Suramya's Blog : Welcome to my crazy life…

August 7, 2021

Bypass of Facial Recognition made possible by creating Master faces that impersonate 40% of population

Filed under: Computer Security,Emerging Tech,My Thoughts,Tech Related — Suramya @ 9:00 PM

Over the years, there has been a lot of push for Image recognition systems and more and more companies are entering the field each with their own claims of supernatural accuracy. Plus, with all the amazing ‘tech’ being showcased in the movies and on TV people are primed to expect that level of accuracy. Unfortunately, reality is a lot more weird and based on research its pretty simple to fool image recognition systems. In the past people have tricked systems to misidentifying a banana as a toaster by modifying parts of the image. There was another recent event where the Tesla self navigation system kept thinking the moon was a Yellow light and insisted on slowing down. There are so many of these ‘edge’ cases that it is not even funny.

A specific use case for image recognition is Facial recognition and that is a similar mess. I have personally used a photo of an authorized user to get a recognition system to unlock a door during testing. We have cases where wearing glasses confuses the system that it locks you out. Now according to research conducted by the Blavatnik School of Computer Science and the school of Electrical Engineering it is possible to create a ‘master’ face that can be used to impersonate multiple ID’s. In their study they found that the 9 faces created by the StyleGAN Generative Adversarial Network (GAN) could impersonate 40% of the population. Testing against the University of Massachusetts’ Labeled Faces in the Wild (LFW) open source database they were able to impersonate 20% of the identities in the database with a single photo.

Basically, they are exploiting the fact that most facial recognition systems use broad sets of markers to identify specific individuals and StyleGAN creates a template containing multiple such markers which can then be used to fool the recognition systems.

Abstract: A master face is a face image that passes face-based identity-authentication for a large portion of the population. These faces can be used to impersonate, with a high probability of success, any user, without having access to any user-information. We optimize these faces, by using an evolutionary algorithm in the latent embedding space of the StyleGAN face generator. Multiple evolutionary strategies are compared, and we propose a novel approach that employs a neural network in order to direct the search in the direction of promising samples, without adding fitness evaluations. The results we present demonstrate that it is possible to obtain a high coverage of the population (over 40%) with less than 10 master faces, for three leading deep face recognition systems.

Their paper has been published and is available for download here: Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution.

With more and more companies pushing for AI based recognition systems as fool proof systems (looking at you Apple, with your latest nonsense about protecting kids by scanning personal photos) it is imperative that more such research is conducted before these systems are pushed into production based on the claims in their marketing brochures.

Thanks to Schneier on Security: Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

– Suramya

July 1, 2021

Never used foo/bar/baz as variable names, can I still call myself a programmer?

Filed under: Humor,My Thoughts,Tech Related — Suramya @ 4:14 PM

Just realized today that in my 24+ years of programming I have never named a variable foo, bar or baz. These are the goto names for placeholders in code & metaphysical variables and have decades of history behind them. Most programmers use them for temporary variables or place holders. Since I have never used them, can I still call myself a programmer? 😀

Jokes aside, you should use good variable names in your code that are meaningful, easy to read and concise. Some guidelines on how to do that are below:

Also, another point to keep in mind is to avoid acronyms that can have a different meaning in a different language or resemble rude words etc. See the screenshot below for an example of a ‘bad’ variable name:

Example of a bad variable name
Example of a bad variable name

Well this is all for now. Will post more later.

– Suramya

June 14, 2021

New technique Lets Users Preview Files Stored in DNA Data Storage

Filed under: Computer Hardware,Emerging Tech,Science Related,Tech Related — Suramya @ 7:45 AM

Using DNA for storage is an idea that has been around for a while with the initial idea of DNA storage being postulated by Richard P. Feynman in 1959. It was mostly a theoretical exercise till 1988, when researchers from Harvard and the artist Joe Davis stored an image of an ancient Germanic rune representing life and the female Earth in the DNA sequence of E.coli. After that In November 2016 (Lot more stuff happened between the two dates and you can read it all on the Wiki page), a company called Catalog encoded 144 words from Robert Frost’s famous poem, “The Road Not Taken” into strands of DNA. Pretty soon after that in June 2019, scientists reported that all 16 GB of text from Wikipedia’s English-language version have been encoded into synthetic DNA.

