I’m a big fan of the D-Link DIR 615 router, I think Telekom Malaysia made a pretty good choice selecting it as the default router for Unifi accounts. To be fair, TM have made some bad choices as well, but we won’t go into that here, overall the router isn’t top notch, but it gets the job done.
Unfortunately, D-Link as a company has come under the spotlight for some rather funky security practices. First, there was a rather questionable backdoor that D-Link installed on a couple of older versions of their routers, the router basically granted anyone access to D-Link routers by just changing the user agent string of their browser–worse still the back door carried the name of the author….it was Joel.
Fortunately, for Malaysians, the backdoor didn’t affect Unifi routers–as far as I could tell anyway, and D-Link have since fixed the issue.
Just last week, though a rather obscure post on bugtraq, which was then quickly re-posted to a couple other forums, detailed a more intrusive exploit, one that Unifi Dlink routers were susceptible to. This one, didn’t grant you access, but it would grant you the username and passwords of all users of the routers–literally giving you the keys to the gates of your router. As far as I can tell–this impacts EVERY D-Link Unifi router there is.
The hack is so simple, it requires no additional tools other your browser and quick copy-n-paste. All the attacker is required to do is to enter the following url:
Where XXXXX is the router password, and YYYY is the port on which it’s operating on. Then the router will miraculously display it’s security credentials to you, and you’re good to go. Using Shodan, I’ve verified that this works with nearly every firmware (pictures are blurry, click to open the full image)
D-Link have yet to release a patch for this, and the guy that published the bug didn’t really follow the rules. Usually D-Link should be alerted of such a bug and given time to fix it before the vulnerability is published.
However, since literally hundreds of thousands of Malaysian households are now susceptible to this attack, you need to know. More importantly, there’s nothing you can do about it with your current router firmware. No counter-measure is possible, it’s like living in a house where the door won’t lock, or the gate won’t close–how will you sleep at night?
Don’t despair you have two options to fix this:
1. Upgrade your router firmware to DD-WRT, Unfortunately, the guys over at Unifi Athena have been on a really long hiatus–and all the websites you search for information on this refer to them. Hopefully I’ll have time to publish a tutorial on that soon.
2. Change your router to a new Asus/Tp-Link router. I personally use the N12, but any of the Unifi compatible routers work pretty much out of the box.
3. That may fix the short-term though, in the long run, you’ll need to pay attention to security practices and upgrade your router firmware accordingly–provided the manufacturer actually releases patches. It’s inconvenient, but security requires effort.
However, I’m here to tell you, that as a Malaysian–you want to hold off that pre-order. Now if you want to buy coin to show-off to your less tech-literate friends, then go ahead, but if you’re buying COIN thinking that it’ll simplify your wallet, you’ll be sadly mistaken.
First off, coin will not support Malaysian credit cards–period. They’re FAQ state they do not support EMV cards, in layman terms that means they don’t support the chip-based cards we use in Malaysia. So there, you’ll still have to carry your credit cards–and ATM cards. Now I know some of you might be shouting, that your credit cards still have a magnetic stripe behind it, but that’s more for you to use in a foreign country that doesn’t accept EMV cards just yet, not Malaysian merchant will accept your Malaysian credit card via the a magnetic swipe–which is what Coin is suppose to replicate.
Secondly Coin only works with magstripe cards, and that’s great. As a father of a newborn I can tell you right now, I have a Jusco, Tesco, Watson, Bonuslink, and any other loyalty card you can think of. Technically my new title is ‘uncle’ and I know where the cheapest diapers are to be found. So Coin will help me overcome carrying those bulky loyalty cards around, if I could convince the cashier to swipe my Coin instead of my ‘real’ Jusco card. May have to turn on the ol’ Rozario charm for that one.
You see loyalty cards are issued individually to make it harder to hundreds of people to share the same card and rack up points–it’s inbuilt into the way loyalty schemes are run and inbuilt into calculating the cost of the loyalty scheme, so Jusco and Tesco may simply flat out refuse to swipe your loyalty card on that premise. To them, you’re cloning your card, which is against their terms and agreement. At most you’d be able to swipe your Bonuslink or KadMesra at the petrol station, because that’s outdoor self-serve with no one to refuse you, and the system wouldn’t know the difference from a coin to the ‘real’ card, but other than that at the very least I can say–I’m not sure.
