Suramya's Blog : Welcome to my crazy life…

June 5, 2023

Map Directions can’t always be trusted

Filed under: Humor,My Thoughts — Suramya @ 5:49 PM

There are too many cases where someone followed Google Maps or Apple Maps blindly and ended up somewhere they weren’t supposed to. Before Google maps was available Map My India was the most up to date option available for maps in India. I remember one time me and Gaurang were on my way to visit friends and the map kept insisting that we take a left from the top of the flyover. This was before the time when algorithms would auto update the route if you missed the turn so it kept insisting that we take a U-Turn and turn from the top of the bridge. Ended up having to restart the session before it gave us an alternative route.


As I walk through the valley of the shadow of death, I remind myself that you can't always trust google maps.
As I walk through the valley of the shadow of death, I remind myself that you can’t always trust google maps.

Even with Google Maps you have to watch where it is trying to take you, I once was directed to take a road that was about six inches wider than my car, (It started a bit wider and narrowed as I drove into it) had to reverse back out of the way before I got stuck there. Apple maps is even ‘better’ in that Australian Police had to release an advisory back in 2012 warning people about its Potentially Life Threatening” Misdirection.

There is no system that is 100% up to date and accurate but it is expected that when you are you following directions, you use your own brain as well once in a while so you don’t end up in the middle of a desert, or drive into a lake or take a longer way to get where you are going.

– Suramya

May 29, 2023

There are Two kinds of people in the world…

Filed under: Humor,My Thoughts — Suramya @ 7:23 PM

There are Two kinds of people in the world…

There are Two kinds of people in the world... 1. Those that think EOD means 5:00pm 2. those that think EOD means 11:59pm
There are Two kinds of people in the world… 1. Those that think EOD means 5:00pm 2. those that think EOD means 11:59pm

Which one do you fall under? I actually fall under neither because for me EOD is when I sign off for the day which is usually about 1am-2am depending, as when I say EOD I mean my End of Day i.e. when I log off for the day/night.

– Suramya

May 22, 2023

How not to do Interview Screening: Take 1000

Filed under: Humor,My Thoughts — Suramya @ 9:05 PM

Interviewing people is hard and each of us has their own bag of tricks and filters we use to identify the correct candidate for the position. However, some of the ways that people use to filter out applicants just make you go ‘Wow!’ with a head shake. One such example is below:

The iPhone is so much better than any other phone it isn't funny. I now check for phone type in interviews and automatically disqualify the Android Users
The iPhone is so much better than any other phone it isn’t funny. I now check for phone type in interviews and automatically disqualify the Android Users

Using a phone preference as a filter is not the right way to filter out candidates, if this becomes the norm then folks will start filtering candidates on what music they like, what brands they wear or what car they drive. Unless you are working at apple rejecting people for using an Android phone (which for the record is way better then iPhone) is foolish. It is also extremely classist, it automatically filters out people who can’t afford to buy an expensive iPhone as the General cost range for an iPhone is between $500 – $1,500+ whereas an Android phone would range between $100-$1,750+. It also filters out people who care about compatibility of their phone with other users at their home as it is hard to connect an iPhone to an Android ecosystem.

Plus it tells me that you are more concerned about arbitrary markers of evaluation than actually relevant criteria. Personally, I think that if the person interviewing me is using something like this as a filtering mechanism then I am better off getting rejected as who know what insane criteria they might come up with for performance evaluation once you join and start working with them.

I do have a lot of thoughts on interview processes and how some companies do screening but that is a post for another time.

– Suramya

May 19, 2023

KeePass exploit helps retrieve cleartext master password – Fix ETA July 2023

Filed under: Computer Security,My Thoughts,Tech Related — Suramya @ 8:06 PM

Security is hard to do and no matter how careful you are while coding every software will have bugs in it and some of these bugs have major security implications. Keepass which is a very popular password manager is vulnerable to extracting the master password from the application’s memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. The bug is being tracked as CVE-2023-32784.

The issue was discovered by a security researcher known as ‘vdohney’ who has unfortunately also published PoC code that exploits the vulnerability called the “KeePass Master Password Dumper” on GitHub.

KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass’s memory. Apart from the first password character, it is mostly able to recover the password in plaintext. No code execution on the target system is required, just a memory dump. It doesn’t matter where the memory comes from – can be the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), various crash dumps or RAM dump of the entire system. It doesn’t matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it’s been since then.