DNA storage has been becoming easier and cheaper as time goes on with more and more companies getting on the bandwagon. Even Microsoft has a DNA Storage Research project. However, even with all the advances so far there is a lot more work required before this becomes stable, cheap and reliable enough to be a commercial product. One of the problems that we faced with the storage in the past was that it wasn’t possible to preview the data stored in DNA. You had to open the entire file if you wanted to know what was in it. Think of trying to browse an image gallery without thumbnails, you would have to open each file to see what it was when trying to find a particular file.

Researchers from North Carolina State University have developed a way to provide previews of a stored data file similar to how a thumbnail works for image files. Basically they used the fact that when files have similar file names then the system will copy pieces of multiple data files. Till now this was a problem but the researchers figured out how to use this behavior to allow them to either open the entire file or a subset.

“The advantage to our technique is that it is more efficient in terms of time and money,” says Kyle Tomek, lead author of a paper on the work and a Ph.D. student at NC State. “If you are not sure which file has the data you want, you don’t have to sequence all of the DNA in all of the potential files. Instead, you can sequence much smaller portions of the DNA files to serve as previews.”

Here’s a quick overview of how this works.

Users “name” their data files by attaching sequences of DNA called primer-binding sequences to the ends of DNA strands that are storing information. To identify and extract a given file, most systems use polymerase chain reaction (PCR). Specifically, they use a small DNA primer that matches the corresponding primer-binding sequence to identify the DNA strands containing the file you want. The system then uses PCR to make lots of copies of the relevant DNA strands, then sequences the entire sample. Because the process makes numerous copies of the targeted DNA strands, the signal of the targeted strands is stronger than the rest of the sample, making it possible to identify the targeted DNA sequence and read the file.

However, one challenge that DNA data storage researchers have grappled with is that if two or more files have similar file names, the PCR will inadvertently copy pieces of multiple data files. As a result, users have to give files very distinct names to avoid getting messy data.

“At some point it occurred to us that we might be able to use these non-specific interactions as a tool, rather than viewing it as a problem,” says Albert Keung, co-corresponding author of a paper on the work and an assistant professor of chemical and biomolecular engineering at NC State.

Specifically, the researchers developed a technique that makes use of similar file names to let them open either an entire file or a specific subset of that file. This works by using a specific naming convention when naming a file and a given subset of the file. They can choose whether to open the entire file, or just the “preview” version, by manipulating several parameters of the PCR process: the temperature, the concentration of DNA in the sample, and the types and concentrations of reagents in the sample.

The new technique is compatible with the DNA Enrichment and Nested Separation (DENSe) system that enables us to make DNA storage systems more scalable. The researchers are looking for industry partners to explore commercial viability. If things work out then maybe in the near future we could start storing data in biological samples (like spit). Although, it does sound gross to be handling spit and other bio matter when searching for saved data.

Source: New Twist on DNA Data Storage Lets Users Preview Stored Files
Paper: Nature.com: Promiscuous molecules for smarter file operations in DNA-based data storage

– Suramya

June 12, 2021

Linus educates anti-vaxxer on Linux Kernel Mailing list

Filed under: Interesting Sites,My Thoughts,Tech Related — Suramya @ 4:36 AM

There have been times in the past when Linus’s posts on the Linux Kernel mailing list have been less than polite and he was in fact asked to stop abusing colleagues on mailing lists. He then took a break from maintaining the kernel and took empathy training. Since then his responses have been pretty restrained and polite (for the most part). However, a few days ago someone named “Enrico Weigelt” posted a typical anti-vaxxer message on the Linux Kernel Mailing list:

> And I know *a lot* of people who will never take part in this generic
> human experiment that basically creates a new humanoid race (people
> who generate and exhaust the toxic spike proteine, whose gene sequence
> doesn’t look quote natural). I’m one of them, as my whole family.

This was in response to folks asking if the rising number of vaccinated people meant that the “Maintainers / Kernel Summit 2021″ would be an in-person event or if it would remain a virtual one for now. Linus responded to his message with his customary wit and technical response (though not as ‘colorful’ as his past responses).

I love that he started off his response with a blunt statement:

Please keep your insane and technically incorrect anti-vax comments to yourself.

