Suramya's Blog

Visit suramya.com Who am I?

December 5, 2017

Dominos Pizza online has stronger password requirements than Citibank India Online

Filed under: Computer Related,My Thoughts,Techie Stuff — Suramya @ 11:59 PM

Today I decided to change my IPIN (Internet Pin) on Citibank as I haven’t changed it in a while and its a good idea to change it on a regular basis. So I logged in to my account and clicked on the password reset link and I got the following text:

The first item there is fairly standard but what really surprised me were items # 3,4 & 6. What do you mean I can’t have any special characters in my password? Why can’t I have a password longer than 16 Characters when the NIST password guidelines recommend that you allow a password of up to 64 char’s in length.

In contrast The Dominos Pizza’s Online portal has stronger security and requires you to have Upper case, Lower Case, Numeric Char and a Special Character in the password. Making it a lot more secure and harder to crack than the Citibank password.

This is not all. The best part is yet to come. I use a password manager and my generated password was 22 characters long this time, so I pasted it into the form and the system accepted the password change. Now since I am a paranoid person I decided to check if the password changed successfully by logging in with the new password. Imagine my surprise when an error message popped up on screen when I tried to log in telling me that my password can’t be longer than 16 chars. I was confused since the password change form took my 22 char password without trouble, so I tried logging in with the old password and that obviously didn’t work. Finally I tried removing the extra 6 characters from my password and was able to log in.

Basically the stupid system truncated my password to 16 and then saved it instead of warning me that my password was too long when I was changing the password which would have been the logical thing to do.

Citibank needs to update its system to follow the NIST rules and start allowing people to choose more secure passwords.

Well this is all for now, will write more later.

– Suramya

April 15, 2015

Please defend Internet Freedom in India

Filed under: Computer Related,Interesting Sites,My Thoughts,Techie Stuff — Suramya @ 1:34 AM

Not content with watching the US and certain other countries screw around with net neutrality the Telecom Regulatory Authority of India (TRAI) has decided to pitch in and make a mess of things (again) in India. These are the same brilliant folks who decided in 2007 that an entire IRC network (undernet.com) should be blocked in India because there are a few channels on it that promoted piracy. It took a few years for the stupid ban to get lifted. Even now a bunch of URL’s are blocked but for the most part things are ok.

Unfortunately that is not going to be the case for long if the telecom lobbyist’s have their way. They want to break up the internet access to Paid and free access with the Telecom’s deciding what content should be available to a user. If a site doesn’t pay then they would either get blocked or get put on a ‘slow-lane’ where traffic to the site is artificially slowed down to give more bandwidth to paying sites. In short they want to take away net neutrality. So what exactly does net neutrality mean? In short it means:

  • All sites on the internet must be equally accessible (that means that no site’s traffic is given priority)
  • The same access speed at the telco/ISP level for each (So assuming all else is the same then all sites will be accessible at the same speed)
  • The same data cost for access to each site (per KB/MB). (No reducing of data cost to sites that pay Telecom’s money)

TRAI has released a consultation paper with 20 questions and wants you to send them an e-mail by 24th of April, 2015. Please visit Save the Internet to submit your responses to TRAI. It is as simple as going to the site, reviewing the email with the answers and then sending it out. Your 5 mins just might save the net in India.

More information on this issue is available at the following sites:

Once you have emailed your responses please help in spreading the word to others via Social Media/Email/Smoke Signals.

– Suramya

November 17, 2014

Microsoft launches free Visual Studio Community 2013

Microsoft is on a roll recently and is becoming more and more active in the open source community by releasing many of it’s core tools and programs as open source, making them free and cross platform. Earlier this week news came out that MS had released a significant portion of their .NET framework under a permissive opensource license on Github. Before everyone had even finished digesting this news MS posted news that it is releasing Visual Studio Community 2013 as a free download for individual and small business use (teams of up to five people).

This is a brilliant move on their part to keep their market share. One of the major issues people had when developing software for Windows using Visual studio was the cost associated with the licenses. When I was in school and wanted to get a licensed copy of Visual Studio for my use I was told to go buy a pirated copy because the original cost was way too high (Rs 60,000 if you want to know). Keep in might that this is before the Dot com and Tech boom so that amounted to a couple of months of salary for most folks. As you can imagine most people went for the pirated version instead which costed Rs 100 or so. Now fast forward a few years to when open-source started taking off, now the development environment could be downloaded off the internet legally for free. A lot of folks including me switched to open source development tools. The only people still using MS Studio were either using their work/university licenses or were on pirated copies.

Now with .NET opensourced and available for use on Linux, Mac and windows, making a free version of Visual Studio available makes it easier for people to start working on and building software in the MS ecosystem.

I know of a few people who will find this news exciting. For the rest of us, this doesn’t impact us directly but definitely shows which way the wind is blowing in the software world and highlights the fact that FOSS is here to stay. 🙂

Official Announcement: Microsoft Blog
Via Betanews.com

– Suramya

PS: I know that Visual Studio express has been around for a while but it was a severely limited version as opposed to the Community version just released.

