The same way they toggled select all to start the blocking. Karma
Even roadside jeruk nangka sellers have more brains than these bufoon TM engineers.

This post has been edited by dev/numb: Sep 7 2024, 03:57 AM

Very hard la. For most people, the “internet” is basically WhatsApp, Facebook, TikTok, etc. as long as these CDNs function, their “internet” is working normally.

If Google is really upset, they could just push an Android update that hardcodes a strict Google DNS DoT rule into the default “Automatic” setting for Android. This will basically cause millions of Android phones and smart TVs to stop resolving overnight. Then at least the issue might get proper coverage.

You don’t need us to remind you what the P in PAS stands for, right?
How Kelantan people gonna live if their favourite P websites are blocked?

This post has been edited by dev/numb: Sep 8 2024, 11:44 AM

If those morons ever pull the “protect the children” card, counter them with the famous Adolf Hitler quote and ask them if PM/Fahmi/Speaker has plans to be the next Hitler?

People saying “we won”. Topkek.
Battle just started. Wait till this shit get tabled in parliament next month; https://www.straitstimes.com/asia/se-asia/m...igital-security

Many of our MP convoys don’t even give way to ambulances. Just saying…

Ahem, 210.186.xxx.xx here.



Top left: SG-M247, top right: SG-Datacamp
Bottom left: HK-M247, bottom right: JP-M247

Basically, for the past two weeks between 10pm - 2am, Japan has been the closest VPN node I can connect to with stable packet flow. Singapore, Hong Kong, Jakarta, Bangkok all packet lowsai during this period. That particular HK node above has been terrible for months.

This post has been edited by dev/numb: Sep 8 2024, 11:35 PM

By “can run a VPN” do you mean server or client? I assume it’s the latter (meaning act a client for a VPN service you’ve subscribed to) since you mentioned the DNS shithousery. Do note that most Ubiquiti gateways don’t have WireGuard client functionality listed in their specs, only WireGuard server. I asked for confirmation in the Ubiquiti thread here, but have yet to get a reply. If true, your VPN provider will need to offer OpenVPN (most do) or IPSec protocols (some don’t).

There’s also the matter of hardware acceleration for various protocols to consider. I’ve not dug deep enough yet. I know Mikrotik routers have IPSec acceleration built in. Mediatek processors in GL.iNet and Asus routers support multi-threaded hardware acceleration for WireGuard. The Broadcom chips in higher end Asus (the models compatible with Merlin firmware) have WireGuard acceleration capped to a single core, from what I’ve read on SNB forums.

Edit: if you’re set on using the old router an a wireless AP, you could also look at repurposing some old desktop/nuc with a network card and putting OpenWrt on it.

This post has been edited by dev/numb: Sep 10 2024, 09:50 PM

Fwiw, I ordered an Asus AX59u yesterday for around RM430 (including delivery) via Shopee 9.9 sales. It’s for my mum’s home (I reckon she doesn’t need Merlin, lol) which I’ll be spending more time at over the next few weeks (she’s recovering from surgery), so I should be able to test out the WireGuard (using Swedish Mole provider, not mentioning the name because TM bastids are voyeurs here) performance. May take some time though since I am switching her ISP to Maxis and have yet to get the transfer ID. Earliest I can share results might be next week. Also, I edited my previous post a bit, so the alternative I added to the end might interest you.

This post has been edited by dev/numb: Sep 10 2024, 10:06 PM

Mikrotik’a RouterOS scares the crap outta me. I get the impression it’s a bit like Vim - the learning curve is steep but once you get the interface quirks down, the difficulty level plateaus a bit.

This post has been edited by dev/numb: Sep 10 2024, 10:37 PM

I had their AX1800 model (Flint 1) and liked it, but would not recommend it. I got it early when its firmware still didn’t have GUI for PPPoE, so had to SSH into it in order to get it connected. Then it had some connectivity issues with Apple devices and I had to lock the wifi to 80Hz in order to mitigate it. AdGuard home built-in was great, but it would stop all blocking every other week and required a reboot (nightmare for Unifi users because we need to play the IP pool lottery). Firmware updates did fix many bugs, but introduced new ones as well. Last firmware update gave me this weird issue where latency started increasing with distance from the router. At that point I considered flashing stock OpenWRT on it, but got lazy and just went back to my Asus AX86u with Merlin+amtm for the reliability. I like what GL.iNet do, but they need to do it better.

