Suramya's Blog : Welcome to my crazy life…

August 24, 2018

Fixing the appstreamcli error when running apt-get update

Filed under: Computer Software,Knowledgebase,Linux/Unix Related,Tech Related — Suramya @ 12:05 AM

Over the past few days everytime I tried to update my Debian system using apt-get it would fail with the following error message:

(appstreamcli:5574): GLib-CRITICAL **: 20:49:46.436: g_variant_builder_end: assertion '!GVSB(builder)->uniform_item_types || 
GVSB(builder)->prev_item_type != NULL || g_variant_type_is_definite (GVSB(builder)->type)' failed

(appstreamcli:5574): GLib-CRITICAL **: 20:49:46.436: g_variant_new_variant: assertion 'value != NULL' failed

(appstreamcli:5574): GLib-ERROR **: 20:49:46.436: g_variant_new_parsed: 11-13:invalid GVariant format string
Trace/breakpoint trap
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'if /usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then appstreamcli refresh-cache > 
/dev/null; fi'
E: Sub-process returned an error code

Spent a couple of hours trying to figure out what was causing it and was able to identify that it was caused because of a bug in appstream as tunning the command manually also failed with the same error. When I tried to remove the package as recommended by a few sites it would have removed the entire KDE desktop from my machine which I didn’t want so I was at a loss as to how to fix the problem. So I put the update on hold till I had a bit more time to research the issue and identify the solution.

Today I got some free time and decided to try again and after a little bit of searching stumbled upon the following Bug Report (#906544) where David explained that the error was caused due to a bug in the upstream version of appstream and a little while later Matthias commented that the issue is fixed in the latest version of the software and it would flow down to the Debian repositories in a little bit. Normally I would have just done an apt-get update and then install to get the latest package but since the whole issue was that I couldn’t get the system to finish the update command I had to manually install the package.

To do that I went to the Debian site and opened the software package list for Debian Unstable (as that is what I am using) and searched for appstream. This gave me a link to the updated package (0.12.2-2) that fixed the bug (I had 0.12.2-1 installed). Once I downloaded the package (Make sure you download the correct package based on your system architecture) I manually installed it using the following command as root:

dpkg -i appstream_0.12.2-2_amd64.deb

This installed the package and I was then able to do an apt-get update successfully. I still get the GLib-CRITICAL warnings but that apparently can be ignored without issues.

Hope this helps people who hit the same issue (or reminds me of the solution if/when I hit the issue again).

– Suramya

August 23, 2018

Identifying Programmers by their Coding Style

Filed under: Computer Security,Computer Software,Tech Related — Suramya @ 8:42 PM

There is an interesting development in the field of identifying people by what they write. As some of you may already know researchers have been able to identify who wrote a particular text based on the analysis of things like word choice, sentence structure, syntax and punctuation using a technique called stylometry for a while now but it was limited to natural languages and not artificial ones like programming languages.

Now there is new research by Rachel Greenstadt & Aylin Caliskan who are professors of computer science at Drexel University & at George Washington University respectively that proves that code, like other forms of writing is not anonymous. They used Machine Learning algorithms to de-anonymize coders and the really cool part is that they can do this even with reverse compiled code from Binaries with a reasonable level of confidence. So you don’t need access to the original source code to be able to identify who coded it. (Assuming that we have code samples from them in the training DB)

Here’s a simple explanation of how the researchers used machine learning to uncover who authored a piece of code. First, the algorithm they designed identifies all the features found in a selection of code samples. That’s a lot of different characteristics. Think of every aspect that exists in natural language: There’s the words you choose, which way you put them together, sentence length, and so on. Greenstadt and Caliskan then narrowed the features to only include the ones that actually distinguish developers from each other, trimming the list from hundreds of thousands to around 50 or so.

The researchers don’t rely on low-level features, like how code was formatted. Instead, they create “abstract syntax trees,” which reflect code’s underlying structure, rather than its arbitrary components. Their technique is akin to prioritizing someone’s sentence structure, instead of whether they indent each line in a paragraph.

This is both really cool and a bit scary because suddenly we have the ability to identify who wrote a particular piece of code. This removes or atleast reduces the ability of people to release code/software anonymously. This is a good thing when we look at a piece of Malware or virus because now we can find out who wrote it making it easier to prosecute cyber criminals.

