Suramya's Blog : Welcome to my crazy life…

May 29, 2023

There are Two kinds of people in the world…

Filed under: Humor,My Thoughts — Suramya @ 7:23 PM

There are Two kinds of people in the world…

There are Two kinds of people in the world... 1. Those that think EOD means 5:00pm 2. those that think EOD means 11:59pm
There are Two kinds of people in the world… 1. Those that think EOD means 5:00pm 2. those that think EOD means 11:59pm

Which one do you fall under? I actually fall under neither because for me EOD is when I sign off for the day which is usually about 1am-2am depending, as when I say EOD I mean my End of Day i.e. when I log off for the day/night.

– Suramya

May 22, 2023

How not to do Interview Screening: Take 1000

Filed under: Humor,My Thoughts — Suramya @ 9:05 PM

Interviewing people is hard and each of us has their own bag of tricks and filters we use to identify the correct candidate for the position. However, some of the ways that people use to filter out applicants just make you go ‘Wow!’ with a head shake. One such example is below:

The iPhone is so much better than any other phone it isn't funny. I now check for phone type in interviews and automatically disqualify the Android Users
The iPhone is so much better than any other phone it isn’t funny. I now check for phone type in interviews and automatically disqualify the Android Users

Using a phone preference as a filter is not the right way to filter out candidates, if this becomes the norm then folks will start filtering candidates on what music they like, what brands they wear or what car they drive. Unless you are working at apple rejecting people for using an Android phone (which for the record is way better then iPhone) is foolish. It is also extremely classist, it automatically filters out people who can’t afford to buy an expensive iPhone as the General cost range for an iPhone is between $500 – $1,500+ whereas an Android phone would range between $100-$1,750+. It also filters out people who care about compatibility of their phone with other users at their home as it is hard to connect an iPhone to an Android ecosystem.

Plus it tells me that you are more concerned about arbitrary markers of evaluation than actually relevant criteria. Personally, I think that if the person interviewing me is using something like this as a filtering mechanism then I am better off getting rejected as who know what insane criteria they might come up with for performance evaluation once you join and start working with them.

I do have a lot of thoughts on interview processes and how some companies do screening but that is a post for another time.

– Suramya

May 19, 2023

KeePass exploit helps retrieve cleartext master password – Fix ETA July 2023

Filed under: Computer Security,My Thoughts,Tech Related — Suramya @ 8:06 PM

Security is hard to do and no matter how careful you are while coding every software will have bugs in it and some of these bugs have major security implications. Keepass which is a very popular password manager is vulnerable to extracting the master password from the application’s memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. The bug is being tracked as CVE-2023-32784.

The issue was discovered by a security researcher known as ‘vdohney’ who has unfortunately also published PoC code that exploits the vulnerability called the “KeePass Master Password Dumper” on GitHub.

KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass’s memory. Apart from the first password character, it is mostly able to recover the password in plaintext. No code execution on the target system is required, just a memory dump. It doesn’t matter where the memory comes from – can be the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), various crash dumps or RAM dump of the entire system. It doesn’t matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it’s been since then.

Tested with KeePass 2.53.1 on Windows (English) and KeePass 2.47 on Debian (keepass2 package). PoC might have issues with different encodings (languages), but that’s not confirmed as of now (see issue #3). Should work for the macOS version as well. Unfortunately, enabling the Enter master key on secure desktop option doesn’t help in preventing the attack.

The attack does require either physical access to the system or the system would need to be infected with Malware that give an attacker remote access with the ability to perform thread dumps. They can also extract the password from the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system.

The fix for the problem is in the works and the initial testing looks promising. Personally I think that the security researcher should have waited to release the PoC code till the fix is available but to each their own I guess.

Source: Bleepingcomputer.com: KeePass exploit helps retrieve cleartext master password, fix coming soon

May 18, 2023

Lost in Translation: Movie Synopsis edition

Filed under: Humor — Suramya @ 10:52 PM

This screenshot of the synopsis for ‘Alien’ popped up in my feed earlier and I couldn’t stop laughing.

“Space ship people get up from sleeping coffin and have eat. Computer woman find strange noisings on planet and astronauts go to seeing. Astronauts find big elephant man who dead then find too many egg/

Astronaut is possess by egg demon and new egg demon is come when eat bad noodle. Seven friends and cat all try to find egg demon before ship go home but is hard working.

Who will life to escaping? Who is bad milk blood robot? Scream not working because space make deaf.”

This reminds me of “All your base are belong to us” which was another masterpiece of bad translation.

– Suramya

May 17, 2023

Request to advertise ‘Men’s Beauty’ topics on Linuxgazette.net

Filed under: Humor,Linux/Unix Related — Suramya @ 7:18 PM

As some of you might know, I host a mirror for Linuxgazette.net and this usually results in an email every couple of months for changes to the existing articles and requests to advertise. I recently received an email requesting information about linuxgazette.net for advertising. Now there are a few problems with this, firstly I don’t host linuxgazette.net I just host a mirror of the site. Second problem was the content/topic they want to advertise on the site:

Beards seem to have become popular again, but do you think they will stick? Time will tell, but personally, I wouldn’t mind seeing more men with a cleanly shaven face 😍

I’m getting in touch today because I have some clients looking for advertising opportunities that are related to Men’s Beauty (Should I call it Men’s “Beauty”). After I stumbled across linuxgazette.net I figured I’d reach out and see if you ever work with brands, or have a media kit available.

I mean historically Linux admins do have a reputation of keeping big beards but this is ridiculous. Of course I know that this mail was probably sent out by an automated bot but it did make me laugh .

