Suramya's Blog : Welcome to my crazy life…

October 21, 2022

Disable Dark Theme in the Private Browsing mode in Firefox 106

Filed under: Computer Software,Computer Tips,Knowledgebase,Tech Related — Suramya @ 10:09 AM

A lot of people like Dark themes for their apps but I am not one of them. For me the Dark mode strains my eyes more so I usually disable it as soon as possible. In the latest Firefox update (v106), Firefox changed a bunch of defaults and one of the changes is that when you open a window in incognito mode it uses the Dark theme by default. As per the release notes this is a conscious decision:

We also added a modern look and feel with a new logo and updated it so Private Browsing mode now defaults to dark theme, making it easier to know when you are in Private Browsing mode.

The dark theme really annoys me so I started looking for ways to disable it. Unfortunately, it can’t be disabled without having to change my default Theme (which is to use the System Defaults) which I didn’t want to do and a quick internet search didn’t return any useful results. So I decided to check out the about:config section to see if there is a hidden setting and lo-behold it was there. A quick change disabled the theme for the Private browsing mode and things were back to normal.

The steps to disable the dark theme in incognito mode are as follows:

  • Type about:config in the address bar and press Enter.
  • A warning page may appear. Click Accept the Risk and Continue to go to the about:config page.
  • Search for “theme” in the Search preference name box at the top of the page and you will see an entry for “browser.theme.dark-private-windows”
  • Double click on “True” for the entry to change the value to false.
  • The entry should look like the following. Then you can close the tab and you are done.


To revert the change, just repeat the steps and set the value back to True.

– Suramya

September 25, 2022

How is everyone ok that Windows is showing advertisements everywhere in the system?

Filed under: Computer Software,My Thoughts,Tech Related — Suramya @ 11:55 PM

Linux is an Open Source operating system that is available for free while Windows is a paid OS that costs a fair bit of money (~$200 per license). One would think that because we are getting something for free when using Linux then we are the product. Strangely this is not the case and it is Windows that is showing me advertisements like I got it for free and even more strangely people seem to be ok with it.

My Linux setup has 0 ads on it that are pushed to it by the OS, Windows on the other hand seems to be determined to put advertisements where ever it can find some space. For example, you get ads in the Start Menu, the lock screen, Windows Explorer etc etc. If I am paying money for the OS I don’t want to have ads pushed to me that I can’t get rid of. I mean the folks over at How to Geek have a 14 page document explaining how to disable all the built-in advertising in Windows 10, which shows how strongly MS is trying to push advertisements on their platform.

Which is ridiculous, I mean I would complain about this much ads on a system that I didn’t pay for but apparently it is fine for a billion dollar company to waste my screen viewing estate, bandwidth and processor power to show me advertisements on a OS that I paid money for. If a system is showing me ads then they should be making the OS free so at least they have some excuse for the behavior, similar to what Netflix is doing where the plan with the advertisements in the programing is cheaper than the one without.

What do you think?

– Suramya

August 31, 2022

Thoughts around Coding with help and why that is not a bad thing

Filed under: Computer Software,My Thoughts,Tech Related — Suramya @ 11:40 PM

It is fairly common for the people who have been in the industry to complain about how the youngsters don’t know what they are doing and without all the fancy helpful gadgets/IDE’s they wouldn’t be able to do anything and how things were better the way the person doing the complaining does it because that is how they learnt how to do things! The rant below was posted to Hacker News a little while ago in response to an question about coPilot and I wanted to share some of my thoughts around it. But first, lets read the rant:

After decades of professional software development, it should be clear that code is a liability. The more you have, the worse things get. A tool that makes it easy to crank out a ton of it, is exactly the opposite of what we need.

If a coworker uses it, I will consider it an admission of incompetence. Simple as that.

I don’t use autoformat, because it gets things wrong constantly. E.g. taking two similar lines and wrapping one but not the other, because of 1 character length difference. Instead I explicitly line my code out by hand to emphasize structure.

