A lot of people have asked me if indeed you can view Netflix or Hulu or any other streaming service in HD on a regular 5Mbps Unifi connection (that’s the slowest possible Unifi connection). Yes you can! Check out the…
This article is really more a continuation from yesterdays piece about how unfair the Fair usage policies in Malaysia are. In my view telcos complaining about 15% of customers using 70% of their traffic is just ludicrous behaviour–it’s the cost of doing business. This is akin to a restaurant owner offering a buffet and then complaining that 15% of his customers are fat men who eat the expensive mutton curry. Really? Do you really think that if you offer a buffet all you’re going to get is skinny super models?
As ironic as it sounds, the more customers any telco has, the less the average consumption of data per user becomes. That’s because your grandmother down the road who uses Unifi for just Skype-ing with her grandchildren can essentially subsidize your torrent hungry consumption. At the end of the day, there are far more grandmothers in Malaysia than there are torrent hungry downloaders like yours truly.
So that’s why I don’t like the data caps, but how about the content filtering? Particularly filters that block of torrent downloads?
Part of the cost of your broadband connection includes the cost that the telcos pay to route your transaction to the US. That’s really where the internet is, and while Google has a couple servers here and a youtube presence–the vast majority of traffic still flows to the US. This means on top of the price of getting the Fibre to your home, the local telcos also have to pay for routing your data to the US (and back). If most Malaysians started viewing local sites rather than pornhub, our broadband cost ‘could’ become cheaper, because the telcos don’t have to invest in those expensive undersea cables to setup the connection to the states. Contrast this with the situation in the US where only 10% of traffic from the US flows outside it’s borders, it means that even if a US ISP lost its undersea cables, it could still serve up 90% of the content its users were requesting. It also explains why Singapore has cheaper broadband than Malaysia–Singapore is the data-hub for the Asia Pacific Region, so a lot of it’s traffic is also local.
So how do we resolve this issue? One approach would be to make Malaysia a hub, but most experts conclude that it’s probably not going to happen (including Afzal Abdul Rahim in his 2011 TedXKL talk). The other option would probably be to start hosting more content in Malaysia, and that’s why a Youtube server within our borders is a great start. What would probably help better is Netflix availability and Netflix servers in Malaysia–until you realize that Netflix host their servers on Amazon Web Services, and Amazon chose Singapore as their Asia-Pac location–probably because Singapore is a data hub, which sends us into a round-about circular argument.
We can’t get cheaper broadband because we don’t have the cables coming into Malaysia, and we don’t have the cables because we don’t have the content, we don’t have the content because we don’t have the cloud servers and we don’t have the cloud servers because we don’t have the cables. I explored this before how cloud computing ties in closely with your data connectivity as a nation–and there really is nothing much we can do to address the gap with Singapore except spend more on undersea cables. Most of which require significant monetary investment–and take a lot of time to deploy.
Every six months, the great people over at Sandvine release their Global Internet Phenomenon report, which seeks to make sense of global internet traffic across the different regions of the world, and every six months I learn a lot from just gleaning through it. For instance most of the traffic in the US continues to point to just one website–Netflix, which also explains the drop in bitTorrent traffic in the US (why bother downloading anything when you can stream). However, in Malaysia, where it’s difficult (but not impossible) to get a Netflix account, most of the traffic for both upstream and downstream still uses the bitTorrent protocol–which mostly means there’s still a lot of illegal downloading going on in these here parts–but you can’t blame us, because the alternative isn’t legal downloading, it’s buying a DVD–if you can find the DVD you want in the first place.
You can view the report in it’s entirety here, but I just wanted to point out one cool fact.
The average monthly traffic in Asia-Pacific has dropped.
Just 12 months ago the average monthly consumption was 32.2GB, now it’s at 22.oGB. That’s a significant drop in traffic, that which really boggles the mind. This is the growth region of the world–why is our average monthly consumption of the ‘internet’ decreasing. Put another way, why are Asians using less internet?
I suspect the average monthly consumption has dropped because of the growth in Asia Pacific, it’s quite counter-intuitive, but as Asia Pacific adds more users to the internet, the newer users in the more rural parts of the region aren’t downloading as much as their urban cousins. Therefore, while the overall traffic flow has increased, the average monthly consumption per account has reduced. It’s all conjecture at this point–but that’s what I think based on just this one data point. It makes sense to me, as a lot of people aren’t torrent-crazy-downloaders, which just means that they aren’t consuming anywhere near the full amount.
