1 year unlimited data SIM cards in Thailand

(Updated: 2018-10-13)

Long term Net SIM cards in Thailand

Mobile operators have long time offered 7-30 day pre-paid SIM cards for tourists and local residents. This year the operators have started to offer also a longer term, up to 1 year, SIM cards for data usage.

This is great news for local residents and expats in Thailand. The prices of these SIM cards are often half when buying a 6 month or 1 year pre-paid contract.

Furthermore these Net SIM's offer real unlimited data with constant speed. Unlike the most 1 month subscriptions, which offer for example 3 GB of high speed internet, which then is slowed down to 128-384 Kbps speeds, these new SIM's offer 1-4 Mbps speeds, even if you usage is 100-200 GB/month. 


DTAC - Golden Dog

DTAC's Golden Dog 1 year SIM cards are only available at larger DTAC stores. Have your passport with you, when buying the SIM. 

I have had this package as my home internet connection for a month now. The speed has been pretty constant, except occasional heavy thunderstorms, when the speed drops slightly. I placed the SIM to a 3G USB modem and plugged it into my home router. It works perfectly.

There is also DTAC Plearn SIM card, which costs mere 30-50 baht per year. This SIM's provides only 64 Kbps speed.


AIS - Net Marathon

AIS offers 6 month and 1 year Unlimited Net SIM Packages with speed of 1 to 4 Mbps. These packages are available at AIS stores nationwide.




CAT Telecom - MyNet

CAT is not widely known as mobile operator. Howevere they have a long history providing constant speed Internet access with their already closed CDMA network. 

CAT MyNet packages are available at CAT stores. In Phuket, one is located at Central Festival shopping centre.


True - 3 month net sims available

True call centre: 1242

True has started to offer 90 days or 3 months, 6 months and 1 year constant speed internet packages (October 2018).

1 year constant speed unlimited data SIM cards in Thailand
  SPEED LENGTH PRICE (฿) / month

/ (€ / month)
DTAC 1 Mbps 1 year 1200 / 100 / (€2.6) DTAC shop only
  2 Mbps "" 1899 / 158 / (€4.1) DTAC shop only
  4 Mbps "" 2999 / 250 / (€6.4) DTAC shop only
  64 Kbps 1 year 50 / 4 / (€0.1) *103*55*9#
AIS 1 Mbps 6 months 600 / 100 / (€2.5)  
  "" 1 year 1200 / 100 / (€2.5)  
  4 Mbps 6 months 1400 / 233 / (€6.0)  
  "" 1 year 2500 / 208 / (€5.3)  
  6 Mbps 6 monts 1800 / 300 / (€7.5)  
  "" 1 year 3500 / 291 / (€7.3)  
True 1 Mbps 1 year 600 / 50 / (€1.3) *900*9960#
  4 Mbps 6 months 1400 / 223 / (€6.0*) *900*9961#
  "" 1 year 2500 / 209 / (€5.3) *900*9962#
  6 Mbps 3 months 1000 / 333 / (€8.5) *900*8772#
  10 Mbps "" 1350 / 450 / (€11.5) *900*8771#
CAT 1Mbps 6 month 600 / 100 / (€2.5) *906*176#
  "" 1 year 1200 / 100 / €2.5) *906*177#
  4 Mbps 6 months 1400 / 233 / (€6.0) *906*178#
  "" 1 year 2500 / 209 / (€5.3) *906*179#
  6 Mbps 3 months 1000 / 333 / (€8.5) *906*203#
  "" 6 months 1800 / 300 / (€7.5) *906*204#

All prices are in Thai baht. January 2018 exchange rates: 1 Eur = 39 baht and 1 USD = 31 baht.


Location tag:

World's cheapest mobile connection - Go Plearn

Plearn cheap internet connection ThailanDTAC in Thailand is offering probably the cheapest always on, unlimited mobile data in the world.

Go Plearn SIM costs only 49 baht per year including new SIM or 30 baht as add-on package to an existing SIM. That's about 1 Euro/USD per year. Yes, per year.