You don’t know what you are talking about, you don’t know what mRNA
is, and you’re spreading idiotic lies. Maybe you do so unwittingly,
because of bad education. Maybe you do so because you’ve talked to
“experts” or watched youtube videos by charlatans that don’t know what
they are talking about.

Then he went on to explain what mRNA does and how it doesn’t stay in your body for more than a couple of days. You can read the full response below. I am posting a copy here so that I can refer people who send me anti-vaxx nonsense to it. Vaccines save lives. That is a fact. The study that links vaccines to autism has been debunked so many times that it is not even funny. But still there are people who fall for the trap. The problem is that the science is complicated enough that people don’t understand it and the denialist’s use simple language that is easy to understand (even though it is wrong). This makes it easy for people to think they understand the science behind it and become rabid anti-vaxxers.

Dealing with conspiracy theorists is difficult and I usually end up ignoring them or yelling at them. The lovely @OkieSpaceQueen has a great thread on talking to conspiracy theorists that I found very useful, along with their earlier thread focusing on how to talk to Flat Earther’s. They are a lot more patient than what I usually am and I am going to try to use the techniques in the thread going forward.

All that being said, I just want to close with a request to get vaccinated as quickly as possible. It can and does save lives.

On Thu, Jun 10, 2021 at 11:08 AM Enrico Weigelt, metux IT consult
wrote:
>
> And I know *a lot* of people who will never take part in this generic
> human experiment that basically creates a new humanoid race (people
> who generate and exhaust the toxic spike proteine, whose gene sequence
> doesn’t look quote natural). I’m one of them, as my whole family.

Please keep your insane and technically incorrect anti-vax comments to yourself.

You don’t know what you are talking about, you don’t know what mRNA
is, and you’re spreading idiotic lies. Maybe you do so unwittingly,
because of bad education. Maybe you do so because you’ve talked to
“experts” or watched youtube videos by charlatans that don’t know what
they are talking about.

But dammit, regardless of where you have gotten your mis-information
from, any Linux kernel discussion list isn’t going to have your
idiotic drivel pass uncontested from me.

Vaccines have saved the lives of literally tens of millions of people.

Just for your edification in case you are actually willing to be
educated: mRNA doesn’t change your genetic sequence in any way. It is
the exact same intermediate – and temporary – kind of material that
your cells generate internally all the time as part of your normal
cell processes, and all that the mRNA vaccines do is to add a dose
their own specialized sequence that then makes your normal cell
machinery generate that spike protein so that your body learns how to
recognize it.

The half-life of mRNA is a few hours. Any injected mRNA will be all
gone from your body in a day or two. It doesn’t change anything
long-term, except for that natural “your body now knows how to
recognize and fight off a new foreign protein” (which then tends to
fade over time too, but lasts a lot longer than a few days). And yes,
while your body learns to fight off that foreign material, you may
feel like shit for a while. That’s normal, and it’s your natural
response to your cells spending resources on learning how to deal with
the new threat.

And of the vaccines, the mRNA ones are the most modern, and the most
targeted – exactly because they do *not* need to have any of the other
genetic material that you traditionally have in a vaccine (ie no need
for basically the whole – if weakened – bacterial or virus genetic
material). So the mRNA vaccines actually have *less* of that foreign
material in them than traditional vaccines do. And a *lot* less than
the very real and actual COVID-19 virus that is spreading in your
neighborhood.

Honestly, anybody who has told you differently, and who has told you
that it changes your genetic material, is simply uneducated. You need
to stop believing the anti-vax lies, and you need to start protecting
your family and the people around you. Get vaccinated.

I think you are in Germany, and COVID-19 numbers are going down. It’s
spreading a lot less these days, largely because people around you
have started getting the vaccine – about half having gotten their
first dose around you, and about a quarter being fully vaccinated. If
you and your family are more protected these days, it’s because of all
those other people who made the right choice, but it’s worth noting
that as you see the disease numbers go down in your neighborhood,
those diminishing numbers are going to predominantly be about people
like you and your family.

So don’t feel all warm and fuzzy about the fact that covid cases have
dropped a lot around you. Yes, all those vaccinated people around you
will protect you too, but if there is another wave, possibly due to a
more transmissible version – you and your family will be at _much_
higher risk than those vaccinated people because of your ignorance and
mis-information.

Get vaccinated. Stop believing the anti-vax lies.

