Suramya's Blog : Welcome to my crazy life…

September 3, 2018

Software hack to keep my speaker powered on

Filed under: Computer Hardware,Linux/Unix Related,Techie Stuff,Tutorials — Suramya @ 6:37 PM

A little while ago I bought a new klipsch speaker as my previous one was starting to die and I love it except for a minor irritation. The speaker has builtin power saving tech that powers it off if its not used for a certain period of time and that means that I have to physically power it on every time I wanted to listen to music which was annoying. As I would invariably be comfortably seated and start the music before remembering that I needed to power it on. Also, I could not start the music from my phone whenever I felt like as the speaker was powered off and I would have to walk to the room to power it on.

After living with the irritation for a while I finally decided to do something about it and whipped up a small script that checks if any music/audio is already playing on the system and if not it plays a 1 second mp3 of an ultrasonic beep. This forces the system to keep the speaker on and I love it as now I can start the music first thing in the morning while lazing in bed. 🙂

The script requires the mpg123 to be installed and you can install it on a Debian system by issuing the following command:

apt-get install mpg123

The Script itself is only 4 lines long:


if ! grep RUNNING /proc/asound/card*/pcm*/sub*/status &> /dev/null ; then
    /usr/bin/mpg123 -q /home/suramya/bin/KeepSpeakerOn.mp3 &> /dev/null

What it does is to check if any of the PCM soundcards have a status of RUNNING and if not it plays the mp3. I have a cron job scheduled to run the script every one min:


* * * * * /home/suramya/bin/ 

One interesting issue I hit during the initial testing was that the mpg123 application kept segfaulting whenever I initiated it from the Cron but it would work fine if I ran the same command from the command prompt. The error I got in the logs was:

High Performance MPEG 1.0/2.0/2.5 Audio Player for Layers 1, 2 and 3
        version 1.25.10; written and copyright by Michael Hipp and others
        free software (LGPL) without any warranty but with best wishes
Cannot connect to server socket err = No such file or directory
Cannot connect to server request channel
jack server is not running or cannot be started
JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for -1, skipping unlock
JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for -1, skipping unlock
/home/suramya/bin/ line 5: 10993 Segmentation fault      /usr/bin/mpg123 /home/suramya/bin/KeepSpeakerOn.mp3 -v

Spent a while trying to debug and finally figured out that the fix for this issue was to add XDG_RUNTIME_DIR=/run/user/<userid> to the cron where you can get the value of <userid> by running the following command and taking the value of uid:

id <username_the_cronjob_is_running_under> 


suramya@StarKnight:~/bin$ id suramya
uid=1000(suramya) gid=1000(suramya) groups=1000(suramya),24(cdrom)....

Putting that line in the cron entry resolved the issue. Not sure why but it works so…

Well this is all for now. Will write more later.

– Suramya

August 24, 2018

Fixing the appstreamcli error when running apt-get update

Filed under: Computer Software,Knowledgebase,Linux/Unix Related,Techie Stuff — Suramya @ 12:05 AM

Over the past few days everytime I tried to update my Debian system using apt-get it would fail with the following error message:

(appstreamcli:5574): GLib-CRITICAL **: 20:49:46.436: g_variant_builder_end: assertion '!GVSB(builder)->uniform_item_types || 
GVSB(builder)->prev_item_type != NULL || g_variant_type_is_definite (GVSB(builder)->type)' failed

(appstreamcli:5574): GLib-CRITICAL **: 20:49:46.436: g_variant_new_variant: assertion 'value != NULL' failed

(appstreamcli:5574): GLib-ERROR **: 20:49:46.436: g_variant_new_parsed: 11-13:invalid GVariant format string
Trace/breakpoint trap
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'if /usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then appstreamcli refresh-cache > 
/dev/null; fi'
E: Sub-process returned an error code

Spent a couple of hours trying to figure out what was causing it and was able to identify that it was caused because of a bug in appstream as tunning the command manually also failed with the same error. When I tried to remove the package as recommended by a few sites it would have removed the entire KDE desktop from my machine which I didn’t want so I was at a loss as to how to fix the problem. So I put the update on hold till I had a bit more time to research the issue and identify the solution.

