Suramya's Blog : Welcome to my crazy life…

August 14, 2020

Updating the BIOS to address a AMD Ryzen bug

Filed under: Computer Related,Computer Software,Tech Related — Suramya @ 5:13 PM

Over the past few months I have been infrequently seeing the following warning message in the Terminal and had been ignoring it because apparently the fix was to update the BIOS and I didn’t have the patience/time to do the upgrade at that point in time:

WARNING: CPU random generator seem to be failing, disable hardware random number generation
WARNING: RDRND generated: 0xffffffff 0xffffffff 0xffffffff 0xffffffff
WARNING: CPU random generator seem to be failing, disable hardware random number generation
WARNING: RDRND generated: 0xffffffff 0xffffffff 0xffffffff 0xffffffff

Today I thought that I should fix the error, a bit of Google searching confirmed that I needed to update the BIOS because apparently there was a bug in the AMD Ryzen 3000 series processor that causes the onboard random number generator to always return 0xffffffff when asked to generate a Random number. Obviously getting the same number every time is not optimal even though Dilbert feels otherwise.


Random Number Generator in Accounting

AMD was notified about it last year and they released a BIOS update to fix the issue, however each Motherboard company had to validate and release the new BIOS which took time. The fix was to upgrade the BIOS and I really wasn’t looking forward to it as the last time I upgraded the BIOS it was a painful exercise involving floppy disks and cursing etc.

I looked up my BIOS version using the dmidecode command but that didn’t give me enough information to find the new BIOS version for my motherboard (‘ROG STRIX X570-E GAMING’). So I rebooted the computer and found the built in BIOS upgrade section under Tools. I decided to give it a try and see what options are available so I clicked on the Upgrade option and it gave me the option of connecting to the Internet and automatically downloading the latest version of the BIOS or installing it from a USB/Disk Drive. I selected the Network Install option and the system happily downloaded the latest version of the BIOS from the Internet and then gave me the option to Install the new version. I selected ‘Yes’ and the BIOS was upgraded.

The system had to reboot a few times for the upgrade to complete and there was a boot where the system played a bunch of beeps without anything coming up on the display which scared the life out of me but then it immediately rebooted and the display came back. After the upgrade completed I got a screen with a bunch of messages about BIOS settings needing to be reinitialized but when I went into the BIOS the settings were all there. So I rebooted and now all looks good and I don’t see any more weird error messages in the Console or the logs.

I am happy to see that the process to upgrade the BIOS is now so simple and I will be upgrading the BIOS more frequently going forward.

– Suramya

July 27, 2020

Cloaking your Digital Image using Fawkes to thwart unauthorized Deep Learning Models

Filed under: Computer Related,Computer Software,My Thoughts,Tech Related — Suramya @ 3:42 PM

Unless you have been living under a rock you have seen or heard about facial recognition technologies that are actively in use in the world. You have the movie/TV version where a still image from a video feed is instantly compared to every image in the database to match a perp, then you have the real world example where there are systems that take all your social media feeds, images of yours posted anywhere as a dataset to train a system that can identify you from a video feed (not as quickly as the TV version but still fast).

So what is the way to prevent this? Unfortunately there isn’t one (or at least there wasn’t a realistic one till recently). Earlier you had to ensure that no image of yours is ever posted online, you are never caught in a security feed or traffic cam anywhere. Which as you can imagine is pretty impossible in today’s connected world. Even if I don’t post a picture of me online, my friends with whom I attended a party might upload a pic with me in the background and tag me. Or you get peer pressured to upload the photos to FB or Twitter etc.

There is not much we can do about state sponsored learning models but there are plenty of other folks running unauthorized setups that consume photos posted publicly without permission to train their AI models. These are the systems targeted by folks from the SAND Lab at University of Chicago who have developed Fawkes1, an algorithm and software tool (running locally on your computer) that gives individuals the ability to limit how their own images can be used to track them.