Tested with KeePass 2.53.1 on Windows (English) and KeePass 2.47 on Debian (keepass2 package). PoC might have issues with different encodings (languages), but that’s not confirmed as of now (see issue #3). Should work for the macOS version as well. Unfortunately, enabling the Enter master key on secure desktop option doesn’t help in preventing the attack.

The attack does require either physical access to the system or the system would need to be infected with Malware that give an attacker remote access with the ability to perform thread dumps. They can also extract the password from the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system.

The fix for the problem is in the works and the initial testing looks promising. Personally I think that the security researcher should have waited to release the PoC code till the fix is available but to each their own I guess.

Source: Bleepingcomputer.com: KeePass exploit helps retrieve cleartext master password, fix coming soon

April 14, 2023

My app that autoposts to Twitter has been suspended from accessing the Twitter API

Filed under: My Thoughts,Tech Related,Website Updates — Suramya @ 5:44 PM

Yesterday I got an email from Twitter stating the following:

Hello,

This is a notice that your app – Suramya’s Blog – has been suspended from accessing the Twitter API.

Please visit developer.twitter.com to sign up to our new Free, Basic or Enterprise access tiers.

More information can be found on our developer community forums.
Regards,
Twitter Developer Platform

The email actually looks like a really bad phishing email as it has no formatting, doesn’t give any links etc and is just a plain auto-generated email. I almost deleted it as spam but then realized that it could be a notification sent because they are forcing folks to use the new plans. Today I logged in to the Developer account and I was expecting to have an option to select one of the tiers, click save (pay if I was insane and decided to pay) and would be done with it. But that is not the case. I was greeted with the following banner when I logged in:


This App has violated Twitter Rules and policies. As a result, it can no longer be accessed. For assistance, submit a support ticket.

It looks like they couldn’t figure out how to temp block users who need to select a tier before being allowed to continue so they decided to suspend the app instead using the same process as what they would do if the app was suspended for ‘violations of Twitter Rules and policies’. Which is quite amusing because the app been used 12 times in the last 2 months to autopost links to my posts here when I create them. I did use the same app for testing a Twitter export script that I wrote a few months ago but haven’t run it in a while, either.

There is no way for me to edit/choose a tier for my app and I have no interest is spending the time to create another app just to post something on Twitter which will get about 2-10 view on an average. (Usually on the lower end of the scale). This was pretty much the last remaining vestige of my posting on Twitter and I am fine with it not working anymore.. I rather spend that time doing something more productive like watching paint dry.

– Suramya

April 4, 2023

Mastodon is so much better than Twitter, except for its search capabilities

Filed under: My Thoughts,Tech Related — Suramya @ 5:14 PM

Twitter has been slowing becoming less and less useful for getting updates from people you follow. Even my ‘Following’ tab is now showing entries from people I don’t follow and not all posts from the folks I follow show up on their either. Don’t even get me started about the ‘For You’ section which is full of nonsense that I am not really interested in. I have mostly switched over to Mastodon for updates and I see way better engagement over there. My blog auto-posts to both Mastodon and Twitter (along with LinkedIn and Facebook), on Twitter I have 84 followers and 11 followers on Mastodon (I only started posting there in 2023). My Tweets usually get between 2-10 views each and maybe 1 tweet out of 50 will get a response or like. The same post on Mastodon gets a lot more engagement, there have been posts which have had 8-10 replies and multiple likes.

However, that being said one thing that Twitter has which is missing from Mastodon is the ability to search. Earlier today I saw an article on how Twitter seems to have blocked users from authenticating to other services using their SSO offerings. I wanted to learn more about it and tried searching for it on Mastodon, and didn’t get any results (I then tried searching using a hashtag but no luck there as well). So I switched to Twitter and did a search there and immediately I got a lot of results that gave more information on the topic. I am sure that this event is being discussed in Mastodon but it is almost impossible to find because of the way the search is designed.

There is an opt-in project that allows people to opt-in to their setup to allow them to index your toots but because of the ‘amazing’ search in Mastodon, I can’t find the link to the project. 🙁 There are people working on this problem but a extremely vocal minority is hellbent against allowing people to search on Mastodon because they don’t want it. To be fair there are a lot of technical challenges in indexing all the toots across all the instances but it is not an insurmountable problem. It just needs people to look into the problem and others to let them work on the solution.