Today I got some free time and decided to try again and after a little bit of searching stumbled upon the following Bug Report (#906544) where David explained that the error was caused due to a bug in the upstream version of appstream and a little while later Matthias commented that the issue is fixed in the latest version of the software and it would flow down to the Debian repositories in a little bit. Normally I would have just done an apt-get update and then install to get the latest package but since the whole issue was that I couldn’t get the system to finish the update command I had to manually install the package.

To do that I went to the Debian site and opened the software package list for Debian Unstable (as that is what I am using) and searched for appstream. This gave me a link to the updated package (0.12.2-2) that fixed the bug (I had 0.12.2-1 installed). Once I downloaded the package (Make sure you download the correct package based on your system architecture) I manually installed it using the following command as root:

dpkg -i appstream_0.12.2-2_amd64.deb

This installed the package and I was then able to do an apt-get update successfully. I still get the GLib-CRITICAL warnings but that apparently can be ignored without issues.

Hope this helps people who hit the same issue (or reminds me of the solution if/when I hit the issue again).

– Suramya

August 23, 2018

Identifying Programmers by their Coding Style

Filed under: Computer Security,Computer Software,Techie Stuff — Suramya @ 8:42 PM

There is an interesting development in the field of identifying people by what they write. As some of you may already know researchers have been able to identify who wrote a particular text based on the analysis of things like word choice, sentence structure, syntax and punctuation using a technique called stylometry for a while now but it was limited to natural languages and not artificial ones like programming languages.

Now there is new research by Rachel Greenstadt & Aylin Caliskan who are professors of computer science at Drexel University & at George Washington University respectively that proves that code, like other forms of writing is not anonymous. They used Machine Learning algorithms to de-anonymize coders and the really cool part is that they can do this even with reverse compiled code from Binaries with a reasonable level of confidence. So you don’t need access to the original source code to be able to identify who coded it. (Assuming that we have code samples from them in the training DB)

Here’s a simple explanation of how the researchers used machine learning to uncover who authored a piece of code. First, the algorithm they designed identifies all the features found in a selection of code samples. That’s a lot of different characteristics. Think of every aspect that exists in natural language: There’s the words you choose, which way you put them together, sentence length, and so on. Greenstadt and Caliskan then narrowed the features to only include the ones that actually distinguish developers from each other, trimming the list from hundreds of thousands to around 50 or so.

The researchers don’t rely on low-level features, like how code was formatted. Instead, they create “abstract syntax trees,” which reflect code’s underlying structure, rather than its arbitrary components. Their technique is akin to prioritizing someone’s sentence structure, instead of whether they indent each line in a paragraph.

This is both really cool and a bit scary because suddenly we have the ability to identify who wrote a particular piece of code. This removes or atleast reduces the ability of people to release code/software anonymously. This is a good thing when we look at a piece of Malware or virus because now we can find out who wrote it making it easier to prosecute cyber criminals.

However the flip side is that we can now also identify people who write code to secure networks, bypass restrictive regime firewalls, create privacy applications etc. There are a lot of people who contribute to opensource software but don’t want to be identified for various reasons. For example if a programmer in China created a software that allows a user to bypass the Great Firewall of China they would definitely not want the Chinese government to be able to identify them for obvious reasons. Similarly there are folks who wrote some software that they do not want to be associated with their real name for some reason and this would make it more difficult for them to do so.

But this is not the end of the world, there are ways around this by using software to scramble the code. I don’t think many such systems exist right now or if they do they are at a nacent stage. If this research is broadly applied to start identifying coders then the effort to write such scramblers would take high priority and lots of very smart people would start focusing their efforts to invalidate the detectors.

Well this is all for now. Will write more later.

– Suramya

Original source: Schneier’s Blog

August 12, 2018

Critique of a sextortion scam email that I received

Filed under: My Thoughts,Techie Stuff — Suramya @ 11:27 PM

Earlier this month I got an email that claimed to have photos/videos of me viewing adult sites and threatened that they would mail the photos to all my contacts if I don’t send them $7000. To make the email look authentic and scare me, they also included an old password of mind that they got from one of the many leaks over the past few years. I think this one was from a BBS that I used for a bit around 2000-2005.