– Suramya

May 16, 2023

Using AI powered chatbots to answer questions about a book series

Filed under: Artificial Intelligence,Books Related / Reviews,Tech Related — Suramya @ 5:38 PM

One of the things that I have been wanting for a while is the ability to look up stuff about a book or series so that when a new book in the series comes out I don’t have to re-read the old books before starting the new one. I end up doing that because otherwise since I have forgotten a large part of the backstory it would make the new book a lot less enjoyable. There are some authors who solve this problem by summarizing the backstory when the book starts and it is really useful. When ChatGPT and associated AI bots started picking up one of the ideas I came up with was to create a chatbot trained on a book series so that I can ask it a question about the book and get an answer. Would be really useful when dealing with book series with a large cast and multiple overlying stories.

Recently privateGPT showed up in my feed with the following claim: “Ask questions to your documents without an internet connection, using the power of LLMs. 100% private, no data leaves your execution environment at any point. You can ingest documents and ask questions without an internet connection!” and it seemed like it was the perfect tool for what I wanted to do so I downloaded the program from GitHub and set it up on my machine.

Once the software was installed, I copied a single book from the Mercedes Lackey Valdemar series called Darian’s Tale 01: Owlflight into a temp directory and told privateGPT to ingest the contents. The ingestion took hours even though the file was only ~600kb in size, I left it running overnight and it completed sometime during the night. Then I ran the prompt to be able to query the chatbot. The first few times I tried querying it, the app crashed because I ran out of memory. So I enabled SWAP on my system and then it finally ran the query and answered.

Unfortunately the answers I got were complete nonsense. You can see the questions I asked and the answers I got below:

Enter a query: what is a heartstone

llama_print_timings:        load time =   974.93 ms
llama_print_timings:      sample time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings: prompt eval time =   974.77 ms /     7 tokens (  139.25 ms per token)
llama_print_timings:        eval time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings:       total time =   977.55 ms

A heartstone is a type of music that is typically composed in the key of F major. It is characterized by a steady rhythm and a melody that is often slow and mournful. 
Heartstones are often used in classical music and are often associated with love and loss. They are also used in some contemporary music genres, such as folk and world music.

The correct answer is (as per Valdemar Fandom Wiki):

A Heartstone is both an artificial node produced by the Tayledras and the node’s physical anchor. The knowledge of how to create a Heartstone was given to the Tayledras by the Star-Eyed after the Sundering of the Clans. She tasked the Tayledras to cleanse the untamed magic caused by the Mage Wars. A Heartstone is used as a vessel to contain the cleansed magic. Ley-Lines are re-routed by Adepts and Masters to drain entirely into the Heartstone, bringing the surrounding area back to normal. Once their work is finished at that location, the Clan will establish a new Vale and Heartstone in a new area that needs cleansing. They drain the old Heartstone entirely and transfer the energy to the new Heartstone where they will begin their work anew.

So I asked another question:

Enter a query: who are the Hertasi

llama_print_timings:        load time =   974.93 ms
llama_print_timings:      sample time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings: prompt eval time = 26948.27 ms /     7 tokens ( 3849.75 ms per token)
llama_print_timings:        eval time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings:       total time = 26976.13 ms

The Herta si are a type of ghostly beings in the world of Eri. They are often associated with love and romance, and they are known for their ability to control and manipulate emotions. 
They are often depicted as beautiful, ethereal creatures, with long, flowing hair and eyes that glow with an otherworldly light.

In this result it is talking about characters from a completely different series called the Herta. The correct answer is:

Hertasi are popularly considered to be one of the five non-human sentient races created by Urtho, but the work to “uplift” the hertasi was begun earlier, by Sorcerer-Adept Khal Herta. When he died, his work passed to Urtho.

The wild hertasi began as large, solitary lizards living in swamps, with the intelligence of a dog. They were “mild-tempered reptiles, available in large quantities, living fairly simple lives.”[1] They could have been described as semi-sentient before the Adepts took a hand. After Khal Herta’s efforts, Hertasi “had simple structures, organized hunting and fishing, and rudimentary medicine.”[1] Today, they are extremely active, intelligent, cave and tunnel-dwelling, social creatures.

Since the results were completely useless like all the other AI chatbots that I have tried so far, I have removed the software on my machine and will come back to this at somepoint later in time by when things would have hopefully improved.

– Suramya

May 15, 2023

Quickly and easily removing the background in images or videos

Filed under: Tech Related — Suramya @ 6:29 PM

At times you want to get a copy of the foreground in a given image so that you can use it in another image, however traditionally that required an expertise in photoshop and a lot of patience. Now, thanks to Johnathan Nader there is an opensource tool called backgroundremover that allows you to remove the background from any image quickly and easily.

Installing the tool was quite simple and on my Debian machine I just had to run the following command:

pip3 install backgroundremover --break-system-packages

The –break-system-packages parameter was included because otherwise Debian doesn’t let you install/update global packages using PIP. Another option to install would have been to install a virtual environment for python and update there but I don’t like doing that, and was fairly confident that this wouldn’t break anything important.

After installation the usage is quite simple, you just pass it the image or video where you want to remove the background and the output filename and the system does the rest. It does take a minute or so the first time to download the models etc but after that it is fairly quick to finish. The command to convert looks something like:

backgroundremover -i inputfile.jpg -o outputfile.jpg

Once the script finishes you have an output file without the background. In my testing if the foreground was large and the focus of the image the system was able to successfully remove the background. In some cases a bunch of background artifacts were seen in the image next to the foreground image but it was still quite good.

It would have been awesome if we could have passed a flag to the program to remove the foreground instead of the background. That would have allowed us to remove photo-bombers or random folks who walked in on a photo being taken. I know there are scripts out there that do this but haven’t really tried any of them out.

– Suramya

Powered by WordPress