Tuesday, October 2, 2018

Heat dissipating solution for Asus RT-AC86U router with USB cooling fans

The Asus RT-AC86U wireless router has a stand-up design and its heat management is relying on passive cooling.

Unlike those flatbed routers which we can easily provide heat dissipating solution to them by using normal laptop USB cooling fans, the temperature management solution for this stand-up router needs some tweaking to attach external fans to it. Luckily, there is ready made solution in the market, and it is quite cheap too.

If you are using AsusWRT-Merlin firmware in the router, you are able to read the runtime temperature reported at its Broadcom BCM4709 processor (CPU), Broadcom BCM4365E 2.4GHz WiFi SoC chipset and Broadcom BCM4366E 5GHz WiFi SoC chipset respectively.

In normal operation, the temperature at 2.4GHz WiFi chipset stays around 50-55 degree Celsius and the temperature at 5GHz WiFi chipset stays around 55-60 degree Celsius. However, the dual-core CPU temperature is always on the high side, staying above 70 degree Celsius, and there are users reporting that it can go up to above 90 degree Celsius.

If you are feeling uncomfortable with these kind of temperature readings and would like to lower them down to a more comfortable level, you just need to install a pair of external USB cooling fans at the back of the router.

The two 7cm fans are powered by 5V DC from the USB 2.0 port of the router itself. You can also plug it to the router's USB 3.0 port, but that port is normally used by external storage, USB Internet dongle, etc.

It is attached to the back of the router using 3M double-sided tape provided in the cooling fans set package.

Within 20 minutes, the pair of fans are able to cool down about 5 degree Celsius to both the 2.4GHz and 5GHz chipsets respectively. They can effectively cool down the temperature of the CPU by a whopping 20 degree Celsius.

With this heat dissipating solution, now the temperature at the 2.4GHz chipset reduced to around 45 degree Celsius, and the temperature at the 5GHz chipset reduced to around 52 degree Celsius. The CPU temperature greatly reduced to around 53 degree Celsius.

If I power down the fans by unplugging it from the router's USB port, all the 3 temperature readings will gradually increase, and went back to the previous high level within 20 minutes.

The fans are rotating at relatively low speed at 2100 RPM, making them pretty quiet. You can hardly hear their noise unless putting your ear very close to them during silent night.

According to their specifications, their noise level is at 18 dBA only. Their lifespan is around 50,000 hours, which is equivalent to over 2000 days, long enough to serve for the entire lifespan of the router.

Other than Asus RT-AC86U, this pair of USB cooling fans can also be used for Asus RT-AC68U router as both of them are having very identical size and casing build.

Monday, October 1, 2018

My Asus RT-AC86U AC2900 wireless dual-band MU-MIMO gigabit router with TM UniFi and Maxis Home Fibre support

The Asus RT-AC86U is a multimedia wireless router with gaming support, which you can also classify it as an entry level gaming router. For more powerful gaming router that gives you great online gaming experience, you should look for the ROG series instead.

It is the successor of the popular Asus RT-AC68U router, with similar stand-up design, identical front LED panel, rear connectors and buttons, but the internal circuit board is totally different. Thanks to this stand-up design, it has a much smaller footprint compared with those flatbed routers.

The CPU of this Asus RT-AC86U is powered by a dual-core Broadcom BCM4906 64-bit processor clocked at 1.8GHz (ARM v8 Cortex A53 architecture built with 28nm technology), which is apparently more powerful than the Broadcom BCM4709 processor used in Asus RT-AC88U AC3100 wireless router.

More powerful CPU provides better user experience for the more CPU intensive tasks, such as when using USB 3.0, SMB v2, data encryption, etc.

This Asus RT-AC86U is an AC2900 wireless dual-band MU-MIMO gigabit router. Oddly, it has lesser number of antennas compared with most of its counterparts in the market. It has 3 dual-band external antennas and 1 more internal antenna for the 5GHz radio band. Well, do not be fooled by this appearance. Indeed, its wireless signal strength and reach is pretty powerful.

Powered by Broadcam's NitroQAM support with 1024-state quadrature amplitude modulation (1024-QAM), if the connecting wireless device is also supporting 1024-QAM, each data stream of its 2.4GHz band can have a maximum data transfer rate of 250Mbps, and each data stream of its 5GHz band can have a maximum data transfer rate of 541Mbps. Both are 25% higher than the older TurboQAM technology (each 2.4GHz band = 200Mbps, each 5GHz band = 433Mbps) in used by predeccessing wireless routers such as Asus RT-AC68U.

Its 2.4GHz radio band is powered by a Broadcom BCM4365E 3×3:3 SoC chipset, able to serve a combined maximum data transfer rate of 3 streams of 250Mbps = 750Mbps.

Its 5GHz radio band is powered by a Broadcom BCM4366E 4×4:4 SoC chipset, able to serve a combined maximum data transfer rate of 4 streams of 541Mbps = 2,164Mbps.

However, most of the mobile devices nowadays are still using the 256-QAM technology, which supports maximum data transfer rate of 600Mbps in 2.4GHz and 1,733Mbps in 5GHz. Only the latest mobile devices with 1024-QAM support are able to unleash its full potential of serving 750Mbps in 2.4GHz and 2,164 in 5GHz.

The 2.4GHz wireless network of this router just performs a decent job, on par with other good quality wireless routers. Its main strength is on the 5GHz wireless network, which surprisingly having a very strong, far and stable reach. It is still detectable and accessible in locations which are beyond the reach of the 5GHz wireless network of my previous router.

With this Asus RT-AC86U router serving from the middle of my house, I don't even need to use any range extender to have stable and fast WiFi in every corner of my house. The WiFi signal, powered by Asus Range Boost technology and AiRadar beamforming, can also be detected further away from outside the house.

This Asus RT-AC86U has a total flash memory of 256 MB, and RAM of 512 MB. Both are doubled when compared with Asus RT-AC68U. It is pretty feature rich, configurable through Asus' famous AsusWRT web interface.

It has dual WAN support, which the second WAN link can be supplied using a 4G USB dongle or USB modem, or making use of one of its gigabit LAN ports for WAN purpose. The secondary WAN link can be configured for load-balancing or standby as failover backup link.

It supports TM UniFi IPTV by simple setting and connecting its LAN Port #4 to the TM UniFi set-top-box. It also supports IPv6 flawlessly.