Plearn DTAC cheap mobile sim Thailand

The connection speed is really, really slow at 64Kbit/s. That's the speed of GPRS, the first mobile internet packet data speed. 64Kbit/s is perfectly fine for Email, IRC and other text based applications ass well as downloading podcasts etc. Perhaps not great for modern websites and mobile applications.

My (mobile) Internet connection speeds over the years..and some more

  • 2.4Kbit/s My first home (non mobile) internet connection using 2400 baud modem in 1991.
  • 64Kbit/s Plearn 
  • 64Kbit/s GPRS, first real mobile internet
  • 236Kbit/s EDGE 
  • 384Kbit/s up to 56Mbps 3G
  • XXX Mbps/s 4 G
One funny part of DTAC offering is that they state that this 64Kbps connection is not to be used for Bittorrent or a Hotspot. While possible, it would take 40 hours to download a 1GB movie with this connection. 
Plearn cheap mobile internet by dtac thailand, no bittorrent
For commercial purposes this package would be perfect for some low-data IoT applications. Creating independent weather stations, GPS tracking etc. Hopefully DTAC will come up with solutions, which will allow worryless, cheap and long term mobile data connections for businesses and developers.  

Golden Dog SIM, DTAC Thailand, prepaid sim for one yearRead about 1 year SIM cards with 1-4Mbps speeds


DTAC Golden Dog unlimited packages

DTAC also offers faster speeds, one year pre-paid connections. Golden Dog SIM's give unlimited 2Mbps for 1900 baht and 4Mbps for 3000 baht for one year. Those are actually pretty good deals, even for Thailand.
2Mbps: 1900 Baht = USD 58 or 50 Euros / year
4Mbps: 3000 Baht = USD 92 or 82 Euros / year
Golden Dog SIM 2Mbps for one year pre-paid.

DTAC Golden Dog 2Mbps offer for 1 year contract with pre paid

Golden Dog SIM 4Mbps for one year
Golden dog Thai SIM card offer for one year 4Mbps
In Thailand mobile networks neither AIS nor True could come close to these offerings. I wish they would as I was checking their websites as I was wishing to find a better package. There was none. 


Location tag:

Caching ubuntu / debian packages with apt-cache-ng

Caching ubuntu / debian packages with apt-cache-ng  For years I had only mobile (CDMA and currently HSPA) connection to the internet. This limited speed forced me to look ways to save the bandwith.

   I'm using apt-cacher-ng to cache ubuntu packages. This way when one computer fetches an package, the package is stored on caching server and  the others can get it from the local cache. Great software to limit the need of bandwidth usage as well as speed up upgrade and installation processes. 



Setting up apt-cacher-ng 

Using apt-cacher-ng to cache ubuntu packages on the home server 

Install apt-cacher-ng to the home server (

apt-get install apt-cacher-ng

On the client side (the apt-cacher-ng server should also act as an client)

Create file /etc/apt/apt.conf.d/02proxy and add line

Acquire::http { Proxy ""; };

Then try it out 

apt-get update ; apt-get upgrade


Canon SX50HS super zoom (24-1200mm) test videos

Canon SX50HS super zoom demo during a Thai cocert at Phuket town (24-1200mm) 

Canon SX50HS Super zoom demonstration to the moon 


Location tag:

Dear NSA

Dear NSA

Free post processing kit Nik Collection by Google

Google decided to give Nik Collection for free. This post processing kit was previously $150-$250. 


The Nik Collection is comprised of seven desktop plug-ins that provide a powerful range of photo editing capabilities -- from filter applications that improve color correction, to retouching and creative effects, to image sharpening that brings out all the hidden details, to the ability to make adjustments to the color and tonality of images.

Starting March 24, 2016, the latest Nik Collection will be freely available to download: Analog Efex Pro, Color Efex Pro, Silver Efex Pro, Viveza, HDR Efex Pro, Sharpener Pro and Dfine. If you purchased the Nik Collection in 2016, you will receive a full refund, which we’ll automatically issue back to you in the coming days.

