Yesterday I Googled something about maxis that took me to a forum.maxis.com.my link. Unfortunately, Firefox wasn’t happy with Maxis, because I got the following screen:

Firefox is the first of the mainstream browsers to end support of SSLv3, ever since Poodle was published. For those of you who aren’t keeping tabs of security issues–Poodle was a big vulnerability discovered in the 2nd half of 2014, that affected the SSLv3 protocol.

A couple of days back, I was at my in-laws doing some browsing on their PC. Now my in-laws have a Windows XP laptop, that isn’t secured, which is fine because as far as I can tell, I’m the only one that uses it. Most of them now go to their phones or tablets for internet access–nobody uses PCs anymore!!

Environment News Service, an environmental focused news website this week accused Malaysian government hackers of attacking it after it ran a story implicating Sarawak governor Tun Abdul Taib Mahmud of corruption and graft. As a result, the site was down for 2-hours, before the site manage to re-gain control.

“The attack on our site came from a Malaysian government entity as identified by their IP address,” Sunny Lewis, editor-in-chief of Environment News Service (ENS)

But what exactly is an IP address, and how did ENS identify it?

Let me explain.

Recently I received a phishing email from konzie2@usm.edu telling me that Maybank had installed new security features and that I need to validate my details on the Maybank2u web portal. The email was marked as SPAM by Gmail, and trying to visit the site further sparked more warnings from Firefox AND my anti-virus.

But I was curious as to what the link would entail, in much the same way I was curious about the RHB phishing emails I received some months back.

Hopefully this post gives you an indication of just how sophisticated these attacks are, and manages to educate you on the one true way to establish if the site you’re visiting is genuine.

The fake login page for Maybank2u looks exactly like the REAL login page of Maybank2u, there really is no difference from the victims perspective. What’s more interesting is when you go deeper, by just enter in ‘a’ username and a password you get to the following page (please don’t enter ‘your’ username and password, just ‘a’ username and password)

The Star reports that :

Malaysia Crime Prevention Foundation vice-chairman Tan Sri Lee Lam Thye called on the Malaysian Communication and Multimedia Commission (MCMC) to block bomb-making websites.

“We live in a troubled age. Previously, it was unimaginable, but now even from your home, you can make a bomb. The MCMC must do a comprehensive check to see how we can block sites that are harmful to the nation,” he said.

Now, apart from the fact, that there aren't any dangerous substances used for bomb-making today, that wasn't around in the 1970's, the entire statement is one made from ignorance.

The Anarchist Cookbook, one of the most famous manuals for making home-made bombs, was written in the 1970's and improvised in the 1980's--stuff that was flammable 20 years ago, is still flammable today. It's not like as though, the atmosphere has changed and petrol no longer burns.

But calling for the MCMC to 'comprehensively' block sites that are 'harmful' to the nation is something no one, especially a Vice-chairman of an NGO should ever do. We can't allow for the MCMC to be given a rein on the internet, even if the intentions are good--after all, we know what the road to hell is paved with--we can't allow good intentions to create bad consequences such as internet censorship.

Anyone that calls for the blocking of websites needs to understand the reasons I don't condone blocking of websites.

A while back, I wrote about how the Government blew nearly RM 1 Billion ringgit on the MERS 999 system. A system that soaked up nearly Rm30 Million in consultancy cost alone–yet failed. The biggest issue I had with the MERS 999 system was that the government had a similar system called MyDistress, which not only worked well in the Klang Valley, but was given to the government free of charge by a company who was doing it as part of their CSR activities.

Unless you’ve been living under a rock for the past couple of years, you’ve heard about the 3-d printing. 3-D printing is supposed to be the next ‘big’ thing in technology, it allows anyone the ability to physically ‘print’ 3-dimensional objects like cups, toy models, even car parts from ABS plastic (that’s the same plastic used to make Lego pieces), in much the same way you print documents on pieces of paper. The great thing about 3-D printing of course is that it’s digital, the files that instruct the printer what to print is a digital file, similar to the word or powerpoint documents you’re probably used to. With that comes all the advantages of digital files, which mean they can be replicated ad infinitum and distributed across the internet for free.

The 3-D printing revolution has already begun, websites have sprouted up online hosting the digital files for printing things like citrus juicers and wine glass holders, all the way to replica models of sports cars and Star Wars spaceships.

But there is one concern. A concern so over-whelming, governments around the world, including ours are looking at 3-D printing with some suspicion. The ability to 3-D print a GUN!

A 3-D printable gun would allow any criminal (or child) to download a file off the internet and print a working weapon all from the comfort of their home. What do we do when technology starts to allow people to endanger lives? Well the answer is, technology has always made it easier to kill people, take your car for example. If you really wanted to kill someone, the best most reasonable way to do it would be to run them down with your car–and then reverse over them just to make sure, do we ban cars just because they can (and often do) kill people?

