Suramya's Blog : Welcome to my crazy life…

February 28, 2023

You shouldn’t spend money teaching folks how to survive in your toxic work culture, instead fix the Toxic culture

Filed under: My Thoughts — Suramya @ 5:39 PM

The following post showed up on my LinkedIn feed earlier today, it wants companies to put in time, effort & money to train employees on office politics so that they learn to survive and perform in a toxic work environment…

Personally, I would rather that the company spent all the effort to remove the toxicity from their work culture so that people don’t have to deal with it. This is like saying that we know that the water you drink is toxic, but we are not going to fix the root cause but will give you free chemo-therapy to mitigate your cancer.

If you run a company, and are hearing reports about toxic culture in the company then you need to address that immediately and not by giving people training on how to survive it, but rather by removing the toxic elements ruthlessly. Short term you might have to take a hit and might miss milestones or deliverables but long term your other employees who were just doing the bare minimum to get by would start engaging more, new talented folks would be happy to join your team/company because they wouldn’t get emails from friends telling them that it is a bad idea to join company X because of the toxic work environment.

What do you think?

– Suramya

February 27, 2023

It is now possible to put undetectable Backdoors in Machine Learning Models

Filed under: Computer Software,Emerging Tech,My Thoughts,Tech Related — Suramya @ 10:18 PM

Machine Learning (ML) has become the new go to buzzword in the Tech world in the last few years and everyone seems to be focusing on how they can include ML/AI in their products, regardless of whether it makes sense to include or not. One of the bigest dangers of this trend is that we are moving towards a future where an algorithm would have the power to make decisions that have real world impacts but due to the complexity it would be impossible to audit/check the system for errors/bugs, non-obvious biases or signs of manipulation etc. For example, we have had cases where the wrong person was identified as a fugitive and arrested because an AI/ML system claimed that they matched the suspect. Others have used ML to try to predict crimes with really low accuracy but people take it as gospel because the computer said so…

With ML models becoming more and more popular there is also more research on how these models are vulnerable to attacks. In December 2022 researchers (Shafi Goldwasser, Michael P. Kim, Vinod Vaikuntanathan and Or Zamir) from UC Berkely, MIT and Princeton published a paper titled “Planting Undetectable Backdoors in Machine Learning Models” in the IEEE 63rd Annual Symposium on Foundations of Computer Science (FOCS) where they discuss how it would be possible to train a model in a way that it allowed an attacker to manipulate the results without being detected by any computationally-bounded observer.

Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners.We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key,” the mechanism is hidden and cannot be detected by any computationally-bounded observer. We demonstrate two frameworks for planting undetectable backdoors, with incomparable guarantees.

First, we show how to plant a backdoor in any model, using digital signature schemes. The construction guarantees that given query access to the original model and the backdoored version, it is computationally infeasible to find even a single input where they differ. This property implies that the backdoored model has generalization error comparable with the original model. Moreover, even if the distinguisher can request backdoored inputs of its choice, they cannot backdoor a new input­a property we call non-replicability.

Second, we demonstrate how to insert undetectable backdoors in models trained using the Random Fourier Features (RFF) learning paradigm (Rahimi, Recht; NeurIPS 2007). In this construction, undetectability holds against powerful white-box distinguishers: given a complete description of the network and the training data, no efficient distinguisher can guess whether the model is “clean” or contains a backdoor. The backdooring algorithm executes the RFF algorithm faithfully on the given training data, tampering only with its random coins. We prove this strong guarantee under the hardness of the Continuous Learning With Errors problem (Bruna, Regev, Song, Tang; STOC 2021). We show a similar white-box undetectable backdoor for random ReLU networks based on the hardness of Sparse PCA (Berthet, Rigollet; COLT 2013).

Our construction of undetectable backdoors also sheds light on the related issue of robustness to adversarial examples. In particular, by constructing undetectable backdoor for an “adversarially-robust” learning algorithm, we can produce a classifier that is indistinguishable from a robust classifier, but where every input has an adversarial example! In this way, the existence of undetectable backdoors represent a significant theoretical roadblock to certifying adversarial robustness.