It supports up to 3 separate Guest Networks in the 2.4GHz band, and up to another 3 separate Guest Networks in the 5GHz band.

Being a multimedia wireless router, it has features such as AiCloud 2.0 which enables the router to provide file server function and even media server function by attaching USB storage device such as USB thumb drive or USB external harddisk to its USB 3.0 port.

You can configure for the file server function and/or media server function to be accessible from local network only, or even from the Internet. Having dynamic WAN IP is not a problem, as you can configure the router to make use of DDNS service, so that you can always connect back to your router with its DDNS domain name.

By making use of Samba service, it can also provide Smart Access function for you to remotely access through Internet to the shared files and resources in your local network.

Access to AiCloud 2.0 can be made via its web interface, or by using the free AiCloud Android or iOS mobile app.

Its USB 3.0 file sharing is pretty fast. Accessed from LAN, my Transcend StoreJet 5400 rpm 1TB portable hard disk with NTFS partition attached to the router is accessible with a read speed of 101 MB/s (808 Mbps) and a write speed of 89.9 MB/s (719.2 Mbps).

It provides AiProtection feature with Trend Micro, with malicious sites blocking, 2-way IPS and infected device prevention & blocking. This is able to give you an additional layer of protection at the network perimeter, on top of the antivirus/anti-malware protection that you installed in your computers. You would not be surprised to see AiProtection successfully intercepted some malicious website accesses that skipped through your computer's antivirus/anti-malware screening.

It also equipped with Parental Controls function that enable you to block access to websites of certain criteria (such as adult websites). In addition, you can set time scheduling for the computers and network devices in your network so that they are restricted to access the Internet during certain time period.

Parental Controls works best together with the free Asus Router mobile app available for Android and iOS. In the mobile app, you can define which network devices are used by which family member, and the mobile app will block the adult websites for your children under 18 years old.

Its Adaptive QoS function enables you to set priority for certain network traffic, useful for online gaming. You can also configure it to make use of WTFast Gamers Private Network for faster online gaming experience.

This Asus RT-AC86U has quite frequent firmware updates, particularly to patch up security issues or to fix performance issues. Other than using the stock firmware, you also have option to install customized firmware such as the AsusWRT-Merlin firmware which is developed based on the stock firmware and more emphasis on security, usability and stability.

Saturday, September 22, 2018

Quick and effective fix for Whatsapp voice call intermittent quality problem

There are quite a lot of occasions I experienced intermittent quality problem when making or receiving WhatsApp voice call. The sound from the other party just couldn't transmit well to my phone.

This kind of intermittent situation occurred even when I was connected to 5 GHz WiFi with high speed fibre Internet access, and I was very sure that the network utilization during the call was low without any congestion at all.

After some trial and error attempts to improve the situation, I finally found out the solution to fix this WhatsApp voice call intermittent problem.

You just need to change one setting in WhatsApp, and your WhatsApp voice call will be magically turned from intermittent to very clear.

If you are also experiencing similar problem with WhatsApp voice call, try go to Settings > Data and storage usage > Call settings and enable "Low data usage".

I am not sure what does WhatsApp do behind the scene with this setting turned on, but it does magically fixed my voice call problem. It works both when using WiFi or using mobile data.

Tuesday, September 18, 2018

Wegmans (WEGMANS, 0197), a furniture company that growing on and growing up

Recently listed in the ACE market in March 2018, Wegmans Holdings Bhd (WEGMANS, 0197) is a wood-based (mainly rubberwood) home furniture manufacturer, targeted for the medium-income level customers. Its products are sold both directly to customers and also through agents.

This holding company only has a single 100% owned subsidiary called Wegmans Furniture Industries Sdn Bhd which carries out the actual furniture designing, manufacturing and selling business.

If you are unfamiliar about this company, the 8 minutes corporate video below will give you a good idea about its background.

In its IPO, 100 million shares were placed out at the price of RM0.29 per share at the placement proportion as follow:
  • 25% - Malaysian public
  • 15% - Directors, employees, business partners, suppliers & customers
  • 10% - Private placement to institutional and selected investors
  • 50% - Private placement to identified bumiputera investors
Its IPO was well received with an over-subscription of 16.38 times. Its price closed at RM0.295 during the first trading day on 6 March 2018.

The proceeds from IPO were allotted as follow:
  • RM11 million for construction of new factories
  • RM11 million for purchase of new machineries and equipment
  • RM3.5 million for working capital
  • RM3.5 million for listing expenses
Therefore, it is pretty clear that the purpose of its IPO is for expansion and fuel for continuous growth.

The key historical milestones of WEGMANS is as below:
  • 1994 - Wegmans Trading founded with a small factory on a piece of 2,000 sqft. rented land at Jeram Masjid, Muar, Johor, to produce and supply furniture parts for wooden dining chairs and sofas to local furniture manufacturers.
  • 1997 - Production floor space expanded to 6,000 sqft.
  • 1999 - Wegmans Furniture was established to replace Wegmans Trading, with an aim of becoming a furniture manufacturer and exporter.
  • 2000 - Started to manufacture and sell dining tables and dining chairs.
  • 2001 - Production floor space expanded to 14,000 sqft. Began to export products to customers in South Korea and Australia.
  • 2002 - Started exporting to more countries including Belgium, Denmark, Finland, Germany, Greece, Netherlands, New Zealand, Saudi Arabia, Spain, Singapore, Sweden, United Arab Emirates and USA.
  • 2003 - Widened product range to include living room furniture.
  • 2004 - Production floor space expanded to 18,000 sqft.
  • 2005 - Began spraying works in Block B (49,400 sqft). Widened product range to include bedroom furniture.
  • 2006 - Factory Block A (55,952 sqft) started operation.
  • 2009 - Total export markets to 44 countries.
  • 2010 - Factory Block C (42,846 sqft) started operation.
  • 2012 - Obtained ISO 9001 certification
  • 2015 - Purchased 254,436 sqft land to build own factory for raw material storage and wood preparation. Will be operational soon in 2018 to takeover current facilities on a piece of land rented from Poh Huat (POHUAT, 7088).
  • 2016 - Purchased 905,397 sqft land for production expansion.
Today, WEGMANS revenue is still heavily depend on dining room furniture. Its proportion of revenue contribution is as follow:
  • 93.13% from dining room furniture
  • 4.17% from living room furniture
  • 1.67% from bedroom furniture
  • 1.03% from others
Its major customers are:
  • Nitori Co Ltd, Japan (17.73% revenue contribution)
  • Super A-Mart Pty Ltd, Australia (10.22% revenue contribution)
  • Home Retail Group (Hong Kong) Ltd, United Kingdom (5.64% revenue contribution)
Its major suppliers are:
  • Chinfon Timber (7.03% of total purchases)
  • Plymax Veneer Sdn Bhd (10.42% of total purchases)
Price and supply-demand situation of raw materials, particularly rubberwood, is a kind of risk that might affect the business and financial of WEGMANS. Anyhow, WEGMANS has not been hit with this kind of issue, as they maintain many years of good long-term relationship with suppliers.

