Suramya's Blog : Welcome to my crazy life…

October 31, 2019

You can’t have ‘b’, ‘l’, ‘m’, ‘r’, and ‘t in your password if you are using macOS 10.15.1 aka Catalina

Filed under: Funny News,My Thoughts,Techie Stuff — Suramya @ 12:50 PM

Users of Twitter App on macOS 10.15.1 aka Catalina just found out that they couldn’t log in to their account if their password contained any of the following characters: ‘b’, ‘l’, ‘m’, ‘r’. When I first read the news I thought it was a joke but then realized that its an actual issue in the latest version of the MacOS. The problem is showing up on the Twitter app but other programs might be effected as well.

According to Twitter in-house developer Nolan O’Brien, these particular keypresses are gobbled up by a regression associated with the operating system’s shortcut support. Normally, users can press those aforementioned keys as shortcuts within the app to perform specific actions, such as ‘t’ to open a box to compose a new tweet.

Something changed within macOS to capture those shortcut keys, rather than pass them to the password field in the user interface as expected. So, in other words, when you press a shortcut key in Twitter when entering an account password, the keypress is ignored in that context rather than handled as a legit password keypress.

This reminded me of the weird and basic bugs that showed up in older versions of Windows. Apple really needs to work on their quality control if they want to stay in the game.

Source: The Register: You’e yping i wong: macOS Catalina stops Twitter desktop app from accepting B, L, M, R, and T in passwords

– Suramya

October 10, 2019

Taxonomy of Terrible programmers

Filed under: Humor,Techie Stuff — Suramya @ 11:58 PM

If you have been in tech for a while you would have had the dubious pleasure of meeting some or all of the types of programmers described in the following post: The Taxonomy of Terrible Programmers

In one of my previous companies I had the pleasure of working with the The Arcanist and trust me it was a painful experience that I still remember more than a decade later. So what is an Arcanist?

Anyone who has worked on a legacy system of any import has dealt with an Arcanist. The Arcanist’s goal is noble: to preserve the uptime and integrity of the system, but at a terrible cost.

The Arcanist has a simple philosophy that guides his or her software development or administrative practices: if it ain’t broke, don’t fix it – to an extreme.

The day a piece of software under his or her auspices ships, it will forever stay on that development platform, with that database, with that operating system, with that deployment procedure. The Arcanist will see to it, to the best of his ability. He may not win every battle, but he will fight ferociously always.

All change is the enemy – it’s a vampire, seducing less vigilant engineers to gain entry to the system, only to destroy it from within.

The past is the future in the Arcanists’ worldview, and he’ll fight anyone tries to upgrade his circa 1981 PASCAL codebase to the bitter, tearful end.

We had to fight him to move from a system that required you to edit HEX code for making any changes to a web based UI that controlled the system and gave extra functionality. In the end the project was moved to a different team as everyone realized that he was going to kill it just because he was used to the old system and didn’t want to change.

Check out the linked article for details on the other types. If you recognize some of the behaviour’s described in the post as something you might do, I suggest you take a good long look at yourself and seriously think about changing as being classified/identified as one of the types of people in this list is not a great carrier move.

– Suramya

PS: Before you ask, yes this post links to a really old post. The post has been sitting in my draft folder for ages and I finally decided to publish it.

September 5, 2019

Criminals use AI technology to impersonate CEO for a $243,000 payday

Filed under: Computer Security,My Thoughts,Techie Stuff — Suramya @ 10:46 AM

Over the past few years AI has become one of the things that is included in everything from cars to lights whether it makes sense or not and criminals are not behind in this trend. We have AI based systems testing computer security, working on bypassing checks and balances in systems etc and now in a new twist, AI is being used in Vishing as well. Voice phishing or vishing as it’s sometime referred to is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward.

Anatomy of Vishing Attack
Anatomy of Vishing Attack. Source: https://www.biocatch.com/blog/detect-vishing-voice-phishing

In this particular instance criminals used commercially available voice-generating AI software to impersonate the CEO of a German Company and then convinced the CEO of their UK based subsidiary to transfer $243,000 to a Hungarian supplier. The AI was able to mimic the voice almost perfectly including his slight German accent and voice patterns. This is a new phase of crime and unfortunately will not be a one-off case as criminals will soon realize the potential then these kind of attacks are only bound to increase in frequency. Interestingly it will also make the biometric voice authentication systems used by certain banks like Citibank more vulnerable to fraud.