November 4, 2014

The Underhanded C Contest 2014 is open

Filed under: Computer Related,Interesting Sites,Techie Stuff — Suramya @ 11:43 PM

Do you think you have the skills to write code that is as readable, clear, innocent and straightforward as possible, and yet somehow exhibits evil behavior that cannot be seen even when staring at the source code? If so then you should take a look at The Underhanded C Contest. The contest has been running for about 6 years now and it is amazing how easy these guys make it look to create code that does something but looks like it is doing something else.

The 7th Underhanded C Contest is now open.

The goal of the contest is to write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil. Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.

Check it out at: The Underhanded C Contest.
Source: Slashdot.org

– Suramya

November 3, 2014

Use Excel to Watch Movies at Work

Before I start, let me make it very clear: I don’t recommend that you do this at work. If you get fired for doing this then it is your fault. I take absolutely no responsibility. That being said, lets proceed. I found this very interesting because it shows that no matter how much you try to secure a system there is always a way around any restrictions people put in the system and the only truly secure system is one encased in a ton of concrete at the bottom of the ocean. In this case a user figured out how to use the VBA (Visual Basic for Applications) functionality in Excel to go around the restrictions placed on his computer by his company’s IT department to watch movies at work.

From a Hacker/ingenuity point of view I love this, but from a work perspective I don’t think this was such a good idea. If you really wanted to watch a movie at work then there are easier and safer options to do so; watching it on your phone or tablet is one option that comes to mind. I seriously doubt that his IT admin or his manager would be amused when they find out about this hack.

Behind the cascade of rectangles and in the land of the Excel macro, [AyrA_ch] took advantage of the program’s VBA (Visual Basic for Applications) functions to circumvent the computer’s restrictions. Although VBA typically serves the more-complex-than-usual macro, it can also invoke some Windows API commands, one of which calls Windows Media Player. The Excel file includes a working playlist and some rudimentary controls: play, pause, stop, etc. as well as an inspired pie chart countdown timer.

Hacking things is fun, but folks need to realize that they need stop being stupid about it. I am sure there is a lot of things I can do at work that I might not be supposed to but just because you can, doesn’t mean that you should.

Check out the original post on Reddit for a link to the file and a more detailed explanation.

Thanks to Hackaday.com for the story.

– Suramya

October 10, 2014

Instead of wasting time playing Sudoku you should mine Bitcoins with Pencil and Paper

Filed under: Computer Related,Computer Security,Techie Stuff — Suramya @ 11:58 PM

Do you like to play Sudoko? If so then you should look at using paper and pencil to mine Bitcoins instead and make some money out of your hobby. A bloke named Ken Shirriff who is an engineer at google has created a video and a detailed blog post on how this can be done. Apparently it is a slow process but the algorithms for Bitcoin generation are easy enough to crunch.

Shirriff completed a round of SHA-256 in 16 minutes and 45 seconds at which rate a full Bitcoin block would take about a day and a half, less with more practice, he said.

“The SHA-256 algorithm is surprisingly simple to do by hand,” Shirriff said.

“In comparison, current Bitcoin mining hardware does several terahashes per second, about a quintillion times faster than my manual hashing.

All I can say is, go for it if you like crunching numbers… I know I won’t. 🙂

Source: Theregister.com

– Suramya

October 8, 2014

Crystal that can absorb all Oxygen in a room and release It later

Filed under: My Thoughts,News/Articles,Techie Stuff — Suramya @ 11:07 AM

Researchers in Denmark have created a crystal out of a cobalt salt that absorbs oxygen and stores it. If the crystal is then exposed to heat or low oxygen conditions it releases the stored oxygen back out. It is efficient enough that just a spoonful of the crystal can suck up all the oxygen in a room. This is an awesome find/creation and I can think of a lot of uses for this of the top of my head:

  • Firefighting/Fire suppression systems in buildings
  • Scuba Diving
  • Underwater Search and rescue
  • Space travel

and a whole bunch of other uses that I haven’t thought of yet.

The crystal is a salt made from cobalt*, and it appears to be capable of holding oxygen at a concentration that is 160 times higher than the air we breathe. The paper notes that “an excess” of the substance would bind up to 99 percent of the oxygen in a room.

But what’s more remarkable is that the crystal can later release the oxygen when exposed to heat or low-oxygen conditions. In a press release, study author Christine McKenzie likens it to the hemoglobin in our blood, which uses iron to bind and release oxygen in the human body.

If you must know, the chemical name of the salt is written out as [{(bpbp)Co2II(NO3)}2(NH2bdc)](NO3)2 * 2H2O, where “bpbp” stands for 2,6-bis(N,N-bis(2-pyridylmethyl)-aminomethyl)-4-tert-butylphenolato, and “NH2bdc2” stands for 2-amino-1,4-benzenedicarboxylato).