At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then use these “cloaked” photos as you normally would, sharing them on social media, sending them to friends, printing them or displaying them on digital devices, the same way you would any other photo. The difference, however, is that if and when someone tries to use these photos to build a facial recognition model, “cloaked” images will teach the model an highly distorted version of what makes you look like you. The cloak effect is not easily detectable, and will not cause errors in model training. However, when someone tries to identify you using an unaltered image of you (e.g. a photo taken in public), and tries to identify you, they will fail.

The research and the tool will be presented at the upcoming USENIX Security Symposium, to be held on August 12 to 14. The software is available for download at the projects GitHub repository and they welcome contributions.

It would be amazing when this tool matures and I can imagine it becoming a default part of operating systems so that all images uploaded get processed by the tool by default reducing the risk of automatic facial recognition. Although I can’t imagine any of the governments/Facebook being too happy about this tool being publicly available. 🙂

Well this is all for now. Will write more later.

Thanks to Schneier on Security for the initial link.

– Suramya

August 12, 2019

LinuxJournal.com: shutdown -h now

Filed under: Computer Related,My Thoughts,Tech Related — Suramya @ 10:24 AM

Last week I got an unpleasant surprise in my mailbox, an email from Linux Journal stating that they were closing up shop effective immediately as they had completely run out of money with no hope of resurrection. LJ was one of the first Linux magazines I wrote for and it will always have a special place in my heart.

IMPORTANT NOTICE FROM LINUX JOURNAL, LLC:
On August 7, 2019, Linux Journal shut its doors for good. All staff were laid off and the company is left with no operating funds to continue in any capacity. The website will continue to stay up for the next few weeks, hopefully longer for archival purposes if we can make it happen.
–Linux Journal, LLC

The website is up for the moment but might go down anytime. I do have an archive of all LJ issues on my home computer that I had made the last time LJ was about to shutdown and I will post them to the site in a few days. This archive doesn’t have the latest releases so I will need to download that before I post them online. In addition I am sure there are efforts ongoing to archive the website as well since it had a lot of great content on it. If not then I will kick off something to archive the site once I get home.

Well this is all for now. It was a great run LJ, you will be missed.

– Suramya

December 5, 2017

Dominos Pizza online has stronger password requirements than Citibank India Online

Filed under: Computer Related,My Thoughts,Tech Related — Suramya @ 11:59 PM

Today I decided to change my IPIN (Internet Pin) on Citibank as I haven’t changed it in a while and its a good idea to change it on a regular basis. So I logged in to my account and clicked on the password reset link and I got the following text:

The first item there is fairly standard but what really surprised me were items # 3,4 & 6. What do you mean I can’t have any special characters in my password? Why can’t I have a password longer than 16 Characters when the NIST password guidelines recommend that you allow a password of up to 64 char’s in length.

In contrast The Dominos Pizza’s Online portal has stronger security and requires you to have Upper case, Lower Case, Numeric Char and a Special Character in the password. Making it a lot more secure and harder to crack than the Citibank password.

This is not all. The best part is yet to come. I use a password manager and my generated password was 22 characters long this time, so I pasted it into the form and the system accepted the password change. Now since I am a paranoid person I decided to check if the password changed successfully by logging in with the new password. Imagine my surprise when an error message popped up on screen when I tried to log in telling me that my password can’t be longer than 16 chars. I was confused since the password change form took my 22 char password without trouble, so I tried logging in with the old password and that obviously didn’t work. Finally I tried removing the extra 6 characters from my password and was able to log in.

Basically the stupid system truncated my password to 16 and then saved it instead of warning me that my password was too long when I was changing the password which would have been the logical thing to do.

Citibank needs to update its system to follow the NIST rules and start allowing people to choose more secure passwords.

Well this is all for now, will write more later.

– Suramya

April 15, 2015

Please defend Internet Freedom in India

Filed under: Computer Related,Interesting Sites,My Thoughts,Tech Related — Suramya @ 1:34 AM

Not content with watching the US and certain other countries screw around with net neutrality the Telecom Regulatory Authority of India (TRAI) has decided to pitch in and make a mess of things (again) in India. These are the same brilliant folks who decided in 2007 that an entire IRC network (undernet.com) should be blocked in India because there are a few channels on it that promoted piracy. It took a few years for the stupid ban to get lifted. Even now a bunch of URL’s are blocked but for the most part things are ok.

