , the highlighted al-gabr means the reunion of broken parts, and forms the origin of the word Algebra. The book itself was written by al-khwarizmi (who is the most important mathematician you never heard of), and whose name is where we get the word Algorithm from, obviously he didn’t write his works in English.

Of course, I use these ancient examples a bit unfairly, but the fact is that your children are learning ancient science in schools. It’s not irrelevant, it’s that you have to build the foundation of scientific literacy from these ancient roots before you can tackle modern day science of the Higgs-Boson. You can’t fly before you learn how to walk.

The point is, that if these ancient text were translated into English at some point, why can’t we do the same to Bahasa, or Mandarin, or Tamil..or whatever language you want to. Isn’t it easier to translate and contextualize these century old ideas into a language the next generation is comfortable with, rather than hope they suddenly develop a love and understanding of a foreign language like English?

When you say Lingua-franca of science, in the context of what children actually learn in primary and secondary school–it isn’t English.

The PM's year end cyber-security message

Fri, 04 Dec 2015 08:00:46 +0000

From: jibby@Malaysia.gov Sent: 23 Dec 2015 To: orangbawah@Malaysia.gov Subject: Cybersecurity Year end message.

This message is intended for all Malaysian Government servants only, do not forward without prior approval

Greetings and Salam 1Malaysia.

I want to use this year-end as an opportunity to discuss the important topic of Cybersecurity. This year was interesting for me personally, and for all Malaysians, and we need to be aware of cybersecurity issues in order to avoid situations where some people go bat crazy over a missing pendrive, or we’re struggling to interrogate a sysadmin in Thailand.

But let’s start with a Government Linked Company, Malaysian Airlines (MAS).

In February, MAS had their website hacked by a group calling themselves Lizard Squad, which appeared at the time to be affiliated with ISIS. However, I confirmed with my pal Badghdadi that Lizard squad are in no way related to our good friends at the Caliphate, and we should continue striving to be as brave as them.

Delving deeper into the hack, revealed it to be a domain registrar hijack, and was not a result of inadequate security from MAS. Essentially MAS registered their website with a registrar, and it was that registrar which was hacked, not MAS themselves. Let that be a lesson for us all, sometimes the responsibility of security rest not just with us, but with our IT vendors as well.

Another good example of IT vendors completely messing up is Miliserv.

Hackers and terrorist

Mon, 23 Nov 2015 20:29:09 +0000

[caption id=“attachment_5307” align=“aligncenter” width=“550”]

Pic from TheMalaysianInsider, Tip to newsmen: Next time blur out the photos and names on the ID tags as well.[/caption]

There is no greater danger of tech illiteracy, than the way we treat hackers. A society that doesn’t understand technology will view those who can manipulate it as wizards and sorcerers.

Technology sufficiently advanced is indistinguishable from magic, and to most people that bar of being ‘sufficiently advanced’ isn’t set very high.

The magic analogy is apt, even in fiction, wizards are treated either with awe, ala Harry Potter and the muggles, or disdain ala the Salem witch trials, where ignorance bred fear, which in turn led to persecution.

Regular readers of this blog will know Kevin Mitnick, the grand-daddy of hackers, who was once rumored to be able to launch a nuclear missile by whistling into a phone. Not only was the rumor patently false, it nudged Judges in American courts to deny him a bail hearing, something guaranteed to Mitnick by the countries Federal Constitution. Prosecutors quickly learnt that if you throw around words like Hacker and Nuclear, Judges will willingly jettison constitutional protections quicker than Han Solo can dump cargo to make the jump to light speed.

In the absence of a nuclear threat, law enforcement agencies have begun using terrorism, and found it equally effective in demonizing hackers and anyone else who could do seemingly magical things with bit and bytes on a computer screen.

Chip And Pin : An intro for Malaysians

Thu, 29 Oct 2015 11:59:54 +0000

In 2016, Chip and Pin will gradually be introduced in Malaysia, that means your Credit Cards now will prompt you for a PIN instead of signature during purchases. This will be a bit of a hassle, but it will be worth it, here’s what you need to know about it and credit card transactions in general.

The 5 people you meet in card transaction

First off, a short primer on credit card transactions. In any business transaction, there are at least 2 actors involved, a buyer and a seller. In industry lingo we call them Merchants and Cardholders. These are important terms to remember, as we’ll use them extensively .

But a card transaction is far more complicated and involves at least 3 more actors, some of which you may not even be aware off. First, we have the party that issued the cardholder their card, the ‘Issuer’. If you have a credit card, chances are that credit card is tied to an line of credit issued by a bank, whether it’s HSBC, or Maybank, these are issuers, who have a relationship with the card holder.

Then we have the ‘Acquirer’. This is the financial institution that provides the merchant the ability to accept card transactions. Sometime this is as simple as just placing a card terminal on the merchant premise. The acquirer has a relationship with the merchant, and that’s why when you look at credit card receipts, they usually have a banks logo on them–that’s the acquirers logo.

Both the issuer and acquirer are usually banks, because credit cards deal with debt, and only registered financial institutions are authorized by law to perform such transactions (think of interest rates, and loan functions..etc)

So far, we have the Issuer that issues the card to the cardholder, and the Acquirer that provided the infrastructure to the merchant, but how do we tie all of them together. Here the final actor provides a network that connects all acquirers to all issuers, they’re called Card Schemes. You know them by their names, VISA, Mastercard, Diners, JCB, Discover..etc. The schemes provide the ability to connect acquirers and issuers, so when you go a merchant, you only ask them if they accept Master or Visa, and not worry about the specific acquiring bank. Similarly the merchant places a “Mastercard accepted” logo on their premise, because if they can accept one Mastercard, they can accept them all.

These 5 actors, the Cardholder, the Merchant, the Acquirer, the Issuer and the Scheme work seamlessly together to allow you to purchase goods and services using only a single piece of plastic we call a card.

But what is a card?

Internet connections speeds in Malaysia

Fri, 02 Oct 2015 12:46:47 +0000

Not to beat a dead horse now, (you can read my previous articles here and here)but I’ll say it one last time, internet speeds aren’t exactly what we should be debating over these days. We should focus on internet penetration rates, and broadband penetration, and define these correctly.

The MCMC defines broadband as anything over dial-up. Which is stupid, because a 128kbps ISDN would be considered broadband, but certainly it wouldn’t feel like broadband to any user. It would crawl.

But at the same time, you can’t set the number too high to something like 100Mbps because what would you be able to consume at that speed which you wouldn’t at 5Mbps, in other words why would you need 100Mbps instead of 5Mbps, and what you actually mean by the term broadband?

So the question becomes, how fast is fast enough? What bandwidth is sufficient for the average Malaysian to enjoy the internet at the same level as anybody else. A lot of people buy a car without caring about the cars top speed, because very few people actually push the car to it’s top speed. Why isn’t it the same for internet bandwidth?

How corporations lie to the technologically challenged

Mon, 28 Sep 2015 11:50:39 +0000

Two weeks ago, Lowyat.net published a ‘challenge’ to their readers, one that would supposedly pay a cool RM100,000 to the winner.All you had to do was decrypt an AES-256 encoded blob of code (more accurately referred to as ciphertext).

As expected, no one won.

Because breaking that ‘military-grade’ encryption is beyond the capability of most normal human beings, and certainly not worth a paltry RM100,000 that was being offered. It’s the equivalent of offering 50 cents for someone to build a rocket capable of going to the moon. In fact, Rm100,000 is exactly the cash prize celcom offered for it’s cupcake challenge, because baking cup-cakes and breaking ‘military-grade’ encryption are the same thing.

Once the challenge has expired, Celcom conveniently launched their new zipit chat application, which surprisingly used AES-256 encryption as well, and more importantly they released some statistics of a ‘hackerthon’ they conducted in which 18 Million people viewed the challenge, and 17,000 registered to participate but none succeeded.

OK, so while there was no official announcement from Celcom to tie the original lowyat challenge to their new zipit app, it was quite plain for all to see.

So let’s go into why this upsets me.

Change WiFi password on Maxis home fiber router

Sat, 05 Sep 2015 15:33:16 +0000

Got Maxis Fiber to your home, but want to change your WiFi passwords, then here’s how you do it.

First you need to logon to your router. You can do so by opening your Web-Browser and type http://192.168.1.254 (where you’d normally type google.com), or just click here.

You should either see a picture like the above, then you’d need to enter the username and password, or if you haven’t setup a router password, then you’d see this:

Why we fear 'hackers': Dangers of Technical Illiteracy

Sun, 23 Aug 2015 20:00:56 +0000

Are you afraid of Hackers? Do you lie restless at night thinking of what might happen if they got into your bank account, facebook profile, or e-mail. Perhaps you’re also worried about that they might hack into a forum you visit, or that they might get into your personal messages on whatsapp.

It’s true that hackers are able to do all of these things, but the public perception of hackers really isn’t quite justified, and this false perception can lead to terrible outcomes.

Take last weeks post about the hacktivist group Anonymous. In it I expanded on the public fear of anonymous and how that didn’t correspond to the actual damage that the group causes. Sometimes all Anonymous does is a DDOS on a public website, that still takes some skill, but far removed from actually infiltrating a server. Yet, most people wouldn’t be able to differentiate a DDOS attack of a website to a compromise of an actual server, and this inability leads then to disproportionately fear hackers, worse still it leads them to lump all security related incidences into a single bucket called “hacked by hackers”.

But Why?

Why are people so afraid of hackers? And why is there a huge discrepancy between what some of these hackers are actually doing and the fear that the average citizen has of them.

I have one theory–ignorance, or more specially tech-illiteracy.

Our Communication Minister must be mistaken

Tue, 18 Aug 2015 23:17:23 +0000

Our newly appointed Communication Minister has come out all guns blazing in directing the The Malaysian Communications and Multimedia Commission (MCMC) to ask social media giants such as Facebook, Google and Twitter soon to block “false information and rumours” on their platforms.

That in itself is quite frustrating, but what really got me scratching my head was his claim that “that social media providers acted on 78 per cent of MCMC’s request for removal of content last year, with Facebook taking action on around 81 per cent of its request.”

Understanding Anonymous from a Malaysian context

Sat, 15 Aug 2015 15:33:35 +0000

The latest buzz in Malaysian cyberspace is the ’threat’ from Anonymous Malaysia to launch ‘internet warfare’ on the Malaysian government, singling out our poor ol’ Prime Minister, demanding that he step down or face the consequences of Anonymous actions.

The threat of internet warfare even came with a date, 29th to 30th August at 2.30pm, coinciding with Bersih 4.0. You know you’re dealing with a bad-ass when they tell you when the attack is coming, sort of like Muhammad Ali telling his opponents which round he would knock them out in. (down in the 5th)

TM blocking SarawakReport

Sun, 19 Jul 2015 21:58:36 +0000

Sarawakreport, a website covering sensitive political topics in Malaysia was blocked today by the countries most prominent ISP, Telekom Malaysia (TM).

Internet users using TM’s Domain Name Server (DNS) reported that the website was inaccessible, and I’ve confirmed that is an intentional block by TM.

Here’s a quick primer on DNS. The internet works on this marvelous set a rules we’ve come to call the Internet Protocol. Part of this protocol requires that every server or machine on a network be assigned a unique number to identify itself, this number is called an IP address. An IP address is sort of the phone number of a server, and if you want to communicate with a server you’d need to know that servers phone number.

Hacking Team got Hacked, and here's what Malaysia Bought

Thu, 16 Jul 2015 10:04:35 +0000

[caption id=“attachment_5085” align=“aligncenter” width=“550”]

A screenshot of the RCS Software from Hacking Team[/caption]

There are two types of governments in the world, Those that build complex surveillance software to spy on their citizens, and those that buy them–and our government is more the buying type.

Few nation-states have the budgets to build out complex surveillance software, but some are finding that ‘off the shelf’ software sold by dodgy companies are just as effective at a fraction of the price. The problem with buying of course, is that sometimes those dodgy companies that are manufacturing these spying software also sell their wares to repressive regimes like Sudan, and being on the same customer list with Sudan doesn’t quite bode well for any ‘moderate’ government.

Take Gamma Corp for example, the organization responsible for the FinSpy and Finfisher suite used by the Malaysian government in the run-up to the 2013 General elections. Another is Hacking team, an Italian based company that produces similar remote control software (RCS).

And in a bit of internet karma–both of these companies were hacked themselves…possibly by the same person.

In August 2014, Gamma was hacked and had 40GB of data forcefully exfiltrated from their servers. My analysis of that leak, revealed no information about Malaysian purchases of their FinSpy software simply because a large chunk of that data was encrypted.

Recently however, Hacking Team had a much more severe attack, one that managed to extract 10 times more data, and here I found ample evidence of Malaysian government agencies procuring spyware from Hacking Team presumably to be used against Malaysians.

The question of course is should you be worried, the answer is Yes, and not just for the obvious reasons. After combing though a trove of documents, I found that 3 government agencies procured the ‘flagship’ RCS software from Hacking team, and from my layman’s understanding of the law, none of them have authority to actually use it.

Worst still, some e-mails point to incompetent IT skills as well as bad Procurement practices, that actually annoyed hacking team’s salesforce. I will conclude this post with why this attack on Hacking Team has a positive outlook for regular internet users, and why our government agencies procuring this stuff isn’t exactly ALL THAT BAD.

For the FINAL time, Malaysian internet speeds are NOT slow.

Wed, 01 Jul 2015 23:09:54 +0000

First off, apologies for the lack of content on the blog. I’ve been really busy at work these past few months, and content is slow moving. For instance, the previous post was a review of a router, that I tested for 4 weeks, and returned to the supplier more than a week ago–and the post only went up yesterday. To that end, my decision is to churn out my thoughts just ‘straight from the gut’ and not give this posts the usual research I typically do. Hope my regular readers will forgive the tardiness.

The day the internet stood still--AGAIN!

Wed, 17 Jun 2015 13:02:04 +0000

There was a time when the internet was young, just a little fledgling network, an academic toy used only by computer scientist to try out theoretical concepts. Contrary to popular belief the internet wasn’t created to withstand a nuclear war(although it can), instead it was created to address a very serious engineering question–how to connect together different computers with different operating systems and different commands? The answer to that question stumped many brilliant people, in the late 60’s and early 70’s, computers were Gods of their domain, stand-alone machines with ‘slaves’ like disk-drives and monitors, if you hooked up a computer to another computer, they wouldn’t know what to do–there’s a chinese saying about one mountain can only have one dragon, computers in those days were exactly like that.

The technological effects of SOSMA and POTA

Thu, 21 May 2015 22:52:32 +0000

The new Prevention of Terrorism Act (POTA) in Malaysia should not be considered in isolation but rather in the context of the 6 other anti-terrorism Bills that were concurrently proposed. All of these new laws, will almost certainly come into effect, thanks to the whip system employed by the ruling party. Yet the laws violate fundamental human rights, such as a right to fair trial and right to personal privacy.

I’m particularly worried about the amendments to the Security Offenses Special Measures Act (SOSMA), an amendment that has slipped under the radar simply because its been out-done by harsher changes to the sedition act, and the new POTA.

The original SOSMA had granted Law Enforcement powers to intercept and store any kind of communication, including digital communications, without any judicial oversight. Police Officers ‘not below the rank of SuperIntendants’ could wiretap any communications if the ‘felt’ there was need to do so, without obtaining any warrant. Section 24 of the act further stipulated, that law enforcement did not have to reveal how they obtained such information and could not be compelled to do so under the law, which acts as blank cheque to the police and other investigative bodies to utilize any and all manner of surveillance and intelligence gathering, regardless of their legality of their methods, since no oversight can be carried out on their methods.

The amendment to SOSMA, further enhances existing powers to allow for any evidence “howsoever obtained, whether before of after a person has been charged” to be admissible in a court of law. Which isn’t a big jump from where we were, but making this statement explicit in the act, leads me to only one conclusion.

Our legislators have granted such a broad powers to the Police and the executive branch of government, that they now can intercept, and store communications of millions of Malaysians, hence the next logical step would be state-wide bulk surveillance. In light of what the NSA and GCHQ have already done, SOSMA would make it perfectly legal for Malaysian authorities to execute identical surveillance programs locally and have all the evidence generated under such program be admissible in a court of law without ever revealing how the evidence was obtained.

Think about it, on the one hand, the Government amends Sosma to allow it to collect just about anything as evidence without any Judicial oversight that might ‘slow down the process’, and on the other hand it needs POTA to detain ’terrorist’ without a trial because its hard to come by evidence. It doesn’t make any sense, what’s the point of creating POTA if you’ve already removed all the barriers to collecting evidence, and what’s the point of SOSMA if you already have the powers to detain someone without any evidence.

It would seem to me, that by allowing Government surveillance of any kind, and by allowing detention without trial, we’re creeping into a world where the Government can intercept all your communications to learn about what you’re thinking and doing–and then detain you without any justification. That’s a world even Stalin would envy.

I know I’m a tin-foil hat wearing conspiracy nut, and I know I’m on an extreme edge when it comes to political and social views—not many Malaysians agree with me on many things. Still…I think that if you look at the acts in totality, place it in context of the current trends of Government surveillance across the world, and consider that our government has a track record of deploying spyware in Malaysia, seems perfectly reasonably to me, to conclude that our government wants to run a state-sponsored bulk-surveillance operations in Malaysia.

The one reason you should oppose the TPP

Thu, 07 May 2015 18:25:08 +0000

Today I attended an Institute for Democracy and Economic Affairs (IDEAS) event about the TPP. Among the panel members, included Michael Froman, the US trade representative and chief advisor to President Obama on issues of International Trade and Investment. (big shot!!)

For those you don’t know, the Trans-Pacific Partnership(TPP) agreement is a trade deal between 12 countries including Malaysia and America whose main objective is to balance out the power and influence China has over the region. But the TPP has been opposed by many NGOs and special interest groups, for good reason–it’s secret. The TPP has garnered such a bad reputation, it’s sort of like the Justin Bieber of trade agreements, everyone knows about it, but nobody likes it.

The event went on for a good 40 minutes, before your friendly neighbourhood tech blogger got a hold of the mic to ask about the secrecy of the trade agreement.Prior to that everyone was talking about Bumi Policies,Price of Medicine and impacts to SMEs. I really didn’t understand why no one spoke about the tremendous secrecy surrounding the talks and how the secrecy itself is fundamentally undemocratic and bad enough for Malaysians to reject the agreement.

This secrecy is the one reason every Malaysian should oppose the TPP. Everything else is moot, because we can’t confirm the documents we’ve seen until it’s made publicly available to the citizens of the countries negotiating the deal. Would you sign a housing loan agreement without the ability to first read the contract? Yet, here with the TPP we have a legally binding 29-chapter multi-lateral agreement that very few people have seen, but will impact all Malaysians once signed. How do we know the prices of medicines are going up? Oh that’s right, we read it from Wikileaks …. must definitely be true then. Sorry let’s move on.

Should an IP address be used to Identify someone?

Wed, 29 Apr 2015 11:00:29 +0000

Recently a court in Malaysia ruled that the newly amended evidence act could presume an IP address would uniquely identify a user of a network, and in the case of an Internet IP address, enough to tie an IP to the individual subscriber. In other words if the authorities ever found out that ‘your’ IP address was behind a post, then you’d have to prove it wasn’t you rather than they having to prove it was.

In Tong Seak Kan & Anor v Loke Ah Kin & Anor [2014] 6 CLJ 904, the Plaintiffs initiated an action for cyberspace defamation against the 1st Defendant. In tracing the perpetrator, who had posted defamatory statements on two Google Blogspot websites, the Plaintiffs filed an action called a John Doe action in the Superior Court of California. In compliance with the court order, Google traced the blogs to two IP (Internet Protocol) addresses which were revealed by Telekom Malaysia Bhd to be IP addresses belonging to the 1st Defendant’s account.
Bread & Kaya: Malaysian cyberlaw cases in 2014

Upon further reading of the post on DigitalNewsAsia, my non-lawyer mind got the feeling it didn't end well for Loke Ah Kin & Anor as the court decided they were guily of defamation based on a flimsy piece of evidence like the IP address of the user who posted blogspot.

I’m uncomfortable that a court of law could find someone guilty based on something as trivial as an IP address, when other courts around the world have ruled that IP addresses are insufficient for this purpose.

FireEye: Group spied on Malaysia for 10 years

Mon, 13 Apr 2015 16:11:22 +0000

The team over at the FireEye threat intelligence published a special report(pdf) detailing an long running (and still on-going) cyber-espionage operation that has targeted multiple entities in ASEAN countries, including Malaysia. The program was reported to be running for more than a decade, and the sustained period coupled with the list of targets the program had, led FireEye to believe it to be a state-sponsored activity, as no other other type of organization would be able to afford such a professionally run program, operated for such a long period of time with no discernible source of income.

The group were nicknamed APT30, an abbreviation for Advanced Persistent Threat number 30 (I'm guessing the 30 part, because FireEye have other APTs on their github page). APT is a cyber-security term coined to identify an attacker that has both the capability and persistence to target specific entities up until they eventually break, and then continue to suck information from their victims for a significant amount of time. Basically there are script kiddies, hackers and then the 'Advanced Persistent Threats', APTs are a class above the rest.

APT30 operated a suite of tools including back-doors, and command and control software that were given catchy names like Backspace, NetEagle, Flashflood and ShipShape. The tools demonstrated a fair amount of sophistication in the way the functioned, but what really impressed the FireEye team was the level of professionalism that the coders exhibited, the malware had a well defined version control system, automated tools to manage many of the operational task and even the functionality that allowed for the system to be operated 24/7 by a team working on shifts, with one window requesting the operator to enter their 'attendant code'. I wouldn't be surprised if the system even calculated yearly increments, and provided KPI reports in the background.

MDeC Private Meeting with ODI

Sun, 05 Apr 2015 20:00:17 +0000

Earlier this week I attended a MDeC organized private meeting with Richard Stirling from the Open Data Institute (ODI).The ODI is an institution that hopes to promote the ‘open data’ culture, and founded by a giant of the Tech world, Sir Tim Berners-Lee, which you might remember for inventing a small little thing we call the world wide web.

The meeting was attended by just a handful of folks, some of whom I recognized from a previous Seatti conference I attended, with the audience and topic focus on Open Data (and Big Data) in Malaysia.

The conversation was really good, and broadly speaking touched on 3 key topics. Most of this post is a re-hash from my failing and aged memory, but there's a clearer version of the minutes here from the amazing people of Sinar Malaysia if you're interested in the specifics.

All Air Pollutant Index (API) readings in Malaysia for 2014

Sun, 08 Feb 2015 00:24:16 +0000

I've stopped scrapping the API readings for Malaysia, as the MET department have stopped publishing historical readings on their website.
The data has been updated to include all API readings up to 01-Sept-2015, and then from 28-Sep-2015 to 03-Oct-2015. The ‘gap’ in the dataset is because the MET department changed their webpage and removed the legacy data before I could get my hands on them. I’ve written to them for it, hopefully we get a useful response. For now though, there’s 24 months of data from Aug-2013 to Oct-2015 in the dataset. enjoy!

To get all the readings by region in a single delimited file, click this link, I apologize for the messiness of the data and the files, I should tidy them up by the end of the month. Contact me directly for anything specific.

Keith

Once again, your friendly neighbourhood techie has used this powers for the good of the country.

Last September, I scrapped all the procurement data from the Malaysian’s Government MyProcurement website, this time I scrapped all the Air Pollutant Index (API) readings from the Department of Environment (DOE) website.

First off, Kudos to the DOE for keeping such great tabs on the data–overall the DOE publishes one API reading for every hour or every day across 52 locations in Malaysians. Just to put the sheer volume of data into perspective, for just one year that’s:

52 locations x 1 reading/hour x 24 hours/day x 365 days/year = 455,520 readings.

What happened in the MAS hack. All questions answered, one question asked.

Thu, 29 Jan 2015 23:11:53 +0000

Late in January the Malaysian Airlines website was ‘supposedly’ hacked by Lizard Squad. You might remember Lizard Squad as the guys who ‘hacked’ the XBox and Play Station network over the Christmas holidays, and I’m using a lot of ‘quotes’ here because Lizard Squad didn’t really ‘hack’ XBox One or Playstation, they merely DDOS-ed the services.

What is DDOS-ed I hear you say?

A DDOS attack is one where you flood a server with so much web traffic, that the server is no longer able to serve content to legitimate customers. Imagine if you got 100 friends, and decided to create some havoc at the McDonalds near your home. You and your friends would line-up at the counter, and you'd place an order for 100 Big Macs, 25 Cokes and 1 Apple Pie... only to cancel your order after the cashier typed in it. The next friend in the que would do the same thing--over and over again. Even though there would be legitimate customers at this McDonalds trying to buy some food, chances are they'd either have to wait a very long time to get their food, or they'd give up entirely.