To safeguard from the economic and reputational fallout, it’s crucial that all instructions are verified via a follow-up email or other alternative means i.e. if you have an email asking for a transfer/detail call the person and if you get a call asking for transfer follow up via email or other means. Do not use a number provided by the call for verification, you need to call the number in the company address-book or in your records.

Well this is all for now. Will post more later.

Thanks to : Slashdot.org for the original link.

– Suramya

August 12, 2019

LinuxJournal.com: shutdown -h now

Filed under: Computer Related,My Thoughts,Techie Stuff — Suramya @ 10:24 AM

Last week I got an unpleasant surprise in my mailbox, an email from Linux Journal stating that they were closing up shop effective immediately as they had completely run out of money with no hope of resurrection. LJ was one of the first Linux magazines I wrote for and it will always have a special place in my heart.

IMPORTANT NOTICE FROM LINUX JOURNAL, LLC:
On August 7, 2019, Linux Journal shut its doors for good. All staff were laid off and the company is left with no operating funds to continue in any capacity. The website will continue to stay up for the next few weeks, hopefully longer for archival purposes if we can make it happen.
–Linux Journal, LLC

The website is up for the moment but might go down anytime. I do have an archive of all LJ issues on my home computer that I had made the last time LJ was about to shutdown and I will post them to the site in a few days. This archive doesn’t have the latest releases so I will need to download that before I post them online. In addition I am sure there are efforts ongoing to archive the website as well since it had a lot of great content on it. If not then I will kick off something to archive the site once I get home.

Well this is all for now. It was a great run LJ, you will be missed.

– Suramya

August 7, 2019

Using a slice of wood to make saltwater drinkable

Filed under: My Thoughts,Techie Stuff — Suramya @ 5:45 PM

“Water water everywhere, not a drop to drink” This is an often quoted line from The Rime of the Ancient Mariner by Samuel Taylor Coleridge and is something that is becoming more and more true every day. 71% of earth is covered by Oceans but we still have 2.8 billion people around the world who face water scarcity at least one month out of every year. Earlier this year city officials in Chennai, India declared that “Day Zero” (the day when almost no water is left in the city) had been reached in Chennai, as all the four main reservoirs supplying water to the city had run dry due to deficient monsoon rainfall in the previous years. Due to this finding more ways of generating drinking water a high priority for the Human race. Without water life as we know it can’t exist and our civilization can and will collapse.

One of the ways to solve this issue is to convert sea water to drinkable water by filtering the salt out and there are existing solutions which do this (check out the Saudi water desalination) but they require a lot of energy and/or specialized engineering. But this is about to change thanks to the effort of Jason Ren and his colleagues from Princeton University in New Jersey. They have developed a method that uses a new kind of membrane made of American basswood instead of plastic that enables filtration without requiring high pressure pumping of salt water. Basically they took a thin slice of American basswood and treated it with a chemical bath to remove extra fibers from the wood and make its surface slippery to water molecules. Once the wood is treated water flows down one side of the membrane and is heated to the point that it vaporizes. The vapor then travels through the pores in the membrane toward its colder side leaving the salt behind, condensing as fresh, cool water.

This process takes less energy than simply boiling all of the saltwater because there’s no need to maintain a high temperature for more than a thin layer of water at a time as per Jason Ren. In the initial testing using this method the team was able to filter about 20 kilograms of water per square metre of membrane per hour, which is not quite as quick as polymer membranes but this can improve if the membrane is made thinner.

This is quite a breakthrough and when I first read the article I was not clear why we need to use wood for the process. I mean we can use a polymer membrane and still achieve the same effect by heating only a thin layer of water at a time. But then I spent some time reading the actual research paper and that’s when I realized what a massive breakthrough this was. Basically the current commercial MD membranes have porosity lower than 0.80, thermal conductivity higher than 0.050 W m−1 K−1, and thermal efficiency up to 60% where as the new membrane has a porosity of ~90%, low thermal conductivity (~0.04 W m−1 K−1) and a thermal efficiency of ~71%. These factors combined reduce the energy requirements for desalination by a significant amount.