99.03% of its revenue is derived from exports to over 70 countries around the world. Of which, there are 14 countries with consistent export orders, namely: Australia, Canada, Denmark, Estonia, France, Germany, Japan, Korea, Norway, Singapore, Spain, Sweden, United Kingdom (UK) and United States of America (USA).

The revenue contribution from export countries are as below:
Since WEGMANS is export oriented, it is exposed to foreign exchange risk. Every 5% change in USD/RM exchange risk will bring fluctuation of RM430,000 to its profit after tax. Since the USD is strengthening against most of the currencies including MYR over the past few months, this situation is expected to have positive effect to WEGMANS upcoming 2018 Q3 financial result to be announced in November 2018.

(USD/MYR chart generated from Bloomberg website)
WEGMANS develops and maintains its competitive strengths through:
  • Own design and development
  • Stringent QC
  • Established business relationships
From these information, we can view that WEGMANS is able to maintain its bargaining power towards customers and suppliers, and able to sustain against threat of new entrance and threat of substitute products.
It is also able to maintain quite a sustainable competitive advantage.
WEGMANS currently has a staff strength of about 600, of which 84.22% are foreign workers.
The furniture industry is labour intensive, unless more automation is employed.
Any change in foreign worker policy in Malaysia or in the countries which the foreign workers are employed from, may result in difficulties for them to maintain a sufficient foreign labour workforce.
In addition, cost of hiring labour may increase in the future and they might not be able to pass on such increase in cost with corresponding increases in the prices of their products.

Furthermore, their future expansion plan requires a significant increase in labour to meet increased manufacturing activities.
There may also be disruption in the supply of foreign workers to Malaysia, which may delay them to hire new foreign workers in time after the expiry of the contracts of the existing foreign workers.

As a result, their business operations and financial performance may be materially and adversely affected. It is imperative for them to go for more automation and furthermore to embrace the Industry 4.0 revolution.
Other risks inherent in the furniture industry include fire hazards and disruption to electricity supply.

WEGMANS is led by 2 key senior management persons.
Mr. Keh Wee Kiet, 48, is its managing director who in charge of strategic planning and overseeing the manufacturing operations of the company. He has more than 24 years of hands-on experience in the furniture industry.
He is the main founder who built and grew the business from a sub-contractor to a reputable exporter, especially during the period when Mr. Collin Law was still a sleeping partner before he eventually joint as executive director in 2005.
Mr. Collin Law Kok Lim, 48, is its executive director who is currently responsible for overseeing their business development and Design and Development (D&D) departments.
He joined as the Executive Director in February 2005 to set up the sales and marketing department to secure customers directly so as to reduce the reliance on third party agents. In the same year, he was also instrumental in setting up the D&D team.
He keeps abreast with the latest market developments globally by participating in international furniture trade exhibitions and events.
WEGMANS practices a good corporate government by having different person as board chairman and managing director.
The chairman, Mr. Chan Wan Seong is an independent non-executive director. He is primarily responsible for matters pertaining to the Board and the overall conduct of the Group.
The distinct and separate roles of the Chairman and Managing Director, with a clear division of responsibilities, ensure a balance of power and authority, such that no one individual has unfettered powers of decision-making. The Managing Director oversees the day to day management and running of the Group and the implementation of the Board’s decisions and policies.
In 2017, the 2 executive directors received annual remuneration below RM400,000, whilst the 3 non-executive directors received annual remuneration below RM50,000. This is pretty reasonable.
In 2017, WEGMANS trade receivables increased from 4.8 million to 6 million, whilst trade payables increased from 10.3 million to 12.5 million. The working capital situation is in control.
Credit risk is minimal, as trade receivables past due in 2017 is only RM308,520 (2016 was RM385,925).

As revealed in Annual Report 2017, WEGMANS has only 1,121 shareholders, of which 70% shares are held by the 2 executive directors. Top 30 shareholders are holding 88.6% of the shares, leaving only 11.4% with minority shareholders.
Construction work has already commenced on the 905,397 sqft (20.8 acres) land purchased in 2016 in Mukim Parit Jawa, Muar, Johor. It is broken down into 3 phases.
Phase 1 is to built the following using the proceeds from IPO:
  • New head office and showroom (36,198 sqft)
  • Workers' hostel (140,272 sqft)
  • 1 factory (144,494 sqft)

Construction of the building has been approved by MPM on 29 July 2018.
The construction work has already started. Estimated completion is by early 2019.
The new factory in Phase 1 will be able to double up WEGMANS annual production of chairs from current 0.48 million to 0.96 million, and tables from current 0.19 million to 0.38 million.

The HQ and showroom will also be shifted to this new building, and the existing HQ will be converted into documents storage room, production office and expanded D&D office.
Phase 2 construction will build another 2 factories with land area of 211,079 sqft, and Phase 3 will build another factory on the remaining land area of 151,512 sqft.
Based on current total share issued of 500 millions after IPO, WEGMANS past 4 years financial result is as below:
The slight reduction in net profit in 2017 was due to higher labour cost arising from higher sub-contract wages incurred to meet the production requirements and delivery deadlines for their sales orders.

WEGMANS net debt in 2017 stood at RM19.7 million, forming a Debt/Equity ratio of 56.29%. Hopefully this can be reduced with higher revenue and profit generated, especially after the doubling up of production capacity soon.

WEGMANS past 3 announced quarterly results are as below:

Note that 2018 Q1 net profit was dragged down by a one off charge of listing expenses amounting to RM1.71 million.

WEGMANS share price closed at 34.50 sen on 14 September 2018. Its estimated PE based on 4 trailing quarters, assuming its 2018 Q3 EPS stood at 0.75, will be 19.6.