Essentially you’ve denied McDonalds their chance to serve their customers–or you’ve just launched a Denial of Service (DOS) attack–the extra D in DDOS, just stands for distributed.

Real-Life DDOS happen all the time–what do you think the Thai Protestors were doing to Airports in 2008?

But why is this important?

It isn't. DOS attacks are pretty common--but Lizard Squad attacked the Play Station Network,and XBOX with ulterior motives. Even though they claimed to do it in the name of 'security awareness', they only stopped their DDOS attack because Kim Dotcom offered them USD300k worth of services on his Mega website. Kim Dotcom is another controversial character, but to cover him in this article would be too large a digression--so if you want to know more about him, just Google it.

The REAL motive of the Lizard Squad DOS attack became apparent some days later when they started to offer their DDOS attack as a service to paying customers. Essentially you could go online and buy their services to attack a target–maybe a competitor company, a personal blog of someone you don’t like, or just about anything. Lizard Squad were hawking their services to anyone with cash.

Some suspected that Lizard Squad were running this large DDOS attack using nothing more than home routers–similar to the ones that UniFi provides and that I demonstrated could be hacked trivially over an internet connection.

How to determine your Unifi router MAC ID

Tue, 27 Jan 2015 08:00:00 +0000

Step 1: Logon to your router

To logon to your router, fire up your web-browser (Chrome, Firefox, Safari–even Internet Explorer will do). In the address bar where you usually type www.google.com type http://192.168.0.1 (sometimes it’s http://192.168.1.1 ) or just click the link. Once there enter the username and password of the router. If you’re uncertain try any one of the following combinations:

Maxis Forum needs an upgrade

Sun, 28 Dec 2014 16:36:33 +0000

Yesterday I Googled something about maxis that took me to a forum.maxis.com.my link. Unfortunately, Firefox wasn’t happy with Maxis, because I got the following screen:

Firefox is the first of the mainstream browsers to end support of SSLv3, ever since Poodle was published. For those of you who aren’t keeping tabs of security issues–Poodle was a big vulnerability discovered in the 2nd half of 2014, that affected the SSLv3 protocol.

Malaysian Government Hacked Environmental website?

Sat, 08 Nov 2014 15:06:36 +0000

Environment News Service, an environmental focused news website this week accused Malaysian government hackers of attacking it after it ran a story implicating Sarawak governor Tun Abdul Taib Mahmud of corruption and graft. As a result, the site was down for 2-hours, before the site manage to re-gain control.

“The attack on our site came from a Malaysian government entity as identified by their IP address,” Sunny Lewis, editor-in-chief of Environment News Service (ENS)

But what exactly is an IP address, and how did ENS identify it?

Let me explain.

ATM Hacks are so bloody boring

Wed, 01 Oct 2014 22:31:11 +0000

Last week, while I was flying from KL to London, I noticed a strange anomaly on the screen of the boarding gate at KLIA. Closer inspection revealed that it was an anti-virus warning that signaled the computer had been infected by a Virus (almost 2 days ago!!). As a techie, I quickly deduced 3 things from the screen.

One, the computer was running Windows, and probably an outdated version of Windows. Two, the computer had been infected with Conficker–Conficker was a pretty infamous threat, back in 2008!! And yet, here we are, at Malaysia’s most prestigious airport, and we have a computer infected by a virus that pre-dates the iPhone 3G. Three, the computer is probably part of a larger network, and never gets patched or updated–probably. If it were patched, it wouldn’t be infected with a ol’ grandmother of a virus.

As an added bonus–I could easily see the user of the system. That’s a delicious bit of information for any hacker to have.

Heaven forbid, the virus on the computer screen at KLIA not spread to something important–like control tower or Sky Train controls.

These days, everything is a computer. Your phone is a computer, your watch will one day be a computer, so too is your car. But when was the last time you patched and updated these systems? When was the last time you updated the firmware on your router–or even when was the last time you updated the software on your laptop? Some of you probably haven’t done this before–I’m looking at you Android JellyBean and iOS5 users.

So the display screens at the airport are computers–but so are the Automated Teller Machines (ATMs), and trust me when I say this, some of them run on windows….gasp!!

MyProcurement: All government tenders in one Excel file

Tue, 16 Sep 2014 22:54:40 +0000

I've updated this post on 31-Mar-2015, to incorporate the latest changes, and to provide more up to data info on the procurement database. Left everything else in tact.

Happy birthday Malaysia!! Just how awesome is our country, that we celebrate an Independence Day AND a Malaysia Day, not to mention 2 New years day, (or 3 if you count Awal Muharram).

So on that note, I decided to use my IT skills for the good of the country.

To be honest, my IT skills have never been up to par, my day job is more managing/planning/documenting than actual execution of ‘real’ IT work. But it was good for me to dust of the ol’ programming fingers and learn Python to grab some publicly available information and make it more accessible to the less IT centric members of society.

Since I had limited time, and sub-par skills, I decided to set my sights low, and aim to extract all the data from the Malaysian MyProcurement portal, which houses all the results of government tenders (and even direct negotiations) in one single website for easy access. The issue I had with the portal though, was that it only displayed 10 records at a time–from it’s 10,000+ record archive, so there was no way to develop insights into the data from the portal directly, you had to extract it out, but the portal provider did not provide a raw data dump to do this.

So I wrote a simple Python script to extract all the data, and prettified the data in Excel offline. The result is a rather mixed one.

I was happy that I could at least see which Ministeries or Government departments gave out the most contracts, and what the values of those contracts were. All in all, the excel spreadsheet has more than 10,000 tenders with a cumulative value of RM35 billion worth of contracts going back to 2009. The data allowed me to figure out which Ministry gave out the most contracts, the contracts with the highest and lowest value (including one for Rm0.00, and one for just Rm96.00). All in all it was quite informative.

Is Malaysia's Broadband slow--no it isn't.

Sun, 14 Sep 2014 23:31:20 +0000

Recently KiniBiz did a piece on Malaysian broadband speeds, and once again the hoopla about how Malaysian broadband speeds are slow arose. Kinibiz quoted an article from Asean DNA which stated that the average broadband speed in Malaysia was just 5.5 Mbps, while Thailand, Vietnam and Singapore had speeds that were double that (or more!)

The report however was inaccurate, and I think there’s a need to address the hoopla, because this happens often. There was a report couple months back that said Cambodia had faster speeds than Malaysia, and I wrote a post addressing that. This time I think, we have to really go into the data and find out what exactly is going on.

So let’s start at the source of this data.

The data was built from billions of download test conducted by users throughout the world on speedtest.net (a website that allows users to test the speed of their internet connection). This dataset is HUGE!, one of the biggest I’ve seen and definitely the biggest I’ve had the pleasure to play around with. Just one file in the set had more than 33 Million rows and weighed in at more than 3.5GB.It took me some time and lots of googling just to figure out how to deal with a csv file this large. Fortunately, there’s LogParser, but we’ll skip that tutorial for now and focus on the juicy details of data.

The number reported by Asean DNA is wrong. The average internet speed in Malaysia isn’t 5.5Mbps, it’s more like 7.5Mbps.

5.5 Mbps was obtained by averaging the speed across the regions of Malaysia (Kl, Alor Setar, Klang..etc) rather than by averaging the speed across all the test conducted by Malaysian users. In short, Asean DNA placed equal emphasis on Kuala Terengganu and Kuala Lumpur, although Kuala Lumpur had 50 times more test conducted. It would be like calculating GDP per state, rather than GDP per capita. The real per capita download speed in Malaysia is 7.5Mbps, rather than 5.5Mbps (if you limit yourself to just data from 2014).

Here’s the breakdown. You can download the file from netindex.com or just use an extract I created with just the Malaysian data–it took some time to do this so leave a Thank you in the comments if you downloaded the data.

3 Ways to watch Netflix from Malaysia

Fri, 20 Jun 2014 09:00:57 +0000

Netflix is awesome. I watch it everyday, and while the selection is dated–it’s still pretty good.

If you needed proof for just how good it is–32% of all internet traffic in the US, belongs to Netflix. There’s two problems though. First, it isn’t free, and cost about Rm30 month. Not really and issue since Rm30 on Netflix gets you a lot more content than the RM100+ you spend on Astro.

The second problem is that it’s not available in Malaysia. So even if you were willing to pay the cash, you couldn’t get Netflix streamed to your home–until now that is. So here’s 3 ways to stream Netflix, BBC iPlayer and even DramaFever (for the k-drama fans out there) to your home in Malaysia.

My Issue with WPWebHost: Bad Support

Thu, 22 May 2014 08:00:52 +0000

Last weekend I had an issue with my hosting provider, WPWebHost.

I switched to WPWebHost 2 years ago, and recommended them because they promised wordpress hosting at an affordable rate. Wordpress hosting is where the hosting provider would support wordpress specific features, e.g. help troubleshoot plugin and theme issues, perform nightly backups, and offer ‘higher availability’ for Wordpress sites. If you’re still wondering what Wordpress is, take a look at one of my previous post.

My latest experience with WPWebHost has left me wondering if indeed this was actually Wordpress hosting or just regular hosting in disguise. I’m now wondering if I should stay with them.

Was my server really getting the 99% uptime promised by WPWebHost? Nope. Did I get the Wordpress Specific support that help identify theme and plugin issues? Nope. Does WPWebhost cost more than regular hosting from other providers like GoDaddy, Dreamhost and my previous provider NearlyFreeSpeech? Yup. So why I am still with them? Read more to find out.

Below is the full un-redacted transcript of my email correspondence with WPWebhost–I’ve left out the customer service agents name because I believe they have a right to privacy. However, nearly every time I sent an email, a different rep would respond making the whole conversation very messy and difficult to keep track off. Some emails were left out to simplify the flow.

How many samples are enough to build the Kidex highway?

Sun, 18 May 2014 22:04:10 +0000

There’s a highway they want to build from Damansara to Puchong–called Kidex, and just like any other highway before, people are understandably worried about the construction. This excerpt from the KL-Chronicle details the causes of anxiety:

[box icon=“chat”]Kidex will be constructed over heavily built-up residential areas in Petaling Jaya and will pass very close to schools, houses and places of worship. It will pass just 5m away from two schools – Bukit Bintang Boys Secondary School and Sri Petaling Primary School. Its distance from the Tun Abdul Aziz Mosque in Section 14 is listed as 7m and from St Paul’s Church as 18m. Houses in parts of Sections 2, 4, 7 and 8 will be just 10m from the highway

And so, when Kidex had their townhall last week, a group of protesters showed up to voice their displeasure–as should be allowed in a democratic society. Kidex claimed they had conducted a survey that proved that the majority of the people wanted the highway, this was hotly contested by the Say No to Kidex committee, who contended that the survey wasn’t ‘authentic’.

The video below (from Malaysiakini) has a great interview with the secretary of the Say No to Kidex committee outlining their points of contention on the survey by Kidex. (starts at 1:10)

Here's the seven points raised by the Say No to Kidex committee.

1. The initial Kidex survey of 300 respondents--of which 73.4% were agreeable to the building of the highway. 2. The Say No to Kidex committee did their own survey on 20 different locations, including the Mosque, Schools, and the resident associations of the areas affected by the highway. 3. Say No to Kidex can't comment on how many people they've engaged but can confirm it was more than 300. 4.Hence the public perception of the initial Kidex survey is negative. 5.The list of the initial 300 respondents has not been shared--as it was confidential. 6.The survey was conducted by a Ph.D in statistics, but this survey itself was funded by Kidex. 7.The next survey as planned by Kidex would have 2000 respondents.

Now let's take this apart one by one, because there is some maths here is quite foreign to most--this is the world of probability and statistics.

Local broadband speeds slower than Cambodia: Why it doesn't matter

Mon, 12 May 2014 23:02:53 +0000

I drive a Prius--it's a magnificent car, and if you think otherwise just ask me about the mileage.

But when I tell people I drive a Prius, I get a sneer and look that suggest I must be a bumbling idiot, you know the one where their face wrinkles up near the nose. People ask the usual mileage questions (5Liters/100km if you’re curious), and make some oft-remark about the design–but then they end with the question that’s really a statement–isn’t it slow?

The Prius can easily top 110km/hour and still get better mileage than the much smaller Ford Fiesta. There isn’t a single highway in this country where you can legally do more than 110km/hours and hence any car that can do 110km/hour can’t be slow.

So why is it, that people make such a fuss that an Ookla study concluded that our average broadband speed is slower than Cambodia–when the average of 5.48Mbits/second is still fast enough for every online service imaginable.

I’m a tech geek, and I’m happy with my 5Mbps connection from Unifi.

At 5Mbps, I can download content faster than I can watch it–anything faster is excessive.I can watch Netflix in HD (maybe not 1080p, but good enough), I can watch youtube without lags and I can listen to any podcast, radio channel or spotify without a hitch.

And I wouldn’t enjoy these services more even if I had a 10Mbps or 100Mbps connection. Trust me 5Mbps is fine.

So what’s the big deal with the connection speeds, that our friends over at the MCMC had to release an official statement. There are some issues with broadband in Malaysia, but speed isn’t one of them. Here are the top 4 things we can do to improve broadband in Malaysia which doesn’t include speed.

Trust the science: Why mining pool water is safe to drink

Sat, 10 May 2014 16:49:24 +0000

Do a quick experiment:

Fill a glass half-full with water
Drop a couple of ice-cubes into the glass
Measure the water level before the ice melts
Measure the water level after the ice melts

Now compare the water level before and after the ice melted, and you’ll find them to be the same. So if melting ice doesn’t increase the water level in your glass–why do melting ice-caps raise the sea-levels of the earth?

Internet Censorship is an invasion of privacy

Sun, 06 Apr 2014 16:49:24 +0000

With the on-going debacle about the Kangkung saga dying down, I thought it would be a good opportunity to write specifically about internet censorship and its implications to ordinary Malaysian citizens. As you may well know, many Malaysia Netizens reported of difficulty accessing one particular post of the BBC website that dealt with the Kangkung issues, causing many to cite that Telekom Malaysia was actually censoring the internet--but what does internet censorship actually entail for Malaysia?

Let’s first take a step back, and understand how and Internet Service Provider (ISP) like Telekom Malaysia, Maxis or Digi operate.

MH370 crashed our romanticized perception of technology

Sat, 22 Mar 2014 17:55:15 +0000

As our thoughts and prayers remain with the passengers of flight MH370, I think that as the search enters its 3rd week, it’s a good time to reflect on just how much our perception of aviation technology has changed as a result.

It’s quite important to differentiate between what REALLY happens and what we THINK happens, an in some cases the gulf is so large, that our perception of what happens borders on science-fiction. Take for example, our perception of the US Secret Service. Years of Hollywood movies have led us to believe that if anyone even thought about firing a weapon at the President, Secret Service agents would immediately throw their bodies in the line of fire, evacuate the President and then take out the bad guy. That however is mere fairy tale–no different from the Giant Robots in Transformers or the Aliens in Star Wars. If you look at History and reality, you’d find that some years back, an Iraqi Gentleman not only had the time to throw a shoe at President Bush, but enough time to TAKE OUT A SECOND SHOE and throw it again at the President–were it not for the Presidents quick reflexes, he would have ended looking like David Beckham after a night out with Ferguson.

So the gulf between what we think the Secret Service CAN do, and what it ACTUALLY does, is quite enormous.

10 Things you need to know about kangkung censorship

Fri, 17 Jan 2014 22:54:38 +0000

Internet users in Malaysia were reporting issues trying to access a specific page on the BBC UK website that was a hilarious post making fun of our ‘beloved’ Prime Ministers Kangkung remarks. Apparently the issue became so bad, that users took to social media –only to find that they were not alone. In fact, so many Malaysians were complaining that they couldn’t access the post, that the official twitter handle of the BBC News tweeted to its followers asking them if they had issues.

Are you in #Malaysia? Can you access this BBC story about #kangkung? http://t.co/sDKN4fFWyV - let us know using #BBCtrending
— BBC News (World) (@BBCWorld) January 16, 2014

Now, I for one, experienced no such disruption–but then again I use a VPN, and quite frankly, so should you!

However, there are a couple of things you need to know about internet censorship, and this debacle in particular.

What kind of Porn do Malaysians watch

Fri, 10 Jan 2014 17:39:45 +0000

Let’s be honest–Malaysians watch a lot of Porn.

On the outside, we may espouse our ‘Asian’ values and culture, but the cold-hard data suggest we’re as horny as the Japanese. In one of my past post, I showed how we have evidence of someone using the Government internet connection to download porn.

Today however, PornMD the self-proclaimed “biggest porn search engine” released statistics as to what Malaysians were searching on their site. The results aren’t that surprising, although I was quick shocked to see Tudung on there–apparently some people find it kinky.

Much ado over a tweet

Thu, 09 Jan 2014 09:28:48 +0000

In case you’ve missed it. The official twitter handle of the ETP, @etp_roadmap, recently made a serious blunder. In a tweet sent out at 1.00pm on the 6th of January, they tweeted “Former Prime Minister Najib Razak: Energy and Food Subsidies are no longer sustainable”. Now the blunder of course was the word ‘Former’ and it was only a full one hour later (or an eternity in twitter time) was the tweet deleted and an apology issued.

How to prevent your Unifi account from being hacked

Sun, 05 Jan 2014 20:22:49 +0000

OK....I made a boo boo!

Actually my method of 'hacking' the Unifi modems has a ridiculously simple work-around. Unfortunately, when I published the findings I was absolutely convinced the workaround didn't work--I was wrong :(

Details about how I was mis-lead are unimportant for now (although I will explain it later on), for now I think the simplest way to address and to make yourself more secure (though not 100% secure) is to disable remote management of the router. Don't worry here's a step-by-step guide on how to do it.

How I hacked 4 Unifi accounts in under 5 minutes

Thu, 02 Jan 2014 22:00:14 +0000

So I was wondering if I should publish this, but I guess I have to. If you’re one of the 500,000 Unifi subscribers in Malaysia, you need to know that your stock router–is completely hackable. TM has left you literally hanging by your coat-tails with a router that can be hacked as easily as pasting a link. So I was struggling to figure out if I really should have made this post, but in the end I think it’s better for you (and everyone else) to know just how easy it is to Hack Unifi accounts–not so you can hack them, but so that you can take some precautions over the situation.

But first, some caveats–everything I’m showing here is already public knowledge, the only difference is that I’ve culled and aggregated knowledge from different streams to show you just how easy an attacker can circumvent your password protection on your Unifi Dlink DIR-615 router, which is the stock router that comes with Unifi. It’s better for you to know about it than to remain oblivious to possibility that anyone from anywhere in the world, sitting in their room with their pyjamas on, can log onto to your router and start doing some rather nasty stuff.

Second caveat, is that as a result of this, some ‘kiddy-hackers’ may see this post and now be empowered with the means to attack, that’s a risk I’m willing to take to allow for everyone to know about it, so that they can do something about it. Keeping everyone in the dark about vulnerabilities of their routers is not a good thing. Security works better when everyone has access to the same information, this is how security works, and if you don’t agree–well tough luck.

With that said, here’s how you use Shodan, and a well known exploit to hack Unifi. The final exploit which doesn’t require any knowledge of the passwords starts at 4:08

Update 22-Jun: My Apologies: YouTube have removed my video because someone reported it as being inappropriate. I am appealing..I’m not sure what about the video was inappropriate, and I have made no attempt to mis-lead anyone. Stay tuned. I’ve updated the video with a Vimeo upload instead.

Hacking Unifi Dlink routers using Shodan from Keith Rozario on Vimeo.

Details of the hack:

To access the password page the appendage is /model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd
To search for Dlink Routers on Shodan the query is Mathopd/1.5p6 country:MY

I’ve alerted TM to this much earlier, in August 2013 actually, and they promised they’d fix it by the end of the year. To be honest though, I don’t blame them, your router security is your responsibility and not TMs, so I think that TM isn’t doing anything wrong by not doing anything. A user should be responsible for the security of the router, just like how you are responsible for the security of your phone–even if you did get it free from Maxis or Digi. So anyhow, in the absence of any clear action from TM, I’ve taken it upon myself to inform you of the router vulnerability, and here’s hoping you do something to fix it.

As always–stay secure.

To address the issue check out my post on how to prevent this on your Unifi router, click on my post here.

Why it failed: Malaysian Emergency Response Services 999 Project (MERS 999)

Tue, 31 Dec 2013 15:09:26 +0000

As we approach the end of the year, and I have some free time to blog again, I thought I’d re-visit the Auditor Generals report for 2012, and focus specifically on that one project everyone is talking about, the MERS 999 project.

This wonderful project, that cost Malaysian citizens upwards of RM800 Million, was a monumental failure on behalf of the government and for all contractors and sub-contractors involved, however to be fair the blame probably lies squarely on the shoulders of those over-seeing the procurement of the service as opposed to the IT folks–but they have to take some heat as well.

As someone with years of experience delivering IT projects, I think this is an area that I comfortably call myself an expert in, so I think I’m fluent enough in IT to take a sneak peek at this particular project to find out what exactly went wrong and what could have been fixed. Unfortunately, the results aren’t that good, but if you’d like to hear a self-proclaimed expert dissect this, then please continue reading.

3 issues with the Malaysian education system

Sat, 14 Dec 2013 10:52:12 +0000

Every other year, we receive fresh results from PISA or TIMSS, and every other year we see our children continue their slide to near insignificance on the global scale. I can’t phantom how the Education Ministry can remain so obtuse about such a catastrophe, and instead put on a façade of confidence, when there isn’t an iota of data to be confident about.

The education policies of this country and flawed in near every sense, and what we have are politicians continually failing and children–the same politicians who get re-elected year after year.

Satu sekolah untuk semua is destructive

Consider for a moment, that Malaysia is a diverse country, one of many races, religions and creeds--yet, there's an entire sub-section of bloggers who think that having just one school system is valid for this country. I'm looking at the people behind satu sekolah untuk semua initative, an initiative that is well-intentioned (maybe) but definitely not in the best intention of our children.

Children need individualized learning, and if for what ever reason some of them prefer to learn Science and Maths in English or Malay, or Mandarin, Tamil or whatever language or dialect–then they should be encouraged to learn it in their preferred language. The parents who claim the need to learn science in the ’lingua franca’ of science are both mis-guided and mis-informed, the lingua franca of science isn’t English–it’s MATHS. Maths is the language of science, and everything else is superfluous–there are countless thousands of Malaysian children who will struggle to learn science and maths in English–why don’t we strive to make it easier for them, by teaching English in English classrooms, and science in science classrooms–in the language of their choice.

Are you embarrassed to be Malaysian?

Wed, 11 Dec 2013 21:38:17 +0000

Am I embarrassed to be Malaysian?

Nope, I can never be embarrassed to be Malaysian, this is my home country. I’m not just from Malaysia–I’m from Klang.

I can however, be embarrassed about my government and the policies it seeks to implement. Like how our idea of a space program, is buying a seat on a Russian mission to the ISS, and then having the audacity to call the Orthopedic surgeon we sent to space–an Astronaut. Space tourist more like it.

Unifi D-Link Routers are now officially completely hacked

Sat, 07 Dec 2013 09:56:17 +0000

I’m a big fan of the D-Link DIR 615 router, I think Telekom Malaysia made a pretty good choice selecting it as the default router for Unifi accounts. To be fair, TM have made some bad choices as well, but we won’t go into that here, overall the router isn’t top notch, but it gets the job done.

Unfortunately, D-Link as a company has come under the spotlight for some rather funky security practices. First, there was a rather questionable backdoor that D-Link installed on a couple of older versions of their routers, the router basically granted anyone access to D-Link routers by just changing the user agent string of their browser–worse still the back door carried the name of the author….it was Joel.

Open letter to Tun Dr. M on internet censorship

Mon, 18 Nov 2013 12:49:12 +0000

Dear Tun,

First and foremost, let me start by telling you that I truly admire and respect your contribution to Malaysia. I remember shaking your hand when you attended my Convocation quite some many years ago. It was quite odd to see that while you were present, you didn’t give a speech, simply because you attended the function not as former Prime Minister of Malaysia, but rather as the spouse of the Chancellor–your wife Tun Dr. Siti Hasmah.

So it saddens me deeply, that at another convocation–this time where you were giving a speech, you suggested that it is time to censor the internet to counter “distribution of pornography, questionable news and slanders”.

If I may be so bold Tun–censoring the internet is the single most destructive thing that can happen to modern day Malaysia, and something that must be opposed at every turn, even if it involves publicly correcting a senior leader such as yourself. As a citizen of Malaysia, I find it not just my right, but my duty to inform the Emperor when he has no clothes on.