And if you insist on believing in the crazy conspiracy theories, at
least SHUT THE HELL UP about it on Linux kernel discussion lists.

Linus

Original thread Linus’s response on Linux Kernel mailing list to Anti-vaxxer message

– Suramya

June 11, 2021

Dangers of online ‘free’ html editing services: Your site is now part of SEO scam for shady services

Filed under: Computer Tips,My Thoughts,Tech Related — Suramya @ 10:52 PM

There are a lot of free services available online for various tasks that historically required you to download and install software. For example, if you want to convert a .doc file to pdf or if you wanted to edit your image or even clean up / optimize your HTML files, you can use online free services for it. As with anything you need to take a look at who is running the site before you decide to upload your personal data to it. In addition it might be a good idea to take a look at the privacy policy & data retention policy of any such sites before you use them. If a site doesn’t have a privacy policy/data retention policy and wants you to upload your private data/files to it then it is a red flag.

Most recent case of such a misuse came into my notice a few days ago, where a few of the highly-ranked online tools for editing / cleaning your html code were secretly injecting scam/spam links into the code being edited to push themselves and their affiliated sites up the search engine rankings. SEO or Search Engine Optimization gives extra weight to sites that are linked to from other legitimate sites and when a html cleaner program adds links to their solutions into each site/page that they are editing they get a leg up on every other product because their have a lot more weighted links than their competition. (Links to the site are not the only thing SEO use to raise their profile but SEO optimization is a huge topic that I won’t be covering here in this post).

Caspar over at casparwre.de found this out while trying to figure out why he couldn’t be the top result for ‘online scoreboard’ on Google. You can check out the full write up here

For instance, I saw a blog post from the German Football Association containing a link to Scorecounter. The word that was linked was “score” – yet having a link here made absolutely no sense in the context of the article. What was going on? 🤔

Here are some more examples of links I found on random domains (you need to search for “score” on the page).

Macworld Shop
NBC Washington
RICE University (The link has now been removed)
Intuit Quickbooks (The link has now been removed)


So that was the secret: the creators of Scorecounter also made an online HTML editor which injects links for certain keywords. The beauty of this scam is that by injecting links to their own HTML editor, they have created a brilliant positive feedback loop: the higher the editor rises in the search rankings, the more people use it and the more secret links they can inject.

In one way this is a fantastic (if shady) way to ensure that your product is at the top of any search for a given text/question. But usually it is only a matter of time before people figure it out and then you loose a lot of goodwill and get a reputation for shady practices. How many people will continue to use their product if they knew that their site will be used to hawk products that they personally have not selected/validated?

I took a look at the privacy policy and the general website over at: html-cleaner.com and they don’t have any note letting people know that the site introduces links to it’s own services and other sites into your text. This is shady behavior. Some of the reputable sites that I have seen in the past, let you know that they will be adding a subtext or a note at the bottom of the page being edited stating that it was created using xyz service. Adding the links into the text of the site makes it seem that the owner of the site is endorsing the service, which obviously isn’t the case here.

To close the post, I just want to say you need to be careful where you upload data or what program you are using to edit/create things because if it is created by people with bad ethics they can and often do steal your private data or modify your data or use it for purposes other than what you intended when uploading it.

– Suramya

June 10, 2021

Using Graphene layers to store 10 times more data in Hard Disks

Filed under: Computer Hardware,Emerging Tech,Tech Related — Suramya @ 5:39 PM

The requirement for data storage has been going up exponentially over the past few years. At the start of 2020 it was estimated that the amount of data in the world was approximately 44 zettabytes (44,000,000,000,000,000,000,000 bytes), by 2025 this number will have grown to 175 zettabytes of data (Source). This means that we need better storage media to store all the information being generated. Imagine having to store this much data on floppy disks with their 1.4MB of storage or the early hard-disks that stored 10MB of data.

New research carried out in collaboration with teams at the University of Exeter, India, Switzerland, Singapore, and the US have replaced the carbon-based overcoats (COCs) which are basically layers on top of hard disk platters to protect them from mechanical damage with 2-4 layers of Graphene. Since we have reduced the thickness of the COC layer the platters can be placed closer together allowing us to have a greater storage density per inch and basically multiply the storage capacity by a factor of ten. Another advantage of using Graphene is that it reduces the corrosion of the platters by 2.5 times thereby making drives more reliable and increasing their lives.