However the flip side is that we can now also identify people who write code to secure networks, bypass restrictive regime firewalls, create privacy applications etc. There are a lot of people who contribute to opensource software but don’t want to be identified for various reasons. For example if a programmer in China created a software that allows a user to bypass the Great Firewall of China they would definitely not want the Chinese government to be able to identify them for obvious reasons. Similarly there are folks who wrote some software that they do not want to be associated with their real name for some reason and this would make it more difficult for them to do so.

But this is not the end of the world, there are ways around this by using software to scramble the code. I don’t think many such systems exist right now or if they do they are at a nacent stage. If this research is broadly applied to start identifying coders then the effort to write such scramblers would take high priority and lots of very smart people would start focusing their efforts to invalidate the detectors.

Well this is all for now. Will write more later.

– Suramya

Original source: Schneier’s Blog

August 12, 2018

Critique of a sextortion scam email that I received

Filed under: My Thoughts,Tech Related — Suramya @ 11:27 PM

Earlier this month I got an email that claimed to have photos/videos of me viewing adult sites and threatened that they would mail the photos to all my contacts if I don’t send them $7000. To make the email look authentic and scare me, they also included an old password of mind that they got from one of the many leaks over the past few years. I think this one was from a BBS that I used for a bit around 2000-2005.

The reason I am publishing this email and my critique is to show how full of crap such emails are. Basically if you ever get such emails you should never give them money because then they know that they can frighten you to pay and they will keep putting the pressure on to squeeze more and more money out of you.

On the other hand if you know that someone has managed to get their hands on some incriminating photos (they gave proof or you had sent it to them) and are blackmailing you then you should never give in to the blackmail. Instead reach out to the authorities and file a formal complaint. If you are a kid then talk to your parent and have them raise a complaint. Never ever give more photos/videos to the sick person blackmailing you because that just gives them more ammo to blackmail you.

Here are some links to sites that can help guide you:

UK National Crime Agency
Interpol Sextortion
FBI Sextortion

So lets get started, I am going to take apart the email I got to show you how useless and full of it the email is..

I know ***** is your password. Lets get directly to purpose. You do not know me and you are probably thinking why you are getting this email? None has compensated me to check you.

Umm ok… That’s an old password that I haven’t used in over a decade and even then it was used for throwaway logins that I didn’t really care about. It did catch my eye, good job adding it to the subject to catch my attention. Yes, no one compensated you initially but you sure want to get compensated now.

Well, I installed a malware on the adult video clips (adult porn) web site and guess what, you visited this web site to experience fun (you know what I mean). When you were watching video clips, your web browser started out operating as a RDP that has a keylogger which provided me accessibility to your display screen and also web camera. after that, my software collected your complete contacts from your Messenger, FB, as well as email. After that I created a double-screen video. 1st part shows the video you were viewing (you have a fine taste hahah), and second part displays the view of your webcam, and its you.

Wow! You must teach me how you did this. How did you manage to get a browser to act as an RDP, especially on a Linux machine that doesn’t even support the protocol natively? Please sensei, teach me 🙂

Actually the even more amazing trick is how you managed to activate a webcam on my computer as I don’t have any camera’s connected to it. 🙂 Did you hack the display to turn it into a camera? Or did you send nanobots via the wire to reprogram/repurpose one of the parts on my desktop to convert it into a camera?

You got two different choices. Let us understand each of these options in aspects:

1st choice is to disregard this email. In this case, I am going to send your actual video clip to almost all of your contacts and just consider about the humiliation you feel. And consequently in case you are in an important relationship, how it will affect?

Now comes the threat… how are you going to send a video that I just proved can’t exist?

Latter solution is to give me $7000. We are going to think of it as a donation. As a result, I will without delay delete your video footage. You will go forward daily life like this never happened and you would never hear back again from me.

You will make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google search engine).

BTC Address to send to: 1FwvWtFdGBRvoiCa8BQdzqpu5QoiCSRFMa
[CASE SENSITIVE, copy & paste it]

Holy S**T! You really expect people to pay you $7000 for an email that offers no proof of this supposed video that you managed to magically capture? Lets check if anyone was stupid enough to fall for this nonsense. We can use bitref.com to check the balance of any bit coin address and here’s what the current balance is for this address: $0.0. Yup you have received a big fat 0 for your trouble. In fact I would suggest you sell your software/tech to the NSA/MI5 or other spy agencies around the world and you will get a much better payday.


The money this idiot made from this scam so far.