Download the kit, available for Mac and Windows, from here:

This is great news for photographers, who wish to fine tune their photos with Lightroom or similar programs. The post processing really makes big difference between non processed images, and post processed images.

As always, I like to play with a new toy. When using one of the tools, I managed to create a photo, which for some reason, makes my eyes hurt, when I look at it. The feeling is similar as hearing nails scraping chalkboard, but experience with eyes.

scraping chalboard experienced with eyes

Location tag:

Get fun back to the telecommunication business

Let's rewind back to the times when there was an Fun factor involved in mobile technology. 

Do you still remember the times when ring tones, colorful phone covers and background images were hip? There was an huge market for these products. Why? These were far from technical innovation, actually these were quite useless in that sense. It was all about fun.

WOW! I want that!

I still remember when first melody ringtones were pre-production (~1995). I was sitting on an meeting with an old timer 'been there, seen that'  sales representative from one of major it-suppliers. He was explaining something about new NFS-filers or Unix servers and naturally wanted to sell it to us.

  My co-worker got an phone call. Nothing unusual with that.. exept his phone had an new phone firm

ware with melody ring tones. The tone was simple but still something no outsider has heard before. 

  The sales rep went quiet and after a while he said 'Wow! I want that!'. He forgot what he was selling and just kept on asking if we could flash his phone with the experimental firmware. Isn't this something any company wish to have? Sell by showing (or in this case) hearing an new fun feature.


  Walkie talkie for mobile phones (Push to talk)

  Push to talk (PTT, PoC) is an walkie talkie solution for mobile networks. A user push an button and talks. Receivers, which can be many, get the talk burst after the button has been released. PTT has be used by taxi companies which allows them to have even nation wide walkie talkie network. You either talk 1-to-many or 1-to-1. 

  PTT is still one of my all time favorite technologies which never flew. But why it did not get the wings? IMHO the use cases and implementations were way too business orientated. It was all about how companies can use the services... and forgetting the ordinary users. How many of non-telecommunication people have ever heard about push-to-talk? I bet not many, at least in Asia or in Europe.

 I believe this technology could still be popular by releasing it to the younger generation. Let's rewind the time again. I remember in 1980's when there was special phone numbers in Finland which worked as 'chit chat' lines. I was told by my parents not to call to these numbers as those were expensive.. I called anyway. It was so exiting to be able to talk with group of other people who I know nothing about. I could learn new things and how other people think. Simply fun. After my parents got the phone bill, I was put to 'no sugar diet'. 

 So let the kids use the service for an while, they will end up creating new services. For example group of school kids can create their own PTT-groups and keep on talking while on their way back to home or in home. Some kids could have a party or ask others to come and play football together. Some could even ask for help to solve some difficult math homework.


  Voice and video Twitter

  Turning PTT around it would easily become voice and video Twitter. Users could subscribe to others voice-tweets. It would be great to hear what is going on with a local football game while driving home back from work. Or listen to F1-race commentary by a skilled fan.


That's it for now. Would love to hear your comments. Next time I'll talk something about Mobile Mapping posibilities.



If it ain't broken, don't fix it

If it ain't broken, don't fix itThat's the golden rule of computer system management. Changes in complicated systems result often with unpredicted problems. I often ignore the rule and try something new anyway.


  It seems that the rule applies to general life as well. 

  Today riding with my workhorse (Honda Wave) back to home I had one of the 20 liter water tanks, full of water, with me. This time the water manager (owner of the shop where I buy my water fillups) put the tank slightly different way to my scooter. So that the tank was sitting on the saddle and tank was leaning towards to the handles. The way I have seen many locals transfer their water bottles.. I thought what the heck, I'll try if this works better than my normal way, which often results leakage from the bottle.


  Riding towards home was ok, well until I got to a gravel road close to my home. Right turn to slightly uphill road with rain softened road and the front wheel was shaky. I tried to correct the movement, but at this point the bottle blocked turning the handle.. and I was fell down to the gravel.


