Suramya's Blog : Welcome to my crazy life…

August 18, 2020

Finally moved the Website & Blog to https

Filed under: Computer Tips,Tech Related,Website Updates — Suramya @ 12:02 PM

After spending way too much time avoiding the work due I finally configured both suramya.com & the Blog to be https by default. The setup was fairly simple, I added the certificate on the 1and1.com portal, then after a few mins I was able to access the site over https. In order to redirect http to https automatically I followed the following steps:

Auto Redirect to https in Apache

Configure .htaccess to force a redirect, you can also configure it in the Apache main configuration (under the virtualhosts directive) but since I don’t have root access and can’t modify it I updated the .htaccess config to do the same thing. Basically you need to add the following lines to .htaccess :

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.suramya.com/$1 [R,L]

Change www.suramya.com to your domain, else every visitor to your site will be sent to my site. Not that I will mind that, but you might. 🙂

Then I did the same thing for the blog with a small change, The .htaccess for the blog reads as the following:


RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.suramya.com/blog/$1 [R,L]

When updating the file, you need to ensure you put the changes outside the # BEGIN WordPress & # END WordPress as the content is dynamically generated and would be overwritten.

Updating all the urls in WordPress

After I made the changes above, I found that the site was being redirected to https but I was getting errors about mixed content on the page because all the URL’s/Images that I had uploaded to WP till now were saved as http and not https. So I had to change every URL in the blog from http to https and to be honest I wasn’t looking forward to doing this manually. I searched the web and found this site that had instructions on how to update the url’s using the WordPress commandline interface. From the blog directory you need to issue the following command:

wp search-replace http://www.suramya.com/blog/ https://www.suramya.com/blog/ --dry-run

This command does a dry run and tells you what all changes will be made and if everything looks ok, then you can run the above command again without the ‘dry-run’ call.

wp search-replace http://www.suramya.com/blog/ https://www.suramya.com/blog/

If all goes well you will get an output similar to the following:

(uiserver):~/public_html/suramya.com/blog$ wp search-replace http://www.suramya.com/blog/ https://www.suramya.com/blog/ 
+------------------+-----------------------+--------------+------+
| Table            | Column                | Replacements | Type |
+------------------+-----------------------+--------------+------+
| wp_commentmeta   | meta_key              | 0            | SQL  |
| wp_commentmeta   | meta_value            | 572          | PHP  |
| wp_comments      | comment_author        | 0            | SQL  |
| wp_comments      | comment_author_email  | 0            | SQL  |
| wp_comments      | comment_author_url    | 29           | SQL  |
| wp_comments      | comment_author_IP     | 0            | SQL  |
| wp_comments      | comment_content       | 2            | SQL  |
| wp_comments      | comment_approved      | 0            | SQL  |
| wp_comments      | comment_agent         | 0            | SQL  |
| wp_comments      | comment_type          | 0            | SQL  |
| wp_links         | link_url              | 0            | SQL  |
| wp_links         | link_name             | 0            | SQL  |
| wp_links         | link_image            | 0            | SQL  |
| wp_links         | link_target           | 0            | SQL  |
| wp_links         | link_description      | 0            | SQL  |
| wp_links         | link_visible          | 0            | SQL  |
| wp_links         | link_rel              | 0            | SQL  |
| wp_links         | link_notes            | 0            | SQL  |
| wp_links         | link_rss              | 0            | SQL  |
| wp_options       | option_name           | 0            | SQL  |
| wp_options       | option_value          | 3            | PHP  |
| wp_options       | autoload              | 0            | SQL  |
| wp_postmeta      | meta_key              | 0            | SQL  |
| wp_postmeta      | meta_value            | 0            | PHP  |
| wp_posts         | post_content          | 591          | SQL  |
| wp_posts         | post_title            | 0            | SQL  |
| wp_posts         | post_excerpt          | 0            | SQL  |
| wp_posts         | post_status           | 0            | SQL  |
| wp_posts         | comment_status        | 0            | SQL  |
| wp_posts         | ping_status           | 0            | SQL  |
| wp_posts         | post_password         | 0            | SQL  |
| wp_posts         | post_name             | 0            | SQL  |
| wp_posts         | to_ping               | 0            | SQL  |
| wp_posts         | pinged                | 20           | SQL  |
| wp_posts         | post_content_filtered | 0            | SQL  |
| wp_posts         | guid                  | 2775         | SQL  |
| wp_posts         | post_type             | 0            | SQL  |
| wp_posts         | post_mime_type        | 0            | SQL  |
| wp_term_taxonomy | taxonomy              | 0            | SQL  |
| wp_term_taxonomy | description           | 0            | SQL  |
| wp_termmeta      | meta_key              | 0            | SQL  |
| wp_termmeta      | meta_value            | 0            | SQL  |
| wp_terms         | name                  | 0            | SQL  |
| wp_terms         | slug                  | 0            | SQL  |
| wp_usermeta      | meta_key              | 0            | SQL  |
| wp_usermeta      | meta_value            | 0            | PHP  |
| wp_users         | user_login            | 0            | SQL  |
| wp_users         | user_nicename         | 0            | SQL  |
| wp_users         | user_email            | 0            | SQL  |
| wp_users         | user_url              | 0            | SQL  |
| wp_users         | user_activation_key   | 0            | SQL  |
| wp_users         | display_name          | 0            | SQL  |
+------------------+-----------------------+--------------+------+
Success: Made 3992 replacements.