Packet One ForHome Quota promotion vs. Unifi

Tue, 24 Sep 2013 08:00:30 +0000

Petaling Jaya, (September 19, 2013) - To celebrate its 5^th Anniversary, Packet One Networks (Malaysia) Sdn Bhd (P1) invites all Malaysians to keep playing without limits by launching a special unlimited quota promotion for two of its award-winning wireless home broadband plans.
The ForHome^TM 99 and 149 offers a speed up to 1Mbps and 2Mbps with unlimited quota for the affordable prices of just RM99 and RM149 respectively for a limited time only.

Best VPN for Malaysians : Privateinternetaccess

Mon, 02 Sep 2013 08:00:38 +0000

As you’ve probably gauged from my recent bout of paranoia, I’m a bit of a security-freak. My PC at home, not only runs an original version of Windows (something rare in Malaysia), but also multiple anti-virus and anti-malware suites, not to mention using EMET for even more security and a software firewall to boot.

So it sort of makes sense, that after taking all those pre-cautions I would also use a Virtual Private Network or VPN.

Now security isn’t the only reason to use a VPN, they also come in handy for accessing location based services like Netflix and Hulu. All in all they’re at least 4 good reasons to subscribe to a Virtual Private Network.

Reason 1: A VPN encrypts and secures all your outbound connections. This makes it difficult for anyone trying to ‘sniff’ your connection to see which websites you’re visiting. If you’re looking for a VPN provider to secure your connection, then look for one that implements OpenVPN, that provides the best security for this purpose.

Reason 2: A VPN allows you to access US based services like Netflix and Hulu. Here in Malaysia these providers block access from Malaysian IPs to their services–so if you want to watch Netflix, or even subscribe to Amazon, you need a US IP. If you’re looking for a VPN provider to give you this, then make sure they have a US gateway.

Reason 3: A VPN connection allows you to access blocked/censored content. In Malaysia, the government has been known to censor the internet, every once in a while. So if the government suddenly decides to block youtube, or if you wish to access those file sharing sites local ISPs have blocked, then a VPN is a great way to circumvent censorship. Remember that in 2008, the Government blocked a pro-opposition website, Malaysia Today, so this isn’t beyond the realm of possibility. *Not to mention that innocence of Muslims is censored on Malaysian youtube.

Reason 4: A VPN connection ‘anonymizes’ your IP connection. When you use a VPN to post a comment on a website online, the website won’t be able to trace your IP address, since only the IP address of the VPN provider would be visible to them. Beware though, that a VPN will only help anonymize the IP and not the content, you can leave online bread-crumbs in a multi-tude of ways, but a VPN connection helps mitigate that–somewhat. If you wish for a truly anonymous internet (like me), then look for a VPN that doesn’t log any data of it’s users.

Reason 5: A VPN connection allows you bit-torrent without restrictions and anonymously. I’ve previously showed you how bit-torrent downloads could be traced to your IP address quite easily, but a VPN helps prevent that. Without a VPN, someone could do a quick search on your IP and determine what you’ve been downloading on bittorrent. Also VPN connections allow you to bypass certain restrictions and filters that your ISP may have in place to throttle bit-torrent downloads (note that Unifi doesn’t throttle torrent downloads). If you plan to use your VPN for this purpose make sure they don’t block torrent traffic. Just check out the advert below from the people at BTGuard.

So in short a VPN provides you extra security, extra anonymity, the ability to access location based services and the ability to bypass censored content online. So it’s really a no brainer at this point–if you want to truly get the most of your internet experience–you need a VPN.

My Lazada buying experience

Sat, 24 Aug 2013 08:00:26 +0000

About a year back, I wrote about how excited I was that Lazada was finally coming to Malaysian shores, however I never really got around to buying anything from Lazada until recently. As you know, I was in the market for a new Unifi router and after some online shopping I decided to settle for a Asus router from Lazada, not only was the price cheaper, Lazada promised free delivery and even an RM10 discount if I subscribed to the newsletter.

So I created and account, subscribed to the newsletter and purchase an Asus router from the website–thinking all I had to do was sit and wait, and the router would be at my doorstep within 3 days.

WRONG!

Payment under Review

At the end of making the purchase, Lazada sent me an email claiming my payment was 'in review'. I'm not sure what that meant, but a quick call to my credit card company confirmed that the funds were already deducted from my card. To me this was unacceptable, but thinking it could be a problem with my card, I decided to try the purchase again but with my regular credit card this time--alas the router was already out of stock.

What I suspect happened was that my payment was successful BUT Lazada ran out of stock, hence placing the order under review. The wording of the email was poor, and the whole experience left me unimpressed.

Maxis agent attacking a Unifi customer?

Thu, 22 Aug 2013 23:13:54 +0000

Just yesterday, I received a rather odd comment on my post about a Unifi downtime. It read:

[box icon=“chat”]

Those maroons and stupid who complaining customer service should work before as customer service first you bastard!!! if you in thier postion than only u know thier pain… they can give you promise u asshole but who want to fullfill it???? if u want complaint complaint to higher management . dont try your bullshit by spoke with supervsior can resolve your problem. they cannot do anything there coz they have barriers asshole. pls go work as customer service before talk regarding them

Asus N12 HP: The best Unifi replacement router?

Tue, 20 Aug 2013 18:24:45 +0000

Update: 20-July-2014

Since writing this post, my 1-year old Asus router begun experiencing issues with its WiFi. My devices couldn't connect via WiFi, although the wired-Ethernet connections were fine. I called up Asus and they confirmed that my router was still under warranty, however I tried sending it to the many service centers listed on their websites to claim my warranty, I was told I couldn't do it. The only way for me to claim the warranty was to send it back to the Asus service center in Imbi Plaza, right in the heart of KL near the collapsed road.

I can’t recommend this router because the after sales service from Asus is terrible. The router cost just Rm199, but for me to claim my warranty would require a 1-hour car ride to KL, the cost of petrol, toll and parking would easily exceed RM40/trip, and I’d have to make 2 trips (might as well buy a new router at that point)/ I emailed Asus hoping they’d at least provide some other way of claiming warranty–postage for example, but they’ve re-iterated that I’d still need to go to Imbi to claim the warranty.

Bad service–and the quality of a router that fails after just a year is suspect as well, the D-Link Dir-615 router I have still works, but this more expensive router failed after just a year?!!

Wouldn’t touch Asus routers ever again! I’ve left the initial post below for you to view, but I would recommend TP-Link routers instead.

Screenshot of the 3 Asus service centers in Klang–none of which are service centers anymore (their contracts have expired), and Asus should remove them from the website.

[caption id=“attachment_4496” align=“aligncenter” width=“550”]

None of these are service centers anymore[/caption]

Original Post below this line:

[caption id=“attachment_4003” align=“aligncenter” width=“550”]

My rather un-professional grainy picture of the Asus router. Look at how Tall it is.[/caption]

The first thing you notice about the Asus N12HP is that it’s TALL, and I mean like if Yao Ming married Kareem Abdul Jaabar and had kids it would like this router. Those long antennas really make the router look like a child who’d undergone a growth spurt in the all the wrong awkward places.

Now don’t get me wrong, the standard D-Link router that TM provides you FOC with every Unifi connection is actually a pretty good router, but if you want something with a bit more oomph! then you may have to look to Asus to provide that. Is it really worth changing your Dlink, and is the Asus N12HP really the best replacement router out there?

Well…for one thing, this router Looks Good.

Hack TM Unifi: In case you've lost your default password

Mon, 12 Aug 2013 08:00:21 +0000

There’s a lot of documentation online on how to hack your neighbours Wi-Fi, but sometimes you need to hack your own system. Usually its because you’ve change your router password and forgot it completely, leaving you in the cold desolate place we like to call “No router land”.

Don’t fear though, its actually pretty darn easy to hack your standard Dlink Dir-615 router (pictured above) that came stock with your Unifi subscription. Make no mistake, the router actually has some pretty sleek features, but Telekom Malaysia has a lackadaisical approach to security that makes hacking this router merely google searches away.

The default Unifi access credentials are:

Username : admin
Password :

Where the password field is literally left blank, (as it is).

However, if you’re locked out of your Unifi router, here’s a couple of things you could do to get your connection back:

Using Captchas on cybertroopers and botnets

Thu, 11 Jul 2013 08:00:01 +0000

Last week I wrote about the ‘rigged’ EDGE poll, that the EDGE had to eventually take down because they suspected someone was trying to bias the results. It was later revealed that a handful of IP addresses were responsible fro the bulk of the votes–presumably the fake ones. An IP address defines a unique internet connection, but not necessarily a unique device. You can try this yourself at home, and connect your PC, Laptop, Tablet and phone to your Wi-Fi router and then go online to check your IP from each–all of your devices will have the same ’external’ IP address.

The Security Offences Bill 2012 -Technology Perspective

Tue, 09 Jul 2013 08:00:17 +0000

The Security Offences (Special Measures) Act 2012 and it’s new amendment. that wonderful piece of legislation meant to repeal the archaic and ‘draconian’ ISA may turn out to be even more archaic and draconian than the ISA it was meant to replace.

While much of the legal fanfare has been focusing on the detention without trial sections of the bill, as a tech blogger, I wanted to focus on the technical aspects of it. Specifically let’s focus on how the new law would allow the government to eavesdrop onto your internet communication without the authorization of any Judge or Judicial oversight. Now while, the public prosecutor, or Attorney General in this country isn’t specifically part of the government–he (or she) is appointed by the Yang Di Pertuan Agong on the ‘advice’ of the Prime Minister.

The sections of the bill that focus on the interception of communication is both all-encompassing and far-reaching, giving far too much power to the Public Prosecutor to intercept your private conversations and web surfing habits, which is a gross invasion of privacy.

Power to intercept Communications

The act grants exceeding powers to the Public Prosecutor, including the ability to authorize any police officer to intercept your postal letters, your internet conversations, you email and even your web surfing habits. This includes a list of the website you visits, and which comments you're posting on Malaysiakini.

On top of this, the Public Prosecutor has the legal authority to compel an ISP to intercept and retain any communication you performed for an unspecified amount of time. Which could be forever.

Basically he can begin to ask Maxis or Unifi for the list of websites you visit, and your detailed online communications, access to your emails, your friend list on facebook, your tweets and even your online files. Not even your online porn stash will be free from the prying eyes of the Public Prosecutor (not that I have one though…just saying, I know a friend who does).

All this without ever having to go to a Judge for judicial oversight. More importantly, anything collected in this way is deemed admissible as evidence in court, and no one will have to explain how the evidence was obtained. For all you know they could have placed webcams in your home, but they would would never have to explain this in court.

What’s worse is that a Police Superintendent is granted similar powers when “immediate action is required leaving no moment of deliberation”.

We all understand the need for the Police and Public Prosecutors to do their job well, and they require tools to catch the bad guys. However, this grants them way too much power with regards to their ability to invade the privacy of personal citizens. I don’t want the Public Prosecutor or a curious Police Superintendent snooping on my internet conversations, and yet the new Special offences act allows them to do that–legally!

Fair Usage Policy: Data caps and Torrent filters

Tue, 25 Jun 2013 08:00:14 +0000

This article is really more a continuation from yesterdays piece about how unfair the Fair usage policies in Malaysia are. In my view telcos complaining about 15% of customers using 70% of their traffic is just ludicrous behaviour--it's the cost of doing business. This is akin to a restaurant owner offering a buffet and then complaining that 15% of his customers are fat men who eat the expensive mutton curry. Really? Do you really think that if you offer a buffet all you're going to get is skinny super models? As ironic as it sounds, the more customers any telco has, the less the average consumption of data per user becomes. That's because your grandmother down the road who uses Unifi for just Skype-ing with her grandchildren can essentially subsidize your torrent hungry consumption. At the end of the day, there are far more grandmothers in Malaysia than there are torrent hungry downloaders like yours truly.

So that’s why I don’t like the data caps, but how about the content filtering? Particularly filters that block of torrent downloads?

Part of the cost of your broadband connection includes the cost that the telcos pay to route your transaction to the US. That’s really where the internet is, and while Google has a couple servers here and a youtube presence–the vast majority of traffic still flows to the US. This means on top of the price of getting the Fibre to your home, the local telcos also have to pay for routing your data to the US (and back). If most Malaysians started viewing local sites rather than pornhub, our broadband cost ‘could’ become cheaper, because the telcos don’t have to invest in those expensive undersea cables to setup the connection to the states. Contrast this with the situation in the US where only 10% of traffic from the US flows outside it’s borders, it means that even if a US ISP lost its undersea cables, it could still serve up 90% of the content its users were requesting. It also explains why Singapore has cheaper broadband than Malaysia–Singapore is the data-hub for the Asia Pacific Region, so a lot of it’s traffic is also local.

So how do we resolve this issue? One approach would be to make Malaysia a hub, but most experts conclude that it’s probably not going to happen (including Afzal Abdul Rahim in his 2011 TedXKL talk). The other option would probably be to start hosting more content in Malaysia, and that’s why a Youtube server within our borders is a great start. What would probably help better is Netflix availability and Netflix servers in Malaysia–until you realize that Netflix host their servers on Amazon Web Services, and Amazon chose Singapore as their Asia-Pac location–probably because Singapore is a data hub, which sends us into a round-about circular argument.

We can’t get cheaper broadband because we don’t have the cables coming into Malaysia, and we don’t have the cables because we don’t have the content, we don’t have the content because we don’t have the cloud servers and we don’t have the cloud servers because we don’t have the cables. I explored this before how cloud computing ties in closely with your data connectivity as a nation–and there really is nothing much we can do to address the gap with Singapore except spend more on undersea cables. Most of which require significant monetary investment–and take a lot of time to deploy.

Maxis and TM Fair Usage Policies : Are they fair?

Mon, 24 Jun 2013 08:00:31 +0000

Every six months, the great people over at Sandvine release their Global Internet Phenomenon report, which seeks to make sense of global internet traffic across the different regions of the world, and every six months I learn a lot from just gleaning through it. For instance most of the traffic in the US continues to point to just one website--Netflix, which also explains the drop in bitTorrent traffic in the US (why bother downloading anything when you can stream). However, in Malaysia, where it's difficult (but not impossible) to get a Netflix account, most of the traffic for both upstream and downstream still uses the bitTorrent protocol--which mostly means there's still a lot of illegal downloading going on in these here parts--but you can't blame us, because the alternative isn't legal downloading, it's buying a DVD--if you can find the DVD you want in the first place. You can view the report in it's entirety here, but I just wanted to point out one cool fact.

The average monthly traffic in Asia-Pacific has dropped.

Just 12 months ago the average monthly consumption was 32.2GB, now it's at 22.oGB. That's a significant drop in traffic, that which really boggles the mind. This is the growth region of the world--why is our average monthly consumption of the 'internet' decreasing. Put another way, why are Asians using less internet?

I suspect the average monthly consumption has dropped because of the growth in Asia Pacific, it’s quite counter-intuitive, but as Asia Pacific adds more users to the internet, the newer users in the more rural parts of the region aren’t downloading as much as their urban cousins. Therefore, while the overall traffic flow has increased, the average monthly consumption per account has reduced. It’s all conjecture at this point–but that’s what I think based on just this one data point. It makes sense to me, as a lot of people aren’t torrent-crazy-downloaders, which just means that they aren’t consuming anywhere near the full amount.

The Median monthly consumption is just 8.8GB, while the Mean monthly consumption was 22.0GB, and that tells me that the data is skewed–highly skewed. The statistician inside me is just crying to get out and shout–SKEWED!!

Skewed is just another way of saying that the distribution of internet consumption is un-evenly distributed across–or in more laymens terms–a few internet users are using the vast majority of the bandwidth.

How secure are the webpages of Malaysian Banks and Telco

Thu, 20 Jun 2013 08:00:51 +0000

I’ve almost been fascinated by the fact, that our money in the bank these days are secured not by steel doors or armed guards, but rather by cryptography and the encryption keys that enable them. To put it in the simplest form your money in the bank is protected by a number–that’s what an encryption key essentially is. A long binary number of 1’s and 0’s that protects your life savings…

Most (if not all) of your ‘secure’ internet communications is protected by something call SSL, or its successor, TLS. SSL is the stuff of legend, initially invented by Netscape to encrypt internet communications, SSL is now used by nearly everyone online. You see it when you login to your bank account on Maybank or CIMB, when you log into a online store like the ones run by Digi and Maxis even when you do your Tax filings on e-Filing LHDN website.

However, just like every standard in IT, SSL and TLS act as frameworks, and different websites could implement these frameworks slightly differently, usually based on the customer segmentation or the amount of security required. Each implementation could vary from one to another and yet still remain compliant to the ‘standard’, we wouldn’t need consultants if it were otherwise.

The problem is, that just because some website use TLS or SSL, doesn’t mean it’s secure–all it means is that the website is now using a standard, but could have implemented the standard poorly, making it vulnerable to attack, and possibly leaking out your data (some of which might be very very sensitive).

The best way to think about is to go back the number analogy, and assume that the amount of security you get from encryption is determined by the length of the number. So a 10 digit number is less secure than a 100 digit number–and a 1 digit number is less secure than both of them. In security jargon, we call this the key length, and it’s quite a common criteria used to determine the security of a given SSL/TLS implementation. This of course is just one of the criteria to determine how secure the the implementation is.

Basically it’s not enough to check if a website is using SSL or not, it’s more important to figure out how well the encryption is implemented by the website. Of course, this is beyond the scope of most people, no one has the time or inclination to perform a security audit on their banks website, although it is in their best interest to do so. Usually that green lock icon at the bottom of the screen helps me sleep well at night–but it shouldn’t, it’s a good start, but not a guarantee of security.

Fortunately, there’s a really quick and dirty way, to determine how secure the SSL/TLS implementation of a website is. Head on over to SSLLabs.com and enter the url of the website you want to evaluate and the perform a really good audit of the site in real-time, measuring things like key-length and SSL versions, up to the certificate authenticity.

So armed with SSLLabs.com, I decided to just quickly perform a quick check of the most popular secure websites in Malaysia to see if these websites were offering the security their users deserved. Checking out the most popular forum in Malaysia, two telco companies, two banks, one government agency and a news portal, the good news is that 3 out of 7 got straight A’s on their test–the bad news is that the other 4 got F’s–and it’s possible to get E by the way…so an ‘F’ is what most people call an epic failure.

Security Offences Bill vs. Universal declaration of Human Rights

Thu, 13 Jun 2013 08:34:25 +0000

This is what Article 12 of the Universal Declaration of Human Rights says:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

This is what security offences bill in Malaysia says:

(1) Notwithstanding any other written law, the Public Prosecutor, if he considers that it is likely to contain any information relating to the commission of a security offence, may authorize any police officer— (a) to intercept, detain and open any postal article in the course of transmission by post; (b) to intercept any message transmitted or received by any communication; or (c) to intercept or listen to any conversation by any communication.

To me, the phrase ‘if he considers it is likely’ is another way of saying arbitary.

Can you out-tech the government?

Mon, 10 Jun 2013 08:00:25 +0000

Over the past years we’ve seen a recurrent theme where Government agencies were attempting to curtail internet freedom in the name of ‘keeping the peace’. From Saudi telcos threatening security experts to help them hijack tweets to governments procuring tools like Finspy to spy on their citizens–usually without any warrant or legal oversight. We’ve seen US federal agencies try to legislate mandatory technical backdoors into software and how the Syrian government treats internet access for its Citizens like candy for their children–you only get it if you behave.

In Pakistan, a wholesale blockade of youtube means their citizens are missing not just Gangnam Style, but Gentlemen as well (although that may not necessarily be a bad thing)–and we all know how much censorship and surveillance is going on in China.

A French court is now asking twitter to hand over account details to identify individual users that tweeted anti-semitic messages, both the Dutch and German police are users of spyware from companies that the are deemed ‘corporate enemies of the internet’ by reporters without borders, and while you may agree that courts have a right to curtail hate speech, just ruminate for a moment how one-sided French law is when they aggressively pursue anti-Semitic messages but forbid Muslims school girls from wearing a hijab to school because it is supposedly a symbol of oppression. These biases point to deep flaws in our belief that freedom of speech can somehow be regulated by governments–the term regulated freedom of speech is an oxymoron to begin with.

This of course doesn’t just affect the ‘bad’ countries, those with lifetime membership cards to the axis of evil, but countries we’d generally consider good guys as well, those we associate with a respect for personal privacy and citizen rights, so that we did end up like this? To truly appreciate where we are we need to go back to how it all starts.

A false sense of Insecurity

Throughout history it all starts in the name of national security, or keeping the peace. Government agencies ramp up the security concerns and threat levels to grant a false sense of insecurity to its citizens--because it's only in this environment that citizens are willing to grant such unilateral powers to the government (and its agencies). People aren't too willing to allow for unilateral government interception of communications--unless of course they perceive that terrorist live among us, and the government requires these powers to protect the innocent.

The track records of governments has never been good. September 11 was a colossal failure of government intelligence, and it’s usually used an example of why governments should do better. What most people don’t know is that a company called Acxiom had data for 11 hijackers, and provided that data to assist in investigations post 9/11, it turns out had the government agencies used Acxiom, they may have had additional security on the planes that crashed into the WTC. The breadth and depth of the information provided to law enforcement has been kept secret–and in the wake of such attacks nobody bothered to ask whether Acxiom was operating within legal limits of collecting and storing that data–worse still people forget that Acxiom itself was hacked leaking private information of millions of Americans. Yes it may have help thwart the attacks on 9/11, but the Acxiom itself became a target of attack shortly after details of its information bounty were published, there are a lot of people who would pay for that kind of information.

Even with the fundamental problems of the government storing such private information–government agencies throughout the world continue to ramp up security concerns in the hope of scaring people into giving up their freedoms. Closer to home we continuously see the ’threat of sedition’ being used to deny individuals and private citizens their rights. The ‘possibility’ of a repeat of May 13th, is now accepted as a ‘high probability’ even though there is no data to suggest that a repeat is possible let alone probable. Just like courts in France we see a glaring bias in the execution of these sedition laws–and the targets are often pro-opposition rather than pro-government.

The Malaysian government is now being accused of running spyware suites like Finfisher, which incorporates a voyeuristic like ability on the malware owner to spy on the victims. The makers of Finfisher claim their software is only sold to governments–without realizing it’s the governments themselves that are illegally spying on its citizens.

Not since Tom Sawyer tricked his friends to paint his white fence has such levels of deception been seen.

However, the level of deception isn’t what is troubling, it’s the level of apathy among the mainstream society to these revelations that send shivers down my spine. No one from the general public seems perturbed that the very technology that was supposed to advance democracy and free speech in Malaysia is now being used to suppress it.

And we’re not the only ones spying on our citizens…

Should we learn from China?

Thu, 06 Jun 2013 08:00:14 +0000

I’m truly anxious at the recent rhetoric about ‘regulating’ of the internet, and fear the worst. I grew up with the internet and like to think we made a journey together, from my high school days where dial-up internet was the norm, to the blazing fast broadband I have now–things have change a lot for the both of us. I am a digital native, I know no other land other than a digitally infused one we live in today. Couple that with my unique libertarian views and my savvy for all things tech, and you can quickly see why I strongly oppose internet censorship of any kind….and I really mean any kind.

Maxis blocks Torrent traffic

Thu, 30 May 2013 07:00:47 +0000

There’s a really cool tool called glasnost, that can easily detect if your ISP is throttling certain traffic through its servers. It works amazingly well at detecting if your ISP is blocking that most sacred of all internet traffic–BitTorrent.

So running two test, one over my Unifi connection, and one more tethered over my Galaxy S3 on Maxis, and came to the conclusion that Maxis does indeed block torrents by default. However, just like how you have to call Maxis to enable VPN access via your phone, you have to call them to allow torrent traffic as well…supposedly.

The Malaysian cybertrooper phenomenon or is it Botnet?

Sat, 25 May 2013 07:00:17 +0000

The Edge recently held a political poll on whether Anwar Ibrahim should quit as the Opposition leader–But when the editor begun to see that the one-week survey attracted 12,736 responses and the responses were overwhelmingly one-sided, she smelt something fishy.

Upon further checking with the IT team, they found that 6,354 of the responses came from one IP address, and about 1,700 came from several IP addresses within the same building. Another 2,000 responses came from seven different IP addresses.

DAP lodges report with MCMC over blocked sites

Thu, 23 May 2013 07:00:31 +0000

Two days ago, the Democratic Action Party (DAP) lodge a report to the MCMC on an 'internet blockade' targeting DAP related political websites that was allegedly being carried out by Telekom Malaysia (TM). As you may know TM is the largest ISP in Malaysia, and if TM suddenly blocks a website--a large chunk of the Malaysian public are automatically denied access to it.

The DAP IT manager (didn’t know the DAP had an IT team now did ya?), in his press statement said that :

In investigating the DPI filtering equipment location, I have found 1032 suspicious network equipment using same IP address family as the the Arbor Network Peakflow SP with TM branding. Since the login page of this network equipment bears TM logo, undoubtedly MCMC should haul up TM and conduct IT forensic investigation on all 1032 equipments without delay. I am fully prepared to assist MCMC in its investigations.
In light of this new evidence, MCMC must re-examine its 2nd May statement. MCMC should be politically impartial and hold the standard of government regulatory body that it should be. It must put the interest of all Malaysians first.