 After checking that no bones were broken, I decided to hurry back home. Just in case I had more injuries than a nasty cut in the left elbow as the dizziness would follow. Luckily that was the only physical injury.


 There were no witnesses other than one chicken which run away after getting a crash course to unprintable Finnish words.    


 So the lessons of the day are:

 - If something is working, there is not always need to improve it

 - Phuket expats with their old Honda waves have accidents 

 - Accident and mistakes do happen but life goes on

 - If you see a chicken which is yelling "Perkele!", you are close to my home

Mobiles interacting with physical world - part 1 - King of the Jungle

This is an response to 'Nokia Dream device' video on YouTube and Nokia website


  I try to keep on ideas which are possible with today's technology.. but every now and then some parts will slip a bit in to the future.

  My dream device is an personal assistant, which understands and communicates with the environment it is. It learns from the users behavior and adapts to it. My dream device has also a bit of personality, it sometimes even nags to the owner.

  Have fun reading and please don't take it too seriously. I certainly do not. 


Location and time aware functionalities


Mark woke up. It was already 10am. He stretched his arm and could feel a warm body next to him. Feeling good.


Memories from last night started to came back to him. Without opening his eyes he pinched his memory and flashba

cks of last night party begun to fill his mind. All scattered and not sequential. Beer at the park cafe, chicken wings, another bar.. oh dear, did he sing karaoke at one bar? He did a mental note that he'll need to check that one out later on. Then he met something special at Jumpru's nightclub. The girl.. name.. Kaisa. Yes. She was absolutely gorgeous..


  Marks phone had not woken him up. His phone kept itself on silent mode for couple of reasons. Phone knew that as it's Saturday morning and Mark likes to sleep late on weekends. Normally he don't brother to answer the phone this early. Phone also noticed from GPS data that last night Mark was up late and going around his favorite bars. Furthermore the phone knew that this new place to visit is not Mark's home. Mark needs his privacy. Only emergency calls from the loved ones, topped with certain wordings on IM messages would make the phone to wake Mark up. There was no reason for early wake up call today.

  Phone had already made an location update to his personal diary on secure website. This information is shared with none. Only in the case of an emergency the information would be passed to the local authorities. Phone also checked local buss schedules and routes how to get Mark back home as well as the local weather report and rain radars. There is no rain so it's not worth of mentioning.


No fuzz contact sharing

Kaisa woke up. She looks even better in the morning with her fuzzy hair. They .. and then they made breakfast together. After a long good talk it's time for Mark to get back to home. 


  As Mark and Kaisa told their phone to share contact information, the phones negotiated together which would be the best way to share the information. Phones decided to use bluetooth connection at this time. Phones also recorded locations where and when they met at first place and where the contact informations were shared. This case it was not so important, but many times in business connections, this information has been proven to be useful. 


Location and calendar aware external services

  After Mark said 'Phone, get an taxi for me now' the phone contacted all three Taxi companies and decided to order from the company which had car only in 4 minutes away from their location. This company is not the cheapest one, but it's best for him to get home soon as his calendar show other appointments later on today.

  On the taxi Mark insert his 'Connecting tube' or just 'Tube' to his ear. This is an little device which works both as an speaker and a microphone. Tube uses all kind of electromagnetic fields to charge itself without any other power.

   When the taxi arrives to his home, the phone checks to meter and pays the ride directly to the taxi company's account. Mark thanks for the ride, exits the car and heads to his home door.  At this point the phone uses it's proudest voice and says 'Mark, you are the king of the jungle!'. Mark laughs.


Playing with new lens 45mm/F1.8

I purhased a new lens while wisiting Finland. Something new to learn once again. I wanted a lens which can capture moments during the various night festivals in Phuket. This should do the trick. 


Playing with new lens 45mm/F1.8



And the purr.. nope, the blur 

The change what is happening here. Illegal buildings are being demolished and the natural beuty is waiting to be seen outside.

Location tag:

Reducing iops on Amazon EC2 micro instance

I have Amazon EC2 micro server in Singapore. It has proven to be quite enough as my own playground. 