That’s it. After running the command, the blog is completely on https and the security gods are happy :). Now I need to update all the URL’s on the main site to reference https instead of http and that is going to be painful. It will require a whole lot of script-fu to do it automatically as it will have to be a regex/awk or something similar. Maybe someone already did the work and posted the solution online. Alas that was not the case. I ended up manually updating the files since there were only about 20-25 of them. Opened all of them in the editor one-shot and then did a search & replace. Now both sites are coming up properly in https.

– Suramya

August 14, 2020

Updating the BIOS to address a AMD Ryzen bug

Filed under: Computer Related,Computer Software,Tech Related — Suramya @ 5:13 PM

Over the past few months I have been infrequently seeing the following warning message in the Terminal and had been ignoring it because apparently the fix was to update the BIOS and I didn’t have the patience/time to do the upgrade at that point in time:

WARNING: CPU random generator seem to be failing, disable hardware random number generation
WARNING: RDRND generated: 0xffffffff 0xffffffff 0xffffffff 0xffffffff
WARNING: CPU random generator seem to be failing, disable hardware random number generation
WARNING: RDRND generated: 0xffffffff 0xffffffff 0xffffffff 0xffffffff

Today I thought that I should fix the error, a bit of Google searching confirmed that I needed to update the BIOS because apparently there was a bug in the AMD Ryzen 3000 series processor that causes the onboard random number generator to always return 0xffffffff when asked to generate a Random number. Obviously getting the same number every time is not optimal even though Dilbert feels otherwise.


Random Number Generator in Accounting

AMD was notified about it last year and they released a BIOS update to fix the issue, however each Motherboard company had to validate and release the new BIOS which took time. The fix was to upgrade the BIOS and I really wasn’t looking forward to it as the last time I upgraded the BIOS it was a painful exercise involving floppy disks and cursing etc.

I looked up my BIOS version using the dmidecode command but that didn’t give me enough information to find the new BIOS version for my motherboard (‘ROG STRIX X570-E GAMING’). So I rebooted the computer and found the built in BIOS upgrade section under Tools. I decided to give it a try and see what options are available so I clicked on the Upgrade option and it gave me the option of connecting to the Internet and automatically downloading the latest version of the BIOS or installing it from a USB/Disk Drive. I selected the Network Install option and the system happily downloaded the latest version of the BIOS from the Internet and then gave me the option to Install the new version. I selected ‘Yes’ and the BIOS was upgraded.

The system had to reboot a few times for the upgrade to complete and there was a boot where the system played a bunch of beeps without anything coming up on the display which scared the life out of me but then it immediately rebooted and the display came back. After the upgrade completed I got a screen with a bunch of messages about BIOS settings needing to be reinitialized but when I went into the BIOS the settings were all there. So I rebooted and now all looks good and I don’t see any more weird error messages in the Console or the logs.

I am happy to see that the process to upgrade the BIOS is now so simple and I will be upgrading the BIOS more frequently going forward.