Most enterprise brands typically enable you to filter VPN tunnels via vlans.

This post has been edited by dev/numb: Sep 11 2024, 11:30 AM

At this point, I think you can only depend on an app if you want device-wide DoH on Android using your preferred provider. If you insist on not using an app (understandable because many of these apps will use the VPN profile) then you can only mitigate it by relying on a browser that supports DoH to do most of your stuff while leaving the rest of the system/apps on DoT. I do this on my Android setup actually. One NextDNS profile for OS in DoT format, and a separate profile from Cromite in DoH. I do this mainly because it’s easier for me to check the logs if I need to narrow down something based on timestamps.

This post has been edited by dev/numb: Sep 11 2024, 04:17 PM

I’ve not noticed significant degradation in battery life for my provider’s app on both Android and iPadOS, at least on the WireGuard protocol. If your provider’s app sucks, there always the option of genetaring/importing their wireguard.conf and using the standalone WireGuard app made by the protocol developer. Any good app is just creating a config and hooking it into the operating system’s tunneling APIs. If your VPN provider offers IPSec/IKEv2 you can even manually input the setting yourself without needing the provider or protocol apps since both Android and iOS support the protocol natively. Good luck if you’re rolling your own IPSec on a rented VPS though, because strongSwan documentation is useless.

Alas, it is Android and iOS dependence on these tunneling APIs that make their VPN implementation unreliable, since mobile operating systems don’t give users access to the networking hooks or firewall rules the same way Linux distros lets you control ufw or firewalld, or how MacOS has pf built into the kernel (which always makes me wonder why MacOS people buy Little Snitch instead of Murus, but I digress). I suppose you could access the firewall rules if you root Android or jailbreak iOS, but that brings along a whole new set of security risks.

This post has been edited by dev/numb: Sep 11 2024, 05:28 PM

Interesting. I knew of Rethink, but back when I last checked them out a couple years ago the app wasn’t getting any development (at least on the F-Droid version). I currently employ work profiles on Android (via Shelter) to segregate the apps I want tunneled from the apps I do not, but Rethink does seem like a more elegant solution, particularly if I can deny apps web access (like Tracker Control). Also interesting they offer oDoH now. Thanks for the share.

The danger here is that govt will try to secure CCP companies as fallback. Then they bulldoze the internet restrictions, chase out western providers, and have China companies take over the planned datacenter sites. Da Ke will lend support because he fancies totalitarianism, and Chinese providers are already adept at operating in such environments.

This post has been edited by dev/numb: Sep 12 2024, 11:14 PM

Usually yes. In my case TM called to counter offer (500mbps@RM129/month + 6 months free + mesh router set), but I declined the offer (because even 1Gbps@RM99/month would be pointless when their international routing koyak every night) and confirmed my transfer request. Note that the TM person calling you with the counter offer most likely doesn’t know the full details of the plan you’re switching to, so you can buaya a bit (like tell them Maxis are giving you 6 months free, even if you got only 3 months from the agent) to get a better offer, but don’t go overboard and say unrealistic stuff. Be mindful that any counter offer you agree to will come with a 2 year contract.

This post has been edited by dev/numb: Sep 13 2024, 11:50 AM

Still waiting for installer. TM called to verify transfer only two days ago. Can’t give any comparisons for now.
There’s always an element of risk involved with changing ISP. Can only hope for the best.


Two days ago, as I mentioned above.

Will update in the Maxis Fibre thread once settled and tested.
No USB dongle in my package. Done via agent. I’m not a Maxis Mobile user. I think nowadays cellular data failover only applicable to Maxis Business Fibre plans (maybe Home Fibre with Family Sharing as well but not sure). If getting a Home Fibre plan and you are already a Maxis Mobile user, I think the most is they will upgrade your phone’s data to unlimited and/or give you 6 months rebate.

This post has been edited by dev/numb: Sep 13 2024, 03:51 PM

How many times? Let me put it this way. If someone gave you RM1 for every late/lost packet this past 4 years, by now you would be able to afford a property with ViewQwest already.