The reason I am publishing this email and my critique is to show how full of crap such emails are. Basically if you ever get such emails you should never give them money because then they know that they can frighten you to pay and they will keep putting the pressure on to squeeze more and more money out of you.

On the other hand if you know that someone has managed to get their hands on some incriminating photos (they gave proof or you had sent it to them) and are blackmailing you then you should never give in to the blackmail. Instead reach out to the authorities and file a formal complaint. If you are a kid then talk to your parent and have them raise a complaint. Never ever give more photos/videos to the sick person blackmailing you because that just gives them more ammo to blackmail you.

Here are some links to sites that can help guide you:

UK National Crime Agency
Interpol Sextortion
FBI Sextortion

So lets get started, I am going to take apart the email I got to show you how useless and full of it the email is..

I know ***** is your password. Lets get directly to purpose. You do not know me and you are probably thinking why you are getting this email? None has compensated me to check you.

Umm ok… That’s an old password that I haven’t used in over a decade and even then it was used for throwaway logins that I didn’t really care about. It did catch my eye, good job adding it to the subject to catch my attention. Yes, no one compensated you initially but you sure want to get compensated now.

Well, I installed a malware on the adult video clips (adult porn) web site and guess what, you visited this web site to experience fun (you know what I mean). When you were watching video clips, your web browser started out operating as a RDP that has a keylogger which provided me accessibility to your display screen and also web camera. after that, my software collected your complete contacts from your Messenger, FB, as well as email. After that I created a double-screen video. 1st part shows the video you were viewing (you have a fine taste hahah), and second part displays the view of your webcam, and its you.

Wow! You must teach me how you did this. How did you manage to get a browser to act as an RDP, especially on a Linux machine that doesn’t even support the protocol natively? Please sensei, teach me 🙂

Actually the even more amazing trick is how you managed to activate a webcam on my computer as I don’t have any camera’s connected to it. 🙂 Did you hack the display to turn it into a camera? Or did you send nanobots via the wire to reprogram/repurpose one of the parts on my desktop to convert it into a camera?

You got two different choices. Let us understand each of these options in aspects:

1st choice is to disregard this email. In this case, I am going to send your actual video clip to almost all of your contacts and just consider about the humiliation you feel. And consequently in case you are in an important relationship, how it will affect?

Now comes the threat… how are you going to send a video that I just proved can’t exist?

Latter solution is to give me $7000. We are going to think of it as a donation. As a result, I will without delay delete your video footage. You will go forward daily life like this never happened and you would never hear back again from me.

You will make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google search engine).

BTC Address to send to: 1FwvWtFdGBRvoiCa8BQdzqpu5QoiCSRFMa
[CASE SENSITIVE, copy & paste it]

Holy S**T! You really expect people to pay you $7000 for an email that offers no proof of this supposed video that you managed to magically capture? Lets check if anyone was stupid enough to fall for this nonsense. We can use to check the balance of any bit coin address and here’s what the current balance is for this address: $0.0. Yup you have received a big fat 0 for your trouble. In fact I would suggest you sell your software/tech to the NSA/MI5 or other spy agencies around the world and you will get a much better payday.

The money this idiot made from this scam so far.

If you may be thinking of going to the cop, good, this email message cannot be traced back to me. I have covered my moves. I am just not trying to charge you so much, I just like to be paid for. I have a unique pixel in this email, and right now I know that you have read through this mail. You now have one day to pay. If I do not receive the BitCoins, I will certainly send your video recording to all of your contacts including friends and family, colleagues, and so forth. However, if I do get paid, I will erase the video right away. It’s a non-negotiable offer and thus please do not waste my personal time & yours by responding to this mail. If you really want evidence, reply with Yeah! then I will send out your video recording to your 6 contacts.

I am really quaking in my boots. Its been over 3 weeks since you sent out the email, and I don’t know how many of my contacts have received this magical email. Though if I had to guess I would place the number at 0. Since the entire email is a scam to steal money from unsuspecting fools. I think if the person sending out the email hadn’t been so greedy and asked for $7000 but rather asked for something in the range of a few hundred they might have made some money.

Well this is all for now. Will write more later.