Now that we have a Proof of Concept that this works, we need to be able to scale this up on a massive scale and work for this is currently ongoing.

Thanks to Newscientist.com for the original link.
Research Paper: Hydrophobic nanostructured wood membrane for thermally efficient distillation

Well this is all for now. Will post more later.

– Suramya

July 22, 2019

Chandrayaan-2: ISRO spacecraft successfully achieves Geostationary Orbit

Filed under: My Thoughts,Techie Stuff — Suramya @ 3:55 PM

ISRO’s Chandrayaan-2 completed the first stage of the Moon mission by successfully entering Geostationary Orbit at 181.65 km above sea level. This is an amazing achievement by ISRO and is a proud moment for India. After the last min abort of the previous launch attempt all eyes were on ISRO to make a successful launch in a extremely tight launch window of only a few minutes. ISRO Chief K Sivan, made the following statement after the launch

I’m extremely happy to announce that the GSLVMkIII-M1 successfully injected Chandrayaan-2 spacecraft into Earth Orbit. It is the beginning of a historic journey of India towards moon and to land at a place near South Pole to carry out scientific experiments:

Now that the rocket has achieved Geo-Stationary orbit it will start orbit-raising operations followed by trans-lunar injection using its own power. Post that the rocket will head out to the Moon and below are the different phases of Chandrayaan 2’s journey:

  • July 22 to August 13: Chandrayaan 2 will orbit around the Earth in an elliptical path
  • August 13 to August 19: Course change to to establish into moon’s orbit
  • August 19: Enter Moon’s orbit
  • August 19 to Aug 31: Chandrayaan 2 will revolve in the Moon’s orbit
  • September 1: The Lander Vikram will detach from the Orbiter heading down to land near the South Pole of the Moon
  • ~September 7:Lander Vikram will make a soft landing in the south polar region of the moon
  • ~Landing + 4hours: Rover Pragyaan will roll out of the Lander Vikram and perform different tests on the Moon’s polar surface

@ISRO, a proud nation salutes you and here’s to the journey to new horizons.

BBC Coverage: Chandrayaan-2: India launches second Moon mission

Regards,

Suramya

May 27, 2019

Microsoft and Brilliant launch Online Quantum Computing Class that actually looks useful

Filed under: Computer Software,Interesting Sites,My Thoughts,Techie Stuff — Suramya @ 12:14 PM

Quantum computing (QC) is the next big thing and everyone is eager to jump on the bandwagon. So my email & news feeds are usually flooded with articles on how QC will solve all my problems. I don’t deny that there are some very interesting usecases out there that would benefit from Quantum Computers but after a while it gets tiring. That being said I just found out that Microsoft & Brilliant have launched a new interactive course on Quantum Computing that allows you to build quantum algorithms from the ground up with a quantum computer simulated in your browser and I feel its pretty cool and a great initiative. The tutorial enables you to learn Q# which is Microsoft’s answer to the question of which language to use for Quantum computing code. Check it out if you are interested in learning how to code in Q#.

The course starts with basic concepts and gradually introduces you to Microsoft’s Q# language, teaching you how to write ‘simple’ quantum algorithms before moving on to truly complicated scenarios. You can handle everything on the web (including quantum circuit puzzles) and the course’s web page promises that by the end of the course, “you’ll know your way around the world of quantum information, have experimented with the ins and outs of quantum circuits, and have written your first 100 lines of quantum code — while remaining blissfully ignorant about detailed quantum physics.”
Brilliant has more than 8 million students and professionals worldwide learning subjects from algebra to special relativity through guided problem-solving. In partnership with Microsoft’s quantum team, Brilliant has launched an interactive course called “Quantum Computing,” for learning quantum computing and programming in Q#, Microsoft’s new quantum-tuned programming language. The course features Q# programming exercises with Python as the host language (one of our new features!). Brilliant and Microsoft are excited to empower the next generation of quantum computer scientists and engineers and start growing a quantum workforce today.

Starting from scratch

Because quantum computing bridges the fields of information theory, physics, mathematics, and computer science, it can be difficult to know where to begin. Brilliant’s course, integrated with some of Microsoft’s leading quantum development tools, provides self-learners with the tools they need to master quantum computing.
The new quantum computing course starts from scratch and brings students along in a way that suits their schedule and skills. Students can build and simulate simple quantum algorithms on the go or implement advanced quantum algorithms in Q

Once you have gone through the tutorial you should also check out IBM Q that allows you to code on a Quantum computer for free.