If you may be thinking of going to the cop, good, this email message cannot be traced back to me. I have covered my moves. I am just not trying to charge you so much, I just like to be paid for. I have a unique pixel in this email, and right now I know that you have read through this mail. You now have one day to pay. If I do not receive the BitCoins, I will certainly send your video recording to all of your contacts including friends and family, colleagues, and so forth. However, if I do get paid, I will erase the video right away. It’s a non-negotiable offer and thus please do not waste my personal time & yours by responding to this mail. If you really want evidence, reply with Yeah! then I will send out your video recording to your 6 contacts.

I am really quaking in my boots. Its been over 3 weeks since you sent out the email, and I don’t know how many of my contacts have received this magical email. Though if I had to guess I would place the number at 0. Since the entire email is a scam to steal money from unsuspecting fools. I think if the person sending out the email hadn’t been so greedy and asked for $7000 but rather asked for something in the range of a few hundred they might have made some money.

Well this is all for now. Will write more later.

– Suramya

August 11, 2018

Free Digital Collection of 6,000 19th-Century Children’s Books

Filed under: Interesting Sites — Suramya @ 10:02 PM

Do you like fairy tales? Did you love reading books like Aesop’s Fables, The Adventures of Robinson Crusoe and the Grimm’s Fairy Tales? If so then you should check out this amazing collection of over 6000 children’s books from the 19th and early 20th century. It is available via the University of Florida’s Baldwin Library archive and is pretty comprehensive.

Unfortunately it looks like you can’t download the books for offline reading (at least not that I could find) and the pages of the books have not been converted to text but are rather images. Most are very good scans but still text versions would allow you to search for keywords. I wonder if they would be ok with me downloading the collection and running OCR on the books and then sharing the text versions. Something to think about for my next project

Source: LifeHacker.com

– Suramya

August 9, 2018

Road trip to Belum caves and Lepakshi Temple

Filed under: My Life,Travel/Trips — Suramya @ 1:58 AM

Last week while I was getting bored while commuting back from office I stumbled upon an article on LLB about Belum Caves which is the largest and longest cave system open to the public on the Indian subcontinent and it sounded fascinating so I reached out to friends and after a little back and forth 5 of us decided to drive down to the cave for a day trip on Saturday. Since we were planning to start from Bangalore at 5am Anirudh, Jani and Shahrukh came over to my place Friday night while Shakshi came over at 4:30am… Hats off to her for waking up so early and making it to my place on time. After a quick breakfast (and a Red bull for me) we left home at 5:15am. The drive was quite nice and since we left so early in the morning the traffic was minimal (which is a minor miracle in BLR).

To pass the time we talked about all sorts of random topics from astronomy to the percentage of water in various items like cucumbers, milk and human blood etc. By 7am we all started feeling a bit hungry so we stopped for breakfast and had a road-side picnic and I really mean roadside. We stopped next to some newly planted fields about 2 feet away from the road and had a lovely breakfast of sandwiches, paratha’s and boiled eggs. All we were missing to make this a proper picnic was a picnic basket.


Early morning Road-side picnic

After food we were back on the road and made good time to the caves and were there at about 10:40am. We were one of the first groups into the cave and so were able to explore the caves without having to deal with a lot of crowds. The caves were amazing and I am surprised that not a lot of people know about it.


Entrance to Belum Cave


Stalactites in the cave

We spent about two hours in the cave and visited all the important/noteworthy parts even though it was very hot and humid in there. Jani was the only one who was comfortable and enjoyed the temperature as her body’s thermostat is broken (She likes hot and humid weather). There were some pretty cool natural carvings/structures in the cave that looked man-made and some man made structures to host camera’s and ventilation ducts that were mostly hidden so we spend a good amount of time trying to identify which of the structures were man made and which were natural.


The Saint Bed where its rumored that Buddhist monks used to meditate/rest

At one point we were ~150 feet underground at Pathala Ganga which is the deepest part of the cave. Here there is an underground water source that looked quite deep and even though we considered pushing one of the group in the water to see how deep it was common-sense prevailed and we decided not to try. The caves are supposed to have a section that makes musical sounds when struck but we couldn’t find that section. In part it was because we didn’t want to walk around hitting random formations and because we were fascinated by the structures and forgot to search for it.


Group photo in the cave


Trying to ensure we don’t get crushed by the low ceiling

Looking at the structures I was reminded about the Thai cave rescue and it made me think how hard and scary it would have been for them to be stuck in a cave for so long without light. I do want to try cave exploring (spelunking) and have started looking for options in India.