HDDs contain two major components: platters and a head. Data are written on the platters using a magnetic head, which moves rapidly above them as they spin. The space between head and platter is continually decreasing to enable higher densities. Currently, carbon-based overcoats (COCs) — layers used to protect platters from mechanical damages and corrosion — occupy a significant part of this spacing. The data density of HDDs has quadrupled since 1990, and the COC thickness has reduced from 12.5nm to around 3nm, which corresponds to one terabyte per square inch. Now, graphene has enabled researchers to multiply this by ten.

The Cambridge researchers have replaced commercial COCs with one to four layers of graphene, and tested friction, wear, corrosion, thermal stability, and lubricant compatibility. Beyond its unbeatable thinness, graphene fulfills all the ideal properties of an HDD overcoat in terms of corrosion protection, low friction, wear resistance, hardness, lubricant compatibility, and surface smoothness. Graphene enables two-fold reduction in friction and provides better corrosion and wear than state-of-the-art solutions. In fact, one single graphene layer reduces corrosion by 2.5 times. Cambridge scientists transferred graphene onto hard disks made of iron-platinum as the magnetic recording layer, and tested Heat-Assisted Magnetic Recording (HAMR) — a new technology that enables an increase in storage density by heating the recording layer to high temperatures. Current COCs do not perform at these high temperatures, but graphene does. Thus, graphene, coupled with HAMR, can outperform current HDDs, providing an unprecedented data density, higher than 10 terabytes per square inch.

The research was published in Nature: Graphene overcoats for ultra-high storage density magnetic media and has a lot of promise but is still in research phase so it might be a little while before we see consumer products with Graphene layers. A more userfriendly / less technical overview is available at: Phys.org: Ultra-high-density hard drives made with graphene store ten times more data

– Suramya

June 8, 2021

Great book on Military Crypto analytics by Lambros Callimahos released to public

Filed under: Computer Security,Computer Software,My Thoughts,Tech Related — Suramya @ 9:58 PM

I find Cryptography and code breaking to be very interesting as there are huge implications on Cyber security. The current world is based on the presumption that cryptographic algorithms are secure, it is what ensures that we can use the internet, bank online, find love online and even work online. Cryptography historically has been a field working under heavy classification and there are multiple folks we don’t know about because their existence and work was classified.

Lambros Callimahos was one such Cryptologist, he was good enough that two of his books on Military Cryptanalytics covering code breaking (published in 1977) were blocked from public release till 1992. The third and last volume in the series was blocked from release till December 2020. It is now finally available for download as a PDF file so you can check it out.

The book covers how code breaking can be used to solve “impossible puzzles” and one of the key parts of the book is it’s explanation of how to use cryptodiagnosis to decrypt data that has been encrypted using an unknown algorithm. It has a whole bunch of examples and walks you through the process which is quite fascinating. I am going to try getting through it over the next few weeks if I can.

Check it out if you like to learn more about cryptography.

– Suramya

May 30, 2021

You can now run GUI Linux Apps on Windows 10 natively

Filed under: Computer Software,Linux/Unix Related,Tech Related — Suramya @ 10:17 PM

With the latest update of Windows Subsystem for Linux (WSL), you can now run Linux GUI applications on Windows natively. This is pretty impressive considering Steve Ballmer famously branded Linux “a cancer that attaches itself in an intellectual property sense to everything it touches” back in 2001. In just 20 years, Microsoft has changed it’s stance and started adding more Linux functionality to it’s operating system.

Arguably, one of the biggest, and surely the most exciting update to the Windows 10 WSL, Microsoft has been working on WSLg for quite a while and in fact first demoed it at last year’s conference, before releasing the preview in April… Microsoft recommends running WSLg after enabling support for virtual GPU (vGPU) for WSL, in order to take advantage of 3D acceleration within the Linux apps…. WSLg also supports audio and microphone devices, which means the graphical Linux apps will also be able to record and play audio.

Keeping in line with its developer slant, Microsoft also announced that since WSLg can now help Linux apps leverage the graphics hardware on the Windows machine, the subsystem can be used to efficiently run Linux AI and ML workloads… If WSLg developers are to be believed, the update is expected to be generally available alongside the upcoming release of Windows.