– Suramya

February 13, 2018

Explaining HTTPS using carrier pigeons

Filed under: Interesting Sites,Security Tutorials,Techie Stuff — Suramya @ 7:07 PM

HTTPS is something that a lot of people find hard to explain without going into a lot of technical jargon which frankly just confuses most people and causes them to zone out. However it is an essential service/protocol so understanding it is a good idea. To address this issue Andrea Zanin who is a student created the following primer that explains how HTTPS works using carrier pigeons as the messengers.

Below is an explanation on how HTTP would work with carrier pigeons:

If Alice wants to send a message to Bob, she attaches the message on the carrier pigeon’s leg and sends it to Bob. Bob receives the message, reads it and it’s all is good.

But what if Mallory intercepted Alice’s pigeon in flight and changed the message? Bob would have no way of knowing that the message that was sent by Alice was modified in transit.

This is how HTTP works. Pretty scary right? I wouldn’t send my bank credentials over HTTP and neither should you.

Check out the link for the full writeup.

Well, this is all for now. Will write more later.

– Suramya

December 14, 2017

My primary desktop is dead

Filed under: Computer Hardware,My Life,Techie Stuff — Suramya @ 12:00 AM

The fan on my computer was giving me some problem (it sounded like an aircraft taking off) so I thought I’ll replace it with a new one. The new fan/heatsink arrived earlier this week and today I finally had the time to try installing it.

First I had to remove the old fan and heat sink so I looked at the video online on how to remove the fan and followed the instructions exactly. But unfortunately the Glue used to stick the CPU to the heat sink was a little too strong and while I was trying to remove the heat sink I managed to get the top half the CPU separated from the bottom half. So now my computer is a very expensive paper weight still I get a new CPU. 

Looking online I found that the AM3+ socket that my motherboard uses has been phased out and even though there are processors that will work with it for the same cost or slightly cheaper I can get a new more powerful CPU and motherboard. So obviously I am going for the latter option.

I have selected a new board and CPU on Amazon but didn’t order it yet because I want to check the cost at some of the local shops before I order. Plus the Amazon order will take a couple of days to get here and I want to avoid the delay.

Its not that I don’t have a machine right now as I have two laptops but the desktop was my primary machine configured to be exactly the way I like it and it’s annoying to have to use a laptop which is not configured exactly the same as the desktop. 

I am dictating this blog post on my phone using the Google voice type and it’s about 99% accurate which is pretty cool. I still can’t figure out how to put punctuation during the dictation but other than that it works perfectly.

Well this is all for now will write more later hopefully on my new desktop.

– Suramya

December 5, 2017

Dominos Pizza online has stronger password requirements than Citibank India Online

Filed under: Computer Related,My Thoughts,Techie Stuff — Suramya @ 11:59 PM

Today I decided to change my IPIN (Internet Pin) on Citibank as I haven’t changed it in a while and its a good idea to change it on a regular basis. So I logged in to my account and clicked on the password reset link and I got the following text:

The first item there is fairly standard but what really surprised me were items # 3,4 & 6. What do you mean I can’t have any special characters in my password? Why can’t I have a password longer than 16 Characters when the NIST password guidelines recommend that you allow a password of up to 64 char’s in length.

In contrast The Dominos Pizza’s Online portal has stronger security and requires you to have Upper case, Lower Case, Numeric Char and a Special Character in the password. Making it a lot more secure and harder to crack than the Citibank password.

This is not all. The best part is yet to come. I use a password manager and my generated password was 22 characters long this time, so I pasted it into the form and the system accepted the password change. Now since I am a paranoid person I decided to check if the password changed successfully by logging in with the new password. Imagine my surprise when an error message popped up on screen when I tried to log in telling me that my password can’t be longer than 16 chars. I was confused since the password change form took my 22 char password without trouble, so I tried logging in with the old password and that obviously didn’t work. Finally I tried removing the extra 6 characters from my password and was able to log in.

Basically the stupid system truncated my password to 16 and then saved it instead of warning me that my password was too long when I was changing the password which would have been the logical thing to do.

Citibank needs to update its system to follow the NIST rules and start allowing people to choose more secure passwords.

Well this is all for now, will write more later.