After we came out we fooled around on the playground which was quite fun and then had a picnic lunch. This gave us the opportunity to relax, stretch and enjoy the fresh air. There is a restaurant at the site but has limited options in food. Basically they make about a kg of rice in the morning and if you are early enough you get your food quickly else you have to wait for them to cook the rice. If you are visiting as a big group and are planning to eat there it is advisable to place your order before you head down so that the food is ready by the time you come back from the cave.

After lunch we started back but didn’t head directly for Bangalore, instead we went to Lepakshi Temple which was about midway between the caves and Bangalore. The drive was again quite nice even though everyone in the car (except me obviously) had a post lunch nap during which I entertained myself by playing loud music and singing along. I have a feeling that Jani and Shahrukh woke up after a while just to stop me from singing 😉

The temple is beautiful and we spent a good amount of time walking around the premises and enjoying the carvings. Describing the wonders of the temple would require a whole another post so I am going to be a bit lazy and just link to this post over at the RevolvingCompass.com that describes the 7 wonders of the temple. About 1/2 Km from the temple there is a huge statue of Jatayu but we were unable to visit it because of time (it was getting dark and I wanted to minimize night driving on the highway).


Group photo in front of the Kalyan Mandapa


Us practicing the tree pose for prayer

It was a humbled group that headed back but that didn’t stop our stomachs from rumbling so we stopped for another road-side picnic. This time we found a ready made stone bench for us to use as a table and we made full use of it for a snack break. It was fun to make sandwiches and eat cucumber & tomato with salt and chili. Honestly speaking I could have sat there for another hour but we had to cut the break short because of the time constraints and start back for Bangalore. We made good time to Bangalore and then hit the Bangalore traffic spending a bit over 2 hours to reach home after we entered the city. We finally made it home at ~10:15pm at which point I was ready to crash since I had driven for over 12 hours in the day. But still it was worth the effort and drive.


Road-side Picnic for evening snacks

We ended the day with Ice-cream after which everyone went home and I crashed for the night. We will be doing similar day long road trips in the future as it was quite cheap and a lot of fun. The only limitation is the no of people we can take on the trip since I don’t want to have more than 2 cars. More than 10-12 people makes the group unwieldy and encourages the creation of sub-groups.

Well this is all for now. Will post more later.

– Suramya

August 8, 2018

Work-life balance, Is it something to strive for?

Filed under: My Life,My Thoughts — Suramya @ 11:42 PM

A couple of days ago I read this article by a lady who was the founder of a start-up and she had a whole different take on the work life balance question. She felt that it’s not something that you should focus on and that if your work is a major part of your life then having artificial boundaries about allowed topics of discussion / things is not correct.

The article made me think about the pro’s and cons of having a work life balance.I have in the past worked in companies where we have worked 14-18 hours a day and I have worked in companies where I was out of the office at 6pm everyday.

I think that having a work life balance is good, actually I think it’s essential. You can sustain the insane hours over a short period of time but in the long term it’s not sustainable. I am not saying that once you leave the office don’t have any conversations related to work, that is not realistic. But make an effort to disconnect frequently.It will help recharge your mental energies and let you come back refreshed and eager to work.

I am one of the last people to tell folks not to work too much because I have a tendency of spending too much time working if what I am working is something interesting. But I have seen from personal experience when I take a break from work and do something unrelated it helps me focus and get things done.

In the course of the normal day I read, watch some shows to decompress and once a month I try to go for a trek/trip and over the past two years I have seen what a difference it makes in my sanity and ability to deliver projects. When I go for these trips I don’t check office emails. I have spent some time talking about work with folks but for the most part I disconnect from work. The idea is to stop worrying about work and focus on other things for a while. If conversation or idea related to work does come up then don’t stress about it either, spend a few mins on the topic and then go back to whatever you were doing. Trust me it will help. 

I have seen that some of the best ideas I have had have come to me when I was doing something other than work/actively thinking about the problem. 

At my previous job I used to go for evening snacks with the team and one of the semi-enforced rules was that for the duration of the snacking conversations related to work were discouraged. We would talk about other stuff like hobbies, movies, travel etc. It helped us know each other better and become a more tightly integrated team. If a work related topic came up we would all discuss it for a bit and then someone or other would say something to the effect of ‘no work related talks’ and we would stop. But if the issue was interesting enough we have spent significant time discussing it as well.

So having a hard and fast rule is not a good idea. You should be flexible and take it as it happens.

What do you think? Is work life balance something to stride for?

Powered by WordPress