What’s more this idea that a 3-D printed gun is a clear and present danger is completely over-blown.

If you understood the physics of a gun, you’d know that a fully functional gun isn’t all that likely.

Last week, while I was flying from KL to London, I noticed a strange anomaly on the screen of the boarding gate at KLIA. Closer inspection revealed that it was an anti-virus warning that signaled the computer had been infected by a Virus (almost 2 days ago!!). As a techie, I quickly deduced 3 things from the screen.

One, the computer was running Windows, and probably an outdated version of Windows. Two, the computer had been infected with Conficker–Conficker was a pretty infamous threat, back in 2008!! And yet, here we are, at Malaysia’s most prestigious airport, and we have a computer infected by a virus that pre-dates the iPhone 3G. Three, the computer is probably part of a larger network, and never gets patched or updated–probably. If it were patched, it wouldn’t be infected with a ol’ grandmother of a virus.

As an added bonus–I could easily see the user of the system. That’s a delicious bit of information for any hacker to have.

Heaven forbid, the virus on the computer screen at KLIA not spread to something important–like control tower or Sky Train controls.

These days, everything is a computer. Your phone is a computer, your watch will one day be a computer, so too is your car. But when was the last time you patched and updated these systems? When was the last time you updated the firmware on your router–or even when was the last time you updated the software on your laptop? Some of you probably haven’t done this before–I’m looking at you Android JellyBean and iOS5 users.

So the display screens at the airport are computers–but so are the Automated Teller Machines (ATMs), and trust me when I say this, some of them run on windows….gasp!!

I've updated this post on 31-Mar-2015, to incorporate the latest changes, and to provide more up to data info on the procurement database. Left everything else in tact.

So on that note, I decided to use my IT skills for the good of the country.

To be honest, my IT skills have never been up to par, my day job is more managing/planning/documenting than actual execution of ‘real’ IT work. But it was good for me to dust of the ol’ programming fingers and learn Python to grab some publicly available information and make it more accessible to the less IT centric members of society.

Since I had limited time, and sub-par skills, I decided to set my sights low, and aim to extract all the data from the Malaysian MyProcurement portal, which houses all the results of government tenders (and even direct negotiations) in one single website for easy access. The issue I had with the portal though, was that it only displayed 10 records at a time–from it’s 10,000+ record archive, so there was no way to develop insights into the data from the portal directly, you had to extract it out, but the portal provider did not provide a raw data dump to do this.

So I wrote a simple Python script to extract all the data, and prettified the data in Excel offline. The result is a rather mixed one.

I was happy that I could at least see which Ministeries or Government departments gave out the most contracts, and what the values of those contracts were. All in all, the excel spreadsheet has more than 10,000 tenders with a cumulative value of RM35 billion worth of contracts going back to 2009. The data allowed me to figure out which Ministry gave out the most contracts, the contracts with the highest and lowest value (including one for Rm0.00, and one for just Rm96.00). All in all it was quite informative.

Recently KiniBiz did a piece on Malaysian broadband speeds, and once again the hoopla about how Malaysian broadband speeds are slow arose. Kinibiz quoted an article from Asean DNA which stated that the average broadband speed in Malaysia was just 5.5 Mbps, while Thailand, Vietnam and Singapore had speeds that were double that (or more!)

The report however was inaccurate, and I think there’s a need to address the hoopla, because this happens often. There was a report couple months back that said Cambodia had faster speeds than Malaysia, and I wrote a post addressing that. This time I think, we have to really go into the data and find out what exactly is going on.

So let’s start at the source of this data.

The data was built from billions of download test conducted by users throughout the world on speedtest.net (a website that allows users to test the speed of their internet connection). This dataset is HUGE!, one of the biggest I’ve seen and definitely the biggest I’ve had the pleasure to play around with. Just one file in the set had more than 33 Million rows and weighed in at more than 3.5GB.It took me some time and lots of googling just to figure out how to deal with a csv file this large. Fortunately, there’s LogParser, but we’ll skip that tutorial for now and focus on the juicy details of data.

The number reported by Asean DNA is wrong. The average internet speed in Malaysia isn’t 5.5Mbps, it’s more like 7.5Mbps.

5.5 Mbps was obtained by averaging the speed across the regions of Malaysia (Kl, Alor Setar, Klang..etc) rather than by averaging the speed across all the test conducted by Malaysian users. In short, Asean DNA placed equal emphasis on Kuala Terengganu and Kuala Lumpur, although Kuala Lumpur had 50 times more test conducted. It would be like calculating GDP per state, rather than GDP per capita. The real per capita download speed in Malaysia is 7.5Mbps, rather than 5.5Mbps (if you limit yourself to just data from 2014).

Here’s the breakdown. You can download the file from netindex.com or just use an extract I created with just the Malaysian data–it took some time to do this so leave a Thank you in the comments if you downloaded the data.