Suramya's Blog

Visit suramya.com Who am I?

May 23, 2015

Trekkies join the readers of magazines like Linux Journal as potential threats

Filed under: My Thoughts — Suramya @ 11:30 PM

Yes, you read that headline correctly and no, I am not joking. According to the information revealed thanks to a freedom of Information request, Scotland Yard was worried that British fans of Star Trek might turn against society. This was tracked as part of a file called UFO New Religious Movements (NRMs) And The Millennium. In addition to Star Trek they were also worried about people who watch shows like X-Files, Dark Skies, Roswell, Millennium and The Lawnmower Man.

I already knew that I was being monitored by US Intelligence agencies thanks to my reading and occasionally writing for the Linux Journal. In case you are wondering if I have become insane or paranoid. Unfortunately (or fortunately) that is not the case. This is based on the information revealed in the recent intelligence leaks and was covered on various sites and articles :

While that is troubling in itself, even more troubling to readers on this site is that linuxjournal.com has been flagged as a selector! DasErste.de has published the relevant XKEYSCORE source code, and if you look closely at the rule definitions, you will see linuxjournal.com/content/linux* listed alongside Tails and Tor. According to an article on DasErste.de, the NSA considers Linux Journal an “extremist forum”.

Now, thanks to my love for Star Trek and X-Files I guess I must reconcile myself to being tracked by Scotland Yard as well. I did find it really interesting that Star Wars fans are not part of the potential threats they monitor. Could it be because the person who implemented this tracking was a Star Wars fan and was taking the Star Trek vs the Star Wars argument to a whole new level? That is the only reason that could possibly explain why anyone thought this was a good idea. I mean sure fans of these shows are vocal, enthusiastic and sometimes very disturbing (Try searching for Star Trek Slash Fic if you have a strong stomach for some really weird stuff. Fair warning though, the material you will get back is for adult audiences and just plain weird at times.). However that being said it is not correct to classify them as a cult and start tracking the members as if they did something wrong by liking the wrong show.

From the article:

But the police feared British fans of the cult American show might boldly go a little too far one day.

It has emerged that Scotland Yard kept a secret dossier on Star Trek, The X-Files, and other US sci fi shows amid fears that British fans would go mad and kill themselves, turn against society or start a weird cult.

The American TV shows Roswell and Dark Skies and the film The Lawnmower Man were also monitored to protect the country from rioting and cyber attacks.

I have this mental image of a spy/program monitoring all websites/conferences where Star Trek is discussed, items/props sold or just links to these kind of sites. Once you visit this site, you are automatically added to a database of potential troublemakers and if you actually buy something then you get a higher grade. The more you buy and the more involved you are in fandom the higher your perceived threat level gets.

If the people of the world insist on being idiotic, then there is nothing I can do to stop them. Unfortunately these are the folks in power so they can cause a lot of damage by creating these fictional enemies. I will end this post with the following quote taken from a book by one of my favorite authors (Mercedes Lackey) which is really relevant here :

When those in power intend to abuse that power, they look to an outside enemy in order to trick their people into pressing the means to their own abuse into the hands of the abusers. If an enemy does not exist, it will be manufactured, and all manner of horrors attributed to it, so that anyone who demands truth and accountability is set upon as being unpatriotic. And so that, when someone said to be an enemy is found, there will be few questions asked about guilt or innocence, and many faces averted when he is taken away.

We are setting ourselves up for disaster, stop turning your faces away… Else you soon will be saying “Then they came for me—and there was no one left to speak for me.”.

Sources:
* Slashdot
* The Telegraph

– Suramya

May 19, 2015

Drug use can now be detected using fingerprints

Filed under: My Thoughts — Suramya @ 12:00 AM

Saw this interesting article on Slashdot about research being done in University of Surrey in which they claim to be able to detect the use of cocaine by testing fingerprints using ambient mass spectrometry. As per the paper they do this by spaying solvent on the fingerprint slide and then checking for chemical residue in the print which results from drug abuse.