Basically they are talking about having a ML model that works correctly most of the time but allows the attacker to manipulate the results if they want. One example use case would be something like the following: A bank uses a ML model to decide if they should give out a loan to an applicant and because they don’t want to be accused of being discriminatory they give it to folks to test and validate and the model comes back clean. However, unknown to the testers the model has been backdoored using the techniques in the paper above so the bank can modify the output in certain cases to deny the loan application even though they would have qualified. Since the model was tested and ‘proven’ to be without bias they are in the clear as the backdoor is pretty much undetectable.

Another possible attack vector is that a nation state funds a company that trains ML models and has them insert a covert backdoor in the model, then they have the ability to manipulate the output from the model without any trace. Imagine if this model was used to predict if the nation state was going to attack or not. Even if they were going to attack they could use the backdoor to fool the target into thinking that all was well.

Having a black box making such decisions is what I would call a “Bad Idea”. At least with the old (non-ML) algorithms we could audit the code to see if there were issues with ML that is not really possible and thus this becomes a bigger threat. There are a million other such scenarios that could be played and if we put blind trust in an AI/ML system then we are setting ourselves up for a disaster that we would never see coming.

Source: Schneier on Security: Putting Undetectable Backdoors in Machine Learning Models

– Suramya

February 21, 2023

Fixing problems with nvidia-driver on Debian Unstable after latest upgrade

Filed under: Computer Software,Linux/Unix Related,Tech Related — Suramya @ 10:54 PM

Earlier today I ran my periodic update of my main desktop that is running Debian Unstable. The upgrade finished successfully and since a new kernel was released with this update I restarted the system to ensure that all files/services etc are running the same version. After the reboot the GUI refused to start and I thought the problem could be because of a NVIDIA kernel module issue so I tried to reboot to an older kernel but that didn’t work either. Then I tried running apt-get dist-upgrade again which gave me the following error:

root@StarKnight:~# apt-get dist-upgrade 
Reading package lists...
Building dependency tree...
Reading state information...
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
 nvidia-driver : Depends: nvidia-kernel-dkms (= 525.85.12-1) but 515.86.01-1 is installed or
                          nvidia-kernel-525.85.12 or
                          nvidia-open-kernel-525.85.12 or
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).

So I ran the apt –fix-broken install command as recommended and that failed as well with another set of errors:

root@StarKnight:/var/log# apt --fix-broken install
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Correcting dependencies... Done
0 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
dpkg: dependency problems prevent configuration of nvidia-driver:
 nvidia-driver depends on nvidia-kernel-dkms (= 525.85.12-1) | nvidia-kernel-525.85.12 | nvidia-open-kernel-525.85.12 | nvidia-open-kernel-525.85.12; however:
  Version of nvidia-kernel-dkms on system is 515.86.01-1.
  Package nvidia-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.

dpkg: error processing package nvidia-driver (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)

Looking at the logs, I didn’t see any major errors but I did see the following message:

2023-02-21T19:48:27.668268+05:30 StarKnight kernel: [    3.379006] NVRM: loading NVIDIA UNIX x86_64 Kernel Module  515.86.01  Wed Oct 26 09:12:38 UTC 2022
2023-02-21T19:48:27.668286+05:30 StarKnight kernel: [    4.821755] NVRM: API mismatch: the client has the version 525.85.12, but
2023-02-21T19:48:27.668287+05:30 StarKnight kernel: [    4.821755] NVRM: this kernel module has the version 515.86.01.  Please
2023-02-21T19:48:27.668287+05:30 StarKnight kernel: [    4.821755] NVRM: make sure that this kernel module and all NVIDIA driver
2023-02-21T19:48:27.668288+05:30 StarKnight kernel: [    4.821755] NVRM: components have the same version.