– Suramya

August 6, 2020

Thoughts on Cybercrime in the Covid world

Filed under: Computer Security,My Thoughts,Tech Related — Suramya @ 1:07 PM

The Cyber Security industry has seen a massive boost during the current pandemic, with users working remotely for the first time and permissions granted on the fly the Security teams in the enterprise have been working round the clock to ensure critical data and systems are secure. But due to the general chaos of Covid combined with the need to keep businesses running there are systems that have been less than optimally configured.

All this gives us the impression that the Cybercrime world must be thriving in the current environment. But apparently that is not always the case, the Cambridge Cybercrime Centre has released a series of reports on how the Pandemic has impacted cybercrime. The reports are a fascinating read as they show how even the criminals are facing hardships due to the pandemic. For example, below is an extract from the report on the impact on International drug trade due to the shipping disruptions caused by lockdowns.

“The initial wave of COVID lockdowns in China caused substantial disruption to international shipping,compounded by the subsequent lockdowns in the rest of the world. Despite their ‘online’ character, drugscryptomarkets (online markets for legal and illegal drugs which are accessed securely through anonymitynetworks such as Tor) are reliant on the postal and shipping services for the delivery of drugs and precursorsto suppliers and end users. We have observed, in our scraped datasets of illicit online forums and discussionboards, evidence of significant disruption of these pathways, and a range of effects on these illicit markets.At the initial peak of lockdown measures, shipping times (especially in international routes which passedthrough China) were being routinely delayed by up to three months (as reported in cryptomarket discussions).This caused significant friction to international orders for postal drug delivery, with many dealers reportingthat they were switching to orders within the same nation only, and others struggling to source supply.”

Brian Kerbs from Kerbs on Security wrote a comprehensive article on How Cybercriminals are Weathering COVID-19 and its worth a read as well.

But apparently a number of criminal reshipping services are reporting difficulties due to the increased wait time when calling FedEx or UPS (to divert carded goods that merchants end up shipping to the cardholder’s address instead of to the mule’s). In response, these operations are raising their prices and warning of longer shipping times, which in turn could hamper the activities of other actors who depend on those services.

That’s according to Intel 471, a cyber intelligence company that closely monitors hundreds of online crime forums. In a report published today, the company said since late March 2020 it has observed several crooks complaining about COVID-19 interfering with the daily activities of their various money mules (people hired to help launder the proceeds of cybercrime).

The same is happening for real world crime also, Jani was telling me about this article on Goa where the local drug dealers are out of job because no tourists are visiting so they all are now selling fish to survive.

Well this is all for now. Will write more later.

– Suramya

July 31, 2020

Interested in Coding using emoji’s? Check out emojicode

Filed under: Computer Software,My Thoughts,Tech Related — Suramya @ 12:12 PM

I am not the most fervent fan of emojis in the world and for the most part I have gone through the last 20+ years with about 3-4 emojis that I use on a regular basis. But I know people who communicate wholly using them and while I am ok with folks using them in personal communications I dislike them immensely in professional communications (except for the occasional smiley face). However not everyone agrees with me and there have been books published in the past using just Emoji’s and now there is a programming language that is written entirely in emoji.

Emojicode, which first appeared as a Github project back in 2016 has been around for a while now and has a fairly strong following in the tech world. I realize that I sound like one of the old men screaming ‘Get off my lawn’ but I really don’t understand why anyone would want to code in a language that uses emoji’s to define text as a serious programming language. As a joke it would be fun to learn but I can’t really imagine coming in to work one day and writing code using Emojocode for a work project.

Here’s an example of the “Hello World” program written using Emojicode.


Hello World using Emojicode

If you want to learn coding in Emojicode, you can check out their impressive documentation or do a Code Academy course on the language. Emojicode is open-source, so you can also contribute to the development via their GitHub repository.

Yes, learning new programming languages is cool, but I don’t think I will be spending the effort to learn Emojicode anytime in the near future.