This will have a big impact in a lot of areas if it is viable to do so cheaply. Companies, cops etc can check for Drug usage in non-invasive fashion and if a positive match is found then they can match the finger print to a person as well making it becomes extremely difficult to fool a drug test. Which is a good thing. Though I wonder how long after a use the chemicals are detectable in the print. I would be surprised if there are there forever but even if they are there temporarily it will reduce the drug abuse at work.

However I am sure there are a lot of legal hurdles etc which will need to be solved if the technology is going be widely used. Currently the test only works for Cocaine, it will be interesting if they can do a similar test for other drugs like Heroine etc.

From the paper:

For their research, scientists sprayed a beam of solvent onto the fingerprint slide (a technique known as Desorption Electrospray Ionisation, or DESI) to determine if these metabolites were present. DESI has found use in a number of forensic applications, but has never been used to demonstrate drug use says lead author Dr Melanie Bailey from the University of Surrey.

Researchers took fingerprints and oral fluid from patients attending a drug and alcohol treatment service. Using a technique called gas chromatography mass spectrometry (GC-MS), they tested the oral fluid of patients for the presence of cocaine and benzoylecgonine. They then employed DESI, which operates under ambient conditions and Ion Mobility Tandem Mass Spectrometry Matrix Assisted Laser Desorption Ionization (MALDI-IMS-MS/MS) and Secondary Ion Mass Spectrometry (SIMS), to analyse the corresponding fingerprints.

– Suramya

May 17, 2015

Penn Libraries Launches Digital Resources Online Platform

Filed under: Interesting Sites — Suramya @ 11:04 AM

In an effort to make information more freely available and answer the growing demand for open data Penn Libraries have made some of their cultural heritage materials available for free downloads as high-resolution images along with machine-readable descriptive and technical metadata about the images via their OPenn digital resources website. Looking at the site I see that they are not kidding about the images being high-resolution, I downloaded one of them just to see how it looked and it was a 3400×4444 image file 45MB in size.

From their press release:

Images from items such as a 16th-century Portolan Atlas and a unique book of Ciphers made for Pope Calixtus III in the 15th century are available on OPenn.

More datasets, including manuscripts from Penn’s own holdings and items from other institutions, will be added in the near future. Historic diaries from a variety of Institutions belonging to the Philadelphia Area Consortium of Special Collections Libraries are next in line for inclusion on OPenn. Many of these documents are unknown while others are celebrated, such as the Union League of Philadelphia’s Tanner manuscript, a unique firsthand account of the events surrounding the assassination of Abraham Lincoln.

”Allowing all those who wish to use data from the site to do so, in whatever way they desire and without requiring them to ask for permission, creates boundless possibility and an exciting unpredictability surrounding the outcomes,” said Will Noel, director of Penn Libraries’ Kislak Center for Special Collections, Rare Books and Manuscripts.

It’s good to see more and more libraries making their works available online for free. It can only help with spreading the knowledge.

– Suramya

May 16, 2015

Testing Auto post publication to FB, Twitter

Filed under: My Life — Suramya @ 7:57 PM

Testing Auto post publication to FB, Twitter. If all goes well this should be posted to FB and Twitter automatically.

[UPDATE] Yay! It worked :)

– Suramya

Facebook Command Line (FBCMD) no longer works fully

Filed under: My Thoughts — Suramya @ 7:08 PM

Thanks to FB constantly changing their API the maintainer for FBCMD finally decided to call it quits and shut down the project. I found out about this when I started hitting issues with syncing my blog posts automatically to my Facebook account. I would keep getting an error that the app didn’t have the permissions to post to my wall even though I explicitly granted it permissions again. From the maintainers site:

I am now raising a family and have a demanding job. When I do get precious “free” time, there are other projects I’d rather spend my time on.
I stopped using FBCMD myself. I log in to facebook once a week and lurk around for a bit, but I rarely interact or share anything.
Facebook is moving away from apps that have broad access and permissions.
It was too frustrating to keep up with facebook perpetually depricating features and changing its API.
The straw(s) that broke the camel’s back were: depricating API 1.0, removing offline_access and changing the authentication model.