Now this isn’t really news, to be fair the Arbor Network Peakflow SP solution is meant primarily as a DDoS protection security suite with a slight tinge of DPI functionality added on the side. TM in their defence haven’t really denied they own the Arbor Network solution–there’s even a joint press release from 2004 to announce their purchase of it.

Unless TM operates like the government, in which they announce the purchase of something in 2004, but only start to using it in 2013–I’m guessing they were using Arbor for other purposes before they decided to unleash its DPI functionality.

But there could be a twist.

Meet your new Ministers of Communication and Multimedia

Mon, 20 May 2013 07:00:54 +0000

Couple of weeks before the election, we saw how the Deputy Minister of Information Communications and Culture was so into Information communications. Now, with the new cabinet being sworn in, I’m sad to say we’ll probably see more of the same ol’ same ol'.

Meet your new Deputy Minister of the Communication and Multimedia ministry–Dato’ Jailani Johari!!!

Apart from having a whooping 71 followers on twitter, and a mind-blowing 5 (yes that’s a single digit) connections on LinkedIn. Although, he does have more than 2,000 likes on his Facebook page–which he started on April 15th 2013. Coming back to twitter though, did you know he follows a spine-chilling 12 accounts–must be some pretty heavy Communicating going on in the Ministry eh!

Freedom vs. Security : Papagomo arrested

Tue, 14 May 2013 22:13:49 +0000

Bruce Schneier, whom I respect tremendously, points out that freedom and security are opposing ends of the same spectrum, people balance out freedom and security based on what they perceive. In other words, people would sacrifice their freedoms if they thought they needed more security.

A way to think about this, is the amount of Gated and Guarded communities we have sprawling through the Klang Valley (and even beyond). People are willing to sacrifice the extra money and give up some freedoms to live in a Gated and Guarded area, in some cases the premiums reach 100% just to live in a area that is guarded. Residents of these communities also experience the hassle of having to ’tap-in’ and ’tap-out’ of their areas in addition to the tremendous difficulty hosting visitors in these neighbourhoods.

Top 4 ways to access blocked sites

Sat, 04 May 2013 18:40:15 +0000

Here's some quick tips on how to access blocked sites in Malaysia that is blocked by the ISP (Telekom, Maxis, Time..etc etc). Currently the ISPs in Malaysia are throttling and filtering specific traffic to websites like Malaysiakini, Facebook and even Youtube. Just in case, things get nasty post-election day, I thought I'd quickly put together a couple of ways you can access Malaysiakini and other online portals despite a Unifi censor.

Censoring and spying--Malaysian Style

Sat, 04 May 2013 15:06:15 +0000

In 2 days time, the South-East Asian nation of Malaysia will go through its 13^th General Election since 1955. Some might look negatively on the number 13, but for the vast majority of Malaysians the coming few days will either raise our hopes or shatter them.

Malaysia has had only 1 party in power since it’s independence—that’s a long time to be in power, and for the first time since 1955 the ruling party in Malaysia is under threat, not just to lose it’s 2/3rd majority in Parliament, but the entire elections altogether, and with it control of the Federal Government.

Kerajaan Malaysian Mengintip Rakyat Malaysia sendiri

Fri, 03 May 2013 09:30:40 +0000

Beberapa minggu lalu, saya telah menulis tentang sekeping artikel yang ’tidak bertanggungjawab’ oleh Malaysian Insider apabila ‘mendakwa’ kerajaan Malaysia mengintip rakyat Malaysia - tanpa sebarang bukti. Saya amat kecewa bahawa wartawan tersebut membuat kenyataan tersebut tanpa apa-apa bukti–apabila menulis blog tersebut saya kecewa dan saya marah!

Tetapi yang lebih penting–saya silap!

Mengikut laporan dari Citizenlab semalam–sekarang timbulnya bukti bahawa kerajaan Malaysia MEMANG mengitip rakyat–terutama sekali Rakyat Malaysia yang mengunakan Bahasa Melayu.

I'm Sorry, the Malaysian Government IS spying on you

Fri, 03 May 2013 09:06:52 +0000

A couple of weeks ago, I wrote about an ‘irresponsible’ piece of journalism by the Malaysian Insider when the ‘claimed’ the Malaysian government was spying on Malaysian citizens–but they didn’t have any proof. I was very upset that a reporter would make such a bold statement and not back it up with any proof –so obviously the post was written in a caustic and emotionally charged way–I was upset, annoyed, angry even!

More importantly though–I was wrong!

On Labour day, Citizenlab released a second report detailing out more info from they’re Finspy research.

I’ll let speak for themselves in an excerpt they prepared specifically addressing MALAYSIA:

Telekom Malaysia is censoring the internet prior to GE13

Thu, 02 May 2013 10:17:35 +0000

I'm not a usual fearmonger, or a person who panics easily--yet you friendly local tech evangelist has a warning for Malaysian users out there. Unifi is censoring the internet in the run up to the hotly contested GE1--and that's what the data suggest. You heard that right folks, some of you suspected all along, and I apologize for not believing you earlier. I was initially skeptical that Unifi and Telekom Malaysia would go to such extents to censor our right to information, and I'm deeply upset that this is happening in my own country.

Usually most Internet Service Providers (ISP) don’t censor the internet, not because they don’t want to–it’s simply because censoring the vast amount of online traffic is a monumental technical challenge. In the past we’ve seen Malaysia ISPs do this, for instance when they blocked Malaysia-Today in the run-up to the 2008 General elections, but censoring one entire website is a fairly straightforward thing to do–an bypassing that censorship is equally straightforward.

Political parties don't know how to engage

Wed, 01 May 2013 14:53:22 +0000

"There are many ways to reach out to the public, both political parties have a lot of space in Malaysia... It is unlikely we will have a debate, we need to engage with the people, the opposition will engage with people," - Caretaker Prime Minister Dato' Seri Najib Razak

Caretake Prime Minister Dato' Seri Najib Razak told Veronica Pedrosa that he was unlikely to Debate Opposition leader Anwar Ibrahim because there are other ways to 'engage' with people. Of course, I get annoyed at these statements, in America the Presidential elections are viewed as the cornerstone of democracy, they are a way for both candidates to debate and argue their ideas and for people to really understand the platform the candidates stand on.

However, let’s give the Prime Minister the benefit of the doubt and assume for now that there are other ways of engaging with people. How are the Barisan engaging? Besides hundreds of sms-blast to the public there seems to be little ’engaging’ from the Barisan Nasional. In fact–I’ve replied to nearly 20 Barisan sms’s I received and did not receive a single response from any of them. Yes, I wasn’t expecting any–but you would think a political party that was interested in engaging the rakyat would at least respond to an sms from a voter?

Malaysia Data Center aspirations

Wed, 01 May 2013 07:00:53 +0000

A bernama report a couple of days ago mentioned that Malaysia was ‘well-positioned’ to be a world class preferred hub for data centers:

KUALA LUMPUR, April 18 (Bernama) -- Malaysia is well-positioned to be a world-class preferred hub as a data center thanks largely to the government's liberal investment policies, solid infrastructure and a large supply of people with expertise on information technology.
Besides this, the country’s multilingual talents offer clear advantages for foreign investors, particularly in terms of disaster recovery and offshore relocation, Fumitoshi Imaizumi, the President and Chief Executive Officer of NTT MSC, said in a statement here Thursday.

The reality though is starkly different. Data centers consume huge amounts of power and huge amounts of space, so the two primary resources needed to operate a data center are electricity and real-estate. Of course you need skilled technicians and engineers to run it, but the scale of most data centers usually require a small-ish team to operate even the largest data-centers, as these things usually take care of themselves.

Why is Malaysia trailing Singapore, Taiwan, Korea

Mon, 29 Apr 2013 07:01:26 +0000

[gallery orderby=“post_date”]

A lot of people ask why Malaysian has fallen behind countries like Korea, Taiwan or Singapore in terms of our economic development. The answer most politicians give is corruption–but there’s hardly any data to suggest that’s a big issue–at most corruption can account for the ’loss of income’. There’s no guarantee that the money we saved by eliminating corruption would be spent wisely on good projects, there’s no guarantee we’d be where Korea, Taiwan or Singapore is even if we had no corruption. Do you think there’s corruption in Kelantan, yet they seem to be trailing behind everyone in terms of development? Low corruption is not a guarantee of good education.

Malaysiakini twitter account hacked

Sun, 28 Apr 2013 15:17:32 +0000

Sorry for inconvenience! let us manage your twitter account from now on,Untuk semua , For All, Wei Ren Ren, Ellowrukkum - SarkasSiber
— malaysiakini.com (@malaysiakini) April 27, 2013

In what appears to be an escalating amount of cyber-attacks on the online web portal, Malaysiakini reported that they're twitter account has been hacked by a group calling itself Sarkas-Siber.

Malaysiakini now follows in the footsteps of other notable newspapers who’ve had they’re twitter account hacked, hopefully twitters recent announcement for two-factor authentication may help reduce the high number of hacks the social network faces on a regular basis.

F-Secure hackathon result

Sun, 28 Apr 2013 07:00:41 +0000

F-Secure recently had a Hackathon in Malaysia, with the grand prize being a dinner with Miko Hyppönen. Miko is sort of like the Mick Jagger of Computer Security, Miko also made international news in 2011, when he tracked down and visited the authors of the first PC virus in history, Brain.A. Hyppönen produced a documentary of the event. The documentary was published on YouTube.

The winner of the Hackathon was Tan Kok Boon (pic) who stole the spotlight with his groundbreaking application which allows users to monitor and prevent threats using F-Secure’s World Map Interface. Tan won the award for ‘ The Most Innovative Application’ and the award for ‘The Best Overall Performance’. Also notice from the picture, what device was the winner of the Hackathon using to code? It’s a MAC!

Which just goes to show, the OS of your laptop is almost irrelevant now–and pretty soon the OS of your phone will go the same way.

Government Network used to download porn : Privacy is dead

Wed, 24 Apr 2013 07:00:15 +0000

Just how private are your searches…turns out they aren’t private at all.

The wonderful people at Torrentfreak did an amazing piece of investigative journalism today. Upset over the passing of CISPA, they decided to do an internet check on how active the House of Representatives were–on bit torrent. It turns out with a couple of IP addresses, and some elbow grease you can pretty much find out how active a certain IP range is on bit-torrent or even on searching porn!!

So using the same techniques that Torrentfreak used, and applying them to the Malaysian e-Government official service provider “Government Integrated Telecommunication Network (GITN)”, your friendly neighbourhood Tech Evangelist manage to find some pretty interesting results!

The GITN is owned by Telekom Malaysia and is dubbed the “official network provider for the e-Government” in Malaysia–so let’s see what the official network for the e-government was being used for?

First off, someone was using the GITN network to download torrents–not exactly surprising, but judging by the variety of torrents (everything from Dark Skies to Naruto to Discovery Channel documentaries) it looks like more than one person was doing the downloading.

Also equally interesting was that someone used the GITN network to download porn. I'm no expert, but I'm thinking Gangbanged.XXX isn't really a discovery channel documentary.

Pitchin.my Crowdfunding success in Teach a Child to Read

Mon, 22 Apr 2013 07:00:13 +0000

A couple of months back, I wrote a short post about a Malaysian project that was successfully funded on kickstarter. Today, I can proudly say that Malaysians continue to surprise me in untold ways.

Pitchin.my is the Malaysian kickstarter, and recently it saw a successful funding of a project on it’s website–that literally brought tears to my eyes. The project entitled “Sponsor a Child to Read” was done by an English teacher from a rural school in Negeri Sembilan with a small-ish goal to raise a relatively small-ish USD3000 to provide books to 30 students with low literacy level from SMK Teriang Hilir. Let me tell you, there’s nothing small-ish about teaching 30 students.

Liew Suet Li, the English teacher who started the project, goes on to elaborate that:

Datuk Maglin Dennis D'cruz in Klang : The non-updating Minister

Sat, 20 Apr 2013 20:22:13 +0000

So it’s official. Datuk Maglin D’Cruz will compete in N.48 Kota Alam Shah in Klang. Sadly this is true.

I never liked Datuk Maglin, he’s the Deputy Information Communications and Culture Minister that was looking at ways to ‘control’ social media. I won’t go much further as to why this is a bad idea–but it just goes to show how in touch Datuk Maglin is on the social media.

Maxis announces LTE support for iPhone 5

Sat, 20 Apr 2013 07:00:41 +0000

Maxis announced that their network now supports LTE on the iPhone 5, which is a bit strange to me. Initially the MCMC announced that the telcos awarded the LTE frequencies were given band 7 of the spectrum–which wasn’t compatible with the iPhone 5.

However, something must have changed, SoyaCincau recently reported that:

Anwar may have changed Malaysia, but Mark, Larry and Sergey changed the world

Thu, 18 Apr 2013 08:00:26 +0000

If Pakatan win the next election, I would recommend that they award the title of Tan Sri or at least Dato' to the following:

Larry Page and Sergey Brin:

Co-founders of Google, who own both the video sharing site Youtube, and the blogging service Blogger.com. Without these two free services the message from the opposition would not have reached so many Malaysians, so effectively in such a short time-span. 12 years ago, before broadband or Google, the opposition were forced to resort to pamphlets and flyers, most of which was ineffective and expensive. Without Larry and Sergey, the Opposition would have not technology to spread their message to the masses. Anwar and Co' owe more to the technology of Sergey and Larry than any amount of funds they may have obtained from any other party (foreign or domestic)

Mark Zuckerberg:

Founder of Facebook, the de-facto social network for Malaysian. Facebook is so famous even my mother uses it--and I recently received a friend invite from my mother-in-law!!

Facebook allowed the youtube videos and blog post from various opposition parties to be spread from friend to friend, without Facebook videos wouldn’t have gone ‘viral’. Together Facebook and Google were instrumental in allowing the opposition a platform to preach their good news in 2008–in 2013 they might just allow them to form a new government.

Malaysiakini goes free from 17th April for GE13

Wed, 17 Apr 2013 12:26:00 +0000

Got a note from Malaysiakini today, for all you stingy-porkers out there who read all the malaysiakini news reposted by various parties, but never really paid for the subscription–here’s some good news.

Malaysiakini will go free from 17th April onwards, to pave the way for MORE adverts (like we didn’t have enough) but also to allow Malaysiakini to respond to attacks more effectively. Having to cater to two customer models makes responding to DDOS attacks a bit harder–though I can’t imagine why.

It’s however good news all-around. Malaysiakini will extend the subscription if you were already paying, and if you never were a customer, you now have access to all the news from Malaysia no.1 Online News Portal.

My BN Spam SMS collection

Sun, 14 Apr 2013 23:44:29 +0000

In the past 6 months, I've received more than 20 political SPAM sms' from the Barisan Nasional Yakini BN campaign, various political surveys and two from my local MP from PAS (Dr. Siti Mariah Mahmud).

Now obviously, I’m expecting the spam rate to increase exponentially as we approach GE13, and to me that’s really bad news. In fact over the last month alone, I’ve received 5 text messages from the Barisan Nasional Yakini BN campaign–they know my FULL name, my contact number and even my place to vote. They know more about me than I’ve ever given out to ANYONE from any survey, and I consider this an invasion of my privacy.

How many FAKE followers does Najib have on twitter?

Fri, 12 Apr 2013 05:00:59 +0000

A Social Media Analytics firm recently reported that nearly 50% of Justin Bieber followers on Twitter–were fake. This meant that nearly 18 million followers on Justins twitter account either belonged to no ‘real’ person or belonged to a spam account–and that dear readers is a lot of spam!

That’s like a newspaper saying its circulation was 100,000 a day, but it was only being read by 50,000 people.

Now of course, even if the first 18 million twitter followers were nothing more than spam bots, there’s still another 18 million ‘real’ followers that Justin has–and not many people have even 1 million twitter followers, let alone 18 million, so Justin still has twitter-cred.

However, that does beg the question–how many followers of our Prime Ministers twitter account–were real? For the uninitiated, the Prime Minister tweets at @NajibRazak and has nearly 1.4 Million followers, about 10 times less than Justin Bieber–but nearly 7 times more than his political rival Anwar Ibrahim (who has ‘just’ over 250 thousand followers).

So were these followers real?

Malaysian Scientist don't believe in Evolution?

Sun, 07 Apr 2013 07:00:50 +0000

Previously I wrote about a great report from MASTIC that surveyed the perception of the Malaysian public regarding Science and Technology. What I failed to mention or rather what I ‘chose’ not to mention at the time was a specific portion of the report that dealt with the Theory of Evolution, and the reason why I didn’t want to address it was to not distract from the original intention of that post.

This however, is a different post, one with a different intention that aims to ‘inspire’ some question regarding the Malaysian public attitude towards the Theory of Evolution and towards science in general.

What MASTIC says about Evolution

The MASTIC report is actually a subset of a much larger international survey that aims to gauge public opinion about Science and Technology, a buried among the questions lurks two that address the question of our origins:

Human Beings as we know today developed from earlier species of Animals (True or False)

The Universe began with a big explosion (True of False)

For both these questions, MASTIC believed that the answer was False! This is of course inconsistent with what the European and the American survey that deemed the right answer to be TRUE! More importantly– this answer is inconsistent with the scientific evidence at large.

Of course, you don't have to be a scientific genius to figure out the real root the discrepancy--someone somewhere in MASTIC decided to inject their own personal beliefs into what was otherwise a nicely done scientific survey, and this is where things begin to become a bit dangerous for Science in Malaysia.

When government officials begin to inject their personal beliefs into the scientific establishment without any regard for the evidence to the contrary– then we begin to see a decline in science, that’s when science itself comes under attack. Science is above all interested in the pursuit of truth, and that pursuit has led it to the theory of evolution that establishes a framework to understand the diversity of species in the known world–both past and present–and connect the past to the present via Darwinian natural selection. Evolution maybe a theory, but it definitely isn’t theoretical–and the scientific community has long accepted Evolution as ‘THE’ definitive theory that explains the diversity of species that exist today (and yesterday), while its supposed ‘competition’ receives no attention at all–mostly because the supposed competition of the theory of evolution are without basis and are not supported by the evidence.

The fact that MASTIC think that they can change the answers to something so fundamentally agreed upon by scientist the world over is disturbing–nearly all of biology involves a solid understanding of Evolution, and yet here is MASTIC denying a scientifically accepted FACT!

Malaysian Public Opinion of Science and Technology

Mon, 01 Apr 2013 16:23:03 +0000

I recently discovered a really good study conducted by the MASTIC in Malaysia to determine Public Awareness of Science in Malaysia. The study was conducted every 2 years from 1998 till 2008, which gives us 5 really great data sets to determine not just the public awareness of science in a particular year--but also how that perception changes over the decade.

The study makes for a good read–but the main point I was interested though is this one question on how the Public Viewed science, in which 3 possible answers were given, either they thought Science did more good than harm, Science did more harm than good or that Science was neutral. In 1998, nearly half the population viewed science as causing more good than harm, but in 2008 that number increases to nearly 3 quarters. So we see a stark rise of about 25% of people going from being on the fence about science to believing it causes more good than harm.

However, there were about 8.7% of the population who believed science caused more harm than good, these are those who think that science has a negative effect on society, and what’s interesting is that the number of people in this country has barely changed in the last 10 years, remaining more or less constant around the 6-8% range.

Malaysian Education System : Seriously flawed GTP report

Wed, 20 Mar 2013 22:02:58 +0000

In conjuction with the release of the Government Transformation Project Annual report, the Star today reported:

The Malaysian education system is on track to becoming among the world’s best as stringent monitoring is in place to ensure its success under the Government Transformation Plan (GTP).

“The rate of improvement of the system in the last 15 years is among the fastest in the world,” the GTP report said.

Malaysia also ranks among the top in the world for equitable access to education.

MCMC screw up press release

Wed, 20 Mar 2013 06:00:25 +0000

So after the furore over the Malaysian Insider article that wrongly accused the Government of using spyware on its citizens, the MCMC rightly issued a press statement denouncing the article.

Unfortunately, even the MCMC has to do some reading up a bit before it post up press releases. According to the MCMC press release which you can read in it’s entirety here:

Malaysian Cyberwar: Is it an external war or is it civil

Mon, 18 Mar 2013 00:00:41 +0000

A really piece written by Asohan Aryaduray on DigitalNewsAsia some time back talked about how the CyberWar between Malaysia and the Philippines was going on, and how he wanted government agencies to step up the security of our digital assets (or at least start the discussion). Asohan claims that Malaysia perhaps has “the most number of government and quasi-government agencies looking into cyber-security for a country this size; it is time for them to put their heads together and harden the nation’s cyber-defenses.”

He ends with a rather poignant phrase: It’s war, gentlemen, and it’s time our agencies got cracking.

I’m not so sure it’s war–even less sure we should get the government involved.

If he calls the attacks by Malaysians on Pinoy websites (and vice-versa) a war, then what’s currently going on with the DAP website is a sign of not just war–but a digital civil war, with internal actors, attacking local sites.

TheStar last week reported that the:

DAP has claimed that its websites have been attacked and forced to shut down since last Friday.

National publicity secretary Tony Pua (pix)said the party’s official website, dapmalaysia.org, and its Malay portal, roketkini.com, were incapacitated by denial of service attacks (DDOS) on March 8, 10 and 13.

While TheStar doesn’t report it, but other newsportals claim Pua was blaming political foes for the attack. For the most part this is quite common, we’ve seen Malaysiakini go down a few times, and various other pro-opposition blogs have taken some hits. This of course is even more interesting because Krebsonsecurity.com blogged that he was a victim of not just a DDOS attack but Swatting as well.

Malaysian government using spyware against citizens? No, not really.

Fri, 15 Mar 2013 01:01:00 +0000

I’ve been pretty busy the past few months, and my post count has been pretty low, and although I just returned from a 2 week trip abroad and am now flushed full of work, I decided to burn a bit of the midnight oil today because the Malaysian Insider completely pissed me off.

It all started with an article from Lim Kit Siangs blog, which read “Malaysia uses spyware against citizens, NYT reports”. The post was merely a cut-and-copy reproduction of a Malaysian Insider article that had the same headline. The headline really got my blood churning and it was followed up with an even more mouth watering opening paragraph:

Is the MCMC going to 'monitor and control' or is it going to 'censor'

Tue, 12 Mar 2013 07:00:33 +0000

A week ago, I wrote about the MCMC was planning to ‘monitor and control’ the internet, but just today I looked at my RSS subscription and notice that the Malay version of the press release used completely different words.

While the English version of the Press release used words like ‘monitor and control’, the Bahasa version used the term ‘memantau dan menyekat’. The term ‘memantau dan menyekat’ more appropriately translates to ‘Monitor and Block’ or ‘Monitor and Censor’ rather than ‘Monitor and Control’.

MCMC looking to 'control' social media at GE13: A worrying trend

Sun, 03 Mar 2013 15:19:37 +0000

Bernama (an official government news channel) yesterday reported that the MCMC is “looking at suitable methods to monitor and control the use of social media in the 13th General Election (GE13)". Deputy Information Communications and Culture Minister Datuk Maglin Dennis D’Cruz said this was “to ensure that the social media would not be abused by irresponsible quarters to achieve their own political agenda”. Datuk Maglin then quickly goes on to shameless promote the BN by saying that “Therefore, the public, especially the young voters should be wise enough to do their parts in selecting the right government with vast experience in managing the country, so that their future will be secured.”

code.org : All kids should learn to code

Sat, 02 Mar 2013 16:26:41 +0000

Should we teach our kids to code? At the moment coding and programming are not part of the Malaysian school curriculum. Probably about time we change that.

Malaysian parents don't want Kids to do science

Thu, 28 Feb 2013 07:00:46 +0000

This is so true.

Neil DeGrasse Tyson is probably the most famous astrophysicist on the planet, and of late he’s been the face of science education in America. He’s got the coolness of Jay-Z mixed with the lovability of Bill Cosby and the intelligence of Carl Sagan all rolled into one. He’s been promoting science in America a lot, and fighting for a budget increase for NASA.

However, he’s pointed out in this video, that the barriers to scientific inquiry don’t lie with our children or our kids, it lies with the adults. Adults that in most cases control budgets and policy regarding science–just like a Minister of ours who suggested we send an astronaut to space to play traditional games. I’ve also noticed this a lot in the past, ever since I wrote about having a career in IT I’ve had more than a few emails sent to me from young people who’d like to pursue IT but face a stumbling block in the most unfortunate places–they’re parents.

PSY Penang: Are you ready for BN audio analysis

Sat, 16 Feb 2013 07:00:21 +0000

Are you ready for PSY? or are you ready for some PYSICS? Well, that’s too nerdy even for me.