– Suramya

September 3, 2018

Software hack to keep my speaker powered on

Filed under: Computer Hardware,Linux/Unix Related,Techie Stuff,Tutorials — Suramya @ 6:37 PM

A little while ago I bought a new klipsch speaker as my previous one was starting to die and I love it except for a minor irritation. The speaker has builtin power saving tech that powers it off if its not used for a certain period of time and that means that I have to physically power it on every time I wanted to listen to music which was annoying. As I would invariably be comfortably seated and start the music before remembering that I needed to power it on. Also, I could not start the music from my phone whenever I felt like as the speaker was powered off and I would have to walk to the room to power it on.

After living with the irritation for a while I finally decided to do something about it and whipped up a small script that checks if any music/audio is already playing on the system and if not it plays a 1 second mp3 of an ultrasonic beep. This forces the system to keep the speaker on and I love it as now I can start the music first thing in the morning while lazing in bed. 🙂

The script requires the mpg123 to be installed and you can install it on a Debian system by issuing the following command:

apt-get install mpg123

The Script itself is only 4 lines long:

#!/bin/bash

if ! grep RUNNING /proc/asound/card*/pcm*/sub*/status &> /dev/null ; then
    /usr/bin/mpg123 -q /home/suramya/bin/KeepSpeakerOn.mp3 &> /dev/null
fi

What it does is to check if any of the PCM soundcards have a status of RUNNING and if not it plays the mp3. I have a cron job scheduled to run the script every one min:

XDG_RUNTIME_DIR=/run/user/1000

* * * * * /home/suramya/bin/KeepSpeakerOn.sh 

One interesting issue I hit during the initial testing was that the mpg123 application kept segfaulting whenever I initiated it from the Cron but it would work fine if I ran the same command from the command prompt. The error I got in the logs was:

High Performance MPEG 1.0/2.0/2.5 Audio Player for Layers 1, 2 and 3
        version 1.25.10; written and copyright by Michael Hipp and others
        free software (LGPL) without any warranty but with best wishes
Cannot connect to server socket err = No such file or directory
Cannot connect to server request channel
jack server is not running or cannot be started
JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for -1, skipping unlock
JackShmReadWritePtr::~JackShmReadWritePtr - Init not done for -1, skipping unlock
/home/suramya/bin/KeepSpeakerOn.sh: line 5: 10993 Segmentation fault      /usr/bin/mpg123 /home/suramya/bin/KeepSpeakerOn.mp3 -v

Spent a while trying to debug and finally figured out that the fix for this issue was to add XDG_RUNTIME_DIR=/run/user/<userid> to the cron where you can get the value of <userid> by running the following command and taking the value of uid:

id <username_the_cronjob_is_running_under> 

e.g.

suramya@StarKnight:~/bin$ id suramya
uid=1000(suramya) gid=1000(suramya) groups=1000(suramya),24(cdrom)....

Putting that line in the cron entry resolved the issue. Not sure why but it works so…

Well this is all for now. Will write more later.

– Suramya

August 24, 2018

Fixing the appstreamcli error when running apt-get update

Filed under: Computer Software,Knowledgebase,Linux/Unix Related,Techie Stuff — Suramya @ 12:05 AM

Over the past few days everytime I tried to update my Debian system using apt-get it would fail with the following error message:

(appstreamcli:5574): GLib-CRITICAL **: 20:49:46.436: g_variant_builder_end: assertion '!GVSB(builder)->uniform_item_types || 
GVSB(builder)->prev_item_type != NULL || g_variant_type_is_definite (GVSB(builder)->type)' failed

(appstreamcli:5574): GLib-CRITICAL **: 20:49:46.436: g_variant_new_variant: assertion 'value != NULL' failed

(appstreamcli:5574): GLib-ERROR **: 20:49:46.436: g_variant_new_parsed: 11-13:invalid GVariant format string
Trace/breakpoint trap
Reading package lists... Done
E: Problem executing scripts APT::Update::Post-Invoke-Success 'if /usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then appstreamcli refresh-cache > 
/dev/null; fi'
E: Sub-process returned an error code

Spent a couple of hours trying to figure out what was causing it and was able to identify that it was caused because of a bug in appstream as tunning the command manually also failed with the same error. When I tried to remove the package as recommended by a few sites it would have removed the entire KDE desktop from my machine which I didn’t want so I was at a loss as to how to fix the problem. So I put the update on hold till I had a bit more time to research the issue and identify the solution.