I just signed up for 3 year deal to reduce the CPU costs. 


The EC2 micro instance has 613MB of memory, which is not much, but seems to be enough. I have few drupal sites (drupal6 and drupal7), which are not quite optimized for CPU usage. Not a lot of load, about 800 hits per day.

  Overall it's fine, except one small thing. Amazon charges for i/o operations. Currently the rate is USD$0.11 per 1 million iops. 

 Earlier months, before optimization I used 55-70 million iops per month. USD6-8, which is not really much, but as the server itself costs about the same I consider this as an project to reduce the iops. 


 So far I have managed to reduce the iops to about 400.000 per day or about 12 million per month. Mainly following the advices given how to reduce disk writes on SSD's.


Steps which have been done for now. 


Tuning apache2 default settings /etc/apache2/apache2.conf

# prefork MPM
<IfModule mpm_prefork_module>
    StartServers          3
    MinSpareServers       2
    MaxSpareServers     5 
    MaxClients          15
    MaxRequestsPerChild   800
# worker MPM
<IfModule mpm_worker_module>
    StartServers          2
    MinSpareThreads      15
    MaxSpareThreads      25 
    ThreadLimit          32
    ThreadsPerChild      15
    MaxClients          15
    MaxRequestsPerChild  800
# event MPM
<IfModule mpm_event_module>
    StartServers          2
    MinSpareThreads      15
    MaxSpareThreads      25 
    ThreadLimit         32 
    ThreadsPerChild      15
    MaxClients          15
    MaxRequestsPerChild   800

Earlier, these two settings dropped iops from 70M to 55M per month

- Create /tmpfs on RAM 

- adding noatime,noadirtime to fastab for / and /tmpfs 


During last weekend following steps, which reduced the iops to 12M per month (400.000/day)

- adding commit=60 for / which is using ext3 filesystem to /etc/fstab

LABEL=cloudimg-rootfs        /               ext3    noatime,nodiratime,defaults,commit=60        0       0
tmpfs /tmp tmpfs defaults,noexec,nosuid,mode=1777 0 0

- Lessening disk writes  and swappiness /etc/sysctl.conf

vm.dirty_ratio = 40

vm.dirty_background_ratio = 1

vm.dirty_writeback_centisecs = 6000

vm.swappiness = 10

- Adding boost module for drupal sites (speeded up the load times as well)
- Enlarged some mysql buffer sizes. (/etc/mysql/my.cnf)
innodb_log_buffer_size = 32M
tmp_table_size = 32M
max_heap_table_size = 32M

Skype for SIP Beta

Skype has release a new Skype for SIP Beta service available for testing. 

The service is targeted to Medium and Large sized companies which already are using SIP based telephone exchange (PBX).  Good example of this kind of company would be an mid sized hotel.

With the new Skype for SIP service the hotel can integrate their existing PBX system to Skype calls. 

Customer calling to the hotel (inbound call)

An potential customer, Kaisa from Finland, is looking for an hotel in Phuket, Thailand. She is browsing the web and finally finds the hotel she finds interesting. Hotel has their callto:hotel Skype logo and Kaisa decides to make an call to ask for further details by pushing the Skype Call Us button. Her computer Skype client will start the call. All free of charge for her.

Now, what happens in background is more interesting. Her Skype call will reach the hotels PBX and it will follow the normal rules, how the PBX is configured. The PBX notices that the first three representatives are busy and will forward the call to the fourth one. Just like it would be done if Kaisa had decided to make an long distance call from Finland to Thailand.

All are happy. Kaisa get's her information and the hotel get a call from potential customer.


   Kaisa spends her dream vacation at this hotel in Phuket. After two weeks it's time for her to go back to home. With all the excitement and new experiences on her mind she forgets her camera to the hotel room. She notify the lost when she is has already boarded the plane. Danm!


Hotel calls to Kaisa (outbound call)

  Like all the quality hotels in Thailand, the hotel she used knows that good customer service is the key to  good reputation and way to get more customers. The hotel has already put her camera to the hotel safety box and has decided that that the hotel manager herself should make to call to kaisa. After all Kaisa is the travel representative for her company. 