The reality is that if you want to know whether penang-ites said a big ‘NO’ or ‘YES’ when Najib asked them if they were ready for BN? The answer doesn’t lie with political blogs or with the politicians. The answer lies in Physics.

Sound waves, just like all other waves can easily be visualized in terms of their waveforms, and by comparing the waveforms from the audio of 5 youtube videos which have people responding either YES or NO you can easily try to figure out which was forged or which was genuine.

Are Free Public WiFi initiatives safe? Or do they pose a Health Risk?

Fri, 15 Feb 2013 07:00:51 +0000

Techdirt recently reported on how Canadian Schools are Banning WiFi based on bad science, and I was appalled by the complete lack of science we have operating in the minds of these clueless parents. No doubt they’re well-intentioned but their complete and utter disregard of the scientific evidence in favour of fearful knee-jerk reactions are actually causing more harm than good for the very children they intend to protect.

Of course it doesn’t take much research to find out that WiFi isn’t dangerous, and there’s no evidence to show that it is dangerous. In fact, most studies suggest WiFi radiation is so weak, that a year of WiFi radiation equals to 20 minutes on a cell phone. The most important thing of course is not to fall into the trap of thinking we’re ‘better safe than sorry’ because we already are safe with WiFi and we have enough evidence to suggest what WiFi poses to health risk.

Wireless@PENANG : The Health risk of Public WiFi

I'm also reminded of Wireless@PENANG project, that took so long to launch due to pressures from public groups and NGOs similar to the Canadians parents. This includes flak from Anil Netto (a journalist I respect) , who wrote a couple of post about how the public were not consulted about the Wireless@PENANG and how the European Parliament has begun to be wary of Wifi. All of this of course didn't bode well for the Penang Government, because they had to organize a town hall on the matter, fortunately the science prevailed and Jeff Ooi (whom Lim Guan Eng branded as 'tech-savvy') announced that the project was back on track shortly after the town hall.

Unfortunately, the consumer association of Penang wrote a long open-letter to Lim Guan Eng, chastising him for not engaging them enough. It was clear from the letter than the Consumer Association, while having the right intentions in mind–were clearly misled in terms of the science. It was even clearer that all they wanted was for them to be engaged, but from my end I can’t see how a consumer association who has looked at the scientific data (and lack thereof) not conclude that the benefits of WiFi almost astronomically dwarf the ‘perceived’ health risk– quite frankly there are no health risk. More to the point, I would not even begin a conversation with them, till they point to some scientific proof of how WiFi is a health risk. At present there is no such data.

LGBT Movies Ban in Malaysia

Mon, 11 Feb 2013 07:00:22 +0000

This is a bit of old and stale news, but in April of 2012, the Information Ministry released a 'directive' to ban all movies or films that featured gay characters. In their defence, the Ministry did later clarify that their facebook post wasn't a directive, but a topic for debate. Of course, there can't be much defending when the post itself starts with "Berkuatkuasa serta merta, stesen radio dan televisyen diminta menghentikan.." which effectively translates to "With immediate effect, all radio and television stations are requested to stop..".

However, this little directive provoked my thoughts, because I’ve always been intrigued by the ‘weeding’ effect of censorship. The ‘weeding’ effect is a simple analogy I came up with while I was –you guessed it– weeding my garden. You see I’ve got a small garden in my home, and every now and then I put a pair of pink rubber gloves and go weeding around by hand, it’s a tough job, but someone has to do it. Now for those of you who’ve weeded anything before you know those nasty little weeds tend to grow in between the grass, and it’s really difficult to pick them up without plucking a fair bit of non-weeds with them. In fact, if you’ve got a lawn like mine–it’s almost impossible to get rid of the weeds without getting rid of the lawn grass as well. You most definitely want to avoid plucking out that expensive lawn grass you laid down.

The same goes with censorship, every time you try to censor something like the word ‘Breast’, you may inadvertently censor out something entirely innocent and useful–like Breast Milk, or Breast cancer, or Breast feeding. So while I really doubt the keyword Breast would lead to anything other than porn for the first 10,000 entries on Google, censoring the word Breast is really an ineffective solution because it could censor out a lot of really useful and relevant information.

Undersea Cables in Malaysia : The Need for infrastructure

Thu, 07 Feb 2013 07:00:19 +0000

A good friend and regular reader (or so I hope) of this blog sent me this link last week. It’s a really nifty chart of all the undersea cables in the world. Now, for those who don’t know what undersea cables are, they’re basically the huge data cables that carry around the data we use for the internet. While modern satellites orbit overhead, the unfortunate truth is that satellites aren’t able to carry even a fraction of the bandwidth that undersea cables do, and chances are if you’re reading this now–at least some of this data has gone through an undersea cable before ending up on your screen.

If you look at the moment from an abstract level however, you begin to notice that these cables tend to ‘cluster’ around certain areas. We can see clear clusters in America, but more specifically in states like California, Florida, New Jersey and Oregon. Other places we see clusters are in Brazil, particularly Sao Paolo, and then we huge clusters in the UK (and zooming in you’ll see there’s huge connectivity to Ireland), Portugal and a large amount of cables going through the Suez Canal. In Asia, we see huge metropolis of these things in Japan, Korea, Shanghai and Taiwan, and finally much closer to home we see a huge clustering happening next door–in Singapore and a tiny bit of clustering happening in Sydney, Australia.

Samsung ATIV Smart PC

Thu, 24 Jan 2013 11:06:01 +0000

Alright, so my first sponsored post. Although it's not much, somebody gotta pay the bills, and as long as that somebody isn't me -- that's awesome.Technically this isn't my first sponsored post, I wrote a post some time back about Unotelly, but this is the first time I'm getting paid real, actual, hard-cold cash.

So what’s the post about?

Well it’s the new Samsung ATIV PC promotion by Celcom!!

For just RM1,758 you can get a the wonderful tablet pictured above from Celcom. You’re probably wondering why would anyone spend that much on a Windows tablet when you can get an iPad or a Galaxy Tab for the same price–until you realize it’s a Windows 8 tablet–and then you start wondering again. Until it hits you that this isn’t really a tablet, it’s ‘almost’ a full fledge PC–except with an optional keyboard. This is what Microsoft designed the Windows 8 ecosystem for, and this is Samsung best interpretation of Microsofts vision.

Don’t believe me, well would a normal tablet have the following connection ports:

You’ve got just about every sort of port and plug you could possibly want out of a tablet and then some, this unit working with a full-sized USB 2.0 port, SIM card port, microSD card slot (for 64GB more storage than you get standard inside (also 64GB)). You get two microphone holes (built-in, not for larger microphones) that bring some noise cancellation, and there’s a microHDMI slot long the left. (Slashgear)

No. You’d be lucky if the next iPad had just 1/2 of what the ATIV offers in terms of ports. For more info on the Samsung ATIV, check out this review from Slashgear.

Is America Building the Death Star -- Not really

Wed, 16 Jan 2013 07:00:25 +0000

The White House has a “We the People” website where any member of the US public can submit a petition.If the number of people supporting the petition exceeds 25,000 then the White House will at the very least respond. While for the most part, the petitions are boring and politically slanted – the coolest and most techy petition to date was one to “Secure resources and funding, and begin construction of a Death Star by 2016” . Now some of you might be thinking this was a joke–well it may have started out as one, but to date more than 34,000 Americans have signed it, well exceeding the minimum 25,000 required to elicit a response. Some of you might wonder what the hell a death star is, to those people I say–your lack of faith is disturbing!!

The coolest part about all of this though, is that the White House actually responded as promised, and they did it in style. Check this out:

Customer Complaints on Malaysian Telcos -- Disconnected Foreigner

Tue, 15 Jan 2013 07:00:41 +0000

A couple of days ago, a reader of the blog wrote a rather long comment on a post I wrote about writing to TM’s CEO to restore my Unifi service. The comment detailed out a long horrific story of a foreigner in Malaysia trying to get decent broadband. I felt the story was to compelling to leave in the comments section and requested permission from the author to post it formally on the blog un-edited and in it’s original form, she consented and so here’s a little bed-time reading from a rather unhappy customer of both Maxis and Unifi.

MACC says Facebook at work is Corruption

Mon, 14 Jan 2013 07:00:39 +0000

According to last weeks Star, MACC deputy chief commissioner Datuk Sutinah Sutan was reported to have said that Civil servants and staff of government-linked companies (GLCs) surfing social media or engaging in personal matters during working hours may be categorized as having committed corruption!!

The underlying logic to the argument seems plausible enough, Datuk Sutinah goes on to elaborate that:

“For instance, if a person spends three hours during his or her stipulated working hours for personal tasks, it can be deemed a form of corruption as the Government trusts and pays its employees to fully utilise the working period to complete tasks relating to the respective jobscope,”

Now while all this sounds good on paper, I think we need to delve deeper, because every time a broad statement such as this comes along it’s important to take a step back and analyze the evidence rather than rely on ‘common sense’. Common sense is after all–not so common (this reminds of the MACC lawyer who claimed the Teoh Beng Hock could strangle himself to death)

So here we have a situation where the MACC deputy chief seems to think that the social media habits of Government servants warrants a statement from such a high ranking officer and therefore logically this must be something of high consequences to the nation, much more than the RM250 Million soft-loan given to a company to sort out the nations beef issues.

Are TNBs new electric meters rigged to charge higher

Mon, 07 Jan 2013 07:00:45 +0000

There’s been a huge controversy over the newly installed digital Electric meters by TNB, with consumers from all walks of life raising hell over their the perceived rise of their utility bills ever since they’ve installed thenew meters. USJ State assemblywomen Hannah Yeoh blogged about her response to this, urging TNB to explain the price hike.

However the state assemblywomens action pale in comparison to Dian Abdullah who urged her YB to investigate TNB, and started a petition asking for independent calibration of meters–which she eventually hopes to present to Agong once the petition reaches 10,000 signatures. Ms. Dian Abdullah reports that she " personally feel(s) that the time has come where TNB should stop scamming the Rakyat especially those living and working in Kuala Lumpur and Selangor."

Of course, in typical Malaysian fashion–this is all mired in politics. A popular blog reported that the suppliers of the meters to TNB are linked to former Prime Minister Tun Abdullah Ahmad Badawi. Obviously if we intend to get into that we might not have enough time or space in this one post.

My point though is that there is quite a simple engineering (or dare I say scientific) solution to the issue–something that doesn’t involve politicians or lawyers. It’s unfortunate that Malaysians immediately revert to political and legal solutions, when engineering and science can solve most of your problems for far less hassle, far more effectively.

And your Default Unifi Password is...

Mon, 07 Jan 2013 07:00:40 +0000

Many folks seem to be stuck with their Unifi Passwords. It’s actually quite simple.

For the most part, most Shops and Restaurants that provide Free Wi-Fi via Unifi don’t change their Router Password allowing easy access for a nefarious intruder to logon and gain access to the router. Once inside, they’ll be able to do lots and lots of damage, including opening up a permanent backdoor to the router for continuous malicious fun!

Don’t be afraid though, for the most part iPhones are pretty invulnerable to network attacks, ‘most’ Androids as well. However, a small select few who choose to roots their phones and install non-standard pieces of software may be susceptible to.

If you’re on Unifi and find yourself ’locked’ out of your own router, try these password combinations:

Username : admin Password : <blank>

*<blank> means don’t enter anything and leave the field blank

Username : admin Password : telekom

Either of these should get you into your router. If you’re still unable to log onto your router, don’t despair. This is actually a good opportunity for you to practice your newly found skills. The guys over at Unifi Athena have actually come up with a way to find your router password through some very simple and easy steps, check out their tutorial here.

Celcom launches LTE in Malaysia

Thu, 03 Jan 2013 07:00:19 +0000

Coming just days after an announcement from Maxis, Celcom is looking to launch their own LTE network. I really don’t understand what all the fuss is about, only a handful of phones in the market will actually be able to ’enjoy’ the faster speeds of LTE, but I do remember my American Colleagues telling me that LTE is America is faster than the fibre connection they have at home–so be prepared people these things as blazing fast.

Selangor Cyber Cafes made to retrieve personal data

Tue, 01 Jan 2013 18:15:09 +0000

Goldfries today reports that Selangor Cyber Cafes were given new regulations to make them 'healthier'. Among the new regulations put in place were:

>register their patrons’ personal details based on their MyKad or MyKid identification cards. >use transparent and untinted glass so that what happens inside can be monitored; >have an open layout with no “blind spots” so that illegal activities like cyber gambling cannot be carried out without being easily noticed; >have brighter lighting to give the perception of a “Healthy Cyber Cafe” instead of being dark and dingy; >operate a minimum of 40 computers in urban areas, and 20 computers in rural areas.

Why the SKMM Rm200 smartphone rebate is a bad idea

Sun, 30 Dec 2012 07:00:47 +0000

The Malaysian Communications And Multimedia Commission (MCMC) or better known by its bahasa acronym SKMM, has recently announced that the government will be offering a 'rebate' of RM200 of a list of 'selected' smartphones for youthsaged 21 to 30 years old. The program called the 'Youth Communication Package' or Pakej Kommunikasi Belia (PKB) has come under tremendous scrutiny from both the general public, and even members of the ruling government as well.

A press release from the SKMM further elaborates:

Youths who qualify for the RM200 rebate will be able to purchase 'selected' 3G smartphones costing up to RM500 from selected dealers and agents appointed by service providers. With the rebate, they are expected to pay no more than RM300 to own a new 3G smartphone. “The idea is to spread the incentive across to those who do not yet use smartphones. We really want to help those who cannot afford to change phones to upgrade from their old 2G phones to a basic 3G smartphone.

The Malaysian cyberspace was immediately set abuzz when the announcement was made. The twitter outburst over the scheme is primarily on the price cap of Rm500 because when the Prime Minister announced this back when the budget was tabled, there was no mention about the RM500 price cap on the phone. Even UMNO youth chief Khairy got in on the action--requesting the government not limit the price of the phones, even after the SKMM 'clarified' why it was offering the rebate to only those purchasing phones under Rm500. (apparently we don't offer rebates to the rich)

No Surprise Malaysia scores low on Science

Wed, 26 Dec 2012 08:00:14 +0000

This is a tech blog, so let’s talk about tech.

Let’s about the technology behind the term geo-engineering. According to wikipedia “The concept of geoengineering (or climate engineering, climate remediation, and climate intervention) refers to “the deliberate large-scale intervention in the Earth’s climate system, in order to moderate global warming”. The techniques of geo-engineering are based on science, but applied on scale that exceeds even my imagination.

Techniques of geo-engineering include things like injecting metallic substances into the upper atmosphere to reflect the sunlight and thus reduce the earth temperatures, or on the more audacious side of the spectrum we have engineers proposing we install cooling pipes into the ocean to mix the cooler deeper water with the warmer surface water to cut-off (or at least slow down) a hurricane. Slowing down a hurricane might sound ludicrous to you, but if you understand the concept behind the creation of a hurricane, you’ll soon realize the solution is solidly based on science, and all it boils down to is an engineering challenge on a never-before-seen scale. It also helps that the company pioneering the hurricane halting technology is currently applying for a couple patents and is supported by the big thinker himself–one Mr. Bill Gates.

It has its sceptics and critics, but then again there were many sceptics when President Kennedy propose to send a Man to the Moon and bring him safely back in 1969. Till this day, some still are sceptical that the United States actually sent anyone up to space in 1969, and even more are critical of the amount of government funds spent on the Space Program–just nobody tell Neil DeGrasse Tyson.

SKMM Study: The Best and Worst Telco in KL

Mon, 24 Dec 2012 08:00:45 +0000

Who doesn't absolutely hate that feeling you get when a call gets drop, or for some reason you just can't seem to make a phone call on your network. Recently an elderly couple in America died while trying to phone for help--they had 9 drop calls in succession, which just goes to show just how important communications are in our time.

Malaysian wireless reports on an SKMM study done in the first half of 2012 to compare dropped and block call rates for the 3 major telcos in Malaysia. At the moment it’s still unclear why neither YES or uMobile have been studied but the study is a move in the right direction towards providing concrete data on call quality for Malaysians to make inform decision about the telco. Incidentally, SKMM also offer a form you can fill if you’ve experienced a dropped call–for some unknown reason the form is hosted on Google Docs, one can only think SKMM didn’t want to fork out cash to host the form on their own servers.

First off, I’d like to point out that while I can see the report and search for direct links to the PDF version of the reports online. I can’t seem to locate any link to the report from the SKMM website, which is strange, it also appears that only Malaysian Wireless has reported on this particular study. With other blogs seemingly unaware of the study.

In essence, the study is rather simple:

According to the MCMC drive test report, the assessment was conducted with following criteria:

Tests were carried out in moving vehicles (Drive Test).

Call duration lasts for 60 seconds, with 10 seconds interval between calls.

Phones were set on roam-free environment between 2G and 3G networks that simulates the experience of user in making voice call using phone supporting both technologies.

The results of the study only reflect the behavior of the networks on the locations and time of the measurements.

Although, the methodology isn’t clear, and there are missing details, the study is a great starting point to confirm if the telco you’re currently on is providing you top notch quality. The 2 key measurements from the study were the drop call rates and blocked call rates, defined as follows:

a. Dropped Call Rate (DCR) Dropped call means a call where a connection succeed, that is, the network is accessed, call set up is successful and traffic channel has been assigned, but is disconnected due to abnormal call release. Dropped Call Rate is calculated based on the percentage of number of dropped call over total number of call attempt.

b. Blocked Call Rate (BCR) Blocked call means a call is not connected after call attempt due to unavailability of free traffic channel. Blocked Call Rate is calculated based on the percentage of number of blocked call over total number of call attempt.

So the best telco based on these definitions is the one with the lowest DCR and BCR. A high BCR means calls don’t get connected in the first place, and a high DCR means calls get disconnected once they’re connected. A good telco should strive for the lowest possible numbers on these 2 parameters. While the study was conducted nationally in each and every state, I thought KL would be a good place to dissect the data and provide a benchmark for the nation, if you’d like to know how your telco fared in your home state, head on over to Malaysian wireless who have all the details broken down by state.

Science in Malaysia : Myth #1 Homework

Tue, 18 Dec 2012 08:00:28 +0000

As I read more about the sad state of affairs of Science Education in Malaysia, I can see glaring areas for improvement, and some areas that surprise me. All of this data is readily available in the Trends in International Mathematics and Science Study (TIMSS) that is actually a benchmark our very own Malaysian Government uses to gauge the success of the National Education blueprint. It’s a wonder that while me make it priority to score in the top third of this benchmark, no one for either side of the political divide seems to bother to read the report–merely taking the final score and politicizing it.

If they actually took time off to read even the one report for science–albeit the 520+ page long report. They’d find some rather interesting data.

Take for instance the controversial topic of Homework. There’s a huge Malaysian inclination to load our children with homework, with the noble aim to familiarize themselves with the subject matter and hence improve their test scores.In fact, in all countries surveyed by the TIMSS study, Malaysian students are given the most homework. The MOST!!

Yet we score in the bottom third of the study. Too much homework is bad, but just how much is too much?

The actual data from the TIMSS study, suggest that the optimal amount of science homework to give a child should be no more than 45 minutes per week per subject. You heard that right–in fact, across all the countries in the study, anything more than this and the test scores start to DECREASE.

Malaysia signs ITU

Sun, 16 Dec 2012 19:18:46 +0000

About 2,000 delegates representing major telecommunication industry players, experts and representatives from nearly 200 member countries of the International Telecommunication Union (ITU) assemble here to discuss the International Telecommunication Regulations (ITR) at theWorld Conference of International Telecommunications 2012 (WCIT).

Shouldering the responsibility as a member of the ITU Council for Asia- Pacific, Malaysia is expected to highlight the important issue of telecommunication network security and the right to protect the sovereignty of a country.

LTE in Malaysia has No iPhone5 support

Thu, 13 Dec 2012 23:40:13 +0000

Breaking news. That new iPhone that you lined up overnight for outside KLCC–won’t have LTE support, and quite possibly–never will!!

So before you plonk down your dough on the next big thing, you might want to consider how you’d feel if within 6 months everybody else on your block had next generation 4G speeds–except you!

LiewCF reports that :

Does the government have a right to shut down telecommunications services?

Fri, 30 Nov 2012 13:58:29 +0000

Press.Tv reports that Pakistan has suspended mobile phone services in several major cities to prevent terror attacks on minority Shia groups as they celebrate the holy month of Muharram. The rationale behind the suspension is that the terrorist use mobile phone services to detonate bombs and as a result the suspension of mobile phone services would help prevent such attacks. Meanwhile, Ihsanullah Ihsan, a spokesman for the militants’ umbrella group, the Tehrik-e Taliban Pakistan (TTP), has claimed that suspending mobile phone services will not hold them back from carrying out their deadly attacks against the Shia Muslims.

This is ultimately a case of the government having too much power, the real threat of terrorist using bombs somehow resulted in a government issued communications blackout throughout the country–which does little to prevent the terrorist who are hell bent on killing.

I’m guessing that cellphones are picked as detonators for their ubiquity and range, however if you remove the cellphone from the equation you still have hundreds of possible detonation mechanisms, including timers (like the ones from early Mission Impossible shows), walkie talkies and even just a person standing by the bomb and detonating himself with it.

While many of us are of the opinion that a government should do everything to protect it’s citizens, we often fail to to realize that the mechanisms the governments utilize to protect us has a cost–a cost usually paid for by the very people they are supposed to protect.

A full blown mobile service block, doesn’t just block the terrorist–they block everyone. From a father frantically trying to locate his daughter, a hospital trying to locate next of kin in an emergency, or even a blood bank trying to contact its donors. This sort of carpet block is not an effective solution and the cost of it usually far outweigh the benefit, with the benefit being ZERO if the terrorist find some other way to detonate the bomb in spite of the block.

IT Career in Malaysia : Why Information Technology rocks

Mon, 12 Nov 2012 08:00:28 +0000

So your child has just finish SPM or STPM or A-Levels and now you’re looking at a possible future career for them, or you yourself have just graduated and considering your future career. This is not something to take lightly, after all it’s the 4th most important decision in your life, behind who you get married to, when to have your first child and which EPL team to support. (hint: the answer to last one should start with M and end with anchester united)

Of course, there’s a lot of things to consider when choosing your future career and usually it’s a mixture of passion, interest and future career opportunities.You want a career you like and have interest in, but you also want a career that has future growth possibilities that match your aspirations (do you plan to live in Malaysia or move abroad…etc etc), and if you plan to stay in Malaysia you need to pursue a career that’s growing in Malaysia not something that’s growing somewhere else.

So while it’s great that you like palaeontology and want to contribute to your Tanah Air, but you’re going to be very hard pressed trying to find opportunities for digging up Dinosaur bones in Malaysia. At some point you need to keep certain things as hobbies and find a career that’s offers more progression opportunities. Or make the difficult decision of pursuing your passion somewhere other than Malaysia. It’s a difficult decision obviously, and sometimes you don’t have enough information to make these decisions–but thinking of these things now will save you a lot of heartache later on.

I think we need a lot more engineers and IT professionals in Malaysia, all this talk about transformation from the government isn’t going to happen with lawyers or politicians–it’s going to happen with technology, and unless we have more technically focused professionals entering the workforce, no transformation is going to happen (or at least no ‘good’ transformation).

Unfortunately, not many people seem to agree with me and usually when people don’t agree with me–people are wrong (the only exception to the rule is my wife).

However, I can’t understand had a decline in IT graduates over the last 10 years, and at the same time have an increase in IT opportunities in Malaysia?

A Jobstreet/Pikom report on the ICT industry in Malaysia reports that we’ve gone from 120,000 graduates per year, to just 75,000 graduates per year. That’s a bad sign on so many levels, so today as my little bit of service to the IT community in Malaysia, I’d like to tell you why a career in IT rocks.

Evidence Act: Anonymity before the internet

Tue, 06 Nov 2012 08:00:35 +0000

I read a brilliant article on the Evidence act by Zul Rafique and Partners that I think everyone should read. In it, the author compares the newly amended Evidence Act (supposedly amended to combat the evils of the internet) to a sub-section of the original act meant to look into telegraphs. Now I must admit, that as an internet kid, I don’t quite understand the concept of a telegraph, but the point is that even before the internet Anonymity was possible.

The public perception that is reinforced by ignorant government statements, is that with the internet has enabled anonymity which in turn has enabled crime.

According to Datuk Seri Mohamed Nazri Aziz, Minister in the Prime Minister Department, the amendments were tabled to address the issue of Internet anonymity since this very fact makes it extremely difficult, if not impossible, to trace the alleged offender.

That is a false statement.

Let me introduce you to snail-mail.

In the past, long before the internet was around, people use to communicate via letters and postcards that were hand-delivered by postmen to your doorstep. This is a foreign concept to most children but it’s good to let them know just how hyper-connected they are in relation to their parents or grandparents.