Its past financial results show that it has been in a growing path.

Its 3 phases future plan with 4 upcoming new factories show that it is well prepared for future growth.

WEGMANS is showing traits of continuous growth, and it is anticipated that its growth will be boosted once its new factory commence operation to double up its production capacity.

WEGMANS has laid out their future plan and strategies as follow:
  • Market penetration - increase production capacity
  • Market development - diversify customer base
  • Product development - increase product range and develop new product designs
On top of these, WEGMANS could be further improved if they could consider to:
  • Employ more automation and embrace for Industry 4.0 to reduce dependency on foreign workers.
  • Put up measure to reduce the Debt/Equity ratio to 30% or below.
  • Gradually increase its dividend yield.

Disclaimer: This article is intended for sharing of point of view only. It is not an advice or recommendation to buy or sell any of the mentioned stock counters. You should do your own homework before trading in Bursa Malaysia.

Monday, September 17, 2018

Pick the right Ethernet LAN cable to suit your high speed fibre Internet access (Cat 6, 6a or 7)

With the fibre optic WAN infrastructure successfully laid in more and more areas nowadays, ISPs are making available to household and commercial Internet access with real high speed of hundreds of Mbps or even Gbps, which make possible streaming of VR gaming or watching of 8K videos through the Internet.

However, in order to get the best from the high speed fibre Internet access that you are subscribing from your ISP, the network infrastructure inside your house or office which connect to the ISP's broadband termination unit (BTU) at your premise needs to also support at least gigabit Ethernet LAN, or else your network speed is still capped with your own low speed infrastructure.

All these components in your premise should support at least gigabit Ethernet LAN:

  • Your ISP should supply you a modern BTU with 1,000 Mbps (1 Gbps) or even 10,000 Mbps (10 Gbps) LAN port. Older equipment could have LAN port which support up to 100 Mbps only.
  • Your router connecting to the BTU should have 1,000 Mbps (1 Gbps) or even 10,000 Mbps (10 Gbps) WAN port and LAN ports. Older equipment could have WAN and/or LAN ports which support up to 100 Mbps only.
  • Your firewall, network switches, and any other network equipments should also support gigabit Ethernet.
  • The network card in your computer, printer, CCTV, IoT devices, and so on which need to enjoy the high speed of gigabit network such also support network connection of 1,000 Mbps (1 Gbps) or even 10,000 Mbps (10 Gbps). It is OK for some of them, such as network printer, to support lower network connection, because the paper printing speed is much slower than the network data transmission speed. If they are connected using WiFi, your WiFi access point (AP) and the connecting devices should support for 5 GHz wireless connection with MU-MIMO technology.
There is another important network infrastructure component in your LAN that needs to have support for gigabit network in order for you to enjoy the high speed network, which are all the network cables that:
  • Connecting your ISP BTU to your router
  • Connect your router to your firewall, network switches, WiFi AP, etc.
  • Connecting your computer, printer, CCTV, IoT devices, etc. to your LAN.
It is advisable for you to use at least Cat 6 cable, or better still Cat 6a or the latest Cat 7 cable. Why? Refer to the table below for their differences:

The industry standard cable shielding mechanism of twisted pair network cable, to reduce electromagnetic interference, is as follow:
  • UTP - unshielded
  • STP - braiding shield
  • S/FTP - braiding and foil shields
Therefore, to be "future proof", it would be a wise choice to opt for Cat 6a or Cat 7 cables now to be ready for 10 Gbps super high speed network.

Friday, August 31, 2018

Free Android app to scan, read and generate QR codes and barcodes (ad-free)

There are quite a lot of QR code scanner in the Google Play Store nowadays. Some can also read and interpret QR code from a graphics file saved in the phone. There are also a few even capable to generate new QR code for you.

However, not all of them are free. And, most of the free one are not ad-free.

I have found one that really impress me. It is a 3-in-1 QR code scanner, reader and generator app, very simple to use, and most importantly, it is free for use and ad-free. This means it won't bombard you with any annoying ads!

This Android app is called QR & Barcode Scanner, QR Code Reader, QR Generator offered by Digital Seo Web. You can click here to download and install it from Google Play Store.

By using the phone's camera, it is able to scan and interpret most if not all QR codes and also 2D barcode types including text, website link, product, ISBN, contact, email, calendar, location, Wi-Fi, data matrix, EAN, UPC, Code39, Code128, Codabar, ITF, EAN8 and many other formats.

The app has a trigger for you to turn on your phone's flashlight during scanning environment with low light condition.

Upon successful interpreting of the scanned code, the result will be displayed on the screen, and you will be given options to open the web URL (for website link), save contact information to your phone contacts (for business card QR code), access to WiFi (for WiFi credential QR code), send it out as email, send it out as SMS, share it to other apps, or export it to a CSV file which will contain the date, type and interpreted content of the code.

This app has a very clear-cut menu.

You can read the QR code or barcode saved as PNG, JPG or other graphics file by using the Gallery function.

You can generate your own QR code by using the Generate function.

You can look back at the past scanning/reading results by using the History function.

This app is able to generate quite a number of QR code types, including personal profile, business profile, contact number, SMS message, plain text, email, website URL and company profile.

You can save the generated QR code as a JPG file in your phone by tapping on the "download" icon at the top-right corner. You can also share the generated QR code to other apps.

This app seems to be pretty new in Google Play Store, but it is really amazing. I highly recommend it for all Android phone users who are looking for a free, modest and ad-free QR code scanner, reader and generator.

Sunday, August 26, 2018

DIY applying for China visiting visa with Kuala Lumpur CVASC using online appointment

Malaysian passport holder who intends to visit to China needs to apply for a valid visa before making the travel, as there is currently no visa exemption arrangement between China and Malaysia yet.

Application for the required Chinese visa needs to be done in the office of Chinese Visa Application Service Center (CVASC) available in Kuala Lumpur, Penang and Kuching. You can either complete the whole process by yourself, or choose to make the visa application through an agent, which will charge you additional fees for their service.

In fact, the process to apply for Chinese visa is pretty straightforward and fast provided you follow the procedure correctly.

The Kuala Lumpur CVASC office is located in Hampshire Place, Jalan Mayang Sari, 50450 Kuala Lumpur. You can take the LRT there by coming out from either Ampang Park station or KLCC station. The Hampshire Place building is within walking distance behind the Bank of China building.