– Suramya

March 18, 2023

Scientists create a working supersolid in the lab

Filed under: Emerging Tech,My Thoughts — Suramya @ 11:34 PM

It seems that every year we learn more about the universe that makes the basic physics that we learned in school inaccurate or rather puts a lot of caveats in to the theories. Originally we had 3 states of matter: Solid, liquid and gas. Then came things like superfluids, Bose–Einstein condensates, quantum spin liquid, supercritical fluid, quark–gluon plasma, Rydberg polaron, and so many more weird possibilities. Last week, scientists from Innsbruck University in Austria have managed to create a new state of matter in 2D called Supersolids. Till now the researchers had only been able to create a 1D (a few molecules long) chain of SuperSolids but using cutting edge research they were able to create a 2D ‘paper’ of supersolid.

If you are like me, by now you will be wondering what on earth is a supersolid… Basically it is a state of matter that incorporates two different states of matter at the same time i.e. it is a solid as well as a superfluid at the same time. This gives it the ability to be a solid and still flow like a liquid without any friction at the same time. If that sounds confusing it is so because we are talking about Quantum effects which seem to exist in a state of constant contradiction and confusion (At least for me, when I try to understand them).

“To picture a supersolid, consider an ice cube immersed in liquid water, with frictionless flow of the water through the cube,” wrote Bruno Labruthe-Tolra, a physicist at Sorbonne Paris North University.

So, to create a supersolid, you first trap some atoms, then cool them, then play with their interactions. “If you tune those correctly, and you tune the shape of the trap correctly, you can get a supersolid,” says Norcia, the lead author.

Using this method, in 2019, researchers began to create a basic, one-dimensional supersolid: essentially, a thin supersolid tube in a straight line.

That’s what Norcia and his colleagues at Innsbruck University and the Austrian Academy of Sciences have now done. By tinkering with the device they used to trap atoms and the process they used to condense the atoms, they were able to extend their supersolid from one dimension into two: from a tiny tube into a small sheet.

There are a lot of interesting usecases for this technology when it matures, we could use it for lubrication in industrial machinery, create frictionless surfaces for tests. It could even be used in vacuum as is for various usecases. But that is still quite a way off because the work to go from 2D to 3D has just started and is still in the pre-research stage. However, while that is going on we do have a superSolid paper available for study while will give us more insight into this fascinating new substance.

The research has been published in Nature: Supersolids go two-dimensional

Source: Popsci.com: We finally have a working supersolid. Here’s why that matters.

– Suramya

March 11, 2023

Thoughts about a list explaining how Linux users are characterized by these properties

Filed under: Linux/Unix Related,My Thoughts — Suramya @ 10:44 PM

It is always amusing to me when I read these lists that claim to characterize people, in this case while I was researching about companies acquired by Microsoft I ended up at Rational Wiki: OS Wars section where there is a section that claims that “Linux users are characterized by the following properties: I found it amusing so I am going to list them out here with my comments and thoughts about each of them.

An unhealthy desire to recompile the kernel at every opportunity.

[ST] Compiling a kernel was something that we had to do in Linux back in early 2000’s, but even then I never really had to compile the kernel to get things to work. I did do it to understand the process, but was never forced to do so. In fact I can’t remember the last time I had to compile the kernel on my system.

A disdain for newcomers who don’t know how to recompile the kernel.
Constantly rebuilding their machines because a kernel recompile failed.

[ST] Since I never had to compile it, I don’t expect others to do so. If you want to do it then its your prerogative but I don’t care one way or another.

Thinking those who don’t compile on their own computers or don’t use shell scripts and terminals on a daily basis are not real Linux users.

[ST] Unfortunately, there are idiots who think this, and attempt to gatekeep others and put them down just because they don’t use the ‘proper tools’/command line etc. I did write about this earlier: Stop hating on people because they don’t use the same tools as you because everyone has a different way of working and what works for you might not work for them and vice-versa. For example, I really dislike video tutorials and prefer text but I know plenty of folks who like video because it shows them what to do instead of having them imagine it. There is no one true way…

Constantly having incidents reported for not being in the sudoers file, but not being sure who they’re being reported to.

[ST] I don’t have incidents being reported constantly but did have to look up where the incidents are reported, which as expected was in the log files that an admin/root can audit.

Believing vowels are over rated, especially when it comes to naming important programs you expect to use every day.

[ST] Nope. I like my program names to be descriptive and really dislike SMS talk.