– Suramya

July 30, 2020

Scientists claim to be able to detect depression in written text using Machine learning

Filed under: Computer Software,My Thoughts,Tech Related — Suramya @ 12:26 PM

Depression is brutal, it can range from feelings of sadness, loss, or anger that interfere with a person’s everyday activities to suicidal tendencies. In the past few months there have been multiple cases of famous people committing suicide because they were depressed and unable to cope with the feelings of isolation and stress brought about by the current pandemic. Unfortunately depression is not an easy thing to diagnose and there isn’t a single test to diagnose it. Doctors can diagnose it based on your symptoms and a psychological evaluation which in most cases includes questions about your:

  • moods
  • appetite
  • sleep pattern
  • activity level
  • thoughts etc

But all of this requires a person to be open about their thoughts and that can be difficult at times due to the stigma associated with mental health issues. In all of the cases I was referring to earlier the common theme from the friends & acquaintances have been about how they wish they had known that xyz was depressed and if they had then maybe they could have helped.

The problem is that people don’t always come out and say that they are depressed and sometime the signals are very faint. So its very interesting to see the various efforts that are underway to identify these symptoms earlier and get the people the help they need faster so that they don’t have to face it alone. As part of this effort scientists at Canada’s University of Alberta have created a machine learning model that uses linguistic clues to indicate signs of depression in text communications like twitter messages and have published a paper on it (Augmenting Semantic Representation of Depressive Language: From Forums to Microblogs) in the ‘European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Database’.

We discuss and analyze the process of creating word embedding feature representations specifically designed for a learning task when annotated data is scarce, like depressive language detection from Tweets. We start from rich word embedding pre-trained from a general dataset, then enhance it with embedding learned from a domain specific but relatively much smaller dataset. Our strengthened representation portrays better the domain of depression we are interested in as it combines the semantics learned from the specific domain and word coverage from the general language. We present a comparative analyses of our word embedding representations with a simple bag-of-words model, a well known sentiment lexicon, a psycholinguistic lexicon, and a general pre-trained word embedding, based on their efficacy in accurately identifying depressive Tweets. We show that our representations achieve a significantly better F1 score than the others when applied to a high quality dataset.

This is not the first study on the topic and it won’t be the last. The paper is fairly technical and from what I can understand they can identify potential signs of depression based on words used and phrasing. But am not sure how they are taking into account sarcasm and contextual clues. For example without the appropriate context things being said can be taken in many different ways and identifying the correct emotion behind the words can be tricky. When we interact in person or over phone things like body language or verbal cues give us additional context about how a person is feeling, unfortunately that is not the case with text and there is a huge potential for things to be taken out of context or in the wrong way. Another issue is how to differentiate between feelings of sadness and depression as the symptoms might be very similar.

We need human interactions, connections etc to address this issue and not another technology claiming to be a silver bullet as not everything can be solved by AI/ML and the low accuracy level on such solutions can only cause trouble down the line. Imagine such a system being implemented at workplaces, during interviews or on dating sites. If a system flagged you as a depressive then it could cost you your job, or your relationship.

What do you think?

– Suramya

July 27, 2020

Cloaking your Digital Image using Fawkes to thwart unauthorized Deep Learning Models

Filed under: Computer Related,Computer Software,My Thoughts,Tech Related — Suramya @ 3:42 PM

Unless you have been living under a rock you have seen or heard about facial recognition technologies that are actively in use in the world. You have the movie/TV version where a still image from a video feed is instantly compared to every image in the database to match a perp, then you have the real world example where there are systems that take all your social media feeds, images of yours posted anywhere as a dataset to train a system that can identify you from a video feed (not as quickly as the TV version but still fast).

So what is the way to prevent this? Unfortunately there isn’t one (or at least there wasn’t a realistic one till recently). Earlier you had to ensure that no image of yours is ever posted online, you are never caught in a security feed or traffic cam anywhere. Which as you can imagine is pretty impossible in today’s connected world. Even if I don’t post a picture of me online, my friends with whom I attended a party might upload a pic with me in the background and tag me. Or you get peer pressured to upload the photos to FB or Twitter etc.

There is not much we can do about state sponsored learning models but there are plenty of other folks running unauthorized setups that consume photos posted publicly without permission to train their AI models. These are the systems targeted by folks from the SAND Lab at University of Chicago who have developed Fawkes1, an algorithm and software tool (running locally on your computer) that gives individuals the ability to limit how their own images can be used to track them.

