Firewall Migration

Today we performed an upgrade from our old Unifi Dream Machine (UDM) Pro to the new UDM Pro Max.

I won’t get into the specifications, other than to say the Max offers more speeds and feeds.

I wanted to document the migration process, because for me it was not trivial. The Max came with outdated firmware. The backup and restore options were not visible with a user that had “Super Admin” role. They are only available with the “Owner” role. This took me sometime to figure out.

Step 1: Login into the old UDM Pro with the Unifi owner account. This is usually the account that contains the Two Factor Authentication;

Step 2: Perform a download of all the applications and their respective settings. This should result in unified_os_backup_*.unifi file;

Perform a backup on the old UDM PRO

Step 3: If you are using Protect (Unifi Security Application), and want to reuse the old hard drive, the migration process will not migrate the videos, so be prepare to backup the contents on a separate machine and reformat the hard drive, or just buy new hard drives;

Step 4: I powered down the old UDM Pro, because I need the WAN connection to be connected to the new UDM Pro Max. At this point, you will lose Internet connectivity for most of your household devices;

Step 5: I physically installed the UDM Pro Max, and connected the WAN, and connected my laptop with the unifi backup file that we got in Step 2. Note that I did not connect the rest of my network at this point. Also the entire restoration process requires Internet connectivity so don’t try to restore it without Internet. I learned this the hard way, resulting in several resets;

Step 6: I had to upgrade the UDM Pro Max because it came with old firmware and it will not restore with the old firmware. This was super frustrating because it elongated the down time for your household;

Step 7: Before I perform the restore, I powered down the Max and installed my old hard drive from the old Pro. After restarting the Max, I then reformat the hard drive with the Protect App;

Upload the previously downloaded backup file and do a restore

Step 8: I then proceed to restore from the backup file that I previously copied on to my laptop. This took about 10 to 15 minutes;

The dialog is pretty cryptic, so be sure to click on the upload link and ignore the No Backups Found message.

Step 9: Once the system is up, I attached all the networking devices to the new Max and waited to ensure that all the Unifi devices are recognized by the new Max;

Step 10: I did one final reboot just to be sure that everything is okay;

So far so good. We did find a couple of issues. Rogers, my ISP provisioned a new WAN IP so I had to update my DNS entries. The VPN server configurations had to be updated with the new WAN IP.

I am going to let the Max run for a few days, and then perform a factory reset with the old Pro. We will then use the Pro as a Shadow (Hot Standby) Gateway for potential fail-over.

Sim Scam and Identity Theft

Recently, a friend of a friend fell victim to SIM Swap Fraud. This type of fraud occurs when the perpetrator uses social engineering techniques to convince your phone company, the mobile provider, to re-provision your SIM or replace it and send the new one to the perpetrator. This renders your current SIM inoperable on the cellular network, and it may take time for you to discover this, since we spend most of our time connected via Wi-Fi.

Once the SIM is under the attacker’s control, that person can then scour popular social media, mail, and banking services and initiate a “password reset” or “forget password” process. Since they have your number, they can act as if they were you by intercepting SMS-based two-factor authentication, effectively stealing your online identity.

With the stolen identity, they can scan your emails to discover other sensitive items that may assist in further solidifying their access. For financial services, they can now log in as you and begin transferring your hard-earned funds out of your accounts, effectively stealing your money and assets.

We have all heard horror stories, such as those featured in TD Stories. However when someone that you know either directly or indirectly is affected, it really hits home, and you start asking how you can be further protected.

I have done some things in the past, such as giving out a secondary phone number managed by VOIP.ms, which was forwarded to my primary (hidden) cell phone number. However this ultimately proved ineffective, because there is just too much additional friction for services that really do require your actual mobile phone number, such as most financial services.

I have also created an account PIN with Koodo, my mobile network provider. This is a six-digit PIN that the service representative will authenticate before performing any account changes including a SIM re-provisioning or port to a different carrier. Note that this is different from the SIM PIN which just protects information on your SIM card.

After some research, I found that Koodo is now offering Port Fraud Protection. This morning I called Koodo and after about thirty minutes, I now have this protection on all of our phone numbers provided through Koodo. Your mobile provider may have a similar plan, and I highly encourage you to check it out and enrol if possible.

I also inquired about policies to prevent certain social engineering techniques while I was on the phone with the Koodo service rep. After our discussion, I can now summarize the current protection I have in place with Koodo.

I have a six-digit PIN on my service account. This means if anyone tries to impersonate me to change my account in any way, they will need to use my PIN. If they claim to have forgotten the PIN, they will need to provide a driver’s license or credit card information to validate. I am not comfortable with this, so I requested a special instruction to be added to my account. If a valid PIN is not provided, the service rep should instruct the caller (myself included) to visit the Koodo store to have the PIN reissue. This will ensure a face to face validation is performed with a proper photo ID check.

I also added the Koodo Port Fraud Protection, which essentially prevents anyone including the account owner (me) to “automatically and seamlessly” port my numbers. This will add some inconvenience if I want to port to another carrier in the future. I will have to call into Koodo and remove this protection first. It is just another step and barrier to anyone unauthorized trying to cause me harm, but for the sake of safety, I am willing to take on this minor inconvenience.