Now I need to figure out another way to automatically sync my posts to FB. There are a bunch of plugins that people talk about but I still need to decide on which one to use and try them out. Or I could hope that someone decides to pick up the project and fork it.

– Suramya

May 6, 2015

How to Root a second generation Moto x running Lollipop

Filed under: Knowledgebase,Techie Stuff,Tutorials — Suramya @ 11:22 PM

I got my new phone today and as usual the first thing I did was root it before I started copying data over so that I don’t loose data when I unlock the boot loader. The process required a bit of work mainly because I was following instructions for KitKat while my phone was running Lollipop. That caused the phone to go into this funky state where the Play Store API’s went MIA and the entire thing stopped working to the point that I had to do a hard reset to get back to a stable state.

BTW, before you continue please note that this will delete all data on the phone so you need to ensure that you have a proper backup before proceeding. Without further ado, here are the steps I followed to get things to work using my Linux (Debian) desktop:

Unlock the Bootloder

The first thing you have to do is unlock the Boot loader on the phone:

  • Install the Android SDK by issuing the following command:
    apt-get install android-tools-adb android-tools-fastboot
  • Run the following command:
    fastboot oem get_unlock_data
  • Take the string returned, which would look something like this:
    (bootloader) 0A40040192024205#4C4D3556313230
    (bootloader) 30373731363031303332323239#BD00
    (bootloader) 8A672BA4746C2CE02328A2AC0C39F95
    (bootloader) 1A3E5#1F53280002000000000000000
    (bootloader) 0000000

    and concatenate the 5 lines of output into one continuous string without (bootloader) or ‘INFO’ or white spaces. Your string needs to look like this:
    0A40040192024205#4C4D355631323030373731363031303332323239#BD008A672BA4746C2CE02328A2AC0C39F951A3E5#1F532800020000000000000000000000

  • Visit the Motorola Website.
  • Paste the string you got in the previous step on the site, and then click on the ‘Can my Device be Unlocked?’ button and if your device is unlockable, a “REQUEST UNLOCK KEY” button will now appear at the bottom of the page.
  • Click on the “REQUEST UNLOCK KEY” Button.
  • You will now receive a mail with the unlock key at your registered email address
  • Start your device in fastboot mode by pushing and holding the power and volume down at the same time. Then release the power button followed by the volume down button. The device will now power up in fastboot mode.
  • Run the following command to unlock the bootloader:
    fastboot oem unlock 
  • If the code was correct then you will see a message confirming that your device was unlocked and the phone will reboot.

Enable Developer Options/USB Debugging

In order to proceed further we need to enable USB Debugging and in order to do that we need to enable Developer Options following these steps:

  • Pull down the notification drawer and tap on ‘Settings’
  • Scroll down to ‘About Phone’
  • Now scroll down to ‘Build Number’
  • Tap on ‘Build Number’ 7 times.
  • It’ll now say that you are a developer. Now press back, You should now see Developer Options above About Phone.

  • Click on ‘Developer Options’
  • Check the box next to ‘USB debugging’ and save

Root the Phone

First we need to download the correct image file for the model of your phone. I had to look up my model on Wikipedia because for some reason my phone decided not to share that information with me. Use the appropriate link for your model in the list below. I have a XT1092 but the XT1097 image worked fine for me.

After downloading the file, extract it. Run the following command:

adb reboot bootloader

This will restart the phone in the fastboot mode. Then boot using the image you downloaded in the previous step using this command:

fastboot boot /path/to/image/file/CF-Auto-Root-victara-victararetbr-xt1097.img

Once you run the command the Device will boot up, install su and quickly reboot (this is automatic, no user intervention is required). After the phone starts up, you need to install Chainfire’s SuperSU from the Play Store.

After that you are done and your phone is rooted. You can verify the same by installing a ‘Root Verifier’ application from the store.
Well this is all for now, will write more later.

– Suramya

May 5, 2015

I met Rakesh Sharma – the first Indian to go into space this weekend!!