When you send a letter, you write a note on a piece of paper, sign it at the bottom (presumably with your name) and then place it into an envelope. You then write the name and address of the recipient on the envelope, afix a stamp (that acts as a proof of purchase)–and then drop it off at any post office you see fit. The Post Office then somehow routes that letter to the recipient on the envelope–physically hand delivered.

Notice–you never have to prove your identity when you send a letter or postcard. No where in the chain of events are you ever asked for your IC or phone number, in fact I could just as easily write a malicious letter, post it to the Prime Minister and sign it as Datuk Seri Mohamed Nazri Aziz. Would the Prime Minister then automatically assume his cousin sent him the letter just because it was signed in his name?

I guarantee you it’ll be harder for the authorities to trace that physical letter as opposed to a similar digital email. Too many people watch CSI these days to believe that statement, but there’s a reason why kidnappers still use physical constructs–because in the digital world you always leave a trace.

If we apply the amended Evidence Act to the letter analogy, Datuk Seri Mohamed Nazri would be charge for sending that malicious letter to the Prime Minister–even though he never wrote it. All of us understand the stupidity of assuming someone sent you a letter just because the letter was signed by that person, yet we seem to think nothing of it in terms of emails. In fact, if I wanted to get Nazri into a whole heap of trouble, all I’d have to do is send 1000 similar letters to 1000 different people, and sign it with his name–in that way, he’d be charged 1000 different times in a 1000 different court proceedings and even though he might be deemed innocent on each count, it’s still a whole load of trouble I can cause for him for the price of 1000 stamps (roughly Rm500 which wouldn’t pay for even one hour of a lawyers time).

Online Medical books in Malaysia: Unibooks.com.my

Thu, 01 Nov 2012 08:00:25 +0000

A rather entrepreneurial friend of mine realized the Malaysia didn’t really have any niche bookstores that offered free delivery. Sure all the medical students knew where to get their textbooks from, and the designers knew where the best design books could be bought–but for the most part that involved a long trip to somewhere to the older parts of KL just to purchase a book or two. For some that may be a worthwhile sacrifice, just like buying electronics from lowyat, but for others that may involve either driving from Penang or even further just to get your hands on a desperately needed textbook at a an affordable price, that seemed a rather big price to pay.

So looking into that gap, he decided to start Unibooks, and what really makes me excited for him is the speed in which he manage to create the startup from nearly scratch and the fact that we’re seeing a lot of local startups flourish to meet the needs of Malaysians–the same needs that seem to be ignored by the bigger retailers.

Auditor-General report 2011 : When can Malaysians expect Transparency in IT spend

Mon, 29 Oct 2012 08:00:49 +0000

As a tech blog in Malaysia, I thought it’d be interesting to see the latest Auditor-General’s report faired in terms of IT spend from the government. IT spend is a tricky thing, and most don’t understand just how tricky it is, particularly around big IT spend by governments–they often fail. In fact, one of my favorite blogs is dedicated solely to IT failures, aptly titled–IT Project failures.

However, even the Synopsis report of the AG report is a harrowing 87 pages long. It’s not just the length that puts of me off, but rather the sheer dry-ness of the language that is used. Interestingly, not a single diagram exist in the documentation filled with enough monotone text to put even the most ardent auditor to sleep, and I’m no auditor so I nearly dozed off after the 2nd page. I had to take a different approach if I was to get a synopsis of the synopsis, fortunately I work in IT (not auditing or law), and I know of function in Adobe Acrobat that let’s you quickly search a document–it’s called the FIND function, and I was a deadly ninja in the art of the FIND.

So, armed with the FIND function on Adobe Reader, I combed through the document looking for the word ‘system’ and where it tied with an actual IT system too see just how well our government was in delivering IT systems in 2011. Below are just a few paragraphs pertaining to the AG’s report and below are 2 prime examples of the the magnitude of IT failures from Putrajaya.

Cyberbullying in Malaysia

Tue, 16 Oct 2012 07:00:11 +0000
Tributes are pouring in for Amanda Todd, a teenager who committed suicide after posting the video above describing how she was tormented by bullies and struggling with depression. Amanda's story was told little by little via post-it notes and it full detail about the extent of the bullying and torment and just how this poor 15-year old girl had experienced her version of hell on earth.
The story isn’t a typical one, but one that exist in a nuance variety even in Malaysia. Amanda was tricked into exposing herself in front of a webcam by an unknown person. Soon she was blackmailed and finally, photos or her were circulated to her entire school. What followed next was every bit as predictable as it is sad, she was ostracized by her friends and tormented by bullies, she even tells of how she switch schools–multiple times–even moving to a school in a different city!!

Yet, the bullies and torments followed here (aided and enabled by social networks), and Amanda must have reached her limit and at some point she eventually chose to take her own life.

Youtube has taken down the videos, but I felt Amanda’s story should be left for the world to see, as a stark reminder to all of us to look after our children, and I just hope you get to watch the embedded video before even this gets removed. I believe out of respect for Amanda–we should listen to the story she so desperately wanted to tell.

SEO Tips for Malaysian Bloggers

Fri, 05 Oct 2012 19:03:45 +0000

A lot of my search traffic comes from Google, in July I had slightly more than 8,000 visits to my site with just over 6,000 of those coming just from Google. So it made a lot of sense for me to look into some Search Engine Optimization to help boost those numbers. In September, I had more than 10,000 visits with more 8,o00 from Google, which of course begs the question who are the lovely people giving me 2,000 hits/month without going through Google.?

What is Search Engine Optimization?
Search Engine Optimization or more commonly know by it's acronym SEO, is the process of optimizing your site so that search engines like Google know exactly what is on your site, what topics you're writing about and what keywords are present in a page. This allows the search engine to display your site as a result for people searching for topics and keywords most related to your articles.
In Laymans terms it’s making your site understandable for Google to analyze.

Google doesn’t employ thousands of workers to categorize every site on the internet, Google automatically ’tries’ to figure out what your site is about through a mixture of sophisticated algorithms and feedback from search results. SEO is about trying to help Google figure this out by adjusting certain elements of your site to fit what Googles algorithms are looking for, of course SEO isn’t just about Google, but the general concept is the same.

Let's put the evidence act into action

Fri, 28 Sep 2012 22:30:44 +0000

So let’s say someone in Malaysia actually was stupid enough to post something insulting Islam and it’s Prophet on his Facebook page as a status message. Then let’s say that same person claimed that his Facebook page was hacked.

Finally, we say there’s a huge backlash against this person on the internet, so even though the comment was deleted from Facebook, it has been screenshot-ed so many times, it’s now permanently etched online.

This is exactly the sort of hypothetical situation the newly amended Evidence act is supposed to address, yet for the most part it doesn’t. In fact, the case really isn’t hypothetical, it’s actually something going on right now, and it’s a great test-bed to see if indeed the evidence act would help us address these issues.

Gopinanth Jayaratnam from Klang, posted up a rather insulting statement online about Islam. Of course, a couple of people picked it up and soon it went viral on Facebook. What followed was every bit as predictable as a bad hollywood movie, Police reports were lodged, the ‘suspects’ personal details were published online and soon a group calling itself the Jemaah Fisabilillah Klang, launched an actual attack on his house. The gate of his house was rammed into and the car parked in the compound was damaged. Fortunately, there was no report of bodily harm, but one can imagine that’s probably not too far away.

One Visa files suit against TM : Is it a Human Rights abuse?

Wed, 26 Sep 2012 22:00:16 +0000

The Star today reported that a company called One Visa is suing Telekom Malaysia (TM) for providing telecom services and infrastructure to squatters on it’s land in Negeri Sembilan.

TM was alleged to have trespassed five pieces of One Visa's land by supplying the telco services to the illegal occupiers of its land.
One Visa had sought RM23.07mil as special damages being the total rental value of the land based on current market value rates calculated from March 22, 2011 and continuing until cessation of the telco services and the date of removal of TM’s infrastructure from the land.

That’s right 23.07mil in ‘special’ damages for the TOTAL rental value of the land, because TM had supplied telco services to the illegal occupiers.
Now, I’m no lawyer and I’m not familiar with the case, So I cannot comment on the legality (or illegality) of the squatters staying on the land. What I can comment on though is the utter ridiculousness of the suit to sue TM for the full rental of the land just because TM had supplied telco services. That’s like charging your neighbour rental for your entire house value, just because his mango tree has over-grown into your garden.

Setting up a Dlink DDNS for your Unifi Router

Sat, 22 Sep 2012 22:47:55 +0000

A Domain Name Server (DNS) is basically the address book of the world wide web. What it does in very simple terms is it converts a web address like www.keithrozario.com into an Internet Protocol address like 208.94.116.157 (this might look like garbage but it's actually 4 numbers separated by a dot, and it's these 4 numbers that uniquely define every machine on the internet).

It's the Internet Protocol address that can actually get you to your destination. Think of it like the actual phone number of the person. It's nice to know someone's name, like Keith Rozario, but it means nothing in terms of contacting me if you don't have my Phone Number. So if you wanted to contact me with just my name, you'd have to look for something called a 'phone book'. In this case, the DNS is the phone book, that translates a name to a number, and the DNS is publicly available.So what is a Dynamic DNS? Well, that's where the allocation from name to IP is dynamically allocated. For instance, the IP address of my website has remained static for the 1.5 years it's been around. So the DNS allocation for my website is pretty much stable. Although I did recently change the web-host, but that's another story.

However the IP address of my home Unifi connection changes everytime I restart my router, which is about once a week or so. If I wanted to add some sort of permanence to my connection, without splurging for expensive static IP packages, I could opt for a Dynamic DNS (or DDNS).

So let's say I have a IP camera at home, that's recording a video feed that I can view on my phone. If I connected my phone to the IP address directly, that wouldn't be a good idea. If the connection dropped while I was away, or my house had an intermittent power cut, that forced the router to re-start (and hence change it's IP), I would lose all connectivity to the IP camera, and my entire home network as well. This is because, I wouldn't know what my home network IP address would be anymore, and hence have no way to contact it. It's like changing my phone number, if you keep trying to call your old number you'd most probably get an error message, or wind up calling someone else.

Why I stopped the Nuffnang Ads on my blog

Thu, 20 Sep 2012 08:00:13 +0000

About 2 months back, I posted up a nuffnang ad on my blog, and with reasons explaining why I felt the need to advertise. The guys from Nuffnang were pretty stand-up characters and I felt like I could trust them, so I begin to post Nuffnang ads and monitor that over time.

Unfortunately the results haven’t been so good, and after some reflection I decided not to port over the nuffnang ads when I migrated the blog over to a new hosting provider. It’s important to recognize that your experience with Nuffnang could be different, and I have no doubt that they do contribute significantly to some bloggers, but for me the relationship just wasn’t going anywhere and I wasn’t really getting any value out of the ads. So when I migrated my blog from Nearlyfreespeech to WPWebHost I decided not to port over the Nuffnang advertising widget–and here’s why?

WPWebHost : Wordpress Hosting in Malaysia from Exabytes

Wed, 19 Sep 2012 12:10:04 +0000

You may have noticed that my site recently got a spanking new design. Don’t get me wrong, I loved my previous wordpress theme (compositio by Design Disease) and my previous web host (the ever awesome, nearlyfreespeech), but there were 2 real compelling reasons for me to switch web host.

First, maintaining wordpress was taking a lot of time, this included the usual backups and updates and that was eating into time I could have spent researching other stuff or just plain blogging. Secondly, the site had grown both in size and visits, previously I received my first notch up the Google Page Rank, and now I’m a Page Rank 1 site (woo hoo!!). The additional traffic and storage cost were increasing to the point where it made more sense to have a fixed cost monthly payment than worry about the topping up my account (that being said, it would have still been cheaper to host on Nearlyfreespeech).

My first choice was dreamhost, but I’ve tried them before, and while they were good, they weren’t exactly out of this world. So I decided to look for a Wordpress specific hosting service, these are web host that specialize in Wordpress. They cover stuff like daily backups and offer free wordpress themes etc. Unfortunately, most Wordpress host cost quite a bit, but with some google searches, I manage to come across a Wordpress host that was well recommended, was at the right price point, and best of all–based in Malaysia.

Ban Youtube in Malaysia?

Tue, 18 Sep 2012 09:23:13 +0000

Rais Yatim a Member of Malaysian Parliament and a Minister in Government, has threatened Youtube with legal action over their refusal to remove the video of Innocence of Muslims. Nevermind the fact that Youtube have tried their level best to restrict access to the video from Malaysian users, and also failing to recognize the fact that Youtube is merely a video sharing site.

You have to sympathize with Google, they’ve drawn the line the sand and they’re getting the most flak of anyone in this debacle. Most people seem to forget that it was a Youtube user (not Youtube itself) that created and uploaded the film. It also may have slipped your mind, that the video clip is available on other less prominent video sharing sites like Vimeo. Yet Google is sticking to it’s guns under enormous pressure not just from Muslim Governments but from it’s own Government to take down the offensive video. At the very least they deserve commendation for their courage in the face of adversity.

Censoring Innocence of Muslims in Malaysia

Mon, 17 Sep 2012 15:21:38 +0000

The Malaysian government has requested that Google take down the video Innocence of Muslims, and Google has since complied. As of today, anyone trying to access the clip from a Malaysian IP address would see a screen that reads “This content is not available in your country due to a legal complaint. Sorry about that.”

The clip is most definitely offensive, and demeaning but what is quite obviously isn’t is–serious. The first thing anyone notices from the clip is that it’s of low quality, there are multiple versions of Malaysian Gangnam style that are made with far higher quality than the clip, yet this one particular clip has managed to create such an uproar that people have killed for it. I’m not defending the clip, or opposing it.

What I am against is Governments and Corporations coming together to censor something ‘on behalf’ of the people. What I am against is a ineffectual censorship, which instead of preventing people from viewing the clip, actually nudge them towards actively searching for it online.

In the end, we have to say that video clips don’t kill people–people kill people and  in my view the censoring of the clip is both ridiculously short-sighted and terribly ineffective.

My Faulty Samsung Galaxy S3 has returned

Wed, 05 Sep 2012 09:39:41 +0000

Before my recent trip to Australia, my brand new Samsung Galaxy S3 failed on me. The speaker just went kaput.

Well not really kaput, but there was absolutely no sound coming out of it. Needless to say I was a bit frustrated, annoyed and just downright disappointed. This was an expensive top of the line phone, and it’s speakers shouldn’t be failing after barely 4 months.

So I called up Maxis and reported my predicament, and Maxis said I had two options, either send it back to them or send it directly to Samsung. I figured I might as well cut out the middleman and send the phone directly to Samsung.

So after a few calls and some planning, I found out that Samsung normal fix rate was 3 working days. Which wasn’t good enough for me as I had to fly off by the next day (shit happens), so I survived in Australia with a faulty phone whose alarm wasn’t working. Fortunately, my wife’s Iphone which I bought for her 2 years ago was still working perfectly.

After arriving back to Malaysia I went straight to the Samsung Service center in Digital Mall USJ (first floor) on a Saturday. The told me I’d be able to collect the phone within 3 working days, which worked out to Wednesday.

However, I got a call the following Tuesday afternoon informing me the phone was repaired and I could collect it directly from the service center. So I headed there I collected my now-working phone. So now my Galaxy S3 is working perfectly again.

Samsung took just 2 days to fix my faulty speaker :).

How to Port Forward your Unifi Dlink Dir-615 router

Sat, 01 Sep 2012 16:56:30 +0000

Port Forwarding is a really simple concept, but a very important step you need to take if you want to remotely access the devices you have at home. For instance, if you have a Unifi connection connected to an always on desktop and you wanted to Remotely access your windows machine, you’d need to perform port forwarding on your router.

Similarly if you’ve just installed a new IP camera in your home, and want to access the camera while you’re on the road you’ll need to perform port forwarding on your router.

Port forwarding is a neccessary step in order to access your home devices from outside your home. If you want to access anything in your home remotely you’ll need to configure some sort of Port Forwarding, and here’s the why are how.

Data Coverage Down Under

Sat, 01 Sep 2012 09:37:19 +0000

I’ve just come back from a fantastic 2 week long vacation in Australia, and I absolutely loved it. The weather was a bit cold for my Malaysian body (especially in blue mountains), but overall the holiday was a well deserved break from nearly 8 months of non-stop work ;).

The one thing I did notice about Australia though, was that data charges were quite exorbitant. I stayed at various Youth Hostel throughout Queensland and NSW and was surprised that they charged nearly AUD7 per day for Wi-Fi connectivity. Needless to say, I wasn’t too impressed with shelling out nearly RM25 per day for something I get free from even my local mamak.

It was the same nearly everywhere else, even their coffee joints and cafes didn’t offer free Wi-Fi, one explanation I came across was that Australia was geographically very distant from the rest of the world AND it was sparsely populated, so the cost of supplying connectivity to the country was very high. Therefore, these cost were reflected in the amount users paid to go online. In Malaysia, Tune Talk offers 5 Sen/MB, which works out to roughly Rm25 for the same 500MB of data I got from Optus, Digi offers a 600MB for an RM75. Well below the nearly Rm100 I spent on my Optus Pre-paid. So instead of subscribing to the local Wi-Fi, I decided to spring for a mobile data package, in this case the Optus Pre-paid plan that cost AUD30, with that I got unlimited minutes, 250 minutes to landlines, unlimited sms and 500 MB of data. That’s a lot of money, considering I wasn’t bothered about the other stuff except the 500MB of data.

Evidence Act Technological Misconceptions: A response to Rocky and Fatimah

Wed, 15 Aug 2012 12:56:16 +0000
The government has finally 'relented' and now wants to 'discuss' section 114A of the Evidence act 1950. Now it's great because it proves beyond a shadow of a doubt that:

The internet can be used for fantastic good.

The general Malaysian public can make a difference in the governance of the country.

My website also had the pop-up banner, and according to Google Analytics, all 300+ people who visited yesterday were at least enlightened by it.

However, there are some misconceptions about the act, or more specifically misconceptions about the technology behind the internet. The only reason, I’m writing this post is because yesterday morning RockyBru posted up content by a blogger named Fatimah Zuhri, defending the act. Why on earth would a blogger defend the act is beyond me, but it became clear that her understanding of key internet concepts were way off the mark.

From a technological perspective, she was advocating from a point of ignorance, and Rocky whose a popular (or unpopular) blogger/journo only served to spread these misconceptions. I hope to point out how it is very difficult to pinpoint the origin of an anonymous or malicious post, and how shifting that burden to the ordinary citizen is unjustified.

So let’s start with the Post which you can read here, although for your sake I wouldn’t suggest it. Partial contents of the post is quoted in here as well.

Maxis Fibre to the Home (FFTH) : Why you shouldn't get it

Mon, 13 Aug 2012 08:00:49 +0000

Imagine buying a house from a housing developer who insist that even after you’ve bought the house the developer will be allowed access to your downstairs bathroom. So that even after you’ve bought the house and moved in and got that nice kitchen cabinet design you’ve been eye-ing, the developer can still access your downstairs bathroom, no matter what. Worse still, the developer then decides to turn your downstairs bathroom into a public toilet.

Sound crazy right?

No developer would ever convince me to buy a house under such conditions, but Maxis seem to think they can push through something very similar in their Maxis Fibre to the Home (FTTH) Agreement. Before you sign up for your Maxis Home Package, you’re presented with a single page document to sign. The document basically states that you agree to the Maxis terms and conditions (T&C). A single page document sounds rather minimal, until you realize it’s a single page of 2955 words. Maxis squeezed 2955 words onto one page through a straightforward method of reducing the font size, basically making the agreement even harder to read–but you should read it, because point 6 of the Customer Terms for Maxis states:

Google: Lazada.com.my Malaysia is hosting Malware

Wed, 08 Aug 2012 13:57:11 +0000

Lazada.com.my contains malware. Your computer might catch a virus if you visit this site. Google has found malicious software may be installed on your computer if you proceed.
WOW, Lazada Malaysia apparently has been infected with some rather nasty infection. My version of Google Chrome prompted this when I tried to visit the site today. Hope everything is alright over there in Lazada headquarters.
In fact, Google is populating it on their search results as well, must be a rather nasty one:

HTTP vs. HTTPs : Why SSL and TLS are important

Mon, 06 Aug 2012 12:24:33 +0000

I was looking for some detail on Maxis Fibre to Home service until I came across this while trying to to access the Maxis Customer Forum online:

In the early days of the internet, all the data flowing through was done in plaintext, this meant that everything flowing on the internet was fair-game for anyone to hijack and view. It was akin to sending postcards all around, all the post-men and intermediaries could view the entire contents of your messages because it was out there in the open, no need to open sealed envelopes. So everything from your letters to your uncle Bob or your resume for a new job or even your most intimate personal letters could only be sent via postcard–anyone could read it.

There was a strong requirement however to design a mechanism to encrypt data flowing through the internet, because unless you could encrypt data, personal and credit information couldn’t (or rather shouldn’t) have been trasmitted across the internet. So it was important that someone somewhere figure out how data on the internet could be encrypted to enable things like online shopping, social networking, even simple email. So sometime in the mid-90s Netscape (the default browser at the time was Netscape Navigator), took up the gauntlet and invented SSL.

At this point, I’m also reminiscing the days when browsers were actually pay-ware rather than freeware. Remember when Netscape Navigator Gold used to cost money?

MSC Cloud Initiative : Why it's a bridge too far

Fri, 03 Aug 2012 11:33:57 +0000

Why does Amazon–arguably the biggest cloud player in the world–choose to launch it’s Asia-Pacific Offering in Singapore rather than Malaysia? One would think that the prohibitively high prices of land in Singapore, coupled with it’s higher base cost and employee wages would make Singapore a terrible place to put up a Huge Datacenter comprising of thousands of Servers and HVAC units.

Just to compare Malaysia and Singapore, you can build data centers in Malaysia for a fraction of the cost, coupled with cheaper labor and support cost. Our subsidized power, also means that Amazon could benefit from lower electricity bills. Best of all, Malaysia and Singapore, aren’t really that far apart, so why setup shop in Singapore for something that relies on high volume and low cost? The answer is quite simple–Singapore is where the Internet is, or rather that’s where the data flows through. The internet is the information super highway, and just like any other highway the 3 most important criteria for setting up business on the internet is location, location,location.

NFC page hacked

Fri, 03 Aug 2012 09:47:29 +0000

The guys over at the NFC can’t really catch a break. The National Feedlot Corporation have had a lot of bad luck lately, but I guess when you get an RM250 Million dollar government loan when you’re wife is a Government minister–you’ve probably already had your fair share of good luck.

With the recent arrest of Rafizi Ramli, the up and coming PKR young gun–the SGP Cyber Army decided enough was enough.

Who is Rafizi you ask? He’s the guy who debated with Khairy in the UK, he’s the guy who spearheaded the attack against the NFC, he’s the guy revealing documents about George Kent and the LRT project, and he’s the guy proposing abolishing the ridiculously high taxes Malaysians pay for cars. Yeah–all of that comes from one guy–Rafizi, and right now he’s being charged under a law no one except Bankers give a crap about.

So with his recent arrest, some hackers in his defense–decided to go on offense, and they set their eyes clearly on a big target–no not Sharizat–but the NFC website, and boy did they hack it well.

Personal Data Protection Act 2010 Malaysia

Mon, 30 Jul 2012 06:00:19 +0000

[box icon=“chat”]

Data is the natural by-product of every computer mediated interaction. It stays around forever, unless it’s disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after-effects are toxic. - Bruce Scheneier

As society moves towards a ‘knowledge’ based society, data naturally becomes a by product. Every action you perform leaves a tiny digital trail like breadcrumbs in the forest, and just like though breadcrumbs each individual data point is insignificant, but piece them together–and you’ve found you way home.

What we use to buy we cash, we now buy with credit cards – with every swipe, digital data is created and stored, it records the amount of the transaction, where the transaction took place, and the banks bill the customer, which means it can tie it to an address a person, their age, their income and even their preferences.

Photos were physical things we could only share in person,but now we share them digitally on social networks–all those photos are stored–permanently, and they’re tagged with meta data regarding the photos location and the names of people in the photo. A lot more data, and a lot more public. Even if you randomly stumbled across a photo on Facebook, chances are you could easily find out who the people in the photos were, and where the photo was taken–that wasn’t the case before digital photography.

When we use to pay toll booths in cash, we now use touch N’ Go, so there is a full blown record of where we travelled and at what time. Coupled with the CCTV footage they can even identify which vehicle you used. Tie that with your credit card and we can determine where you fueled before you got on the highway, coupled with CCTV footage from the Fuel station we know how many people were in the vehicle. Look at the JPN records and we’ve got the car owners name, and contact information, a quick search on Google reveals his profession on LinkedIn, his favorite places from tripadvisor, his friends on facebook, and if we pay close enough attention to his tweets chances are we can find out which football team he supports or which political party he’s aligned to.