On a separate note, Fuel cards, those cards that Fuel companies issue for you to buy fuel from them–are usually magstripe and can be ‘coin-ed’, but they are usually issued with PINs and once again–they shouldn’t be cloned.
Finally, a lot of cards may seem like magstripe, but they aren’t. Popular Bookstore, and BookXcess both use barcodes on their cards. Meaning the way the card is read is by scanning the barcode printed on the card–not swiping the magnetic stripe. Plus, I just checked both my insurance cards, and they’re not magstripe either, as far as I can tell they’re just cards with my insurance information printed on the card. I understand the ‘Red Alert’ insurance operates with magstripe cards–so that may help.
And just to make matters worse, Coin is not a form of ID, so you’d still need to carry your IC and Drivers License.
So unless you feel like carrying around a 50 US dollar device, to replace your Jusco, Tesco and Bonuslink card–I’d stay away from COIN till they can replace EMV cards, and just to add, the EMV standard was built to be difficult to clone in the first place–so that may take time.
Over the weekend, I saw the following tweet from the star, which I attributed to be either a badly timed April Fools joke, or a typo error:
Friday and Saturday are weekend rest days for Johor from Jan 1. What’s your view? #Johornewweekend
— The Star (@staronline) November 23, 2013
Surely, a state like Johor that was trying to attract investment for the Iskandar region from companies like Frost and Sullivan, would not make such a catastrophic error. Alas, upon further checking, I found the information to be true.
My initial reaction was that this was a truly bad idea, one that would have severe repurcussions not just on the state economy but on the Malaysian economy as a whole, I also felt a sense that maybe this was the start of more ‘Islamic’ Malaysia. However, after ruminating over the weekend about this and other more serious topics (like would Ryan Giggs play in the Man Utd vs. Cardiff Match on Sunday), I had a slight change of heart–though not enough to think that this is a good idea, just enough to think that this is a ‘less’ bad one.
First some context, I work in IT, as you know. One of the beautiful things about my job is it’s global nature, I go into the office just 2 days a week, and work the other 3 days from home. I have many late night teleconferences, usually from 8pm-10pm (9pm-11pm during daylight savings) and I work people from nearly all over the world, including the US, Europe and a vast majority of Asia-Pacific countries where we have an IT footprint, including Pakistan, Oman, Thailand, Singapore, Brunei, Philippines, Australia and of course Malaysia.
So I understand when ‘foreigners’ complain about the list of holidays we have in Malaysia, that averages between 18-20 depending on which state you’re from, and 21 if Malaysia wins the Suzuki Cup (remember that one!)…more importantly I understand the difficulty of working with people when you have no time over-lap with–particularly the US, since either someone has to wake up early, or someone has to sleep late in order for Malaysians and Americans to be on the same call together.
So think about it–if I have an early Tuesday call with the US, the call is usually either 6am or 7am, which means it’s 7pm or 8pm in Houston–but on a different day. How cool is that? The amazing thing about this arrangement though, is that after my call, and my US counterpart goes to sleep, I can work an entire day before he gets into the office on their Tuesday morning–what that translates to is that from his point of view, I instantly worked over the night, and it works vice-versa as well. So in essence having these situations where the timing doesn’t overlap can be made to work to your advantage, since in essence he and I can exchange work back and forth–and essentially work 2 weeks in just 1.
However, days are a bit different. I’ve worked on a Pakistani project before, and I’ve even been to Karachi (which is quite beautiful and not as dangerous as people make it out to be). Even in a country founded because they were Muslim–Pakistan practices the usual schedule of working from Monday to Friday and resting on Saturday and Sunday.
Recently though, I found myself doing a bit of work for our Joint Venture in Oman, now that’s a country that rest on Friday and Saturday and works Sunday through Thursday. To be honest, it wasn’t that big of a deal–sure you need to squeeze in that last meeting on Thursday, but I didn’t really feel that it was that big of a inconvenience. Of course this is a project I wasn’t heavily involved in, it takes up just over 1/2 a day every week–so at that rate, it’s not hard to see why having less overlap would be an issue.
I still wonder though, if the guys who are going to be working at the Frost office in Iskandar–would they see it as an issue, for an Industry observer and Sector analyst to be working different days than the Industries and Sectors they’re supposed to be observing and analyzing? I wonder if Malaysians from other parts of Malaysia would find it difficult to work in Johoreans due to the different working days, as it literally means that no one could work with Johor on Friday–and Johor would be working alone on Sunday. How can Johor then run an IT outsourcing outfit from Iskandar–if the programmers don’t work the same days as their customers?