I also hate 90% of default linter rules because they are pointless busywork designed to catch noob mistakes.

These tools keep devs stuck in local maxima of mediocrity. It’s like writing prose with a thesaurus on, and accepting every single suggestion blindly.

I coded for 20 years without them, why would I need them now? If you can’t even fathom coding without these crutches, and think this is somehow equivalent to coding in a bare notepad, you are proving my point.

Let’s break this gem down and take it line by line.

After decades of professional software development, it should be clear that code is a liability. The more you have, the worse things get. A tool that makes it easy to crank out a ton of it, is exactly the opposite of what we need.

If a coworker uses it, I will consider it an admission of incompetence. Simple as that.

This is a false premise. There are times where extra code is a liability but most of times the boiler-plate and error-checking etc is required. The languages today are more complex than what was there 20 years ago. I know because I have been coding for over 25 years now. It is easy to write Basic/C/C++ code in a notepad and run it, in fact even for C++ I used TurboC++ IDE to write code over 25 years ago… We didn’t have distributed micro-services 20 years ago and most applications were a simple server-client model. Now we have applications connecting in peer-to-peer model etc. Why would I spend time retyping code that a decent IDE would auto-populate when I could use that time to actually solve more interesting problems.

This is the kind of developer who would spend days reformating the code manually to look just right instead of coding the application to perform as per specifications.

I don’t use autoformat, because it gets things wrong constantly. E.g. taking two similar lines and wrapping one but not the other, because of 1 character length difference. Instead I explicitly line my code out by hand to emphasize structure.

This is a waste of time that could have been spent working on other projects. I honestly don’t care how the structure is as long as it is consistent and reasonably logical. I personally wouldn’t brag about spending time formatting each line just so but that is just me.

I also hate 90% of default linter rules because they are pointless busywork designed to catch noob mistakes.These tools keep devs stuck in local maxima of mediocrity. It’s like writing prose with a thesaurus on, and accepting every single suggestion blindly.

I am not a huge fan of linter but it is a good practice use this to catch basic mistakes. Why would I spend manual effort to find basic issues when a system can do it for me automatically?

I coded for 20 years without them, why would I need them now? If you can’t even fathom coding without these crutches, and think this is somehow equivalent to coding in a bare notepad, you are proving my point.

20 years ago we used dialup modem and didn’t have giga-bit network connections. We didn’t have mobile-phone/internet coverage all over the world. Things are changing. We need to change with them.

Why stop at coding with notepad/vi/emacs? You should move back to assembly because it allows you full control over the code and write it more elegantly without any ‘fluff’ or extra wasted code. Or even better start coding directly in binary. That will ensure really elegant and tight code. (/s)

I had to work with someone who felt similarly and it was a painful experience. They were used to of writing commands/code in Hex to make changes to the system which worked for the most part but wasn’t scalable because they didn’t have others who could do it as well as him and he didn’t want to teach others in too much detail because I guess it gave them job security. I was asked to come in and create a system that allowed users to make the same changes using a WebUI that was translated to Hex in the backend. It saved a ton of hours for the users because it was a lot faster and intutive. But this person fought it tooth and nail and did their best to get the project cancelled.

I am really tired of all these folks complaining about the new way of doing things, just because that is not how they did things. If things didn’t change and evolve over the years and new things didn’t come in then we would still be using punch cards or abacus for computing. 22 years ago, we had a T3 connection at my university and that was considered state of the art and gave us a blazing speed of up to 44.736 Mbps that was shared with the entire dorm. Right now, I have a 400Mbps dedicated connection that is just for my personal home use. Things improve over the years and we need to keep up-skilling ourselves as well. There are so many examples I can give about things that are possible now which weren’t possible back then… This sort of gatekeeping doesn’t serve any productive purpose and is just a way for people to control access to the ‘elite’ group and make them feel better about themselves even though they are not as skilled as the newer folks.