Searching on the web didn’t give me a solution but since I am running the Debian Unstable branch it is expected that once in a while things might break and sometimes they break quite spectacularly… So I started experimenting and tried removing and reinstalling the nvidia-driver but that was failing as well because the package was expecting nvidia-kernel-dkms version 525.85.12 but we had 515.86.01-1 installed.

root@StarKnight:~# apt-get install nvidia-driver
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded.
Need to get 0 B/494 kB of archives.
After this operation, 1,398 kB of additional disk space will be used.
Selecting previously unselected package nvidia-driver.
(Reading database ... 439287 files and directories currently installed.)
Preparing to unpack .../nvidia-driver_525.85.12-1_amd64.deb ...
Unpacking nvidia-driver (525.85.12-1) ...
dpkg: dependency problems prevent configuration of nvidia-driver:
 nvidia-driver depends on nvidia-kernel-dkms (= 525.85.12-1) | nvidia-kernel-525.85.12 | nvidia-open-kernel-525.85.12 | nvidia-open-kernel-525.85.12; however:
  Version of nvidia-kernel-dkms on system is 515.86.01-1.
  Package nvidia-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.
  Package nvidia-open-kernel-525.85.12 is not installed.

Now I had a couple of options, first was to wait for a couple of days (if I am lucky) for someone to upload the correct versions of the packages to the channel. The second option was to remove the package and installed the Open Source version of the Nvidia driver. I didn’t want to do that because that package is a memory hog and doesn’t work that well either. The last option was to try to manually install the older version (525.85.12) of the nvidia-kernel-dkms package and this is what I decided to go with, a search on the Debian Packages site gave me the .deb file for nvidia-kernel-dkms and firmware-nvidia-gsp (a dependency for the dkms package). I downloaded both the packages and installed them using the following command:

root@StarKnight:/home/suramya/Media/Downloads# dpkg -i firmware-nvidia-gsp_525.85.12-1_amd64.deb 
root@StarKnight:/home/suramya/Media/Downloads# dpkg -i nvidia-kernel-dkms_525.85.12-1_amd64.deb 

Once the packages were successfully downgraded I rebooted the system and the GUI came up without issues post the reboot.

Moral of the story is that you need to be prepared to have to troubleshoot your setup if you are running Debian Unstable or Debian Testing on your system. If you don’t want to do that then you should stick to Debian Stable which is rock solid or one of the other distributions such as Ubuntu or Linux Mint etc.

– Suramya

February 20, 2023

Fixing SSL error 61 on Citrix Workspace on Debian

Was trying to connect to a Citrix Workspace and kept getting the following error “You have not chosen to trust “Entrust Root Certification Authority – XX”, the issuer of the security certificate (SSL error 61)“. I have hit this error in the past and had fixed it but couldn’t find my notes from how I had fixed it back then, so I had to resort to searching on the web based on vague memories of how I had fixed. After a bit of effort I found two solutions that people had suggested:

Solution 1:

Create a symbolic link pointing the /opt/Citrix/ICAClient/keystore/cacerts directory to /usr/share/ca-certificates/mozilla/ , using the command below as root:

mv /opt/Citrix/ICAClient/keystore/cacerts /opt/Citrix/ICAClient/keystore/cacerts.bak
ln -s /usr/share/ca-certificates/mozilla/ /opt/Citrix/ICAClient/keystore/cacerts 

Unfortunately, this didn’t resolve the problem for me.

Solution 2:

The second solution people recommended was to link /opt/Citrix/ICAClient/keystore/cacerts directory to the /etc/ssl/certs/ directory, using the command below as root:

mv /opt/Citrix/ICAClient/keystore/cacerts /opt/Citrix/ICAClient/keystore/cacerts.bak
ln -s /etc/ssl/certs/ /opt/Citrix/ICAClient/keystore/cacerts 

After I linked the directory to /etc/ssl/certs things immediately started working without errors. This time I am blogging about it so that the next time I don’t waste time trying to find the solution.