What used to be something you’d only reserve for your close friends at the kopitiam now is public knowledge, provided some one takes the trouble to Google your name.

And the list literally goes on and on, and all these add the amount of our personal data stored digitally online–data that can be used to determine who you are, where you are, what you like, what your political beliefs and religious inclinations–even your medical history and sexual orientation. I’m not kidding, there’s a story I love to link to which tells of a supermarket who knew a teenager was pregnant before her father did.

One of the biggest abusers of personal data has been advertising companies and mail-order folks, the people that spam you day in and day out with emails about viagra and cheap housing loans, however as time goes on a lot of other people are getting on board, like insurance companies who want to know more about your medical history or driving records, banks who wish to determine if you’re really eligible for a loan–even a supermarkets may have a direct interest in your personal data.

It has become imperative that we as users look towards protecting our data online, but there also is an imperative for governments to regulate the way our data can be used–even by governments themselves (or ESPECIALLY by the government).

How to change your Unifi password

Sat, 14 Jul 2012 23:00:56 +0000

Now It’s quite clear from a previous post I did how about easy it was to hack a Unifi Dlink DIR-615 Wi-Fi router, that the least you should do is change your standard router password to something that’s more than the regular 8 digit Pin Unifi gives you by default.

Let’s take a look at how to change your unifi password, or how to find it in case you’ve forgotten.

Step 1: Login to your router

First you’ll need to login to your router. For this open up Internet Explorer or Firefox or Chrome to access the internet. Then instead of typing something like http://www.google.com in the address bar to visit google, type http://192.168.0.1 in the address bar to visit your routers web server. Your router actually has a webpage that allows you configure you, but this web page is only visible from within your home network so don’t worry.

You can just click the link here to take your there as well.

Once you see the page look something like the picture above, enter admin for the username. For the password, use the default password Unifi has given you, when in doubt, look at the bottom of your router (that’s the orange color device with the 2 antennas) and look for an 8 digit PIN. That’s your default password. It’s printed there in big bold letters–you can’t miss it.

Now don’t be confused, this is merely the password to access the router, not your Wi-Fi password, for now their the same password, but they could be different. That’s what we’re going to do.

If the password at the bottom of your router doesn’t work, try the following. Depending on your router firmware, one of them is bound to work:

Username: Management Password: TestingR2

Username : operator Password : h566UniFi

Username : operator Password : telekom

How to enable VPN connectivity on Maxis Mobile

Wed, 11 Jul 2012 14:37:58 +0000

[caption id=“attachment_2505” align=“aligncenter” width=“271”]

Maxis VPN Setting[/caption]

Just a quick post for a Wednesday, as most of you know I just recently purchased my Samsung Galaxy S3 courtesy of the Maxis One Club. With that S3, I also purchased a RM68/month mobile data plan for 3G.

Now for those of you with an Android phone that tethering on the Phone is super easy. Tethering is when I use my phone as a wireless router for my laptop (or any other device). So I’m connecting my laptop to the internet via my phone and the Maxis network.

What I learnt from winning the DigiWWWOW awards

Mon, 09 Jul 2012 08:00:02 +0000

[blackbirdpie url=“https://twitter.com/DiGi_Telco/status/211447275891855361”]

Exactly one month ago, I was honored to be awarded the DigiWWWOW awards Fave tech Head award. It was truly unexpected and I continue to feel grateful for it. For those of you who don’t know what the DigiWWWOW awards is, it’s basically like the Grammy Awards for Malaysian blogs, so instead of singers and producers being awarded gold statues, the DigiWWWOW awards present bloggers a cool looking glass plaque with our title on it. My award is currently sitting on my bookshelf between an Optimus Prime Model and a yellow Ferrari car.

I'm officially on Nuffnang

Sat, 07 Jul 2012 23:32:42 +0000

If you didn’t already know, there’s something on the sidebar of this site, something that hasn’t been there before. Something that I’m not particularly happy to put on my site– it is – an Advertisement!!! (gasp!)

To be more specific it’s a nuffnang add, about 10 lines of javascript code that will for the next couple of months display ads to visitors of this sites. I’m not too familiar with ads, but from what I gather I have little control over who will display ads on this site, and that’s the part I’m not particularly happy with. Aside from the usual “No alcohol” and “No tobacco” options, I couldn’t really control who I would not like to advertise on my site.

So why put ads, especially when I claim the blog cost under $4 a month?

First the blog does cost less than 4USD per month, and second it isn’t about making money–but money is still nice to have – it’s about taking this to the next level.

What is Nuffnang anyway?
Nuffnang approached me last week, and suggested that I join their network. They described it as a platform and community for Malaysian bloggers to 'unite' and provide a social and communitarian aspect to an otherwise dispersed group of bloggers working in silos. Of course, companies have to pay the bills and the whole community/social aspect of Nuffnang is funded by advertisers who view blogs as another way to reach their target audiences. Over time, blogs will slowly creep into the mainstream advertising space to compete with print and televised ads (if they haven't already).

Apple Launches iTunes Store in Malaysia

Wed, 04 Jul 2012 09:40:22 +0000

Finally… it’s arrived!!

It was a long wait since my first iPod, but finally the iTunes has landed in Malaysia. Apple made a rather quite launch of the iTunes Store in Malaysia, meaning the days of logging into iTunes with US accounts and gift card purchases are over. Malaysians now have access to an entire treasure trove of songs available for the same prices as they are in the US. That’s about $0.99 - $1.69 per song, or $9.99 per album (roughly).

I was so excited, I immediately logged onto iTunes with my Malaysian account to check out the details, it took a while, since I’d forgotten my Malaysian account password, but soon after I was greeted at the iTunes store by Jason Mraz himself. I was also informed that the iTunes Store in Malaysia had more tailored local content these include songs from P. Ramlee, Man Bai, Chinese songs as well as Hindi songs (kuch kuch hota hai for $0.69 anyone?). It’s also good to see that Kau Ilhamku by Man Bai was Top of the Charts, signifying locally driven content. Where else would you see Belaian Jiwa and Moves Like Jagger on the same charts?

Also there are more P. Ramlee songs on the Malaysian iTunes store than there is on the US iTunes store, so it’s tailored to Malaysian taste.

Of course that raises the questions, are there more ‘American’ songs on the US store than Malaysia?

Is your Wi-Fi safe?

Sun, 01 Jul 2012 08:00:28 +0000

With the newly enacted Evidence Bill Amendment, you would have been deemed to have published everything that originates from your IP address. What that means is that if someone hacks your Wi-Fi and then uses it to publish malicious or seditious statements online, you will be deemed to have published it, and the onus is on YOU to prove you’re innocence rather than for the prosecution to prove your guilt.

So obviously with the new law floating around, Wi-Fi security should be at the top of every Unifi Subscribers agenda–if it isn’t already.

However, how secure is your Unifi Wi-Fi connection?
The short answer is not so secure.
The brilliant blog Lifehacker recently posted an article on how you can hack Wi-Fi connections secured by a WPA or WPA2 password. The post is quite detailed but even I have to admit the technical skills neccessary to pull this off is somewhere between intermediate and expert. At the end of the post is a link to a spreadsheet detailing all the devices that are susceptible to this hack, and one of those devices is the DLink Dir-615 Wi-Fi router, if it doesn’t sound familiar let me refresh your memory–it’s the router that Unifi gives out to all Unifi customers!!! (que bone-chilling Alfred Hitchcock Movie sound)

Now taking aside the fact, that I could probably call all Unifi customers to request the Wi-Fi password printed at the bottom of their router, and 50% would probably provide that to me with no issue, this also means that for those people smart enough to hide their passwords – I can still hack your Unifi Wi-Fi connection no matter what you do on your router. There’s literally nothing you can do, hiding SSIDs don’t work and neither will MAC address filtering. Of course this is all theory, and testing this theory took a lot more time than I had, so I’m not sure.

What I am sure is that Unifi have their own firmware for the DIR-615 router, and that’s a partially susceptible router, meaning some firmwares are susceptible some firmwares aren’t, and it’s a coin toss and whether your router at home is susceptible.

Now, while I know of a few people who hack Wi-Fi passwords just for the fun of it,and there’s a lot of references and material online detailing the steps required–so we all know this works. In fact you can buy packages online that allow you crack the routers easily :). This blog written in Malay claims that they’ve successfully hacked a DLink Dir-615 router, I’ve no doubt it’s possible, but it’s not easy and it takes time.

Either way though, it’s always good to remember this. There is no such thing as impossible to crack, merely inconvenient and infeasible. Don’t believe me? Check out this story of how a group of University Students manage to hack a US Military Drone in mid-flight using nothing more than $1000 worth of equipment, do you really think your Wi-Fi at home is more secure a ‘death from above’ US Predator Drone? Every Wi-Fi access point hackable, it’s only a matter of how much time, effort and money is required.

Samsung Microsoft Surface in Malaysia

Fri, 29 Jun 2012 13:28:18 +0000

This week I was attending a Project Delivery Conference in Putrajaya and was neglecting my blog a bit. The last post on the blog was more than a week ago, and that falls short of my target of 2-3 post a week. That being said, I do have some cool stuff that I’d thought you might be interested in.

Samsung Microsoft Surface
The first one is the awesome!! Samsung Microsoft surface device that was displayed. This thing was cool, it was an enourmous tablet with cooler features, check out the video below (filmed with my samsung galaxy S3), also forgive the sound quality and video angle (I'm not a professional you know). The first part of the demonstration is how he used the surface to compare 2 different laptops, by just merging their 'tiles' together, after that a microsoft specific QR code format pops up that the user can scan and save on their smartphone for further viewing (without the need for the surface). The last part demonstrates how every pixel on the screen is also simultaneously a camera with the ability to pick up coded objects and display information about those objects. The surface was cool, but I really can't think of practical applications other than the next Iron Man movie, and at a Rm40,000 price tag--it's way beyond my budget.

Is Dowloading a banned ebook illegal?

Fri, 22 Jun 2012 10:00:02 +0000

Let’s get straight to the point, the latest case where the Federal Territory Islamic Affairs Department (Jawi) is prosecuting a store manager is both disgusting and without merit. Not only is she just a Manager carrying out here duties–thereby making the bookstore liable instead of her, but the raid on the bookstore was carried out BEFORE the book was banned by the Home Ministry. So here in Malaysia, not only will the Government be able to persecute you in a guilty until proven innocent manner, but apparently government agencies can persecute for possession of a book before it is banned.

However, politics aside, let’s talk technology!!

What if I used Technology to bypass all government censorship. So instead of buying the book from Borders (or MPH, Popular or Kinokuniya for that matter), I simply download the Kindle version of the book online?

I did an online search, and indeed found that Amazon has a Kindle version of the book retailing for $11.99, if you already own a Kindle in Malaysia, then you can bypass all this drama and simply download the book to your Kindle. Of course, there are legal concerns with just downloading regular books from Amazon, much less banned books–so be warned!!

Now I wouldn’t recommend it and there are huge legal questions, but technically–it can done, and it can done easily. I’m start to finish in 5 minutes–it really is that easy.

My point isn’t that the book should or should not be banned, my point is that the ban can be circumvented with ease using technology. So how effective can any ban be, when most Malaysians have access to the internet?

On top of this is a very interesting question, Does a banning a physical book constitute internet censorship–probably not. However, does banning an electronic book constitute internet censorship? Of course you may say the law makes no distinction between and e-book and an actual physical book, but the law makes no distinction between and ebook and webpage either (they’re all considered publications), and if banning a webpage is obviously internet censorship, isn’t banning an ebook internet censorship as well?

The question I believe can be synthesized into Does Banning and ebook constitute censoring the internet? I don’t have the answer, but I believe there are 2 aspects:

The Traditional legal aspect as covered by the Printing and Publications act 1984.

The goverment promise as outline in the MSC Bill of Guarantees to not censor the internet.

If you’re a lawyer, I would love to hear your comments.

Finally got my Samsung Galaxy S3

Mon, 18 Jun 2012 08:14:46 +0000

Finally after a long long wait, I managed to get my Samsung Galaxy S3 from Maxis. I got the phone last Wednesday and now after just 5 days with it, I have to say – best Rm999 spent EVER!

For those of you still curious as to how I got it for Rm999 when I recently complained about Maxis advertising a “while stocks last promotion” as a “4 day long promotion”, here’s a nifty little piece of information that isn’t widely shared, Maxis is STILL offering the Samsung Galaxy S3 for Rm999 but only to Maxis One Club subscribers, you’d still need to subscribe to the Rm68 data plan which brings with it a good ol’ 3GB of mobile data, but any smartphone needs a data plan anyway. The maths is simple, you’d need a minimum Rm48 data plan which is for 1GB/month, so the difference between the Rm68 and RM48 is Rm20/month. Over the 2 year contract, that’s a Rm480 difference, the phone price itself is nearly Rm400 cheaper. So might as well, if you ask me.

10 Strange things about the ICANN Generic Top Level Domains (gTLD)

Thu, 14 Jun 2012 17:51:43 +0000

I wrote a very long time ago, about cool Top Level domains you could buy. For instance I wanted to buy the .TH top level domain so that my website could be http://kei.th . Unfortunately, I found out that the .TH domain name belongs to Thailand and they’ve pretty made it very difficult for a non-Thai to get a hold of their domain names. You’re probably also familiar with the .TV top level domain belonging to a private enterprise and the country of Tuvalu. Or the .FM top level domain used by most radio stations including Hitz.FM and Mix.FM, this domain belongs to the Federation of Micronesian Islands. However, as cool as Top Level Domains are, they’re pretty limited, the UN list out just 190 member nations, and all in all, we’re looking at no more than 250 Top Level Domains in existence. *my guess

Watch Netflix, Hulu and even Euro2012 online from Malaysia

Thu, 14 Jun 2012 15:02:36 +0000

Malaysians have always been deprived of real-time video content online.

We’ve no access to Netflix or Hulu, we can’t watch the full episodes of the Jay Leno show online, we can’t watch the BBC replays of the football matches, we can’t even watch videos from TheOnion for crying out loud.

Why? because NBC, FOX, Netflix, Hulu, BBC and even the Onion restrict access to this content to users from only a certain part of the world (specifically America). Americans even get to watch Euro 2012 from ESPN–WHAT?

This an entire country where football is called soccer (ugh!), and they get watch it online?!!

Now, I’m not certain as to why the Studios and Channels would not like to share this content globally, while Americans (and only Americans) get access to this great content, the rest of us, specifically in Asia-Pacific are left in the lurch, waiting for our local Cable company to have it or we resort to torrents. However, what if I told you there was a way for you to access all the great content Americans get to watch online as well, and you could do it from the comfort of your own home.

Netflix cost just USD7.99 (roughly RM30), and full access to Hulu Plus for around the same price. In fact, Hulu is free if you can live with a little out-dated content and some adverts thrown in. If you’re wondering what Hulu and Netflix is, let me break it down to you based on their content.

Imagine paying just RM30 for full access to 8 seasons of Top Gear, 6 seasons of mythbusters, 5 seasons of “How I met your mother”, 7 seasons of Greys Anatomy, 6 volumes of Futurama, 2 seasons of white collar, 8 seasons of that 70’s show , 9 seasons of scrubs and 4 seasons of Heroes–and I’m not even done. On top of it, you have access to hundreds of movies including Iron Man 2, Thor, Kick Ass, The Expendables …even the older movies like Groundhog Day, Meet the Parents , Lost in Translation and if you really wanna go waaay back–GHOSTBUSTER!! (who you gonna call?)

Netflix accounts for 32% of internet traffic : What it means for pirated content in Malaysia

Mon, 11 Jun 2012 22:14:11 +0000

Maternity leave has long been plaguing womens career, women would usually take an extended leave and risk falling behind their male counterparts. As an extension to this, employers were also hesitant to hire women (particularly pregnant women) since it meant a legally mandated leave of absence that their male colleagues would never take.

Governments have tried to stem this discrimination by passing various enactments preventing employers from discriminating against women and even providing incentives to employers to promote women within their organizations. These changes however–never really worked.

The Scandinavians found a rather cheeky solution to the problem–give men more paternity leave. By giving men as much maternity leave as women, the equality was easily set. Now employers would had no incentive to hire women over men, because men were as likely as women to take extended leave due to a birth of a child. It appears that the ‘standard’ way of trying to solve the problem wasn’t as effective as the less obvious method. Brilliant!

It’s distressing is that even though this method of addressing the inequality has proven so effective in Scandanavia, and there is so much evidence to support it, Malaysia and many other countries have chosen to continue pressing on the ineffective approaches legal enactments and incentives. Choosing instead to neglect the empirical evidence in favor of a more straightforward and less effective approach.

Maxis Loker: A review

Mon, 04 Jun 2012 10:27:50 +0000

As you know, I’m not really happy with Maxis. I was utterly disappointed by their latest S3 launch, I don’t think their cloud offerings of ebook portal is anything to shout at, and the if my wifes office would get decent Digi coverage, I’d switch in a heartbeat.

That being said, this is one of the times I think Maxis has done a decent job on their Loker offering. It is quite well executed, and if I do say so myself, getting 25GB of free online storage space when you purchase an S3 from Maxis is quite an enticing offer.

So what is Loker?
Loker is a simple online storage area for Maxis customers to store their online files. Free registration comes with 5GB of free storage, which you can upgrade all the way to 25GB of storage space coupled with (as far as I can tell) unlimited downloads and uploads.
It’s also important to note that Maxis is offering the full 25GB to anyone who signs up for the Samsung Galaxy S3 package, which to me is a great value adding tool.

The service however, is only available to Maxis customers, and you need a Maxis phone number to register.

Black Day for Malaysians : New Evidence Bill Takes effect today

Fri, 01 Jun 2012 05:00:38 +0000

Today marks a crucial point in the crusade against freedom on the internet in Malaysia. We’ve had SOPA in the US, ACTA in Europe and the TPP has brought the fight closer to our borders. Today in a brilliant tactical move by the enemy of Freedom, Malaysians will be subjected to an amended evidence act that would shift the burden of proof from the accuser to the accused. It is a black day indeed, and the words John Fogerty ring in my ears–I see a bad moon rising.

Is it legal to buy ebooks from Amazon?

Mon, 14 May 2012 11:46:41 +0000

In my previous post, I wrote about how I bought and Amazon Kindle, and how I can use gift cards to purchase ebooks from the Kindle store. So far the Kindle has been an amazing experience and I personally recommend you get yourself one. However, there is a downside, since there is ’technically’ no legal way to obtain ebooks for your Kindle device.

Today I hope to explore the legality of downloading ebooks from Amazon, and how stupid copyright laws, badly behaving book publishers and a Malaysian Sales Tax all contribute to making it impossible for you to purchase ebooks for your Kindle while still complying with any and all laws pertaining to them.

The UK crowdsourced Auditing for MPs : Malaysia Boleh?

Wed, 09 May 2012 14:17:07 +0000

One thing is true of all governments, the most reliable records are Tax records. That is one of the coolest quotes from a very cool movie (which is saying a lot). In V for Vendetta, the heroes try to piece together a puzzle by visiting the tax records to locate some missing information, in real-life we’re also faced with the same problem. No matter how corrupt or bureaucratic you think the government is, there will always be a paper-trail for money and sooner or later someone will find it. The solution for a crony-heavy government was simple, load the system with bureaucracy so no one will find out. The problem was while no ‘one’ may have found out, a group of inspired citizens armed with nothing more than a proper system can troll down all the bureaucratic walls you can build.

A couple of years ago, the Guardian newspaper set out to go through all the tax and expense claims of every single member of parliament. While the fallout from the reports were clear, less publicity was given to the actual method that the newspaper used. People naturally assumed that when the news read “Guardian reports MP claims….” , that a regular journalist working for the paper trolled through some documentation and arrived at the results. Usually the assumption includes a snarly eyed journalist with big black thick-framed glasses, gulping down gallons of coffee while his tie came loose, just an assumption of course.

Digi WWWOW Awards

Mon, 07 May 2012 00:55:09 +0000

Digi.com has an annual Internet for all awards where they aim to with the aim of “showcasing the incredible creativity, ingenuity and entrepreneurialism of ordinary Malaysians using the Internet in extraordinary ways” . A much simpler way of thinking about the Internet for all awards is that it’s just like the Grammys for Malaysian blogs.

Digi have actually increased the breadth of the awards to include categories like

Says.My :: Online shop of the year

Malaysiakini :: Photojournalist of the year

Google :: Most inspiring internet for good Award ; and my favorite

Lowyat.net :: Fave Tech Head

In a moment of shameless self-promotion and drunken debauchery, I submitted this blog right here keithrozario.com into the Lowyat.net :: Fave Tech Head category, hoping that I may be considered as a Fave Tech Head. Of course, it’ll be a difficult task, considering the category consist of people like the legendary Paul Tan, or the immensely successful Hongkiat.com so I actually can be lumped in the “Doesn’t have a pray in Hell” category. Then again this blog has always been about me trying out new things, and trying to win an internet award is a new thing!

TM Unifi speeds actually quite GOOD!

Fri, 04 May 2012 09:00:22 +0000

While they may have caused “The Great 9 day downtime of 2012”, and I ‘might’ have been terribly upset with them. Over the past few months, I must admit– My Unifi Connection Speed is Absolutely brilliant!!

Say what???!

You heard me right, although I had a terrible 9 days of no internet earlier this year, Unifi has been nothing but buttery silky smooth ever since. It’s really amazing, and for the price I’m paying I’m not complaining, in fact I’m actually congratulating Unifi for their great service. That’s right Unifi, here’s a congratulations to you!

It’s true, many people have wrote to me (some publicly, most privately) to complain about the service they get from Telekom Malaysia, and I still think they could do more to improve the quality of their customer service, as well as the processes behind them. I also think that these downtimes should be avoidable on Telekoms part, and Telekom should work better to win back and compensate affected customers.

However, it must be said that for me at least, my Unifi connection speed for torrent downloads and youtube videos is more than good enough, and here’s the proof.

Kindle in Malaysia : Buying and Using a Kindle in Malaysia

Sun, 29 Apr 2012 20:04:40 +0000
My wife is an avid reader (just like me!), but she reads mostly fiction where as I read non-fiction. So to save on our book bills which often exceed the RM1000 a year each, I thought it'll be great to get ourselves an ebook reader. This would not only save us money , because e-books cost less than physical books--but would allows to easily store and retrieve the books we read, which currently occupy entire shelves in our small home. Lastly, it also allows us to have books on demand, no more waiting weeks for books to be delivered from the UK or the US, and we won't need to drive out of our ways to book stores to get the books. So on her birthday, I decided to get 'us' a present--A kindle ebook reader.

Malaysiakini down!

Fri, 27 Apr 2012 18:36:29 +0000

*Update: Malaysiakini have confirmed the update on their facebook page, looks like you need to look for other sources of Bersih 3.0 news, this could take a while. It’s also note-worthy that 10 people ’like’ this on facebook, obviously over-looking the fact that nobody should ’like’ this.

With barely 12 hours to go before Bersih 3.0 starts to swing into action, Malaysiakini servers appear to be down. I was trying to logon online to check the news only to notice that I couldn’t access the site, PINGs to the site seem to time out as well. Could this be a repeat of when Malaysiakini went offline in the run up to the Sarawak elections? Plus, I know this doesn’t affect me, because as a Google Chrome user I know when other users are also experiencing problems accessing a site.

Congratulations LHDN

Fri, 27 Apr 2012 14:51:37 +0000

The star today reports that:

e-Filing looks to be a definite winner among Malaysians well over half of the country's estimated 2.5 million tax-paying citizens have gone the paperless route.
Inland Revenue Board (IRB) figures showed that as at yesterday, 1,621,647 Malaysians had filed their taxes, with online filings accounting for nearly 75% of the total

I must say, if the numbers are true, that this is a fantastic achievement. I think there will always be people (particularly from the older generation) who prefer to file paper based tax forms and a rough estimate maximum e-filing rate would be around 85% in my view, so 75% isn’t quite far off.
This is fantastic news for 2 reasons:

Maxis Launches ebook portal

Mon, 23 Apr 2012 18:03:24 +0000

So Maxis launched their new ebook portal aptly title www.ebuuk.com.my, far be it from me to point out that an ebook portal should at least have the word book spelled correctly (don’t you think so Maxis), also judging by the SSL certificate it appears wanted to go for a more generic myebooks.com.my domain name before switching to ebuuk.com.my.

I’m an avid reader and was excited when I heard the news, so I headed over to the Maxis ebuuk page, and noticed that it wasn’t up to my expectations. I was completely annoyed by the fact that in some cases the prices for ebooks via the ebuuk page was about twice the price of books you could download from Amazon. And the proof is below, it includes a book I’m about to purchase called The Progress Principle, retailing for USD9.99 on the Kindle for Amazon, while Maxis ebuuk retails it for Rm68.99. Now USD9.99 is about Rm30 or RM32, and Maxis is retailing it for about twice the price, that’s ridiculous. This is an ebook we’re talking about.