At a high level, Fawkes takes your personal images, and makes tiny, pixel-level changes to them that are invisible to the human eye, in a process we call image cloaking. You can then use these “cloaked” photos as you normally would, sharing them on social media, sending them to friends, printing them or displaying them on digital devices, the same way you would any other photo. The difference, however, is that if and when someone tries to use these photos to build a facial recognition model, “cloaked” images will teach the model an highly distorted version of what makes you look like you. The cloak effect is not easily detectable, and will not cause errors in model training. However, when someone tries to identify you using an unaltered image of you (e.g. a photo taken in public), and tries to identify you, they will fail.

The research and the tool will be presented at the upcoming USENIX Security Symposium, to be held on August 12 to 14. The software is available for download at the projects GitHub repository and they welcome contributions.

It would be amazing when this tool matures and I can imagine it becoming a default part of operating systems so that all images uploaded get processed by the tool by default reducing the risk of automatic facial recognition. Although I can’t imagine any of the governments/Facebook being too happy about this tool being publicly available. 🙂

Well this is all for now. Will write more later.

Thanks to Schneier on Security for the initial link.

– Suramya

March 4, 2020

Seti@home project to stop distributing new work to clients after 21 years

Filed under: Computer Software,News/Articles,Tech Related — Suramya @ 1:44 PM

Seti@home has a fond place in my heart. It has been run by the Berkeley SETI Research Center since 1999, and I think I installed it on my machine sometime around Dec 1999 or early 2000 after hearing about it from one of the News websites (possibly Slashdot). Once I had it running on my system I was pushing to get it installed on all the computers in the University computer lab as they were running 24/7 and I saw that as a wasted opportunity for furthering search for ET. I ran it constantly on my computers till about 2009 post which I switched to running Folding@home which is more focused on Science / DNA sequencing / Medical research. Seti was one of the first Distributed computing systems that I know of and the amount of data processed by computers under its umbrella is staggering.

On March 31, the project will stop sending out new work units to users and the project will instead start focusing on analyzing all the blips identified by volunteers’ machines which could be potential evidence of aliens with an eye on publishing a research paper. Once this is completed they might start pushing out work packages again but that will be a while before it happens.

“It’s a lot of work for us to manage the distributed processing of data. We need to focus on completing the back-end analysis of the results we already have, and writing this up in a scientific journal paper,” their news announcement stated.

Looking forward to reading the research paper and conclusions generated by the Seti@home program.

Source: SETI@home Search for Alien Life Project Shuts Down After 21 Years

– Suramya

March 2, 2020

Another magical AI to detect “Inappropriate photos” and block kids from taking them

Filed under: Computer Software,My Thoughts,News/Articles,Tech Related — Suramya @ 11:50 AM

In today’s iteration of people who don’t want to make the effort of raising their kids and explaining the difference between right & wrong and why something might be a bad idea we have a new “magical” AI that will automatically detect when kids are making a bad choice and stop them. I mean why should a parent make an effort to talk to their kids and help them understand what repercussions of a given choice could be wrong when you have AI to make the effort for them? This new AI is being pitched to parents and has an AI-powered “Smartphone Protection” feature that prevents users from shooting or saving “inappropriate” photos (read: naked pictures).

The official Tone Mobile press release hails the TONE e20 as the world’s first phone with an AI that “regulates inappropriate images” through an AI built into the so-called TONE Camera… If the AI recognizes that the subject of a photo is “inappropriate,” the camera will lock up; and if you somehow manage to snap a photo before the AI kicks in, the phone won’t let you save or share it.

Additionally, a feature called “TONE Family” can be set to send an alert to parents whenever an inappropriate image is detected. According to SoraNews24, this alert will contain location data and a pixelated thumbnail of the photo in question.

I give it about 24 hours from when the phone is released till folks figure out a way around it.

The other issue I have with this system is how its going to classify the pics. The article doesn’t go into technical details of how the AI works and if the classification is done locally or on the cloud. If its on the cloud then every pic taken by that phone is being uploaded to a remote server owned by a 3rd party. This is a massive risk and any breach of that server is going to have a lasting and significant impact. Trust me when I say that this server would be a target of all Black Hat hackers as soon as it goes online.