Unfortunately that is not going to be the case for long if the telecom lobbyist’s have their way. They want to break up the internet access to Paid and free access with the Telecom’s deciding what content should be available to a user. If a site doesn’t pay then they would either get blocked or get put on a ‘slow-lane’ where traffic to the site is artificially slowed down to give more bandwidth to paying sites. In short they want to take away net neutrality. So what exactly does net neutrality mean? In short it means:

  • All sites on the internet must be equally accessible (that means that no site’s traffic is given priority)
  • The same access speed at the telco/ISP level for each (So assuming all else is the same then all sites will be accessible at the same speed)
  • The same data cost for access to each site (per KB/MB). (No reducing of data cost to sites that pay Telecom’s money)

TRAI has released a consultation paper with 20 questions and wants you to send them an e-mail by 24th of April, 2015. Please visit Save the Internet to submit your responses to TRAI. It is as simple as going to the site, reviewing the email with the answers and then sending it out. Your 5 mins just might save the net in India.

More information on this issue is available at the following sites:

Once you have emailed your responses please help in spreading the word to others via Social Media/Email/Smoke Signals.

– Suramya

November 17, 2014

Microsoft launches free Visual Studio Community 2013

Filed under: Computer Related,Computer Software,Interesting Sites,My Thoughts,Tech Related — Suramya @ 11:30 AM

Microsoft is on a roll recently and is becoming more and more active in the open source community by releasing many of it’s core tools and programs as open source, making them free and cross platform. Earlier this week news came out that MS had released a significant portion of their .NET framework under a permissive opensource license on Github. Before everyone had even finished digesting this news MS posted news that it is releasing Visual Studio Community 2013 as a free download for individual and small business use (teams of up to five people).

This is a brilliant move on their part to keep their market share. One of the major issues people had when developing software for Windows using Visual studio was the cost associated with the licenses. When I was in school and wanted to get a licensed copy of Visual Studio for my use I was told to go buy a pirated copy because the original cost was way too high (Rs 60,000 if you want to know). Keep in might that this is before the Dot com and Tech boom so that amounted to a couple of months of salary for most folks. As you can imagine most people went for the pirated version instead which costed Rs 100 or so. Now fast forward a few years to when open-source started taking off, now the development environment could be downloaded off the internet legally for free. A lot of folks including me switched to open source development tools. The only people still using MS Studio were either using their work/university licenses or were on pirated copies.

Now with .NET opensourced and available for use on Linux, Mac and windows, making a free version of Visual Studio available makes it easier for people to start working on and building software in the MS ecosystem.

I know of a few people who will find this news exciting. For the rest of us, this doesn’t impact us directly but definitely shows which way the wind is blowing in the software world and highlights the fact that FOSS is here to stay. 🙂

Official Announcement: Microsoft Blog
Via Betanews.com

– Suramya

PS: I know that Visual Studio express has been around for a while but it was a severely limited version as opposed to the Community version just released.

November 4, 2014

The Underhanded C Contest 2014 is open

Filed under: Computer Related,Interesting Sites,Tech Related — Suramya @ 11:43 PM

Do you think you have the skills to write code that is as readable, clear, innocent and straightforward as possible, and yet somehow exhibits evil behavior that cannot be seen even when staring at the source code? If so then you should take a look at The Underhanded C Contest. The contest has been running for about 6 years now and it is amazing how easy these guys make it look to create code that does something but looks like it is doing something else.

The 7th Underhanded C Contest is now open.

The goal of the contest is to write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil. Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.

Check it out at: The Underhanded C Contest.
Source: Slashdot.org

– Suramya

November 3, 2014

Use Excel to Watch Movies at Work

Filed under: Computer Related,Computer Security,Computer Software,My Thoughts,Tech Related — Suramya @ 11:14 PM

Before I start, let me make it very clear: I don’t recommend that you do this at work. If you get fired for doing this then it is your fault. I take absolutely no responsibility. That being said, lets proceed. I found this very interesting because it shows that no matter how much you try to secure a system there is always a way around any restrictions people put in the system and the only truly secure system is one encased in a ton of concrete at the bottom of the ocean. In this case a user figured out how to use the VBA (Visual Basic for Applications) functionality in Excel to go around the restrictions placed on his computer by his company’s IT department to watch movies at work.