  The manager has attended an meeting with other travel industry people and she is having an afternoon coffee at Starbucks when it's time to make the call to Kaisa. She takes her WiFi and VoIP enabled phone, which is already connected to the Hotel PBX system.  She simply dials Kaisa's number and makes the Internet call. They talk for an while about the dream vacation and then agree how to the deliver the camera back to Kaisa.




routing the call to normal telephone network in the destination country.

 These both cases fairly are easy to implement and cheap to use. Win-win situation?


 But.. Who are the users?

  Well, this solution will give possibilities for medium and large size of companies how they would implement their VoIP networks. Large companies are likely to have their own VoIP networks already so they might be in the target group. Small size companies does not have the IP-PBX infrastructure, so they are out as well. They'll just do Skype call forwarding if needed.

  At this point we have only the mid sized companies left. The mid sized companies who use already SIP based PBX. The mid sized companies who have or who can buy knowhow how to integrate Skype for SIP to their existing systems. I'm not so sure that this would be a huge group of companies. 

Small size companies could be in, but mediators needed

  What we need is mediator companies who do everything for their customers. The purpose of these companies is to use an bulldozer in the IT field and organize all the technical details so that the customer companies can concentrate their core business. The customers just want to get an solution that works. 

However Skype says


4. No Reselling

Skype Products are made available under this Agreement solely for use by You and Your Business Users for Your communications purposes. The use of the Skype Products for any other purpose, and/or the resale of any Skype Products is not permitted by You or any of Your Administrators or Business Users, and You shall not (and shall ensure that Your Administrators and Business Users shall not) resell the Skype Products to any third party or use the Skype Products to provide services to any third party.


Ok. In a way this is great. It will protect the Skype end users from the rip-ff people who try to just make an quick buck and leave.. or does it? There will always be people and companies who does not give a crap for the rules. 

How can I make a living with the Skype for SIP? How can the non-technical little companies use the possibilities the potentials what this new product can give out? For me there is possibility of integration to the VoIP systems. For small business.. well none.

The next step

  Skype. Let us mediators to do our work. Your Skype for SIP gives a lot of possibilities which are not possible at the moment. 






  This is what we need to get the new Skype for SIP service available for all. Let's make it as easy as it should be. Skype, You are famous for making thing usable.






Stuxnet and next generation hardware manipulating viruses

 Stuxnet gave an example what next generation viruses could do by causing hardware failures to the Iranian nuclear fuel enrichment plant.

  Currently there has been an rumor that HP printers could be set to fire by viruses. HP stated that this was an false accusation.

  But what if?

  Viruses are created first by hackers who wish to play around with ideas and technology. Next wave is crackers who wish to cause harm.. and last there will be script kiddies who alter the code a bit, just to create a slightly new version of known viruses.

  Typically a virus can cause annoyance, data lost or even stolen credit card number and passwords. Stunex generation viruses could do far more.  We all are carrying internet connected devices with us all the time, devices which are potentially vulnerable to cracking atte


 What if.. there would be an virus which first resides as an application on a mobile device. It would alter the phone configuration and make the phone to upgrade it's core operating system to a new

hacked version of the OS. This could be a potent way to gain access to all device functionalities, which are normally hidden from the applications.

   New core could make the battery to overcharge and overheat  to the point it would set on fire, maybe at the time when the phone gps or altimeter tells it's charger on airplane or fast moving car.

   New cars have their own operating systems which can be upgraded simply by inserting an USB drive to the car's computer. What if the new OS would cause drive by wire brake failures and it would tell the engine to go at full throttle at high speed at random times?

  What if the future home control server would heat up the Sauna at the middle of the night? Internet connected fridge 


ld insert the fridge to permanent ice reduction mode and let the food rotten during the night.

  These are just some uneducated guesses, what could happen if the security of our internet connected devices their ecosystems is not taken seriously when more and mode devices are controlled by computers and connected to the network. 