Cursing at Mac users for the number of shiny devices they can connect their computers to.

[ST] Again a nope. I can connect more things to my Linux machine and have them work off the bat than I could on a Mac. Sure some of the software is more polished on a Mac but from a connectivity perspective my Linux machine can connect to pretty much anything (sometimes a bit of tinkering might be required).

Either cursing that they need root, or cursing because they ran something as root that they really shouldn’t have.

[ST] Had this issue only when I was first starting out. After a little while things become automatic, if I run a root command as a non-root user, I just have to prepend sudo to it (or copy it to the root terminal). Accidentally running a command as root on the other hand is a much bigger issue. Haven’t done it in a while now but it is something to be careful of. I set the prompt to let me know what machine I am connected to and as what user so it makes it easier to spot if you are in the wrong window.

Believing a windowing system is a very clever way of having lots of command lines on screen at the same time. Like screen only less clever.

[ST] I really don’t get people who think like this and unfortunately there are folks who are like this. They think they are cleverer than everyone else and love putting others down.

Arguing with each other over which distribution to use.
Arguing with BSD users over their OS of choice.

[ST] This is a fight that I still see every once in a while but things have calmed down quite a bit from the earlier days where a question about which is the best distribution would ignite a flame war.

Arguing over whether to use a GUI or command line.

A lot of people think that using a command line makes you superior to other users, I think that you should use whatever works best for you at that point in time for the task you are doing. For example, if I am editing a video or sorting images I will prefer to use a GUI but for other tasks I prefer using the commandline. At the end of the day the idea is to get the work done, not argue about what is the best interface to do the work in.

Arguing about whether Emacs or vi is better. (Obviously vi is way better. No question. Unless you’re Richard Stallman or another member of the Church of Emacs.)

[ST] I prefer vi because it is installed by default on all Linux systems so if I ever have to recover from a crashed system I have an editor that I can use to edit files. Emacs is fine but I prefer vi / Notepad++ / kwrite for general editing.

Arguing about which language is the best for writing scripts (essentially the modern-day equivalent of the Tcl Wars between Tcl and GNU Guile’s implementation of Scheme).

[ST] I have no idea about the TCL wars and don’t really care what language you use for writing scripts. I have written scripts in Bash, Perl and Python for the automation and scripting I had to do and the language was chosen based on 1) What I was trying to do and how complicated the logic was 2) If I was trying to learn a new language the script was written in that language.

Complaining that we’re calling it Linux and not GNU/Linux.
Interjecting for a moment to explain why it’s actually GNU/Linux
Complaining that we’re calling it Open Source and not Free Software.

[ST] Complaining about the fact that someone calls it Linux and not GNU/Linux is just annoying and doesn’t make you look knowledgeable it makes you annoying. Technically they are correct but Linux is the expected usage and no, I am not about to start calling it GNU Linux just because some idiot thinks I should do so.

Constantly complaining about virtually all sorts of random, obscure problems such as their computer randomly shutting itself off at 9 pm on Mondays.

[ST] This is not just Linux users, any person who is a power user will face these kinds of issues and will ask around on how to fix them. General users will just get the helpdesk to come fix their systems for them.

Complaining that this list is not indexed from 0.

No, I don’t number my lists from 0. Just because Arrays are indexed from 0 doesn’t mean that I have to number everything starting from 0. However, I do prefer that the ground floor (1st floor in the US) be called the 0th Floor (or G Floor) instead of 1st floor like they do in the US because that’s how they do it in the rest of the world.

Believing that time started on January 1970.

🙂 No comments 🙂

Being able to understand this list.

Ha ha… I think any person actively working with computers like a sysadmin/programmer would understand this list.

I think the list should be updated but it did make me smile so I guess that is a win 🙂

– Suramya

March 7, 2023

What not to do when laying off people

Filed under: My Thoughts — Suramya @ 11:59 PM

Elon Musk drama seems to be almost impossible to avoid now since he has taken over Twitter, if it is not one thing it is another. Personally I feel that he has bought Twitter and can do whatever he wants with it whether the rest of us like it or not. He has been firing people pretty much since he took over, last week was the most recent batch where ~200 folks were laid off.

What is interesting and super unprofessional is that it looks like the folks who were laid off didn’t get an official notice that they have been terminated, instead their access just stopped working one day. Haraldur Thorleifsson, who was a senior director at Twitter was one of the folks impacted by this, so they reached out to HR at Twitter who didn’t (or maybe couldn’t) answer the simple question “Please confirm if I am an employee or not?”. After 9 days of getting nowhere, he posted a public thread on Twitter tagging Musk asking if he was laid off.