From a Hacker/ingenuity point of view I love this, but from a work perspective I don’t think this was such a good idea. If you really wanted to watch a movie at work then there are easier and safer options to do so; watching it on your phone or tablet is one option that comes to mind. I seriously doubt that his IT admin or his manager would be amused when they find out about this hack.

Behind the cascade of rectangles and in the land of the Excel macro, [AyrA_ch] took advantage of the program’s VBA (Visual Basic for Applications) functions to circumvent the computer’s restrictions. Although VBA typically serves the more-complex-than-usual macro, it can also invoke some Windows API commands, one of which calls Windows Media Player. The Excel file includes a working playlist and some rudimentary controls: play, pause, stop, etc. as well as an inspired pie chart countdown timer.

Hacking things is fun, but folks need to realize that they need stop being stupid about it. I am sure there is a lot of things I can do at work that I might not be supposed to but just because you can, doesn’t mean that you should.

Check out the original post on Reddit for a link to the file and a more detailed explanation.

Thanks to Hackaday.com for the story.

– Suramya

October 10, 2014

Instead of wasting time playing Sudoku you should mine Bitcoins with Pencil and Paper

Filed under: Computer Related,Computer Security,Tech Related — Suramya @ 11:58 PM

Do you like to play Sudoko? If so then you should look at using paper and pencil to mine Bitcoins instead and make some money out of your hobby. A bloke named Ken Shirriff who is an engineer at google has created a video and a detailed blog post on how this can be done. Apparently it is a slow process but the algorithms for Bitcoin generation are easy enough to crunch.

Shirriff completed a round of SHA-256 in 16 minutes and 45 seconds at which rate a full Bitcoin block would take about a day and a half, less with more practice, he said.

“The SHA-256 algorithm is surprisingly simple to do by hand,” Shirriff said.

“In comparison, current Bitcoin mining hardware does several terahashes per second, about a quintillion times faster than my manual hashing.

All I can say is, go for it if you like crunching numbers… I know I won’t. 🙂

Source: Theregister.com

– Suramya

October 1, 2014

Erase Your iCloud Drive by reseting your iPhone settings

Filed under: Computer Related,Computer Security,Computer Software,My Thoughts,Tech Related — Suramya @ 5:42 PM

This has not been a good month for Tech, we are getting issues across the board on all fronts. First we had the iCloud hack (or fappenning as it was called). Then ShellShock hit followed by this new issue in iOS 8 where if you reset your iPhone settings your backups on the cloud also go bye-bye. Ouch! I hope if you are using the iCloud (or any cloud for that matter) you have a duplicate copy of your data somewhere else or you better not try to reset your phone.

The bug creeps up when you select Settings > General > Reset > Reset All Settings. Typically, this is just supposed to reset your network settings to give your iOS device a clean slate to work with, but it turns out it’s also deleting all your files from iCloud Drive.

The issue was discovered by members of the MacRumors forum. It just shows that no matter how much we try nothing is perfect and there are bugs in every system. The best way to ensure that don’t loose data is to store it in multiple places using multiple types of media/services.

I have a lot of my data backed up on a RAID array and am in the process of setting up a cloud server at home to sync it across different locations. I am not using Dropbox or other such services because I don’t want to trust my data to any external provider. Earlier I used to back up data on DVD’s/CD’s. Before that I used to store the data on Floppy disks.

Fun fact, I was recently looking for some code that I had written around 1998 and ended up searching through my old Floppy disks to find it. Interesting thing was that about 90% of the disks still worked and I was able to read the data without issues. (Well… no issues other then the fact that I had to buy a USB floppy drive as my mother board doesn’t have a connector for floppy drives…) I don’t see the same level of longevity in either DVD’s or CD’s so far. I haven’t tried Blue-Ray disks yet because of the cost and the fact that HDD’s are getting cheaper / larger.

Thanks to lifehacker.com for the initial links.

– Suramya

« Newer PostsOlder Posts »

Powered by WordPress