Timelapse experiment, night falls to Phuket

I tried to take my first timelapse video today.  Still photos, which are combined as video file. Here is an video, which consist mostly camera's HDR mode images. Photos were taken 10 seconds apart (or as fast as the camera could take the HDR images at that lighting, last part is about 15 seconds apart). Duration of the shooting was about 1 hour. All combined to 25 seconds avi with 10fps. 


Night falls to Phuket


I must admit that I made many mistakes while taking the shots. I did not check the camera settings and took first hour images with wrong white balance mode rolleyes.gif


I also took the images with full resolution, which might not be needed when taking the timelapse videos. Fortunately Picasa's export function was a big help as it allowed me to export the images with smaller size. 


Basic encoding jpg's to avi was an easy with mencoder 

mencoder "mf://*.jpg" -mf fps=10 -o test.avi -ovc lavc -lavcopts vcodec=msmpeg4v2:vbitrate=3200


Found quidance from here: http://nlippincott.o...deo-with-ubuntu


Plenty of things to improve, but one have to start from somewhere. 

Location tag:

Tunneling HTTPS and SSH traffic via port 53

Small guide how to tunnel traffic via ssh using port 53 with linux. 


I got a new ADLS line, which came with some problems. The line will drops all other outbound connections, except traffic to ports 80 (HTTP) and 53 (DNS). This basically means that SSH, ping, traceroute, IMAP and HTTPS does not work.

SSH and HTTPS and IMAP connections are the most important to me so that I can access remote servers, get emails and use for example Google search or Facebook. 

The really funny part of this is that all incoming connections work well. I can ssh to my home server from the internet, but not the other way around.

Link speed is moderate, but a great speedup after using mobile connection for years.






Curl timeouts when trying to access Google with https.

root@saturn:~# curl -v  
* About to connect() to port 443 (#0)
*   Trying Timeout
*   Trying Timeout
*   Trying Timeout

While trying to debug I found an handy tool hping3 to check the status

root@saturn:~# hping3 -S -p 80
HPING (eth1 S set, 40 headers + 0 data bytes
len=46 ip= ttl=61 DF id=0 sport=80 flags=SA seq=0 win=14600 rtt=43.9 ms
len=46 ip= ttl=61 DF id=0 sport=80 flags=SA seq=1 win=14600 rtt=40.1 ms
len=46 ip= ttl=61 DF id=0 sport=80 flags=SA seq=2 win=14600 rtt=36.1 ms

hping3 to SSL port works for an moment to

root@saturn:~# hping3 -S -p 443
HPING (eth1 S set, 40 headers + 0 data bytes
len=46 ip= ttl=61 DF id=0 sport=443 flags=SA seq=0 win=14600 rtt=41.8 ms
len=46 ip= ttl=61 DF id=0 sport=443 flags=SA seq=1 win=14600 rtt=44.2 ms
len=46 ip= ttl=61 DF id=0 sport=443 flags=SA seq=2 win=14600 rtt=43.4 ms

And the next minute it fails

root@saturn:~# hping3 -S -p 443
HPING (eth1 S set, 40 headers + 0 data bytes


Solution using sshuttle (temporary)

There was two options to overcome the problems. Use an VPN and using SSH tunnel.  Sshutle seemed to be quick and easy solution for now. As I had only two ports available and did port 80 was already in usage, the only option was to user port 53, which is used by DNS. 


Setting up SSH tunnel, using open port 53


Setup sshd on EC2 to asnwer to port 53 by adding "Port 53" line to /etc/ssh/sshd_config file. Restart the ssh service afterwards

echo 'Port 53' >> /etc/ssh/sshd_config

/etc/init.d/ssh restart


Allow incoming traffic to  port 53 by adding a custom rule to EC2 security group


Install and Use sshuttle to tunnel all traffic, excluding local network to EC2 server using port 53

apt-get install sshuttle

sshuttle -r 0/0 -x

Testing with curl
* About to connect() to port 443 (#0)
*   Trying connected
Further checking the network traffic on EC2 server with jnettop
ip-10-130-55-55.ap-southeast-1.compute.internal <->      629b/s   88b/s   717b/s                            53    TCP                        14855     283K   39.7K     322K
ip-10-130-55-55.ap-southeast-1.compute.internal <->      263b/s  288b/s   551b/s                            80    TCP                      64984    1.03K   1.13K    2.16K
  GET /sites/all/themes/acquia_marina/images/drop-bottom.png
==> The connection works!! Well, ping and traceroute does not, but at least I can now use Google, Picasa and Facebook and send and receive emails.