The caveat is that not all new things are good, we need to evaluate and decide. There are a bunch of things that I don’t like about the new systems because I prefer the old ways of doing things. It doesn’t mean that anyone using the new tools is not a good developer. For example, I still prefer using SVN instead of GIT because that is what I am comfortable with, GIT has its advantages and SVN has its advantages. It doesn’t mean that I get to tell people who are using GIT that they are not ‘worthy’ of being called a good developer.

I dare this person to write a chat-bot without any external library/IDE or create a peer-to-peer protocol to share data amongst multiple nodes simultaneously or any of the new protocols/applications in use today that didn’t exist 20 years ago

Just because you can’t learn new things doesn’t mean that others are inferior. That is your problem, not ours.

– Suramya

August 28, 2022

Debian looking at changing how it handles non-free firmware

Filed under: Computer Software,Linux/Unix Related,Tech Related — Suramya @ 5:38 PM

One of the major problems when installing Debian as a newbie is that if your hardware is not supported by an Open (‘free’) driver/firmware then the system doesn’t install any and then it is a painful process to download and install the driver, especially if it is for the Wireless card. In earlier laptops you could always connect via a network cable to install the drivers but the newer systems don’t come with a LAN connection (which I think sucks BTW) so installing Debian on those systems is a pain.

How this should be addressed is a question that has been debated for a while now. It was even one of the questions Jonathan Carter discussed in his post on ‘How is Debian doing’. There are a lot of people with really strong opinions on the topic and ‘adulterating’ Debian by allowing non-free drivers to be installed by default has a lot of people up in arms. After a lot of debate on how to resolve there are three proposals to solve this issue that are up for vote in September:

Proposal A and B both start with the same two paragraphs:
We will include non-free firmware packages from the “non-free-firmware” section of the Debian archive on our official media (installer images and live images). The included firmware binaries will normally be enabled by default where the system determines that they are required, but where possible we will include ways for users to disable this at boot (boot menu option, kernel command line etc.).

When the installer/live system is running we will provide information to the user about what firmware has been loaded (both free and non-free), and we will also store that information on the target system such that users will be able to find it later. The target system will also be configured to use the non-free-firmware component by default in the apt sources.list file. Our users should receive security updates and important fixes to firmware binaries just like any other installed software.

But Proposal A adds that “We will publish these images as official Debian media, replacing the current media sets that do not include non-free firmware packages,” while Proposal B says those images “will not replace the current media sets,” but will instead be offered alongside them.

And Proposal C? “The Debian project is permitted to make distribution media (installer images and live images) containing packages from the non-free section of the Debian archive available for download alongside with the free media in a way that the user is informed before downloading which media are the free ones.

Debian is not the more new user friendly system out there and a lot of distributions got popular because they took the Debian base and made it more userfriendly by allowing non-free drivers and firmware. So this is a good move in my opinion. Personally I feel that option B might be the best option that will keep both the purists and the reformers happy. I don’t think Option C is a good option at all as it would be confusing.

Source: Slashdot: Debian Considers Changing How It Handles Non-Free Firmware

– Suramya

August 26, 2022

Using MultiNerf for AI based Image noise reduction

Filed under: Computer Software,Emerging Tech,My Thoughts,Tech Related — Suramya @ 2:58 PM

Proponents of AI constantly come up with claims that frequently don’t hold up to extensive testing, however the new release from Google Research called MultiNerf which runs on RAW image data to generate what the photos would have looked like without the video noise generated by imaging sensors seems to be the exception. Looking at the video it almost looks like magic, and appears to work great. Best of all, the code is open source and already released on GIT Hub under the Apache License. The repository contains the code release for three CVPR 2022 papers: Mip-NeRF 360, Ref-NeRF, and RawNeRF.

TechCrunch has a great writeup on the process. DIYPhotography has created a video demo of the process (embedded below) that showcases the process:


Video Credits: DIYPhotography

I like the new tools to make the photographs come out better, but I still prefer to take unaltered photos whenever I can. The most alteration/post-processing that I do on the photos is cropping and resizing. That also is something I do infrequently. But this would be of great use to professional photographers in conditions that are less than optimal.