Dear @elonmusk

9 days ago the access to my work computer was cut, along with about 200 other Twitter employees.

However your head of HR is not able to confirm if I am an employee or not. You’ve not answered my emails.

Maybe if enough people retweet you’ll answer me here?

Elon was as ‘classy’ as ever and with jokes, silly emojies and then publicly mocked their disability, insinuated that they exaggerated their disability and saying they “did no actual work.”.

It is his right to fire people, but there is a right way and a wrong way to do it and this is definitely the latter. When Vinit was running his own company and had to lay off people because of funding issues, he did it in a fantastic way (See below) and I have seen other folks do the same thing.

Four years after he started Buildkar.com, a website for construction materials, Vinit Bhansali realised with horror that he had lay off eight employees. “It’s hard to tell your team you have to let them go. So, I reached out to everyone I knew — old friends from school, investors, acquaintances in the startup space — to find them jobs. Even VCs who had chosen not to invest in my company helped out and shared the resumes with startups in their portfolio,” he says. Eventually all eight were placed.

I have been part of companies that laid off employees and it was a painful experience even for those of us who weren’t laid off. All of us leveraged our connections to connect the folks impacted with teams that were hiring, a quick search on Mastodon/Twitter will get you links and posts from folks who don’t even know the folks impacted reaching out to help in anyway they can. That is humanity, that is how a person should behave.

This way of firing where a person doesn’t even know for sure they are fired or not is the worst way to fire someone, ghosting an employee is not a mature/professional way to do this. Imagine the stress an employee goes through if they are not able to log in even once due to a mistyped password or other technical issues. Then you have the uncertainty of not knowing if you are still employed and can afford to pay rent, buy groceries etc. For Musk its all a big joke because he never had to deal with not being able to afford food or have to worry about the rent being late but for most of the others people in his company they do have to worry about this along with a whole other set of responsibilities.


Have I been laid off?

The worst part is that a lot of people don’t see anything wrong with this. They still think he is the greatest thing to happen for mankind where in reality he is just another narcissistic billionaire who has gone back on pretty much every promise he ever made.

– Suramya

March 1, 2023

Don’t burn bridges by behaving unprofessionally when you leave a company

Filed under: My Thoughts — Suramya @ 4:47 PM

The message screenshot below was shared by a friend who is changing jobs. It is a perfect example for why you shouldn’t burn bridges when you leave a job because you never know who that person might be connected with and they just might end up sharing what you did when you quit ensuring that you don’t get that offer.

My new boss who was my ex boss is friends with my current boss and they are neighbours
My new boss who was my ex boss is friends with my current boss and they are neighbours 😬😄🙈

It is highly tempting to vent, curse or blast your manager/seniors/company when you leave or post nasty comments in public about it but you should please refrain. There was a case back in 2017 where a US flight attendant Steven Slater spectacularly quit his job aboard a JetBlue flight by grabbing a few beers, cursing out the airline on the AP and slipping down the plane’s emergency slide. This got him instant fame and spotlight and lots of people were applauding him on how he ‘had the guts’ to tell the truth and leave in an epic fashion. But this ‘epic’ resignation cost him his job, he was charged with criminal mischief, reckless endangerment and criminal trespass and had to pay a $10k fine. He can no longer work in the airline industry because no one wants to hire him and I don’t blame them. What is the guarantee that he wouldn’t pull a stunt like this again?

There was a case where a person was being interviewed for a job at one of my old companies and one of the hiring managers was talking about the candidate to a co-worker who had worked with the candidate before and commented that the person had behaved extremely unprofessionally with their boss on their last day because they were no longer reporting to him. The hiring manager discussed this with their manager and the decision was made to drop the candidate from consideration. It is a small world and you never know where you might cross paths with a person again down the line.

This is not to say that you shouldn’t respond to inappropriate behavior or actions. You can do that in a dignified/professional way like reporting to HR, putting in an official complaint etc. Or you can do it in an unprofessional way by cursing them out or posting a profanity ridden comment about them on their linkedIn page. See the difference? If you chose the first option, you might get asked about it during the interview and in the latter case you would just get dropped from consideration.

What do you think?

– Suramya

« Newer PostsOlder Posts »

Powered by WordPress