Limiting the traffic to EC2 by not routing normal HTTP traffic there 

At this point all my outgoing traffic from my laptop was routed to the Amazon EC2 server in Singapore. However I have to pay for the server traffic and also it's not wise to route evertything there, so next step was to setup an transparent proxy to my home server. I selected squid3 to do the job.


Installing and setup squid3 transparent proxy to home server

 apt-get install squid

Edit /etc/squid3/squid.conf to allow local traffic 

acl localhost src ::1

acl to_localhost dst ::1


Change Chromium browser to use home server squid3 as an HTTP proxy

chrome://settings/ -> Advanced -> Change Proxy settings



voilà, https traffic goes via EC2 server and normal http traffic goes directly 



Caching ubuntu / debian packages

One more step to limit the traffic to the EC2 server as minimal as possible. I had actually done this earlier as for years I had only mobile (CDMA and currently HSPA) connection to the internet. I'm using apt-cacher-ng to cache ubuntu packages. This way when one computer fetches an package, the others can get it from the local cache. Great software to limit the need of bandwidth usage as well as speed up upgrade and installation processes. 

In my setup the home server is not tunneled, so all the outgoing traffic from this server is not going via EC2 server.


Setting up apt-cacher-ng 

Using apt-cacher-ng to cache ubuntu packages on the home server 

Install apt-cacher-ng to the home server (

apt-get install apt-cacher-ng

On the client side (the apt-cacher-ng server should also act as an client)

Create file /etc/apt/apt.conf.d/02proxy and add line

Acquire::http { Proxy ""; };

Then try it out 

apt-get update ; apt-get upgrade




Sshuttle examples


Squid3 Transparent proxy

Deleting Facebook posts, comments and likes

There is handy tool to remove posts, comments and likes from Facebook. Chrome extension Social Book Post Manager.


I have been using FB since 2007 and stopped using it for anything else than playing Angry Birds Friends. I always hated that my old posts, likes and comments were forever stored at the platform for people to see.


Deleting Facebook posts with Social Book Post manager


I started purging these posts with Social Book Post Manager. The Chrome extension emulates human interaction on Facebook website. The tool checks the activity log and deletes the content in that way.


As I had more than 10.000 activities, probably more like 20.000, this process took a lot of time and I actually have to run it several times, so that all the content is removed from public eye. I'm pretty sure FB never really deletes any content from their servers, but this is a lot better than just leave the content for people to see or FB to use publicly. 


The Chrome extension can be found here:


After initial tests, I recommend unmarking the Prescan on Page and deleting the Facebook posts, comments and likes directly. Even the fastest speed 16x seems to work fine. 


However there is need to run the script multiple times if you have thousands of posts, likes etc on your activity log.


In my case, I wanted to keep the posts which have link to my blog. Therefore I excluded those from purging. From now on, I'll periodically remove every post or comment I have made, if it does't include '' keyword. It feels good to be more in control of my

own content. 



Anyway, it feels good to get rid of the old posts and comments. Who knows, after this, I might start using Facebook again. This time with clean timeline.


FBexit is a good thing.



Removing Tweets and Twitter likes


I have been far more active on Twitter than on Facebook in the past few years. I tried several apps on this page  to delete all my tweets but I only managed to delete the latest 6000 tweets, of 39.000 I have done. I'll have to find a better way do delete tweets.



Apps did delete few thousand tweets, but not all the tweets I had done over the years.


Follow me on twitter or in Finnish


I can be the silly myself once again. 


I'm not a number, I'm a free man.