– Suramya

August 7, 2022

Winamp is back in action (!) after 9 years of no releases

Filed under: Computer Software,My Thoughts — Suramya @ 11:59 PM

Anyone who was using computers in the late 90’s and 2000’s knows that the best MP3 player of all time was Winamp, it really whips the llama’s ass. First released back in 1997, it spread like wildfire. I used it as my primary music player till I switched to Linux and even then I used a player that was skinned to look and work like Winamp.

Development for the player was paused back in 2013 and then resumed in 2018. It took 4 years of hard work and the Winamp 5.9 Release Candidate 1 is now available for download. Most of the changes in this version as in the backend as the code was migrated from Visual Studio 2008 to Visual Studio 2019. This modernizes the whole setup and the next release will focus on new features.

The only downside of this is that it is not available for Linux so I still have to use some other software rather than the original. I wonder if it would work over Wine/Crossover? If so then that would be awesome. Let me go try that out and see if that works (I will update this post if it actually works).

Well this is all for now. Will post more later.

Update (8/8/2022): It Works on Linux! I downloaded and installed the latest RC on Linux using Crossover and it works flawlessly. (Although the preset names are in Chinese for some reason)

– Suramya

August 6, 2022

Post Quantum Encryption: Another candidate algorithm (SIKE) bites the dust

Filed under: Computer Security,Computer Software,Quantum Computing — Suramya @ 8:23 PM

Quantum Computing has the potential to make the current encryption algorithms obsolete once it gets around to actually being implemented on a large scale. But the Cryptographic experts in charge of such things have been working on Post Quantum Cryptography/Post Quantum Encryption (PQE) over the past few years to offset this risk. SIKE was one of KEM algorithms that advanced to the fourth round earlier this year and it was considered as an attractive candidate for standardization because of its small key and ciphertext sizes.

Unfortunately while that is true researchers have found that the algorithm is badly broken. Researchers from the Computer Security and Industrial Cryptography group at KU Leuven published a paper over the weekend “An Efficient Key Recovery Attack on SIDH” (Preliminary Version) that describes a technique which allows an attacker to recover the encryption keys protecting the SIKE Protected transactions in under an hours time using a single traditional PC. Since the whole idea behind PQE was to identify algorithms that are stronger than the traditional ones this immediately disqualifies SIKE from further consideration.

Abstract. We present an efficient key recovery attack on the Supersingular Isogeny Diffie–Hellman protocol (SIDH), based on a “glue-and-split” theorem due to Kani. Our attack exploits the existence of a small non-scalar endomorphism on the starting curve, and it also relies on the auxiliary torsion point information that Alice and Bob share during the protocol. Our Magma implementation breaks the instantiation SIKEp434, which aims at security level 1 of the Post-Quantum Cryptography standardization process currently ran by NIST, in about one hour on a single core.

The attack exploits the fact that SIDH has auxiliary points and that the degree of the secret isogeny is known. The auxiliary points in SIDH have always been an annoyance and a potential weakness, and they have been exploited for fault attacks, the GPST adaptive attack, torsion point attacks, etc.

This is not a bad thing as the whole testing and validation process is supposed to weed out weak algorithms and it is better to have them identified and removed now than after their release as then it becomes almost impossible to phase out systems that use the broken/compromised encryption algorithms.

Source: Schneier on Security: SIKE Broken

– Suramya

July 30, 2022

Identifying the least used packages on Debian

Filed under: Computer Software,Computer Tips,Linux/Unix Related,Software Releases — Suramya @ 4:14 AM

My main system was running low on disk space in the root partition and I wanted to clean out some of the unused software from the system. In order to do that I thought that I should find out what the least used applications on my system were and then remove them. Unfortunately I couldn’t find any existing way of doing this so it was a dead end. However, the problem remained stuck in my head and I came up with a quick and dirty way of identifying the packages and when they were last used.