– Suramya

September 27, 2016

How to install Tomato Firmware on Asus RT-N53 Router

Filed under: Computer Software,Knowledgebase,Techie Stuff,Tutorials — Suramya @ 11:43 PM

I know I am supposed to blog about the all the trips I took but wanted to get this down before I forget what I did to get the install working. I will post about the trips soon. I promise 🙂

Installing an alternate firmware on my router is something I have been meaning to do for a few years now but never really had the incentive to investigate in detail as the default firmware worked fine for the most part and I didn’t really miss any of the special features I would have gotten with the new firmware.

Yesterday my router decided to start acting funny, basically every time I started transferring large files from my phone to the desktop via sFTP over wifi the entire router would crash after about a min or so. This is something that hasn’t happened before and I have transferred gigs of data so I was stumped. Luckily I had a spare router lying around thanks to dad who forced me to carry it to Bangalore during my last visit. So I swapped the old router with the new one and got my work done. This gave me an opportunity as I had a spare router sitting on my desk and some time to kill so I decided to install a custom firmware on it to play with it.

I was initially planning on installing dd-wrt on it but their site was refusing to let me download the file for the RT-N53 model even though the wiki said that I should be able to install it. A quick web search suggested that folks have had a good experience with the Tomato by Shibby firmware so I downloaded and installed it by following these steps:

Download the firmware file

First we need to download the firmware file from the Tomato Download site.

  • Visit the Tomato download Section
  • Click on the latest Build folder. (I used build5x-138-MultiWAN)
  • Click on ‘Asus RT-Nxx’ folder
  • Download the ‘MAX’ zip file as that has all the functionality. (I used the file.)
  • Save the file locally
  • Extract the ZIP file. The file we are interested in is under the ‘image’ folder with a .trx extension

Restart the Router in Maintenance mode

  • Turn off power to router
  • Turn the power back on while holding down the reset button
  • Keep holding reset until the power light starts flashing which will mean router is in recovery mode

Set a Static IP on the Ethernet adapter of your computer

For some reason, you need to set the IP address of the computer you are using to a static IP of with subnet and gateway If you skip this step then the firmware upload fails with an integrity check error.

Upload the new firmware

  • Connect the router to a computer using a LAN cable
  • Visit
  • Login as admin/admin
  • Click Advanced Setting from the navigation menu at the left side of your screen.
  • Under the Administration menu, click Firmware Upgrade.
  • In the New Firmware File field, click Browse to locate the new firmware file that you downloaded in the previous step
  • Click Upload. The uploading process takes about 5 minutes.
  • Then unplug the router, wait 30 seconds.
  • Hold down the WPS button while plugging it back in.
  • Wait 30 seconds and release the WPS button.

Now you should be using the new firmware.

  • Browse to
  • Login as admin/password (if that doesn’t work try admin/admin)
  • Click on the ‘reset nvram to defaults’ link in the page that comes up. (I had to do this before the system started working but apparently its not always required.)

Configure your new firmware

That’s it, you have a router with a working Tomato install. Go ahead and configure it as per your requirements. All functionality seems to be working for me except the 5GHz network which seems to have disappeared. I will play around with the settings a bit more to see if I can get it to work but as I hardly ever connected to the 5GHz network its not a big deal for me.


The following sites and posts helped me complete the install successfully. Without them I would have spent way longer getting things to work:

Well this is it for now. Will post more later.

– Suramya

August 18, 2015

Dumping plastic balls in water can at times actually be beneficial

Filed under: Techie Stuff — Suramya @ 9:10 PM

When I first read about this my reaction could be summed up with the follow phrase “say what now?”, but then I read the science behind it and it kind of makes sense after a bit of thought. Basically California is suffering from a severe drought and LA’s city reservoir was loosing about 300 million gallons of water every year due to evaporation. So they came up with this novel idea of dumping 96 million hollow balls into the 175 acre man made lake. These so called ‘shade balls’ Shade balls deflect the Sun’s rays keeping more of the water in liquid form. They also help protect the quality of water by preventing formation of bromate which is created when bromide (which occurs naturally) mixes with sunlight and chlorine (from disinfectants).

LADWP is the first utility company to use this technology for water quality protection. Today’s deployment marked the final phase of an effort that involves the deployment of 96 million shade balls to the 175-acre reservoir — the largest in-basin facility of its kind owned and managed by LADWP. The small, black plastic balls protect water quality by preventing sunlight-triggered chemical reactions, deterring birds and other wildlife, and protecting water from rain and wind-blown dust.