If you drive there, you can park in the visitors car park of Hampshire Place, but the parking lots are quite limited. In case the parking at Hampshire Place is full, you can park your car in the visitors car park of Megan Avenue 1 just across the road.

Here is the procedure to apply for the China visiting visa by yourself with Kuala Lumpur CVASC.

Step 1: Get ready the required documents

You will need:

  • A valid passport with more than 6 months before expiry date.
  • Your passport must have at least 2 empty pages. The visa itself will take up one full page.
  • A photocopy of your passport page with your personal information and photo, and the adjacent page with your signature.
  • 2 pieces of passport size photos. Make sure the background of the photo is white (not blue) in colour.
  • If you are travelling as tourist, you will need to submit a photocopy of your air ticket.
  • If you are travelling for business trip, you will need to submit a letter of invitation from China and a letter of dispatch from your company in Malaysia. There are certain criteria needs to be explicitly printed in both the letters, including your personal particulars (full name, gender, date of birth, etc.), detail of the company that issued the letters respectively (name, contact, address, official stamp, etc.) and your visit itinerary. The date of both the letters must not be longer than 3 months from the date of visa application.
You can apply for single-entry visa or multiple-entry visa. If you intend to apply for multiple-entry visa, you need to also photocopy your passport page containing your previous Chinese visa which was applied less than 2 years ago. For first time visit to China, you can only apply for single-entry visa or double-entry visa.

Fees will be higher for multiple-entry visa. The current schedule of fees is as below:

Step 2: Fill up the online visa application form and make the online appointment

In order to complete this step, you will need:
  • A computer connected to the Internet.
  • The computer is installed with Adobe Acrobat Reader.
  • The computer is connected to a printer.
  • Preferably to access the online visa application form and online appointment form using Google Chrome.
When you are ready, click here to go to the Kuala Lumpur CVASC Quick Access webpage. You might want to bookmark this URL for future access.

After you have reached the webpage:
  • Click on the button inside the Application form box in the webpage.
  • Follow the step-by-step instruction to fill up the online visa application form.
  • Save your form online, and go through all the fields to review it. Make sure all information is correctly filled up.
  • Finalize and print out your visa application form.
  • Don't forget to manually sign on the printed application form.
  • Don't forget to attach with your passport size photos (with white background) and all the supporting documents.
  • Click on the button inside the Appointment box in the webpage.
  • Fill up the online appointment form.
  • Submit the appointment form online, and print out the confirmed appointment slip.

Step 3: Visit to CVASC for document submission

On the date and time of your appointment, bring your original passport, photos, all supporting documents and the appointment slip to CVASC office at Level 5 of Hampshire Place.

At the front counter, submit all your documents for checking. If all your documents are complete, you will be given a queue number.

Wait for your number to be called, submit your documents to the officer, and you will be given a pickup form with the date to collect back your passport.

The whole process should take less than 30 minutes from the time you step in Level 5 to the time you step out the office.

No payment is needed during document submission. You will only need to pay during passport collection.

Step 4: Visit to CVASC for passport collection

On the day of passport pickup, just bring along your pickup form and visit CVASC office at Level 6. There is no specific appointment time needed for passport collection. You will need to arrive at the office between 9.00am and 3.45pm.

Let the front counter inspect your pickup form, and you will be given a queue number.

Wait for your number to be called, submit your pickup form to the officer, and you will be required to make payment for your visa. You can either pay by credit card or pay by cash.

After payment made, just wait for a while and your passport will be returned to you with the visa in it. Make a last checking on the visa detail before leaving the CVASC office.

The whole process should take less than 30 minutes from the time you step in Level 6 to the time you step out the office.

Thursday, July 12, 2018

Updated the firmware of my TP-Link RE450 AC1750 WiFi range extender to Build 20171215 Rel. 55534

I just discovered that there is a new version of firmware released on 15 December 2017 and made available for download on 22 December 2017 for my TP-Link RE450 AC1750 WiFi range extender. I should have discovered this earlier!

This is an important firmware update, because it includes the security bug fix for the WPA2 Security (KRACKs) Vulnerability.

Other enhancements and bug fixes in this version of firmware include:

  • Improved online detection method and reduced unnecessary data traffic.
  • Improved the system stability and wireless stability.
  • Fixed the wireless compatibility with Volvo cars.
  • Fixed the wireless compatibility with some wireless network card.
You can download the new firmware update file from TP-Link official website, under the Support > Firmware section.

To update the firmware, unzip the downloaded file, and upload it to your RE450 WiFi range extender by login into the device, and go to System Tools > Firmware Upgrade section.

Your existing configuration in the RE450 will still remain after this firmware update.

After the update, you will see the firmware version changed to 1.0.0 Build 20171215 Rel. 55534.

Wednesday, July 11, 2018

Insecurity in the Internet of Things (IoT)

The Open Web Application Security Project’s (OWASP) List of Top 10 Internet of Things (IoT)Vulnerabilities sums up most of the concerns and attack vectors surrounding the IoT category of devices as below:
  • Insecure web interface
  • Insufficient authentication/authorization
  • Insecure network services
  • Lack of transport encryption
  • Privacy concerns
  • Insecure cloud interface
  • Insecure mobile interface
  • Insufficient security configurability
  • Insecure software/firmware
  • Poor physical security

During a research by Symantec in 2015, they found issues such as the following:
  • Around 19% of all tested mobile apps that are used to control IoT devices did not use Secure Socket Layer (SSL) connections to the cloud
  • None of the analyzed devices provided mutual authentication between the client and the server
  • Some devices offered no enforcement and often no possibility of strong passwords
  • Some IoT cloud interfaces did not support two-factor authentication (2FA)
  • Many IoT services did not have lock-out or delaying measures to protect users’ accounts against brute-force attacks
  • Some devices did not implement protections against account harvesting
  • Many of the IoT cloud platforms included common web application vulnerabilities
  • 10 security issues were found in 15 web portals used to control IoT devices without performing any deep tests. 6 of them were serious issues, allowing unauthorized access to the backend systems.
  • Most of the IoT services did not provide signed or encrypted firmware updates, if updates were provided at all
The above information is excerpted from a Symantec white paper regarding the Insecurity in the IoT.

Tuesday, July 10, 2018

My electronic UV light mosquito trap

There has been increased dengue fever cases in my residential area. As a preventive measure, I have bought some electronic ultraviolet light mosquito traps to capture the mosquitoes found in my house.