Russell Peters : A case for copyright

Tue, 17 Apr 2012 16:36:40 +0000

Update 1: Russell Peters World Tour in Malaysia was sold out in hours. I failed to get a ticket online, couldn’t even log in. A friend of mine lining up in KLCC was told at around 10-ish in the morning that only platinum tickets were available.

Update 2: There are ‘strong’ rumors suggesting there will be a 2nd show due to the overwhelming response. stay tuned.

I remember watching my first Russell Peters video at my cousins place, and that was the classic gig which included “be a man” and “Chop some bong”. I remember laughing so hard my stomach hurt, and I also remember asking my cousin to burn me a copy of the video onto the CD so that I could watch it over and over again.

Then I remember sharing it with my friends. Again burning a whole bunch of ‘illegal’ cds.

Then I remember going onto youtube to get more Russell Peters, for free and technically illegal as well.

Finally I remember bit-torrenting Red, White and Brown, and laughing my ass off in front of my PC monitor.

And Lastly, I remember watching a Russell Peters video where Russell calls guys like me “fucking downloaders!’, as a direct reference to us getting all our material online rather than watching his show.

Well guess what, Russell Peters is coming to Malaysia, and the only thing I’m worried about is whether I’ll be able to get a ticket. Cause I know of at least 100 people who are just waiting for April 18th so that they can finally buy their Russell Peters Tickets. The Russell Peters Dubai show sold out in 8 minutes…..8 minutes. My family PC at home takes 10 minutes to boot into windows, AirAsias free Air tickets don’t sell out that fast…it’s every man for himself here people. I wonder if Russell gives Indian discounts?

4 Reasons you need an RSS feed

Thu, 12 Apr 2012 14:49:43 +0000

If you don’t know what RSS is, prepare to have your mind blown. If you’ve never used RSS, chances are you’re still bookmarking your favorite websites and blogs and visiting them on a regular basis painfully one at a time. RSS feeds allow you to magically consolidate all the content you read online, into one platform where you can get your daily dose of information all at one go.

RSS stands for really simple syndication, and it was designed as a simple way for web authors to syndicate their content across the internet. Conversely (and more importantly), it also provides a way for web users to consolidate all their favorites blogs, searches and forum threads onto one single platform.

So what is it really? Well I’m not too sure of the technical specifications to be honest, but here’s how I think it operates.

Lazada : The Amazon clone (and Samwer brothers) finally land in Malaysia

Mon, 09 Apr 2012 23:49:41 +0000

This blog is about Technology, but in these past few years it’s become impossible to talk about technology without touching on the subjects of copyright and censorship. Very few people have a clear cut definition of what is acceptable copyright infringement and what isn’t. Not too long ago I wrote about how a wordpress theme designer was being sued because he created a facebook theme, did you also know that facebook has already trademarked the term ‘face’ and is looking to trademark ‘book’ as well. Most readers of this blog know where I stand on copyrights, patents and intellectual property, where I draw the line however is trademark violations. A trademark is part of a brand, and usually trademark violations are a clear-cut attempt to fraud consumers by passing off a product or service as something it’s not.

So what about business ideas and business models. Is it OK to make a clone of Facebook, and call it mukabuku– maybe. Is it OK to use the blue and white hues that we’ve come to associate only to Facebook– that’s a bit uncomfortable as you may be tricking users to sign up for mukabuku by misleading them into believing mukabuku is a Facebook product. Well how about if you deploying mukabuku to a country that doesn’t have Facebook?

So what about the Samwer brothers and their new online retail site Lazada, that was just launched in Malaysia? It’s got all the hall marks of Amazon, is that OK?

Design your perfect server with Skali Cloud

Fri, 06 Apr 2012 12:18:38 +0000

After doing some research on Malaysian Cloud offerings particularly the IaaS offerings, I noticed something rather interesting from Skali. Now I always remembered Skali as an early web startup some time back in the 90s trying to ride the internet wave but failing all along the way, this however has some promise.

Skali takes cloud scalability to a whole different level with their cloud offerings, unlike other IaaS providers who offer a fixed number of machine types Skali offers a fully scalable machine that you can add processing power, Memory and Disk independently. In essence near unlimited amounts of options in terms of machine type compared to just 3 from Maxis Cloud.

The pricing still seems high, but it can go toe-to-toe with Maxis although it would depend on the specific requirements. From just the high level you can sense that these IaaS providers are going to compete for Malaysian customers but they’re competing with very niche offerings. Maxis ace up it’s sleeve would be the unlimited data transfer, which Skali charges at a mind-blowing Rm2/GB. Skali on the other hand offers an entire range of machine types (possibly in the hundreds), while Maxis offers just 3.

The choice between Maxis or Skali would be a simple one that would come down to how much data transfer or scalability you need in your application. That being said, let’s take a look at some other offerings from Skali Cloud.

MaxisCloud : A silver lining in terms of data transfer

Tue, 03 Apr 2012 23:41:00 +0000

A couple of weeks back I wrote a long post on the Maxis Cloud comparing it to other IaaS providers like Amazon and rackspace. That post wasn’t too kind to Maxis, and I did mention that there was no reason to use it…unless the data transfer was free.

As it turns out, data transfer on the Maxis IS FREE!!

This is a good step in the right direction for 2 reasons. Firstly, it means for high end cloud computing users that require lots and lots of data transfers, you’re looking at one of a IaaS provider that gives you unlimited data transfer inward and outward. Secondly, it means that there is a IaaS provider in Malaysia, that offers something that can be considered reasonably price, particularly if you’re hoping to be dealing with a lot of data transfer.

MCMC can't solve your Unifi downtime but they're looking for Gays online

Mon, 12 Mar 2012 23:09:43 +0000

Bernama reported today that The Malaysian Communications and Multimedia Commission  (MCMC or the SKMM) together The Malaysian Islamic Development Department (Jakim) would begin “collaborating to monitor lesbian, gay, bisexual and transsexual (LGBT) activities in the country, particularly on the websites.”

Apart from the usual gung-ho activity of from Jakim, its Director General Othman Mustapha said “If we find that there are things that are unsuitable on the websites, information would be channeled to the committee for action to be taken,”

Now some of you may know that I contacted the Multimedia Commission some time ago about my Unifi Downtime and to investigate what compensation I could get from a 9 day down time above and beyond the pro-rated cost. In a nutshell their reply was “sorry can’t help you”. It’s quite apparent why they couldn’t help me, they’re busy looking for Gays online.

YTL has the most ridiculous Acceptable Use Policy

Sun, 11 Mar 2012 15:10:36 +0000

YTL Communications has been doing a pretty good job recently. The Star even went as far as claim that “YTL Comms to Break Even” until of course you read the article in which case it mentions that YTL require an additional 500,000 subscribers on top of it’s current 300,000 to achieve that. However, it did offer a post-paid plan which was pretty decent, and who can forget the tie-up with Proton to offer a a 4G car. Why in the world would anyone buy a car because it has 4G, on the other hand why would anyone buy a Proton? (disclaimer: I still drive a 2004 Proton Waja which has served me well)

However, with Yes latest postpaid offerings I imagine it’s moving away from it’s niche position into more competitive environments, people may use Yes as a fallback, but post-paid is where the real money is and Yes is moving in. Yes Data plans come in various price points, from RM48 for 1.5GB up to RM168 for 10GB, the left-over credits don’t roll over to next month but there’s no extra charge for using over your quota just a speed throttle to 128kbps. (note to YES: 128Kbps is not broadband)

Bypass Unifi blocking and censoring using a DNS switch or VPN connection

Tue, 06 Mar 2012 23:43:38 +0000

If you’re on Unifi you might have noticed that some sites are blocked and it’s due to government directives to block these sites.  Now that goes against what the Government of Malaysia promised it’s stakeholders during the advent of the MsC, in which it promised to not censor the internet. If you remember, somewhere in August 2008, the government issued a similar directive to censor Malaysia Today.

So what's a average user to do to bypass these internet blocks. The blocks themselves are issued by the government and issued to all ISPs, fortunately there are a couple of ways to bypass these internet blocks which amount to censorship, and it depends on what kind of mechanism your ISP uses to block it. I'm all for a free internet and here are some ways you can bypass those blocks.

SKMM on my Unifi Downtime

Sat, 25 Feb 2012 10:43:28 +0000

Did you know Malaysia has a Multimedia and Communication Commission that oversees the quality of service for telecommunications companies including the broadband services they provide. I also understand that they are the enforcers of the Communications and Multimedia Act 1998, with a determination on the mandatory standards for the Quality of Service (Broadband Access Service) .

In not so many words, there are actually laws in place to ensure that your broadband provider meets a minimum standard in terms of uptime and service availability.

However, after reading the a short snippet of the Act from the SKMM website here, I was surprised to find that while it did have a specific outline for the quality of service, it did not have an outline for the penalty imposed if the quality of service was not met.

Copyright laws get dumber: Trans-Pacific Partnership (TPP) agreement

Sat, 18 Feb 2012 21:22:28 +0000

A recent article from the Star noted that Malaysia was about to sign a new Trans-Pacific Partnership agreement that would make subject local copyright laws to those imposed by the US. Now according to the article from the star the purpose of us looking into a stricter Intellectual property law was to “encourage investments, innovation, research and development”. That is a false premise.

The laws by themselves are useless if enforcement isn’t there, and if you can’t even enforce the current IP law, then why bother changing the laws if there is no plan to up the enforcement? Also this premise that we will encourage research and development with a strict law is both flawed and without basis. There is no empirical evidence to suggest that innovation thrives when Intellectual property is strictly enforced, in fact innovation is effectively crippled when you’re afraid that anything you produce might infringe on someone else’s copyright. It would lead to a point where corporations would spend more checking on copyright infringement then they would actually innovating and producing.

Unifi vs. Yes : The speed showdown

Sun, 12 Feb 2012 12:59:16 +0000

Alright, so my Unifi is back up and running, apparently it was an area wide network issue that caused half my town to experience a Unifi Blackout, I have thus named this debacle, the Great CNY blackout of 2012. I was left 9 days without an internet connection and was forced to reload my Yes Broadband package to go online.

Anyway, with a little credit left on my Yes broadband account, I decided to test out the speeds of Yes against my Unifi connection and see who comes up tops.

Some disclaimers before I continue, I ran this test on a Saturday morning where web-traffic shouldn’t be too high in Malaysia, and I subscribe to the 5Mbps Unifi Package and a standard Yes pre-paid package. I also decided to run 4 test per ISP, and then compare the results. First I tested against 2 local servers (Singapore considered local here), and then 1 test each to the US and Europe. I used speedtest.net and while the results will probably be inconclusive, it’s a good benchmark to use in case you’re wondering whose faster.

My Last Hope on Unifi: Twitter

Wed, 08 Feb 2012 17:01:54 +0000

[blackbirdpie url=“https://twitter.com/#!/keithrozario/status/167140677531074560”]

I posted the tweet above about 40 minutes ago, complaining about my omni-present (or omni-absent) Unifi connection issues about an hour ago.

Barely 30 minutes later, a friend of mine retweeted it and cc’ed a TM twitter account @TMConnects

Did an email to the CEO really help restore my Unifi services?

Fri, 03 Feb 2012 16:38:13 +0000

Just this morning I wrote about how my Unifi services went down and how I wrote a letter to what ‘appears’ to be Telekom Malaysias CEO email address.

A lot of Malaysians are skeptical that CEOs would actually respond to emails. Steve Jobs has responded to many emails personally and so has his successor Tim Cook. There have even been reports of Palm's CEO responding to customer query and even non-tech companies like home depot doing the same.

These however are American companies, not Malaysian, would a Malaysian CEO actually respond to an email from a small-time RM150/month customer like myself? I figured why not give it a try, I was already internet-less -- what more is there left to lose?

Unifi sucks: Here's why

Fri, 03 Feb 2012 11:35:33 +0000

Last year I moved into my new place, and had to apply for Yes! broadband because my place wasn’t Unifi ready yet. I blogged about how much I enjoyed the Yes! experience and even recommended it to most friends and family. That little love affair however took a turn for the worst when I discovered Yes! would experience a service interruption nearly once a month and the overall design of the Yes! service was lacking. So in the end I parted ways with Yes! and subscribed to Unifi instead.

Unauthorized withdrawals hit DBS and POSB customers, withdrawals done in Malaysia

Fri, 27 Jan 2012 18:47:12 +0000

According to a report from Channel News Asia, a total of nearly 200 DBS and POSB customers in Singapore have been hit by unauthorized withdrawals averaging S$1000 each. The withdrawals were done in Malaysia “while the ATM cards were with them safely in Singapore”. Which begs the question what does ‘safely in Singapore’ mean?

Channel News Asia goes on to report that withdrawals were made in Kuala Lumpur (not neighboring Johor Bahru) and done approximately the same time as ‘valid’ withdrawals. ZDNet has reported DBS is working together with its IT vendor, NCR to understand the issue and investigate further. It’s also suspended all suspected cards and are contacting customers to give them what it says would be a full refund. NCR also happen to make almost 90% of all ATMs in Malaysia, and according to Yahoo! news, this was “a security breach to its anti-skimming devices installed on ATM machines”, so I’m just wondering why this wasn’t done to Malaysian accounts of local banks?

Censorship in Malaysia: SOPA told through Malaysian Eyes

Tue, 24 Jan 2012 10:15:53 +0000

There’s been a recent surge of Anti-SOPA and Anti-PIPA sentiment over in the Unites States, Wikipedia blacked out it’s entire webpage and Google, Twitter and Facebook all joined in the fray. I’ve even received multiple emails from the Mozilla foundation on how to combat SOPA and recent a congratulatory cum Thank you note from Mozilla for joining the fight. Make no mistake, SOPA isn’t dead, it’s just been shelved for the time being, get ready people round2 starts soon.

In Malaysia though there has been little reporting on the issue, while some local blogs did mention SOPA, and a few newspapers briefly covered it, not much has been discussed on either of the laws. It’s typical of the Malaysian media to report less on matters that actually matter, and more on frivolous material like this article from the New Straits Times that read “Unity is Priceless: PM”. Really? Cause the rest of us thought Unity was worth around about Rm2.75 . I mean apart from pointing out the obvious, the article has absolutely no content, apart from the big picture with the “We Love the PM” nonsense.

That being said, there were a few articles on SOPA and PIPA, however those articles for censored to a certain degree, and here’s how.

How much do you trust Google?

Wed, 11 Jan 2012 23:14:46 +0000

I basically live on Google servers, the first sites I visit when I wake up are Google Mail and Google Reader, without these two sites I’m basically lost. I seldom log on to facebook anymore and twitter may keep me occupied for about an hour, but after that I need my fix of Google. Google is such an integral part of our lives, in fact since 70% of my readers come here via a Google search, chances are you wouldn’t be here reading this very post right now–without Google.

The question then becomes how much do we trust Google? Have we really thought about trusting Google given how much we rely on it. Think about it if Google were to go down, where would you go for more information. Chances are you’d head on over to bing, take bing away and you start having problems.

How do you search for search engines, when you don’t know any??

Kampung Wi-Fi: What's going on?

Sat, 07 Jan 2012 11:35:27 +0000

Late last year the Government announced the Kampung Wi-Fi (or Village Wi-Fi initiative). The initiative was mooted by The Information, Communications and Culture Minister, Datuk Seri Dr. Rais Yatim. Currently there are already 1,400 villages with Wi-Fi access and the Government hopes to increase that to 4,000 by year end.

That’s good news to a lot of villagers, broadband penetration is considered a right in certain countries, and bring internet access to rural Malaysia is a moved to be applauded. However, there doesn’t seem to be much on the technical aspect of the project available to the public.

According to this report from the Borneo Post, the Kampung Wi-Fi is a public-private sector initiative that involved expertise from Pernec Paypoint Sdn Bhd, so that’s an unknown company to me. The cost of the Kampung Wi-Fi initiative is anywhere from Rm25,000 to Rm32,000 per village, which for the additional 2,600 villages we plan to deploy to brings total cost of the project to RM65 million (onwards).

Tricubes gets new RM6million contract

Wed, 04 Jan 2012 13:21:33 +0000

Sounds surprising and

quite convenient, that a company that reports a loss of Rm17 million, goes on to report that they have a lifeline, in the form of a Rm6 million dollar contract from the police to “maintain the Royal Malaysian Police’s (PDRM) mobile systems for two years starting January 1”.

Quoting this Malaysian Insider Report :

“In a filing to Bursa Malaysia today, the company said TricubesNCR JV Sdn Bhd bagged the deal to maintain the Enhanced Mobile Management System (EMMS) and Mobile Card Acceptance Device (MCAD) on December 30, 2011.

TricubesNCR JV Sdn Bhd is 70 per cent owned by Tricubes.”

PPSMI:Where's the Science?

Sun, 01 Jan 2012 16:30:32 +0000

A couple of hundred years ago, if you wanted to find out what was inside a horses mouth, you’d go to a quite corner and sit for a while and contemplate what was in a horses mouth. This sounds anathema to anyone reading a blog in the 21st century, but it was quite common in the days of Aristotle. Our brains are hard-wired for imagination, in fact happiness expert Daniel Gilbert actually goes further and says we’re the only species that can imagine our future selves. It’s the reason he says, why Ben and Jerrys doesn’t have Liver and Onion flavored ice-cream. It isn’t because someone actually made Liver and Onion flavored ice-cream it’s because we can predict that Liver and Onion flavored ice cream is probably not a good idea.

Tricubes reports Rm17million lose, typo in Annual Report

Thu, 29 Dec 2011 16:34:28 +0000

About 2 years ago

if you typed “miserable failure” on Google the first listed webpage would be the wikipedia entry for President George W. Bush, apparently a few guys found out how Google ranks their pages and decided (with a little help from friends) to push up the GWBs Wikipedia page for the search entry “miserable failure”. Google has since changed it’s algorithm to prevent a few kiddie hackers from being able to control the page ranks of sites which have dire consequences of a pages visibility online.

I wonder if we could get miserable failure to point to the Tricubes website instead.

Tricubes is in the news again, this time for a ’typo’. Apparently the public listed company that was awarded the 1Malaysia email program and was also appointed the traffic fines collection agent by the police last month, can’t get their annual report in order. You would think that if there is just one document a public listed company would get absolutely correct it would be it’s financial report, Tricubes however is bucking the trend and inserting typos in their Annual Reportin what could be the shrewdest move ever to gain public attention. It’s probably a good thing, considering the ‘surprisingly low’ take up rate for the 1Malaysia email project. Tricubes aimed to get 5.4million email accounts, but according to the Malaysian Insider “ has so far only managed to register several thousand, most of whom were ported over from trial accounts”. This typo could be a cunning but ingenious ploy to get Malaysian more aware of the project, or it could be a error by a company that isn’t well run. Either way, there’s no such thing as bad publicity right? (sarcasm level at an all-year high).

Computing Professionals Bill: Final Verdict

Wed, 21 Dec 2011 22:46:02 +0000

In what I hope is my last post about this ridiculous bill, I hope to ask and answer an important question I’m surprised no one has asked yet…

Why do we need such a bill?
In essence do we need to raise standards, or provide assurance to employers regarding hired professionals. I believe the answer is NO. It all stems from a brilliant book I read "start with Why" by Simon Sinek, and you catch his amazing TedTalk here. He goes on to say, that if you mess up the WHY of any action, no one will follow you, because "People don't buy what you do, they buy Why you do it"
Now I understand that we’d always need to raise standards, and provide assurances, but in the greater scheme of things is it really that necessary to do it now, or can we expend our energies and effort elsewhere for the IT community to get the value from our actions. This should be at the core of the discussions, this is the WHY of the bill, if I don’t believe in the WHY of the bill, then there’s no need talk about the who, what,where and how.

If the objective of the bill isn’t agreed upon, then it doesn’t matter how we achieve the objective. I feel a lot of IT professionals have bypassed this and zoomed down immediately to the details, pointing out flaws in the bill and a lack of clarity and specifics, however I’m not even sold at the high level of the bill let alone the specifics, and I struggle to understand why the bill is around in the first place, let alone how it will achieve it’s WHY.

I'm so happy....

Fri, 16 Dec 2011 16:26:10 +0000

My blog & name was mentioned on BFMs tech talk today. Woo hoo!! I’m so happy!!

You can download the podcast of the show at BFMs website here , and it’s fantastic (partially because it mentions my blog).

So while MOSTI still hasn’t given up on the bill, apparently no one in the Industry wants the bill except MOSTI, and they’re just a Government Ministry. Where were the Industry players MOSTI engaged before proposing the bill? The sad part is that even drafting out the proposal of the bill would have cost money and resources that could have been better spent elsewhere…sad!

Computing Professionals Bill: 10 reasons to kill the bill

Thu, 15 Dec 2011 11:53:39 +0000

So there’s a lot being said about the new Computing professional bill, even on this blog. For now though, if you’re really interested in finding out about the legal implications of the law, check out this amazing article here from the Bar Council Website written by ‘The Awesome’ LoyarBurok. Or if you’re in the mood for some petition, try signing this petition here, they’re aiming for 2000 signatures, so far they’re about half way through.

You might also want to digest a point by Tony Pua (opposition MP from PJ Utara):

Jobstreet does its bit for Thailand

Wed, 14 Dec 2011 11:23:59 +0000

The Thais have had a rough couple of months. With floods inundating entire swaths of the country, Bangkok had to revise its GDP estimates for the year and even hard-disk prices spiked due to limited supply. There is some good news though, Western Digital recently started up it’s plant in Thailand (although no news on when it’ll be resuming operations) and many other companies are following suit as flood waters appear to have subsided.

Computing Professionals Bill: This is IT

Tue, 13 Dec 2011 23:22:39 +0000

Some laws you have to fight wars to keep….others you have to fight wars to be repealed. This is one of those laws you have to fight to prevent from ever being made a law…

On April 12th , 1861 Confederate forces attacked Union Military installation named Fort Sumter in South Carolina. The attacked marked the beginning of the American Civil War, and the United States of America would never be the same. The war was about more than just a secession from a Union, it was about preserving the right that every man was created equal and that no man or woman would ever be ‘owned’ again. In just over 140 years later, the United States of America elected their first Black president.If ever there was a war worth fighting for, it was the American Civil War. The Abolition of slavery was a law worth fighting for, it was worth preserving, even till death.

Computing Professionals Bill 2011: Not again!!

Sat, 10 Dec 2011 01:13:55 +0000

The Malaysian government is a crazy bunch, just today I saw two bits of news that left me squirming with disgust. First a short piece on Christmas Carollers requiring Police Permits to go Carolling (not just permits but full details of every activitiy) and then later today there is a new Computing Professionals Bill 2011.

Why would a government want to regulate the computing Industry? It’s not like we’re bankers or something? Why is there a need to regulate an industry that first off is too broad to define under an umbrella called computing, and secondly isn’t exactly a threat to national security.

Lowyat has done a great deal to summarize the bill and post it up for reading here..

But where we should be really intrigued is a part of the bill (according to Lowyat) that says:

3 Reasons to say NO to Yes Mobile

Fri, 25 Nov 2011 19:53:38 +0000

I recently purchased a yes mobile account, and was pretty happy the results. In my past review I mentioned that the speed was great followed by good stability. However, there have been some downsides to the service, and here’s some reasons why you should avoid yes mobile.

While Yes is great, there are overall flaws with the service, and below is my review of 3 reasons why you shouldn't use YTL Yes 4G.

Before I move to the reasons, let me explain the kind of user I am. I work from home 3 times a week and use my laptop for just about all my working needs which include late night teleconferences, phone calls (via my companies VOIP) and even for webcast and presentations that I do on a regularly basis. Working from home has it's advantages, for one I don't travel too often and can usually get a lot of work done. However, if my internet connection is down, I'm completely cut-off from the office, with no office communicator and email, there's very little I can do at home. Even worse, if the internet connection goes down before a teleconference (or even during a teleconference), things get pretty ugly pretty fast. I absolutely need a stable and reliable internet connection and chose Yes 4G because I thought it would provide me that, turns out I was wrong.

Yes.my : A review of Malaysias 4G broadband

Wed, 17 Aug 2011 11:51:19 +0000

I’m going a bit off tangent today and focus on Malaysias latest 4G broadband. Recently I moved house and my new area didn’t yet have UniFi, so to avoid locking myself down to contracts I decided to go for a pre-paid wireless service offered by YTL called Yes.

Initially I was a bit skeptical on the performance of yes, but it did have some things going for it. Firstly it was prepaid meaning I could terminate the usage anytime without incurring any fines. Secondly it was wireless so no wiring for my new house, and finally it a usage based thing, so if I was bit-torrenting then I could get pretty high mileage from just RM30.