Today I got some free time and decided to try again and after a little bit of searching stumbled upon the following Bug Report (#906544) where David explained that the error was caused due to a bug in the upstream version of appstream and a little while later Matthias commented that the issue is fixed in the latest version of the software and it would flow down to the Debian repositories in a little bit. Normally I would have just done an apt-get update and then install to get the latest package but since the whole issue was that I couldn’t get the system to finish the update command I had to manually install the package.

To do that I went to the Debian site and opened the software package list for Debian Unstable (as that is what I am using) and searched for appstream. This gave me a link to the updated package (0.12.2-2) that fixed the bug (I had 0.12.2-1 installed). Once I downloaded the package (Make sure you download the correct package based on your system architecture) I manually installed it using the following command as root:

dpkg -i appstream_0.12.2-2_amd64.deb

This installed the package and I was then able to do an apt-get update successfully. I still get the GLib-CRITICAL warnings but that apparently can be ignored without issues.

Hope this helps people who hit the same issue (or reminds me of the solution if/when I hit the issue again).

– Suramya

August 23, 2018

Identifying Programmers by their Coding Style

Filed under: Computer Security,Computer Software,Techie Stuff — Suramya @ 8:42 PM

There is an interesting development in the field of identifying people by what they write. As some of you may already know researchers have been able to identify who wrote a particular text based on the analysis of things like word choice, sentence structure, syntax and punctuation using a technique called stylometry for a while now but it was limited to natural languages and not artificial ones like programming languages.

Now there is new research by Rachel Greenstadt & Aylin Caliskan who are professors of computer science at Drexel University & at George Washington University respectively that proves that code, like other forms of writing is not anonymous. They used Machine Learning algorithms to de-anonymize coders and the really cool part is that they can do this even with reverse compiled code from Binaries with a reasonable level of confidence. So you don’t need access to the original source code to be able to identify who coded it. (Assuming that we have code samples from them in the training DB)

Here’s a simple explanation of how the researchers used machine learning to uncover who authored a piece of code. First, the algorithm they designed identifies all the features found in a selection of code samples. That’s a lot of different characteristics. Think of every aspect that exists in natural language: There’s the words you choose, which way you put them together, sentence length, and so on. Greenstadt and Caliskan then narrowed the features to only include the ones that actually distinguish developers from each other, trimming the list from hundreds of thousands to around 50 or so.

The researchers don’t rely on low-level features, like how code was formatted. Instead, they create “abstract syntax trees,” which reflect code’s underlying structure, rather than its arbitrary components. Their technique is akin to prioritizing someone’s sentence structure, instead of whether they indent each line in a paragraph.

This is both really cool and a bit scary because suddenly we have the ability to identify who wrote a particular piece of code. This removes or atleast reduces the ability of people to release code/software anonymously. This is a good thing when we look at a piece of Malware or virus because now we can find out who wrote it making it easier to prosecute cyber criminals.

However the flip side is that we can now also identify people who write code to secure networks, bypass restrictive regime firewalls, create privacy applications etc. There are a lot of people who contribute to opensource software but don’t want to be identified for various reasons. For example if a programmer in China created a software that allows a user to bypass the Great Firewall of China they would definitely not want the Chinese government to be able to identify them for obvious reasons. Similarly there are folks who wrote some software that they do not want to be associated with their real name for some reason and this would make it more difficult for them to do so.

But this is not the end of the world, there are ways around this by using software to scramble the code. I don’t think many such systems exist right now or if they do they are at a nacent stage. If this research is broadly applied to start identifying coders then the effort to write such scramblers would take high priority and lots of very smart people would start focusing their efforts to invalidate the detectors.

Well this is all for now. Will write more later.

– Suramya

Original source: Schneier’s Blog

Older Posts »

Powered by WordPress