The body of this mosquito trap is mostly made by plastic, which might be the reason for its cheap price selling at around RM25 only. Anyhow, as long as it works, I am happy with it.

The most important parts of this mosquito trap are its 6 LED lights on top which emit purplish visible light and ultraviolet light which function to attract the mosquitoes to fly to it, and a small fan to suck the mosquitoes down into the trapping chamber.

As you can see from the photo, the trapping chamber can be opened up like a drawer, and you can inspect the amount of insects trapped and died inside, wash it and put it back to the device.

Its fan will generate some noise during operation, not very loud, but still audible at close distance, especially during quiet time. It's suction is not very powerful, so probably can only able to suck in the mosquitoes which flied very near to it, and might not be strong enough to suck in larger insects such as flies, cockroaches, etc.

Now, this question is, does it really work? I really can find dead mosquitoes in the trap. There isn't much mosquito in my house all the while though.

So, it really works! It might not be as effective as those models that use electrocute to kill the insects, but at this price I think is a worth.

Friday, July 6, 2018

ADcase the handphone case with special dampers that can save the phone from dropping damage

ADcase (active damping case) is a very innovative handphone case invented by a German engineering student called Philip Frenzel. It has just won an award from German Mechatronics Society.

The phone case has special shock-absorbers made with metal springs at its 4 corners. In normal situation, the shock-absorbers are hiding inside the case, and the case just looks like other normal handphone cases.

When sensors inside the case detected that the phone is on free fall dropping, it will immediately unfold the metal springs before hitting the ground. In this way, it can effectively protect the phone from damage due to dropping.

After the falling, the dampers can be manually folded back into the case and are therefore reusable.

You can watch the video below to see how ADcase reacts when the phone is dropping.

Very brilliant idea, isn't it?

Thursday, July 5, 2018

WiFi Alliance introduced WiFi Certified WPA3 to replace current WPA2 security standard

WiFi Alliance has just introduced WiFi CERTIFIED WPA3 (Wi-Fi Protected Access version 3) as the next generation WiFi security standard, bringing new capabilities to enhance WiFi protections in both personal and enterprise wireless networks.

Key capabilities of WPA3 include:
  • WPA3-Personal: more resilient, password-based authentication even when users choose passwords that is simple to remember. WPA3 will leverage on Simultaneous Authentication of Equals (SAE), which is a secure key establishment protocol between devices, to provide stronger protections for users against password guessing attempts by third parties.
  • WPA3-Enterprise: offers the equivalent of 192-bit cryptographic strength, providing additional protections for networks transmitting sensitive data, such as government or finance. The 192-bit security suite ensures a consistent combination of cryptographic tools are deployed across WPA3 networks.
With the evolution of WiFi security from current WPA2 to WPA3, we can expect:
  • WiFi password to be a lot more difficult to crack.
  • WiFi CERTIFIED Easy Connect - IoT devices can connect to WiFi network more easily.
  • WiFi data sniffed and recorded without knowing your password will not be able to decrypt even if your password is obtained later.
  • WiFi CERTIFIED Enhanced Open - communication in open connection (WiFi connection without the need of any password) will also be encrypted, therefore much more secured than WPA2 open connection. In current WPA2, if the WiFi is connected using open connection without the need of password, the communication between the WiFi connected device and access point is not encrypted.
  • Stronger WiFi encryption by replacing the existing PSK (Pre-Shared Key) system in WPA2 with the new SAE system.
Anyhow, in order to enjoy the benefits of using WiFi WPA3, both the access point (or wireless router) and the connecting device must support this new WiFi security standard. Devices that support WPA3 will probably hitting the market from year 2019 onwards and gradually replacing the existing which only support up to WPA2.

Friday, June 29, 2018

My Dell DA300 6-in-1 USB-C mobile adapter

My Dell Inspiron 5370 laptop has limited output ports as a trade-off for its slim and lightweight design. It only has 1 USB 3.1 Gen 1 (Type-C) port with Power Delivery/DisplayPort, 1 HDMI 1.4b port and 1 combo audio port.

This means that it can only connect to the network using WiFi connection, as there is no Ethernet port. It is also not able to output its display to projector using VGA connector unless making use of an adapter to convert its HDMI output to VGA.

Luckily, Dell has made available a DA300 6-in-1 USB-C mobile adapter which is able to convert the USB-C port of the laptop into:

  • HDMI 2.0 port that supports 4K display output
  • DisplayPort (DP) 1.4 that supports 4K display output
  • VGA port that supports 1080p full HD display output
  • Ethernet network port that supports MAC address pass-through, PXE Boot, and Wake-On-LAN
  • USB-A port with up to 10 Gbps data transfer speed
  • USB-C port with up to 10 Gbps data transfer speed

This Dell DA300 mobile adapter is plug-and-play on supported Windows 10 computer. It can be used straightaway without the need to install any driver.

It offers seamless video, network, and data connectivity, in a neat, compact design. It price of around RM300 is quite reasonable for its 6-in-1 functions and its innovative design.

Wednesday, June 27, 2018

About the Cyber Kill Chain

The Cyber Kill Chain introduced by Lockheed Martin is a cybersecurity model to describe, in general, how a computer intrusion (hacking) through IT network is carried out in 7 distinguished stages. It was developed based on military attack kind of thought.

Anyhow, there is no common SOP in cyber-attack, and hackers are not necessary following the Cyber Kill Chain of planning and action in their attacks.

This model is however useful to plan for cyber-defense strategy and measure, and also for cyber-threat analysis to a networked computer system.

The 7 stages in Cyber Kill Chain are:

  • Reconnaissance - the victim is observed, analyzed and studied by the attacker.
  • Weaponization - tools are developed or obtained to exploit the weaknesses found in the victim.
  • Delivery - the "weapon" is deployed to the targeted victim.
  • Exploitation - once the "weapon" is successfully deployed, it will start working by looking for vulnerabilities in the victim's computer system.
  • Installation - at the stage, access is silently obtained by the "weapon". It will find it way to communicate to the attacker using the computer network. Normally, a backdoor is established to enable such linkage.
  • Command and Control - remote access to the victim's computer system is made available to the attacker. The attacker can take over control of the compromized system and issue command to it.
  • Actions on Objectives - with the control, the attacker is able to proceed with the objectives of the attack, such as data exfiltration, data destruction, data encryption for ransom, etc.