– Suramya

February 10, 2023

Massive 5.9 million tonnes of Lithium deposits found in Jammu Kashmir

Filed under: Tech Related — Suramya @ 11:42 PM

Lithium is a critical metal for the production of batteries and the worldwide demand for it is only increasing with the push for more Electric Vehicles. Till date India has been import dependent for Lithium along with other critical metals that created a risk considering India’s ongoing push towards EV and slow movement away from traditional fossil fuels which made us reliant on China and other countries to meet our needs. On Thursday India’s mining ministry announced that they have found a massive 5.9 million tonnes of Lithium deposits in Jammu and Kashmir. To give you an idea of the scale this puts India in the top 6 “mine reserves” of the metal overtaking China which has ~4.6 million tonnes of the deposit for the metal.

  • Bolivia – 21 million tonnes
  • Argentina – 17 million tonnes
  • Chile – 9 million tonnes
  • United States – 6.8 million tonnes
  • Australia – 6.3 million tonnes
  • China – 4.5 million tonnes

Even though other countries have larger deposits of the metal, China controls 80% of the world’s raw material refining, 77% of the world’s cell capacity and 60% of the world’s component manufacturing. With a larger deposit being found in India and the government undertaking a concentrated effort to mine the metal safely and quickly, India has the opportunity to disrupt China’s control over the metal trade. The possibilities are endless as the demand for Lithium is only going to go up (till a safer and more sustainable option is found).

Till date, this deposit was not found because of the internal issues going on in Kashmir, after the article 370 was revoked more and more industries are looking at Kashmir and who know what other hidden treasures will be found in the state. Already we see that tourism to Kashmir has shot up massively with over 1.62 crore tourists visiting Jammu and Kashmir in 2022, which is the highest number since independence in 1947.

Looking forward to more such news and am happy to see our nation taking another step towards becoming atmanirbhar (self-reliant).

Source: Wion News: India discovers huge deposits of Lithium critical for electric mobility

– Suramya

February 2, 2023

KeePass vulnerability that allows anyone with write access to the config file export all stored passwords

Filed under: Computer Security,Tech Related — Suramya @ 5:17 PM

Keepass is an Open source password manager that I have been using for a few years. For me the main attraction was that the password database is stored locally instead of using a cloud based solution. Although, you can configure it to save the password file on a cloud store if you want.

Recently a security ‘vulnerability’ has been found in KeePass that allows someone with access to the system where keypass is installed to export the entire password database to clear-text without any user intervention. Basically if an attacker has write access to the XML configuration file they can add an export trigger to get cleartext passwords as and when they are used. There is an ongoing dispute where it is being debated that this is technically not a vulnerability in KeePass as anyone with write access to the configuration file already has enough access to perform more powerful attacks. The issue has been assigned a CVE-2023-24055.

“In both cases, having write access to the KeePass configuration file typically implies that an attacker can actually perform much more powerful attacks than modifying the configuration file (and these attacks in the end can also affect KeePass, independent of a configuration file protection),” the KeePass developers explain. “These attacks can only be prevented by keeping the environment secure (by using an anti-virus software, a firewall, not opening unknown e-mail attachments, etc.). KeePass cannot magically run securely in an insecure environment.”

Personally, I think that while it does follow that physical access equals root access, there should be some notification / mechanism that gets triggered when the XML configuration file is modified outside the KeePass interface. Something like an alert that tells you that “The XML configuration file was directly modified. Please ensure that no extra triggers are installed” (or words to that effect). This way even if an attacker gets access to the system, they can’t easily get access to stored passwords would hopefully be protected with another password.

Source: Naked Security: Password-stealing “vulnerability” reported in KeePass – bug or feature?

February 1, 2023

Product Idea: Use ChatGPT to write movie/TV Tech Jargon dialogs

Filed under: Emerging Tech,My Thoughts,Tech Related — Suramya @ 3:00 AM

ChatGPT has taken the world by storm and everyday we hear more and more stories about how good it is and how it is changing the world. Personally I think the best description of the software is how Christine Lemmer-Webber put it:

ChatGPT is Mansplaining As A Service. A service that instantly generates vaguely plausible sounding yet totally fabricated and baseless lectures in an instant with unflagging confidence in its own correctness on any topic, without concern, regard or even awareness of the level of expertise of its audience.