The way it works is:

  • Get a list of all files on the system (using locate, since its already there so why duplicate effort)
  • For each file figure out what package it belongs to using dpkg-query -S
  • If the file belongs to a package, get the last access time (using stat) and log it
  • Once we do this for all files, sort the results.

This gives us a list of packages and the latest access date for each package (based on the latest access date for any of the files in it). Since this is a quick and dirty implementation, it is slow as molasses, doesn’t have any error checking or anything but still gets the job done. Would love to get some feedback. The code is available at: https://github.com/suramyatomar/leastUsedPackage.

The output of the script looks like:

...
...
xz-utils | 2022-07-18
yelp-xsl | 2022-04-05
yelp-xsl | 2022-04-05
youtube-dl | 2022-07-17
zim | 2022-07-17
zip | 2022-07-17
zlib1g-dev | 2022-07-17
zlib1g-dev | 2022-07-17
zlib1g-dev | 2022-07-17
zstd | 2022-07-18

Feel free to try it out if you have a similar usecase. Let me know if you have any suggestions on improving the script or if you found it useful.

– Suramya

June 5, 2022

Hacking a computer using Ham radio transmissions is now possible!

Filed under: Computer Security,Computer Software,Tech Related — Suramya @ 11:59 PM

Hacking a computer by getting them to listen to a Ham Radio station broadcast seems like the plot of a bad movie or TV series about ‘hackers’ but this is not a fictional story. It is now in fact possible to hack a WinXP & Windows 10 computer over the air, All we need to do is ensure that the target is using WinARPS on their computer to listen to the broadcast and then they are fair game.

I am in awe of this finding because figuring out how to generate radio packets that will cause a memory overflow/corruption and then figure out who to generate the packets in a way that allows you to get RCE (Remote Code Execution) requires phenomenal hacking skills and understanding of the underlying systems.

WinARPS is unlikely to get a fix for the issue because the author no longer has an environment to build/test the software as the last update to the code was back in 2013. However the author is aware of the problem and who knows they might get the environment working again and fix the issue.


Video demo of the issue on a Windows 10 machine (Credit: Coalfire.com)

This bug does show us that we can have the world’s most protected / isolated system but if there is any way to get external information/input then the system can potentially be attacked.

You can read the full walk through of the process at: Hacking Ham Radio: WinAPRS – Part 5

– Suramya

May 4, 2022

Using reflection in pupils in public selfies to figure out the different ways a user can hold a device

Filed under: Computer Software,My Thoughts,Tech Related — Suramya @ 11:58 PM

Users in TV/Movies have been able to zoom enhance photo’s that look like they were taken with a broken down webcam from the 80’s to give crystal clear images for a while now. In fact the Zoom/Enhance trope has become so common that there are a whole bunch of meme’s out there for it.

Till recently such activities were possible only in the fictional world, thanks to advances in photo technologies and the increasing no of mega-pixels (plus other things) in the modern camera this is now possible in the real world as well. A few years ago, a Japanese stalker was arrested after he stalked and assaulted a 21-year-old “Japanese idol” at her home by zooming into a high-resolution selfie posted by the singer to view the train station reflected in her eye.

Now, a group of researchers from Keio University, Yahoo Japan, and the Tokyo University of Technology are using publicly posted selfies by users to examine the reflection of the smartphone taking the picture in the pupils of the photo to figure out how the phone is being used i.e. the different ways a user can hold a device like a smartphone: with both hands, just the left, or just the right in portrait mode, and the same options in horizontal mode. There are a bunch of potential uses for this technique and it is interesting and unique research.

But it also highlights the fact that we need to be careful of what we post/share as there might be information in the picture that we didn’t want to share. If you search for ‘photo sent caught cheating’ you will find multiple instances of folks sending pics that got them in trouble because there was something in the pic that gave the game away, such as this one or this one

Source: Using Pupil Reflection in Smartphone Camera Selfies

– Suramya

« Newer PostsOlder Posts »

Powered by WordPress