With reference to this model, the defending party can plan for countering the attack by the famous 4 Fs strategy, namely:
  • Find the enemy
  • Fix the enemy
  • Fight the enemy
  • Finish the enemy

Thursday, June 21, 2018

Cryptography - the essential technique in today computing world

Cryptography is the method of converting plaintext information into non human-readable form called ciphertext through a process called encryption, and reverse process to convert the ciphertext back to original form called decryption.

Today, knowledge in cryptography is crucial for every computer programmers and computer engineers. It is applied in everywhere in the cyberspace and it is a sin of omission if not applied properly to provide cybersecurity protection in the areas of confidentiality, integrity, authentication, and non-repudiation.

Cryptography is the integral part of blockchains and crypto-currencies such as Bitcoin, Ethereum, etc. It is used to secure data transmission in WiFi communication, 4G LTE network, HTTPS web access, etc. It is also extensively used to secure file system in Apple iOS, Windows Bitlocker, SSD encryption, etc. It enables the implementation of digital signature.

Cryptography makes use of digital key(s) to perform the encryption and decryption process. There is one kind of cryptography called hashing which does not make use of any key, and the ciphertext is non-reversible to original information.

Keyless Cryptography (Hashing)
Hashing is a one way function that convert its input message into irreversible string of text called hash or digest, which normally has a length much shorter than the input message. The key concept of hashing is that the generated digest is unique to the input message, so that same input message will always generate the same digest, and different input message will not generate the same digest.

Hashing is commonly used:
  • To store password for identity authentication
  • To generate checksum or fingerprint to verify if the original information has not been tampered or changed
  • In database and data storage for more efficient data searching
  • In computer geometrics and computer graphics

Examples of hashing function are:
  • MD5 (Message Digest 5) - designed to replace earlier version of MD2 and MD4. Still commonly used despite MD6 has been around to replace it.
  • SHA-3 (Secure Hash Algorithm 3) - winner of the NIST hash function competition.  Commonly used in digital certificates. Supersedes earlier version of SHA-0, SHA-1 and SHA-2.
  • BLAKE2 - Used in RAR compressed file checksum. Supersedes earlier version of BLAKE.

Symmetric Key Cryptography (Private Key Cryptography)
The same private key is used for message encryption and decryption.

It is commonly used in secured data transmission, such as SSH, WiFi with password, 4G LTE communication, etc.

Examples of symmetric key cryptography are:
  • DES (Data Encryption Standard) - designed by IBM in 1970's. Modern supercomputer is able to decrypt DES encrypted information within just a few days. Still commonly used in smart cards, SIM cards, etc.
  • 3DES (Triple DES) - more secure version of DES.
  • IDEA (International Data Encryption Algorithm) - commonly used in Pretty Good Privacy (PGP) email signing and secured email transfer.
  • ThreeFish - is the successor of Blowfish and TwoFish. Commonly used in SSH secured remote access.
  • RC6 (Rivest cipher 6) - designed by RSA Security, patent just expired in 2017. Commonly used for secured data transmission and in bank ATM machines. Is the successor of RC2, RC4, RC5.
  • AES (Advanced Encryption Standard) - commonly used by USA government and commercial sector to protect top secret documents.

Asymmetric Key Cryptography (Public Key Cryptography)
Consists of a key pair. The private key that should be kept secret with the owner, and the public key that needs to be known by others.

In the scenario of digital signing, the private key is used to sign the digital document, and the public key is used to verify the digital signature.

In the scenario of data encryption, the public key is used to encrypt the document to be sent to the private key owner, and the encrypted document can only be decrypted using the corresponding private key.

It is commonly used in Secure Socket Layer (SSL), Transport Layer Security (TLS), S/MIME, digital signature, blockchains and crypto-currencies.

Examples of asymmetric key cryptography are:
  • RSA (Rivest-Shamir-Adleman) - named after its 3 designers. Patent expired in 2000. Compared with DSA, it is slower in digital signing and faster in verification.
  • DSA (Digital Signature Algorithm) - patented but can be used royalty free. Commonly used in SSH and digital signature. Compared with RSA, it is faster in digital signing and slower in verification.
  • ECC (Elliptic Curve Cryptography) - derived from DSA and based on Elliptic Curves theory. Commonly used in Bitcoin, Ethereum, iOS, etc.
  • Diffie-Hellman - is used for public key exchange and not for digital signing or data encryption.

Tuesday, June 12, 2018

Is your organization still following the outdated password policy?

If you were told or forced to set up a so-called "strong password" which required to be determined as complex (must consist of combination of uppercase letters, lowercase letters, numbers, special characters, and so on...) just to safeguard your user account from password guessing, peeping, and/or brute-force attack, the policy is outdated and should be obsoleted as soon as possible.

If you were also told or forced to change your password periodically, let's say every month or so, that thinking also has been admitted by certain cybersecurity experts to be foolish and will not make your account more secured.

Indeed, it only serves to make your life more difficult, and makes your account much more vulnerable if you eventually did either one of the following attempts to help remembering your latest password:

  • Write your latest password on Post-It notes or inside your diary book.
  • Tape your password somewhere near your computer (similar way to what character Nolan Sorrento in movie Ready Player One did).
  • Keep your password in a computer file (text, Word, Excel, ...), either password protected or not.
  • Store it with your web browser's auto-complete feature.
Apparently, the outdated password policy that required complex password and frequent change was derived from a 2003 National Institute of Standards and Technology (NIST) report namely "NIST Special Publication 800-63. Appendix A."

Interestingly, it is also NIST who has overthrown its own password guidelines in its recent NIST Special Publication 800-63A report namely "Digital Identity Guidelines:  Enrollment and Identity Proofing Requirements." released in June 2017. You can download the complete report here for free.

The new report has made the following important suggestions:
  • Verifier SHOULD NOT impose annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. They make most people remembering password by Post-It notes or computer file. It's better to allow people to use pass phrases.
  • Verifier SHOULD NOT bother user with password expiration. That was an old idea for an old way we used computers. Only force a password change when there's indication of compromise.
  • SHOULD use dual factor authentication (2FA). This is the proven to be the more robust and secure way.
Dual factor authentication adds an additional layer of security by requiring not only the password, but also another piece of information that only the account holder has or know. One of the most commonly used method for dual factor authentication is one-time-password (OTP) which could be  event-based (OTP is generated by triggering an event, such as a keypress, explained in RFC 4226) and/or time-based (OTP will keep on changing by time, explained in RFC 6238).