Filed under: My Life — Suramya @ 1:51 AM

I was in Wellington this weekend to spend some time with Gaurang, Kangan & Sid and meet Gaurang’s parents. The visit was great but the highlight for me was getting to meet Wing Commander Rakesh Sharma (Retd.), the first Indian to go to space. At first I didn’t realize who we were going to meet because I was still a bit groggy from lack of sleep but then the lights came on and I realized just who I was going to meet. Trust me I was wide awake shortly thereafter. :)

We met him twice and I even managed to get a photo with him :). I am not going to go into how/why we met him twice and how it almost became thrice but it was worth it. 😉

Well this is all for now. I need to crash now, will write more later.

– Suramya

April 30, 2015

Microsoft is becoming more and more OpenSource Friendly

Filed under: Computer Software,My Thoughts — Suramya @ 8:32 PM

Gone are the days when MS compared open source software as a cancer. If you are wondering what I meant by that statement then here’s a brief history lesson: Back in 2001 Steve Ballmer, then CEO of MS said that “Linux is a cancer that attaches itself in an intellectual property sense to everything it touches. He made other similar statements and accusations over the years during his time at the head of MS. Now that he is finally out of the picture MS has suddenly gotten a lot more friendly to the Open Source movement and over the past few months has made major announcements to woo developers back to the Windows eco system.

Today MS made two major announcements at it’s Build Developer Conference that mark another step in the right direction for the company. The first was the Launch of Visual Studio Code, A Free Cross-Platform Code Editor For OS X, Linux And Windows.

This is the first release of a cross-platform code editor from Microsoft as till now all of their offerings required you to be running Windows. Which immediately prevented all developers running Linux or Mac OS from using their software. This is no longer the case, however it still remains to be seen how many folks switch to this new editor from their existing favorites. As you know that arguments/discussions on which editor is the best for development is akin to a religious war for developers. So not sure how many will switch to the new IDE.

Please note that this is a Preview release so is not ready for prime time yet and that also means that the software sends data back to MS. From the download site: “When this tool crashes, we automatically collect crash dumps so we can figure out what went wrong. If you don’t want to send your crash dumps to Microsoft, don’t install this tool. “. Don’t think they can be clearer than that about what they are up to.

Visual Studio Code offers developers built-in support for multiple languages and as Microsoft noted in today’s Build keynote, the editor will feature rich code assistance and navigation for all of these languages. JavaScript, TypeScript, Node.js and ASP.NET 5 developers will also get a set of additional tools.

The editor features all of the standard tools you would expect from a modern code editor, including syntax highlighting, customizable keyboard bindings, bracket matching and snippets. It also works with Git out of the box

The IDE is available for download at this site.

The second announcement was the release of their .NET Distribution For Linux And Mac. This is a follow up to their promise back in Nov 2014 to release the core features of their .NET platform for Linux and Mac.

Microsoft says it is taking .NET cross-platform in order to build and leverage a bigger ecosystem for it. As the company also noted shortly after the original announcement, it decided that, to take .NET cross-platform, it had to do so as an open source project. To shepherd it going forward, Microsoft also launched the .NET Foundation last year.

You can download the Preview builds for the .NET core from their site.

Additional details on their announcement and other things in the pipeline are available on their blog: .NET Announcements at Build 2015.

Well this is all for now. I just finished downloading their new IDE so I am going to go try installing it and see how it looks/works. Who knows I might actually like it. :)

– Suramya

April 26, 2015

How to create Electric Ink for projects

Filed under: Interesting Sites,Knowledgebase,Techie Stuff — Suramya @ 9:48 AM

At times using wires in a project might not be the most practical option because of space/weight limitations. If that is the case then you should take a look at Electric Ink for creating cheap circuits. In fact you can make your own Electric Ink using a process which is quite simple. The good folks at the Popular Science site have provided us with an instruction guide that I am reproducing here so that I don’t loose the instructions in case PopSci decides to reorg their site:

Materials:

  • Powdered graphite
  • White vinegar
  • Syringe
  • Elmer’s clear glue (I think any clear glue should work)

Instructions

  • To make the ink, put powdered graphite in a cup, cover with vinegar, and stir. Let it sit for a few minutes.
  • Once the graphite settles on the bottom of the cup, remove the clear liquid on top with a syringe.
  • Stir in about a teaspoon of glue to keep the graphite suspended. A thick line of paint has a resistance of a few kilohms per inch.
  • Draw the circuit, wait for it to dry and then you can test it out.