The Median monthly consumption is just 8.8GB, while the Mean monthly consumption was 22.0GB, and that tells me that the data is skewed–highly skewed. The statistician inside me is just crying to get out and shout–SKEWED!!
Skewed is just another way of saying that the distribution of internet consumption is un-evenly distributed across–or in more laymens terms–a few internet users are using the vast majority of the bandwidth.
Two days ago, the Democratic Action Party (DAP) lodge a report to the MCMC on an ‘internet blockade’ targeting DAP related political websites that was allegedly being carried out by Telekom Malaysia (TM). As you may know TM is the largest ISP in Malaysia, and if TM suddenly blocks a website–a large chunk of the Malaysian public are automatically denied access to it.
The DAP IT manager (didn’t know the DAP had an IT team now did ya?), in his press statement said that :
In investigating the DPI filtering equipment location, I have found 1032 suspicious network equipment using same IP address family as the the Arbor Network Peakflow SP with TM branding. Since the login page of this network equipment bears TM logo, undoubtedly MCMC should haul up TM and conduct IT forensic investigation on all 1032 equipments without delay. I am fully prepared to assist MCMC in its investigations.
In light of this new evidence, MCMC must re-examine its 2nd May statement. MCMC should be politically impartial and hold the standard of government regulatory body that it should be. It must put the interest of all Malaysians first.
Now this isn’t really news, to be fair the Arbor Network Peakflow SP solution is meant primarily as a DDoS protection security suite with a slight tinge of DPI functionality added on the side. TM in their defence haven’t really denied they own the Arbor Network solution–there’s even a joint press release from 2004 to announce their purchase of it.
Unless TM operates like the government, in which they announce the purchase of something in 2004, but only start to using it in 2013–I’m guessing they were using Arbor for other purposes before they decided to unleash its DPI functionality.
But there could be a twist.
I’m not a usual fearmonger, or a person who panics easily–yet you friendly local tech evangelist has a warning for Malaysian users out there. Unifi is censoring the internet in the run up to the hotly contested GE1–and that’s what…
A couple of days ago, a reader of the blog wrote a rather long comment on a post I wrote about writing to TM’s CEO to restore my Unifi service. The comment detailed out a long horrific story of a foreigner in Malaysia trying to get decent broadband. I felt the story was to compelling to leave in the comments section and requested permission from the author to post it formally on the blog un-edited and in it’s original form, she consented and so here’s a little bed-time reading from a rather unhappy customer of both Maxis and Unifi.
Many folks seem to be stuck with their Unifi Passwords. It’s actually quite simple.
For the most part, most Shops and Restaurants that provide Free Wi-Fi via Unifi don’t change their Router Password allowing easy access for a nefarious intruder to logon and gain access to the router. Once inside, they’ll be able to do lots and lots of damage, including opening up a permanent backdoor to the router for continuous malicious fun!
Don’t be afraid though, for the most part iPhones are pretty invulnerable to network attacks, ‘most’ Androids as well. However, a small select few who choose to roots their phones and install non-standard pieces of software may be susceptible to.
If you’re on Unifi and find yourself ‘locked’ out of your own router, try these password combinations:
Username : admin
Password : <blank>
*<blank> means don’t enter anything and leave the field blank
Username : admin
Password : telekom
Either of these should get you into your router. If you’re still unable to log onto your router, don’t despair. This is actually a good opportunity for you to practice your newly found skills. The guys over at Unifi Athena have actually come up with a way to find your router password through some very simple and easy steps, check out their tutorial here.
A Domain Name Server (DNS) is basically the address book of the world wide web. What it does in very simple terms is it converts a web address like www.keithrozario.com into an Internet Protocol address like 18.104.22.168 (this might look like garbage but it’s actually 4 numbers separated by a dot, and it’s these 4 numbers that uniquely define every machine on the internet).