The account holder need to read the OTP from a token, and use it for successful account login. The token can be generated from a hardware device such as key fob, display card, USB authentication key, OCRA keypad, etc. It can also be generated and delivered to the account holder by software, in the form of SMS, email, mobile app display, push app notification, etc.

Note that the use of SMS or email for OTP is also outdated method which is vulnerable to trojan horse interceptions and/or malicious software crack-in. You can search the Internet for the following keywords to read more about how insecure to use SMS for OTP:
  • ZeuS-in-the-Mobile (ZitMo)
  • SpyEye-in-the-Mobile (SPITMO)
  • Android.Bankosy
Besides, the OTP in SMS and email is very likely to be sent in plain text form, which subject to ISMS threats of interruption, interception, modification and fabrication along its way.

Therefore, all organizations should update their password policy for all users to be:
  • Use pass phrases instead of password
  • Use dual factor authentication with secure token (avoid using the outdated SMS or email method)

Sunday, April 22, 2018

Google Chrome and Firefox will distrust websites with SSL/TLS certificate issued by Symantec / Verisign / Thawte / GeoTrust / RapidSSL

Web browsers Google Chrome (with 57.69% global market share as of March 2018) and Firebox (with 5.4% global market share as of March 2018) will start to distrust all the websites with SSL/TLS certificate issued by Symantec, Verisign, Thawte, GeoTrust and RapidSSL.

This means that soon in the near future, every time when you visit such websites using HTTPS protocol with Google Chrome, Firebox and possibly other web browsers which follow suit, the browser will give you a security warning before you can read their webpage.

Some of the affected popular websites including (but not limited to)...


In late 2017, DigiCert has acquired Symantec's Website Security and related PKI solutions which was the Certificate Authority for those affected Symantec, Verisign, Thawte, GeoTrust and RapidSSL SSL/TLS certificates.

Webmasters of all the affected websites can make arrangement with DigiCert to replace their SSL/TLS certificates with a new one issued by DigiCert, which is still trusted by Google Chrome and Firefox.

You can click here to read for more information about this issue.

Tuesday, April 17, 2018

How to enable using F8 during boot up to enter safe mode in Windows 10

Seasoned MS Windows users are very likely to have experience using F8 during computer boot up to enter into "safe mode" of the Windows operating system.

In many occasions, "safe mode" can save your day to enable you to fix something that is broken in the Windows system. Such occasions including but not limited to:

  • Windows update has caused problem and instability to the system. 
  • Problematic hardware device driver (normally arises after new driver update). 
  • Incompatible screen resolution with the monitor causing blank screen or distorted display.
  • Windows is infected by virus or malware that unable to be removed in "normal" mode.
  • Problematic software/application that causes system crash (and unfortunately it autorun during Windows start up)
  • Minor damage to Windows registry or system file due to improper power off.
You can keep on pressing the F8 key on your keyboard during boot up of Windows 7 to enter a boot up menu that include the "safe mode" boot up option. However, this F8 function is disabled by default in Windows 8 and Windows 10.

You can still reboot Windows into "safe mode" if you are able to boot into the login screen of Windows 8/10 and the login screen is still functioning properly. You just need to hold down the Shift key on your keyboard while clicking on the Power icon in the login screen and select the Restart option to reboot your computer.

You can also create a bootable Windows recovery USB drive that can be used to fix Windows problem.

If you want to enable using F8 during boot up to enter safe mode in Windows 8/10 as another rescue resort, here are the steps.

Step 1: Enter Command Prompt with Administrator's right

Click on the Magnifying Glass in Windows Quick Launch bar and search for "cmd".

You should be able to find "Command Prompt". Right click on it, and select "Run as administrator". This will open the Command Prompt window with Administrator's right.

Step 2: Change the Boot Menu Policy to Legacy

In the Command Prompt, type the following command and press .

bcdedit /set {default} bootmenupolicy legacy

This command edits the boot configuration data (BCD) to bring back the F8 safe mode function.

Upon successful execution, you will see the message "The operation completed successfully". You are done!

Step 3: Testing

Now, restart your Windows and test your F8 key. It should be able to call out the following Advanced Boot Options menu.

If for any reason you want to roll back and disable F8 during boot up, you can use the instruction in Step 1 to enter Command Prompt with Administrator's right again, and issue the following command instead:

bcdedit /set {default} bootmenupolicy standard

Monday, April 16, 2018

A family visit to Sewing World Gallery @ Sky Park One City Mall

In the older generation not too long ago, sewing machine had been a common item found in many household. At that time, sewing (and perhaps knitting, too) was an essential skill learnt by most housewives.

Then, sewing machine had been unconsciously become lesser and lesser seen in household nowadays. It prone to become industrial item found in clothes and fashion factories.

Meanwhile, the Mostwell Group which is the sole distributor of Janome sewing machines in Malaysia has been endeavoring to bring back the continuation of sewing arts and crafts into today's households by organizing numerous events, trainings and programmes to teach everybody from age 7 onwards who are interested to learn about sewing to master the skill.

The Sewing World Gallery located at 1st floor of Sky Park @ One City Mall with close proximity to the LDP USJ toll (accessible via a junction near to Shell petrol station) is an over 10,000 square feet gallery showcasing many sewing products made by their students. There, you will open your eye to realize that sewing is indeed a kind of arts and crafts similar to drawing, calligraphy, pottery, painting, etc.


Entrance to the Sewing World Gallery is free of charge. Inside the gallery there is also a small museum of sewing machines and tools, a small auditorium, and a classroom for interested parties to sign up for their sewing classes.

Sewing inspires creativity. They show you how old jeans can be transformed into new life as cushions, handbags, and other creative items.

There are also interested stuffed toys, some of which are as big in size as a human.

Inside the gallery, you can also find the largest bag in the world recorded in Guinness World Records which is as large as a garage.

There is also the largest display of handmade fabric flowers recorded in Guinness World Records, showcasing 99 names of Allah (known as Asma'ul Husna).

The Sewing World Gallery is really a nice educational place to spend your leisure time with your family and friend. If I am not mistaken, it is the first and only gallery of its kind in Asia.

Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.