First and foremost, let me start by telling you that I truly admire and respect your contribution to Malaysia. I remember shaking your hand when you attended my Convocation quite some many years ago. It was quite odd to see that while you were present, you didn’t give a speech, simply because you attended the function not as former Prime Minister of Malaysia, but rather as the spouse of the Chancellor–your wife Tun Dr. Siti Hasmah.
So it saddens me deeply, that at another convocation–this time where you were giving a speech, you suggested that it is time to censor the internet to counter “distribution of pornography, questionable news and slanders”.
If I may be so bold Tun–censoring the internet is the single most destructive thing that can happen to modern day Malaysia, and something that must be opposed at every turn, even if it involves publicly correcting a senior leader such as yourself. As a citizen of Malaysia, I find it not just my right, but my duty to inform the Emperor when he has no clothes on. More…
Ever wonder why iPads come in 16GB and 32GB models but now 20GB? You may have asked yourself Apple never produced a 10GB or 100GB model?
All data stored in your computer is stored in binary digits, or bits. The word binary denotes two, just like bi-lingual, bi-weekly, or bicycle.
A binary number can have a value of either 1 or 0. Just like a switch can be on or off, or a gate can be opened or closed, but since it can only have two possible values, it doesn’t really have much capacity to store much information.
So in order for binary digits to convey information such as in e-books, mp3s or videos, you’re going to need a lot of them!
How many? Well string 8 bits together and you get a byte. A byte can have 256 possible, which means a byte can convey information like a single character ona scree. and this is what ASCII is.
You may be wondering why 8 bits = byte? Why not 10 or a 100?
You see while 10 makes sense to humans, because we use decimal digits in our daily lives, it makes no sense to a computer because it uses Binary. So just like how powers of 10 make sense to you, like 10, 100, 1000, 1,000,000 and so on, In the binary world, where a computer operates, things make more sense in powers of two. That’s why the storage space on your iPads are sold in powers of 2, from 16GB, to 32GB..and so on. You see these powers of 2 pop up everywhere in computers, from the size USB sticks, to RAM on your computer, even the size of IP addresses all have to conform to the some power of 2.
And since 100 isn’t a power of 2 (or least not an Integer power of 2), Nobody will ever make a 100GB hard-drive that will go into any tablet.
Picture of switch: https://secure.flickr.com/photos/g4ll4is/7125837749/sizes/m/in/photostream/
Music from youtube music library
Icons from the ever awesome Eldorado collection: http://www.icojam.com
Really cool infographic of the evolution of cell phone to smart phone and how the major players evolved over time.
A couple of things that stood out for me were:
1. Nokia gave up such a dominant position and never came back
2. Just the sheer speed at which Nokia went from Hero to Zero is astounding, it’s like as though Nokia died from a gunshot, as compared to Kodak which died a slow painful death from cancer.
3. Samsung comes on the scene in 1997, but doesn’t make an iota of change, up until Google decide to launch Android almost a decade later. That truly was a game changer.
4. Nokia and Samsung still sell more than twice Apple’s volume in phones, but Apple makes more profit simply due to it’s pricing scheme (a cut from the telcos) as well as the fact that Apple only sells higher-end models with higher margins (5C being the exception).
5. Motorola started it all–but then somehow disappeared. Being first to market counts for naught in this industry, neither Samsung nor Apple were first movers.
It didn’t. We scored a embarassing 426 In just 8 years we went from being above average to bottom third, and the angkasawan program did absolutely nothing to arrest this slide.
Of course, the Good Minister will tell you that we’ve had 24 academic papers published as a result of the program, first of all I couldn’t find the mysteriously ‘well-received’ papers on any google searches I performed. Including papers related to the Food In Space experiment, which was meant to taste 9 difference Malaysian delicacies on board the ISS. Notice also, that the word collaboration is wrongly spelt on this slide. More…
I’ve been a bit slow on the post these days, part of that is because I experienced a life-changing experience some time back, but mostly because I was experimenting with a new medium–youtube!
I’ve made 3 new youtube videos, and plan to post one every week. Unfortunately, what that means is that there’s less time to spend on the regular blog post. Hopefully by the end of the year, things will stabilize and I should be able to post a youtube video and a blog post regularly. But for now, most of my effort is going to be focused on the creating those videos.