I am not going to go into whether taking nude pics is a good idea or not. Its upto the people involved to take that decision, I am not responsible for what you do with your phone. If you have to take naughty pics just ensure you follow basic rules and don’t share it with anyone you don’t trust 100%.

In summary, Dear parents: Instead of offloading your responsibilities to AI try having a frank and open conversation with your kids about why certain things might be a bad idea. It will give you better results than this snakeoil.

Source: Slashdot.org

– Suramya

January 3, 2020

Computer made from 32 strands of DNA can now compute the square root of 900

Filed under: News/Articles,Tech Related — Suramya @ 4:28 PM

Early this century (around year 2000 onwards) there were three main projects goingon in parallel, each of which promised to be the next great breakthrough in Computing which would change the world. These were: DNA Computing, Optical Computing and Quantum computing. Then, something changed and Quantum computing took over. In the past few years the tech news & papers have primarily focused on Quantum Computing breakthroughs (which to be fair have been quite significant) and Optical & DNA Computers on the other hand seemed to have dropped off the map with hardly any news coming from that front. But that has just changed. Thanks to the efforts of Chunlei Guo and his colleagues at the University of Rochester, New York we now have a working DNA computer that uses 32 strands and can compute the square root of square numbers 1, 4, 9, 16, 25 and so on up to 900. This might not sound like much but is a pretty big deal as now that we can create a system that uses chemistry to compute square roots we can probably get DNA circuits to do anything.

The prospect of programming molecular computing systems to realize complex autonomous tasks has advanced the design of synthetic biochemical logic circuits. One way to implement digital and analog integrated circuits is to use noncovalent hybridization and strand displacement reactions in cell‐free and enzyme‐free nucleic acid systems. To date, DNA‐based circuits involving tens of logic gates capable of implementing basic and complex logic functions have been demonstrated experimentally. However, most of these circuits are still incapable of realizing complex mathematical operations, such as square root logic operations, which can only be carried out with 4 bit binary numbers. A high‐capacity DNA biocomputing system is demonstrated through the development of a 10 bit square root logic circuit. It can calculate the square root of a 10 bit binary number (within the decimal integer 900) by designing DNA sequences and programming DNA strand displacement reactions. The input signals are optimized through the output feedback to improve performance in more complex logical operations. This study provides a more universal approach for applications in biotechnology and bioengineering.

The paper published in “Small” has more details but is behind a paywall (which sucks) so I don’t have much more details than what the New Scientist article and the paper abstract share. At the price they are asking I don’t think its value for money just so that I can satisfy my curiosity about the breakthrough. If you disagree and download the paper, please share 🙂

Looking forward to more such news (in a accessible journal) in 2020.

– Suramya

October 31, 2019

You can’t have ‘b’, ‘l’, ‘m’, ‘r’, and ‘t in your password if you are using macOS 10.15.1 aka Catalina

Filed under: Funny News,My Thoughts,Tech Related — Suramya @ 12:50 PM

Users of Twitter App on macOS 10.15.1 aka Catalina just found out that they couldn’t log in to their account if their password contained any of the following characters: ‘b’, ‘l’, ‘m’, ‘r’. When I first read the news I thought it was a joke but then realized that its an actual issue in the latest version of the MacOS. The problem is showing up on the Twitter app but other programs might be effected as well.

According to Twitter in-house developer Nolan O’Brien, these particular keypresses are gobbled up by a regression associated with the operating system’s shortcut support. Normally, users can press those aforementioned keys as shortcuts within the app to perform specific actions, such as ‘t’ to open a box to compose a new tweet.

Something changed within macOS to capture those shortcut keys, rather than pass them to the password field in the user interface as expected. So, in other words, when you press a shortcut key in Twitter when entering an account password, the keypress is ignored in that context rather than handled as a legit password keypress.

This reminded me of the weird and basic bugs that showed up in older versions of Windows. Apple really needs to work on their quality control if they want to stay in the game.

Source: The Register: You’e yping i wong: macOS Catalina stops Twitter desktop app from accepting B, L, M, R, and T in passwords

– Suramya

« Newer PostsOlder Posts »

Powered by WordPress