The feature is still only available in Windows 10 Preview Builds but is expected to be released for general use in the near future.

I would love to see the reverse being developed. The ability to install and run Windows applications on Linux natively / officially. There is Wine/Crossover but they don’t support 100% of the applications yet. It would be cool if MicroSoft contributes to either of the tools to allow people to run windows software on Linux.

I personally use Crossover to run the Office Suite and it works great for me (For the most part). The latest version supports Office 365 and most of it works fine except for Excel which still has a bit of a problem with large files but works otherwise. Which is why I also have Office 2007 also installed where Excel works without issues even with large files.

Compatibility with MS Office suite is why a lot of users don’t want to switch from Windows to Linux or Mac. OpenOffice/LibreOffice is great but the UI sucks and the files are not 100% compatible (atleast the last time I tried it, it wasn’t) so the files might not look the same as you expected when you share them with Office users.

Source: Microsoft doubles down on Windows Subsystem for Linux

– Suramya

May 23, 2021

Rapid Prototyping by Printing circuits using an Inkjet Printer

Filed under: Computer Hardware,Emerging Tech,Tech Related — Suramya @ 10:50 PM

Printing circuits using commercial inkject printers is something that is becoming more and more convenient and affordable day by day. In their 2014 paper Instant inkjet circuits: lab-based inkjet printing to support rapid prototyping of UbiComp devices Prof. Kawahara and others showcased several applications from touch sensors to capacitive liquid level sensors. If you are interested in trying this out (I am sorely tempted), then checkout this Instructable.com: Print Conductive Circuits With an Inkjet Printer post that walks you through how to modify your printer.

The Ink to print these circuits is available for purchase online at novacentrix.com. You need the following to start printing circuits:

  • A low-cost printer such as EPSON WF 2010
  • Printing substrates like PET and glossy paper
  • Oven or hot plate for sintering & drying the ink
  • Empty refillable cartridges

A good area for experimentation would be for wearable circuits on clothing and other such places. But there are a ton of other applications especially in the embedded electronics market.

Well this is all for now. Will write more later.

Thanks to Hackernews: Rapid Prototyping with a $100 Inkjet Printer for the link.

– Suramya

May 20, 2021

Thoughts on NVIDIA crippling cryptocurrency mining on some of its cards

Filed under: Computer Security,Computer Software,My Thoughts,Tech Related — Suramya @ 8:11 PM

You might have heard the news that NVIDIA has added code to it’s GPUs that make them less attractive for cryptocurrency mining by reducing the efficiency of such computations using a software patch. On one side this is great news because it means that GPUs will be less attractive for mining and be available for gamers and others to use in their setup. However, I feel that this is a bad precedent being set by a company. In effect they are deciding to control what you do with the card after you have bought it. A similar case would be a restriction in your car purchase to stop you from using it on non-highway roads. Or to stop you from carrying potatoes in the trunk.

This all comes back to the old story about DRM and how it is being used to restrict us from actually owning a device. With DRM you are essentially renting the device and if you do anything that the owner corporation doesn’t agree with then you are in for a fun time at the local jail. DRM/DMCA is already being used to block farmers from fixing their farm equipment, medical professionals from fixing their health equipment and a whole lot more.

Cory Doctorow has a fantastic writeup on how DRM works and the problems caused by it. DRM does not support innovation, it actually forces status-quo because it is illegal to bypass it.

I have an old X-Box sitting in my closet collecting dust, I want to run Linux on it but that requires me to break the law because I would need to bypass the DRM protections in order to install a new OS. Today we are ok when they are blocking cryptocurrency, what if tomorrow the company gets into a fight with a gaming company and decides that they will degrade the game performance because they didn’t pay the fees for full performance. What if tomorrow they decide, to charge a subscription fee to get the full performance from the device? What is to stop them from degrading or crippling any other activity they don’t agree with whenever they feel like? The law is in their favor because of DRM, laws like DMCA (and other such laws) make it illegal to bypass the protections they have placed around it.

This is a slippery slope and we can’t trust the corporations to have our best interest at heart when there is money to be made.

There is more discussion on this happening over at HackerNews. Check it out.

– Suramya

« Newer PostsOlder Posts »

Powered by WordPress