A cost-effective investment that brings the L.A. Reservoir into compliance with new federal water quality mandates, the shade balls are expected to save $250 million when compared to other comparable tools considered to meet that goal. Those alternatives included splitting the reservoir into two with a bisecting dam; and installing two floating covers that would have cost more than $300 million. In addition, the shade balls will also prevent the annual loss to evaporation of about 300 million gallons of water.

It’s good to see folks thinking outside the box to help save water and our environment.

– Suramya

Source: Science Alert

May 6, 2015

How to Root a second generation Moto x running Lollipop

Filed under: Knowledgebase,Techie Stuff,Tutorials — Suramya @ 11:22 PM

I got my new phone today and as usual the first thing I did was root it before I started copying data over so that I don’t loose data when I unlock the boot loader. The process required a bit of work mainly because I was following instructions for KitKat while my phone was running Lollipop. That caused the phone to go into this funky state where the Play Store API’s went MIA and the entire thing stopped working to the point that I had to do a hard reset to get back to a stable state.

BTW, before you continue please note that this will delete all data on the phone so you need to ensure that you have a proper backup before proceeding. Without further ado, here are the steps I followed to get things to work using my Linux (Debian) desktop:

Unlock the Bootloder

The first thing you have to do is unlock the Boot loader on the phone:

  • Install the Android SDK by issuing the following command:
    apt-get install android-tools-adb android-tools-fastboot
  • Run the following command:
    fastboot oem get_unlock_data
  • Take the string returned, which would look something like this:
    (bootloader) 0A40040192024205#4C4D3556313230
    (bootloader) 30373731363031303332323239#BD00
    (bootloader) 8A672BA4746C2CE02328A2AC0C39F95
    (bootloader) 1A3E5#1F53280002000000000000000
    (bootloader) 0000000

    and concatenate the 5 lines of output into one continuous string without (bootloader) or ‘INFO’ or white spaces. Your string needs to look like this:

  • Visit the Motorola Website.
  • Paste the string you got in the previous step on the site, and then click on the ‘Can my Device be Unlocked?’ button and if your device is unlockable, a “REQUEST UNLOCK KEY” button will now appear at the bottom of the page.
  • Click on the “REQUEST UNLOCK KEY” Button.
  • You will now receive a mail with the unlock key at your registered email address
  • Start your device in fastboot mode by pushing and holding the power and volume down at the same time. Then release the power button followed by the volume down button. The device will now power up in fastboot mode.
  • Run the following command to unlock the bootloader:
    fastboot oem unlock 
  • If the code was correct then you will see a message confirming that your device was unlocked and the phone will reboot.

Enable Developer Options/USB Debugging

In order to proceed further we need to enable USB Debugging and in order to do that we need to enable Developer Options following these steps:

  • Pull down the notification drawer and tap on ‘Settings’
  • Scroll down to ‘About Phone’
  • Now scroll down to ‘Build Number’
  • Tap on ‘Build Number’ 7 times.
  • It’ll now say that you are a developer. Now press back, You should now see Developer Options above About Phone.

  • Click on ‘Developer Options’
  • Check the box next to ‘USB debugging’ and save

Root the Phone

First we need to download the correct image file for the model of your phone. I had to look up my model on Wikipedia because for some reason my phone decided not to share that information with me. Use the appropriate link for your model in the list below. I have a XT1092 but the XT1097 image worked fine for me.

After downloading the file, extract it. Run the following command:

adb reboot bootloader

This will restart the phone in the fastboot mode. Then boot using the image you downloaded in the previous step using this command:

fastboot boot /path/to/image/file/CF-Auto-Root-victara-victararetbr-xt1097.img

Once you run the command the Device will boot up, install su and quickly reboot (this is automatic, no user intervention is required). After the phone starts up, you need to install Chainfire’s SuperSU from the Play Store.

After that you are done and your phone is rooted. You can verify the same by installing a ‘Root Verifier’ application from the store.
Well this is all for now, will write more later.

– Suramya

Older Posts »

Powered by WordPress