I was wondering if this would work on T-Shirts, under a laminate or other such protective coating to prevent the circuit from getting washed out. Maybe I should try this out over the weekend on one of my old T-Shirts. Wonder what kinds of design’s I would be able to make before hitting issues if this works.

– Suramya

April 25, 2015

There is no such thing as a completely secure OS

Filed under: Computer Security,My Thoughts — Suramya @ 1:47 AM

Every once in a while while talking to folks about computer security I am told that I should switch to Mac’s because they don’t have security issues or viruses. I find that very amusing and I think the following comic sums up the ‘apple fanboi’ thinking quite succinctly:

Even though it is funny, unfortunately a whole lot of folks still believe in the Myth that Apple computers/devices are secure/don’t get viruses. Now, don’t get me wrong, there are a lot of good points for the Mac OS and they just work for some people. I am not one of them but that doesn’t mean that I ‘hate’ Mac OS or Windows for that matter. I like Linux, others don’t. That is their choice and this is my choice. This post is to talk about computer security and high light some of the major flaws that have hit Apple computers over the past few months:

Firmware Boot kit: Thunderbird

This was discovered by Trammell Hudson back in Jan 2015. It allows a user to quietly, persistently and virally compromise Apple Macs from boot. Since the code is stored in the firmware it is very difficult to detect and remove. It works against all Macbooks released since 2011. Apple has released a fix but it is hard to ensure that your computer isn’t already infected before applying the patch.

Details are at: Thunderstrike shocks OS X with firmware bootkit.

Shellshock: Mac’s are vulnerable

Shellshock allowed attacker’s to insert malicious pieces of code from a remote location and get full system control of a victim’s machine. The scary part of the story wasn’t that Apple computers were vulnerable (plenty of systems were), it was the fact that Apple refused to acknowledge the issue and took over 15 days to release a patch for the problem, even though it was being actively exploited in the wild. Their justification was that “The vast majority of OS X users are not at risk to recently reported bash vulnerabilities… With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services”.

So basically if you don’t use your computer to do anything other than the default configuration you are good. (for the most part) Those of us who use Mac’s to actually code or develop stuff are not a priority for Apple.

Bypassing OS X Security (Gatekeeper & xProtect)

Patrick Wardle, director of research at Synack spoke at the RSA conference a few days ago about OS X security and as per him getting around the restrictions put in by the OS X Security tools is trivial.

“Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper,”

More details on the issue are at: Researcher Discloses Methods For Bypassing All OS X Security Protections

iOS WiFi Bug Allows Remote Reboot of All Devices In Area

This one is my favorite. It allows an attacker to cause all iOS devices (iPhones/iPads) in a particular area to Crash and/or reboot. It involves setting up a rogue wireless access point (WiFi hotspot) and manipulating the traffic to it to cause all apps and iOS devices in range to crash. The best part is that there is no fix for it. The only way to resolve the issue is to move out of range of the Access Point. Even putting your phone in Airplane mode doesn’t work. Which is scary on it’s own because that means that even when you are in Airplane mode the phone is still transmitting/receiving data from wireless networks.

Since there is no fix for it yet, the researchers have not released a lot of details on the exploit but once Apple releases a fix they will give more details it. Then I can just imagine someone setting up one of these using a Raspberry Pi at a conference hidden under a table causing a whole bunch of people a whole lot of pain/annoyance.

Additional details of the issue are at: Evil Wi-Fi kills iPhones, iPods in range

There are a whole lot more where these came from. So the moral of the story is that there is no system that is 100% secure. If you want to stay safe, follow best practices, update frequently and pray.

– Suramya

Older Posts »

Powered by WordPress