It’s the Internet Protocol address that can actually get you to your destination. Think of it like the actual phone number of the person. It’s nice to know someone’s name, like Keith Rozario, but it means nothing in terms of contacting me if you don’t have my Phone Number. So if you wanted to contact me with just my name, you’d have to look for something called a ‘phone book’. In this case, the DNS is the phone book, that translates a name to a number, and the DNS is publicly available.So what is a Dynamic DNS? Well, that’s where the allocation from name to IP is dynamically allocated. For instance, the IP address of my website has remained static for the 1.5 years it’s been around. So the DNS allocation for my website is pretty much stable. Although I did recently change the web-host, but that’s another story.
However the IP address of my home Unifi connection changes everytime I restart my router, which is about once a week or so. If I wanted to add some sort of permanence to my connection, without splurging for expensive static IP packages, I could opt for a Dynamic DNS (or DDNS).
So let’s say I have a IP camera at home, that’s recording a video feed that I can view on my phone. If I connected my phone to the IP address directly, that wouldn’t be a good idea. If the connection dropped while I was away, or my house had an intermittent power cut, that forced the router to re-start (and hence change it’s IP), I would lose all connectivity to the IP camera, and my entire home network as well. This is because, I wouldn’t know what my home network IP address would be anymore, and hence have no way to contact it. It’s like changing my phone number, if you keep trying to call your old number you’d most probably get an error message, or wind up calling someone else.
Port Forwarding is a really simple concept, but a very important step you need to take if you want to remotely access the devices you have at home. For instance, if you have a Unifi connection connected to an always on desktop and you wanted to Remotely access your windows machine, you’d need to perform port forwarding on your router.
Similarly if you’ve just installed a new IP camera in your home, and want to access the camera while you’re on the road you’ll need to perform port forwarding on your router.
Port forwarding is a neccessary step in order to access your home devices from outside your home. If you want to access anything in your home remotely you’ll need to configure some sort of Port Forwarding, and here’s the why are how.
With the newly enacted Evidence Bill Amendment, you would have been deemed to have published everything that originates from your IP address. What that means is that if someone hacks your Wi-Fi and then uses it to publish malicious or seditious statements online, you will be deemed to have published it, and the onus is on YOU to prove you’re innocence rather than for the prosecution to prove your guilt.
So obviously with the new law floating around, Wi-Fi security should be at the top of every Unifi Subscribers agenda–if it isn’t already.
However, how secure is your Unifi Wi-Fi connection?
The short answer is not so secure.
The brilliant blog Lifehacker recently posted an article on how you can hack Wi-Fi connections secured by a WPA or WPA2 password. The post is quite detailed but even I have to admit the technical skills neccessary to pull this off is somewhere between intermediate and expert. At the end of the post is a link to a spreadsheet detailing all the devices that are susceptible to this hack, and one of those devices is the DLink Dir-615 Wi-Fi router, if it doesn’t sound familiar let me refresh your memory–it’s the router that Unifi gives out to all Unifi customers!!! (que bone-chilling Alfred Hitchcock Movie sound)
Now taking aside the fact, that I could probably call all Unifi customers to request the Wi-Fi password printed at the bottom of their router, and 50% would probably provide that to me with no issue, this also means that for those people smart enough to hide their passwords — I can still hack your Unifi Wi-Fi connection no matter what you do on your router. There’s literally nothing you can do, hiding SSIDs don’t work and neither will MAC address filtering. Of course this is all theory, and testing this theory took a lot more time than I had, so I’m not sure.
What I am sure is that Unifi have their own firmware for the DIR-615 router, and that’s a partially susceptible router, meaning some firmwares are susceptible some firmwares aren’t, and it’s a coin toss and whether your router at home is susceptible.
Now, while I know of a few people who hack Wi-Fi passwords just for the fun of it,and there’s a lot of references and material online detailing the steps required–so we all know this works. In fact you can buy packages online that allow you crack the routers easily :). This blog written in Malay claims that they’ve successfully hacked a DLink Dir-615 router, I’ve no doubt it’s possible, but it’s not easy and it takes time.
Either way though, it’s always good to remember this. There is no such thing as impossible to crack, merely inconvenient and infeasible. Don’t believe me? Check out this story of how a group of University Students manage to hack a US Military Drone in mid-flight using nothing more than $1000 worth of equipment, do you really think your Wi-Fi at home is more secure a ‘death from above’ US Predator Drone? Every Wi-Fi access point hackable, it’s only a matter of how much time, effort and money is required.