Now if you can understand the gobbledy gooke in the last paragraph hats off to you, I will just call it a crystal and be done with it. This is the first findings paper and hopefully the crystal will live up to its expectations. The research paper detailing the findings is available at: findresearcher.sdu.dk

Thanks to popsci.com for the original story.

– Suramya

October 1, 2014

Erase Your iCloud Drive by reseting your iPhone settings

This has not been a good month for Tech, we are getting issues across the board on all fronts. First we had the iCloud hack (or fappenning as it was called). Then ShellShock hit followed by this new issue in iOS 8 where if you reset your iPhone settings your backups on the cloud also go bye-bye. Ouch! I hope if you are using the iCloud (or any cloud for that matter) you have a duplicate copy of your data somewhere else or you better not try to reset your phone.

The bug creeps up when you select Settings > General > Reset > Reset All Settings. Typically, this is just supposed to reset your network settings to give your iOS device a clean slate to work with, but it turns out it’s also deleting all your files from iCloud Drive.

The issue was discovered by members of the MacRumors forum. It just shows that no matter how much we try nothing is perfect and there are bugs in every system. The best way to ensure that don’t loose data is to store it in multiple places using multiple types of media/services.

I have a lot of my data backed up on a RAID array and am in the process of setting up a cloud server at home to sync it across different locations. I am not using Dropbox or other such services because I don’t want to trust my data to any external provider. Earlier I used to back up data on DVD’s/CD’s. Before that I used to store the data on Floppy disks.

Fun fact, I was recently looking for some code that I had written around 1998 and ended up searching through my old Floppy disks to find it. Interesting thing was that about 90% of the disks still worked and I was able to read the data without issues. (Well… no issues other then the fact that I had to buy a USB floppy drive as my mother board doesn’t have a connector for floppy drives…) I don’t see the same level of longevity in either DVD’s or CD’s so far. I haven’t tried Blue-Ray disks yet because of the cost and the fact that HDD’s are getting cheaper / larger.

Thanks to lifehacker.com for the initial links.

– Suramya

April 11, 2014

France bans managers from contacting workers outside business hours

Filed under: News/Articles — Suramya @ 11:58 AM

France because a very attractive place for employees yesterday when an agreement between employer organizations and labor unions in France has made it illegal for French managers to contact their employees about work-related matters outside of normal business hours. Think about it… if you were in France right now you could switch off your blackberry/email after 6pm and not worry about any work related items till next morning.

Although this is great news for workers, thinking about it from the employers perspective, it is not such a great ruling. What if a critical server went down at 7pm? Would you have to reach out to outsourced IT call centers for resolutions?

The agreement, which amends an existing pact signed in 1999, specifies that employees must have “the opportunity to disconnect from remote communication tools at their disposal” (in the words of Google’s Francophone translating robots) to ensure that they comply with strict rules on working hours.

That means French workers who receive emails or calls from coworkers or the boss at dinnertime can now safely ignore them without fear of retribution.

I bet a lot of folks are thinking about moving to France right about now…

Thanks to The Register for the story.

– Suramya

March 26, 2014

Using E coli to build futuristic materials

Filed under: My Thoughts,News/Articles,Techie Stuff — Suramya @ 1:44 AM

Back in 2000 I had written an article for NJIT’s college newspaper ‘The Vector’ about how boffins at the University of Texas were using viruses to create semi-conductor chips. This weekend I was going through my files and I found a scanned copy of the article that I had been meaning to transcribe and post on the site but never got around doing, Then today I had a story about MIT researchers using Bacteria to assemble furniture pop-up in my feeds so I had to write a post about it. 🙂

Specifically, the MIT researchers were able to put bacteria to work producing conducting biofilms, some of which were studded with quantum dots, and arranging gold nanowires. This paves the way for the development of mass manufactured cell-based material factories, and even “living materials” that have some of the desirable properties of bones or trees, Lu confirmed.

They were able to do this by using E. coli, which naturally creates biofilms containing amyloid fibril proteins which, somewhat like the hooks in Velcro, help it attach to surfaces. The hooks on this gloopy velcro are made from a repeating chain of protein units called CsgA, which can be modified by adding peptides, which can be used to let parts of the film capture specific materials, like gold nanoparticles.

Basically the researches were able to make the bacteria grow in a particular design using a genetically engineered strain of CsgA, opening the way for future generations to be able to create bio-engineered equipment on demand. One of the things that is a bit scary is that they are using live bacteria for this experiment so they would have to be absolutely sure that they don’t mutate and cause a potential outbreak down the line.

I don’t know if this research is going to go anywhere or will it become another curiosity like the story on chip manufacture in 2000’s that never really went anywhere after the initial story. I did a cursory search today on that story but didn’t find any follow up articles or papers on it. Guess not every initial success is followed up by later successes and commercial successes.

Thanks to Slashdot and The Register for the original links.

– Suramya

Older Posts »

Powered by WordPress