People are using it for anything and everything including writing exams, writing articles, job posts, etc etc. While the result we get looks quite plausible there have been multiple cases where the output is subtly wrong and using the result as is can cause problems. However, there is one place that I can think of that ChatGPT would be extremely useful without any major drawbacks. If you have seen any TV show recently there are a lot of times where the characters will use technobabble to explain something and a lot of times the explanations are so ridiculous that they end up distracting you from the actual plot (such as it is).

My idea is that we encourage the writers to start using ChatGPT to write the jargon, even if it gets it wrong it wouldn’t be worse than what we have already so it is a win win. Plus since we all know that media tech works differently we don’t have to worry about the results being 100% accurate or correct.

One example is as below:

Forensic Scientist 1: Hey, have you seen the results from the trace DNA sample we collected from the crime scene?
Forensic Scientist 2: Not yet, I was just about to head over to the lab and check. Why, did you already receive them?
Forensic Scientist 1: Yeah, I just got an email from the lab. They’re pretty clear cut.
Forensic Scientist 2: Great, let’s take a look. What do the results show?
Forensic Scientist 1: Well, the sample is a match with the reference sample from our suspect. The lab confirmed a positive identification.
Forensic Scientist 2: That’s fantastic. Did they provide any details on the genetic markers?
Forensic Scientist 1: Yes, they identified several short tandem repeat markers that match between the sample and the reference. They also ran a mitochondrial DNA analysis and got a match there too.
Forensic Scientist 2: This is really strong evidence. But we need to be sure to double check all the details, especially since this is a high-profile case.
Forensic Scientist 1: Absolutely. I was thinking we should do a full review of the lab’s methodology and verify that the samples were handled and stored properly.
Forensic Scientist 2: That’s a great idea. Let’s also review the lab’s accreditation and see if they meet all the necessary standards.
Forensic Scientist 1: Right, we want to make sure our evidence is solid and can stand up in court.
Forensic Scientist 2: Definitely. Well, let’s head over to the lab and start our review.
Forensic Scientist 1: Sounds good. Let’s do it.

Another example:

Cybersecurity Professional 1: Hey, have you seen the alert about the recent cyberattack?
Cybersecurity Professional 2: Yes, I just received the notification. What do we know so far?
Cybersecurity Professional 1: The attack appears to be a phishing campaign. The attackers are using fake emails to steal login credentials from unsuspecting victims.
Cybersecurity Professional 2: That’s a common tactic. Did they manage to compromise any systems?
Cybersecurity Professional 1: Yes, we have reports of several systems being breached. Our incident response team is currently investigating the extent of the damage.
Cybersecurity Professional 2: Okay, let’s see if we can help with the investigation. What’s the first step?
Cybersecurity Professional 1: First, we need to isolate the infected systems and contain the spread of the attack. Then we can start looking into how the attackers gained access and what they did once they were in.
Cybersecurity Professional 2: Right. I’ll start working on the containment and isolation. Have you seen any indications of what the attackers are after?
Cybersecurity Professional 1: It’s not clear yet, but it looks like they are targeting sensitive information, such as financial data and personal information. We need to be proactive and make sure all our systems and data are secure.
Cybersecurity Professional 2: Agreed. We need to inform the relevant stakeholders about the attack and what measures we’re taking to prevent further damage.
Cybersecurity Professional 1: Absolutely. We also need to start preparing for the worst-case scenario, in case the attackers managed to exfiltrate any data.
Cybersecurity Professional 2: That’s a good point. We need to be prepared for the aftermath and make sure we have a plan in place to respond effectively.
Cybersecurity Professional 1: Right. Let’s get to work and make sure we minimize the impact of this attack.

What do you think?

– Suramya

Powered by WordPress