Even with all of this, the threat persists. We still rely on proper behaviour of Koodo employees who have the power to perform a SIM swap or provision. Unfortunately this is not within my control. Therefore, we still have to be diligent in reducing our threat surface. I would recommend the following:

  • Use a two-factor authentication scheme that is not tied to your phone number. It can be tied to your phone such as Passcodes or One-Time Passwords generated through a security application on your phone;
  • Reduce your withdraw limits and credit limits of your credit cards so that they are manageable in case they are lost;
  • If you are in a position to develop a personal relationship with your banker, then you should do so. They can alert you if they notice something strange is going on. They also add a personal touch by recognizing your voice and your behaviour in addition to the institutional security policies;

Good luck in reviewing your own circumstances and I hope you learn something here to strengthen your own SIM security and reduce the SIM Swap Fraud threat.

Note: Since my parents are on Virgin Plus, I thought I link to their policies as well.

Ontario and Quebec Road Trip

Carol’s nephew and niece is visiting us from China. We thought it would be good to take them on a road trip across the HWY 401 stretch and a bit of Quebec.

Attached is our final itinerary, and a video to summarize each day’s events. To play the video, just click on the video link in the Day title. For example:

Click the video tag in the PDF document to play each day’s video.

Ontario Services – Complicated

Approximately three years ago we created a holding a company in Ontario, Canada for the purpose of managing certain real estate investments. After some considerations, we have determined that this holding company is no longer required, so about a month ago, we decided to dissolve this company.

When we sent out an email requesting the dissolution of the company, we received the following response:

The above is the email response from Ontario.ca

On the surface we thought this is excellent news, because we will be able to do this all online. However upon visiting Ontario.ca/BusinessRegistry we were immediately lost after the initial login.

It took many tries to discovered this successful navigation path, so I wanted to document this for other users and for myself in the future.

The menu options on the left is not very helpful (see below). The obvious one is Ontario business registry under Account help, but this only provides a false, old guide to a PDF form that you can download and fill-out but is discouraged and rarely used now. The correct selection is the mysterious Add a service item.

Once you are in the Add a service page, you can then select the Start now of the Ontario business registry process.

This will bring you to a different site, which you can use to select Make Changes, and then further down File Articles of Dissolution.

The entire experience feels like the website was put together by multiple contractors, and totally user unfriendly. Yet another government service experience.

Sunroom Breaking Ground

Last year we engaged with Four Seasons Sunrooms to add a sunroom at the back of our house. It took about a year for us to finalize the engineering drawings, pass the Community of Adjust process with the city of Richmond Hill, and finally obtaining the permit.

Today we finally broke ground!

Below is a short video to remember this event.

Our backyard security video captured the event nicely.

SolarEdge Inverter Error 3x9A

Today, I found it strange that with a clear, blue, sunny sky, our solar generation is half of what I expected. I then noticed that one of our two SolarEdge inverters was showing a fault.

I followed the instructions on the Verifying Inverter Status web page on SolarEdge’s website.

I was able to get the details of the Error Log:

This is an extract from the Error Log from the iOS app.

I did a quick search for 3x9A System Lock Inverter ARC on Google and discovered on Reddit that it was an issue that many people were experiencing.

I then followed these instructions to reset the inverter on YouTube:

After about 5 minutes, the inverter is now generating power! Hurray all fixed so far.

New Camera – Sony A6700

On March 15th, 2025, I decided to restart my photography hobby by purchasing a brand-new A6700 Sony camera suitable for taking photos and videos.

Right after unboxing with its kit lens 18-135mm f3.5-5.6 OSS

Kalen purchased it from Aden Camera at Pacific Mall with a small discount. The total cost, including taxes, amounted to $2,487.10. The photo of it on the right is with my iPhone 16 Pro.

Zhou Shen Light Baton

This is not going to be a review of the product. Others have already done an exhaustive review of this camera. No point for me to duplicate their work. I doubt I will be able to add anything new. I will, however, share some of the photos that I took with this camera. These first batches were with the 18-135mm f3.5-5.6 OSS Sony Kit Lens.

The first photo is of my wife busy with cooking dinner while I just completed my unboxing. The others were taken in a dark bedroom using a light baton that was a Zhou Shen (周深) concert souvenir.

I then supplement the original kit with a few lens purchases:

  • VILTROX 28mm F4.5 FE Lens 28mm f4.5 Pancake
  • VILTROX 23mm f/1.4 F1.4 E Lens
  • Tamron 17-70mm f/2.8 Di III-A VC RXD Lens

The new camera can also reuse my old Sony NEX5-N lenses, which are:

  • Sony E 18-55mm F3.5-5.6 OSS
  • Sony E 55–210 mm F4.5-6.3 OSS

For the above lens, some Auto Focus modes do not work, such as continuous AF. This is no big deal; I just switch it to single-shot AF mode.

With the above lenses to play with, I started to take some photos. The first batch is from the recent ice storm that we had.

The next set of photos is of our cat, Darci.

Finally, the next set is a collection of photos taken during my neighbourly walk just 2 days after the ice storm.

I will do a separate post on videos.