Suramya's Blog : Welcome to my crazy life…

August 18, 2023

The Judge by GoblinTools is a great tool to tell how written text comes across qualitatively

Filed under: Artificial Intelligence,Interesting Sites,My Thoughts,Tech Related — Suramya @ 7:17 PM

Readers of this blog (and those who know me) know that I am usually quite skeptical of tools that claim to judge the emotional content of text or tell how the text comes across qualitatively. However, this new site called The Judge – Goblin Tools is quite impressive. As per James over on Mastodon, the tool was created to help neurodivergent folks communicate better with the normals avoiding misunderstanding, bad assumptions about intent, etc.

I tested it out with content from my blog and I have to say that it summarized the tone and content quite nicely. For example below is the summary it gave for my post on Celebrating India’s 76th Independence day!

Emotionally, this text comes across as proud, patriotic, and reflective. It begins by acknowledging and celebrating India’s 76th Independence Day, recognizing the significance of gaining freedom from British rule. It highlights the sacrifices, bloodshed, and tears endured by many individuals who fought for India’s freedom, emphasizing that not all their names are known and that this is a tragic aspect. The text expresses a sense of frustration with the tendency to focus solely on iconic figures like Gandhi and Nehru, disregarding the efforts of numerous other freedom fighters.

As the text looks towards the future, there is a strong emotional undertone of remembrance and gratitude towards those who paved the way for freedom. It cites famous slogans from freedom fighters, adding a sense of inspiration and reverence for their contribution. The passage acknowledges the importance of remembering the sacrifices made by past generations for the betterment of the nation.

There is a shift in emotion when it proudly proclaims India’s progress and achievements in various fields, such as technology, space exploration, and healthcare. It displays a sense of national pride and triumph over past perceptions that diminished India’s image. The text mentions India’s relief efforts during the COVID-19 pandemic and positions India as a nation capable of compassionate and humanitarian actions.

Moving forward, the text acknowledges areas that still require improvement, alluding to societal customs and mindsets. It expresses a desire for growth and change while also highlighting the need for self-reflection in other countries that criticize India, pointing out their own flaws and challenges.

The passage concludes with a message of unity and inclusivity, promoting the idea that humanity should transcend differences in caste, religion, nationality, sexuality, and age. It embraces the concept of a global family and emphasizes the values of humanity and national loyalty.

Overall, this text conveys a mixture of pride in India’s accomplishments, gratitude for the sacrifices made by freedom fighters, and a sense of reflection on the challenges that still exist. It aims to inspire unity, progress, and a commitment to the values that define the nation.

It did manage to capture the exact tone I was going for so that is quite nice. According to their About Us page, the site uses AI technologies in the backend including OpenAI’s models. They are planning to move to open source alternatives as and when they become available and reliable. Keeping that in mind, I would not recommend using this to analyze any text that has private or confidential information because it might be used to train OpenAI’s models. That being said I would be keeping an eye on this software and once they go to an opensource model and allow us to run a local instance of the tool I certainly wouldn’t mind using as part of my writing toolkit.

– Suramya

August 14, 2023

Little known HTML UI elements that work without JavaScript/CSS

Filed under: Interesting Sites,My Thoughts,Tech Related — Suramya @ 9:24 PM

The current iteration of the Internet is extremely GUI focused and if you don’t have Javascript enabled a lot of sites just stop working even though that shouldn’t be the case because they don’t really need Javascript (JS) to be rendered. Unfortunately, thanks to the profusion of JS Frameworks more and more sites are incorporating it to the point where it is just getting silly.

A simple site that would be a few hundred KB in the old HTML/CSS world is now multi MB in size. A few days ago I encountered a site that was downloading ~95MB every time it was loaded and all the site did was display a few thousand rows in a table. I figured that out because it was taking a few mins at high load for the site to load and I was shocked to see the amount of data being transferred for no good reason.

If you ask website developers they will tell you that JS is needed because it allows them to create fancy sites with interactive controls etc, but as I recently found out, this is not the case. HTML has a bunch of UI elements that most people don’t know about that allow us to create interactive sites or generate beautiful sites. The I’m betting on HTML site has examples of many such elements that I am going to start using in my sites going forward. Some of the examples I really liked from the site:

<datalist>: The HTML Data List element

Is that a typeahead I see? 🧐 Doesn’t seem to have built in validation, but the UI is there at least. Note that Safari requires option tags to be closed, or it just gives up. 😮‍💨


<details>: The Details disclosure element

A little dropdown thing for disclosoures and stuff. Can by styled quite aggressively.

PRIVACY DISCLOSURE

You are being watched.

There is a Dialog element as well, but it doesn’t work when embedded in a WP Blog post. Check out the site linked above to see it in action.

Well this is all for now. Will post more later.

– Suramya

June 28, 2023

Please stop shoving ChatGPT Integration into products that don’t need it

Filed under: Artificial Intelligence,Computer Software,My Thoughts,Tech Related — Suramya @ 11:50 AM

I am getting really tired of folks shoving ChatGPT integration into everything whether it makes sense or not. The latest silliness is an electric bike with ChatGPT integration. I understand the desire to integrate GPS/Maps etc in a bike, although personally I would rather use an independent device which would get updates more frequently than the built in GPS where the maps might get updated a few times a year. Unless the maps are getting downloaded live using 3G/4G/whatever. I even understand the desire to integrate voice recognition in the setup so that the user can talk to it. But why on earth do I want/need to have ChatGPT shoved in there?

Based on ChatGPT’s well known tendency to hallucinate there is a good probability that it might decide that you should take a path that is not safe or even dump you into the ocean because it hallucinated that it was the way to go. This is the same thing we saw with Blockchain a few years ago, everything was suddenly on the Blockchain whether it needed to be or not. The sad part is that these folks are going to make a ton of money because of the hype behind ChatGPT and then bail leaving the consumers with a sub-par bike that hallucinates.

Source: Urtopia Unveils the World’s First Smart E-Bike with ChatGPT Integration at EUROBIKE 2023

– Suramya

June 27, 2023

Thoughts on Meta joining the Fediverse (Mastodon)

Filed under: My Thoughts,Tech Related — Suramya @ 4:29 PM

The past few weeks have been interesting over at Mastodon where some of the community has been screaming and loosing their minds about the possibility of Meta becoming part of the Fediverse. Bloonface summarized my feelings about it perfectly in the following Toot:


Let’s just say the blunt truth here: It’s not going to be Meta or Project 92 or whatever that kills fedi, it’s the fact that every time anyone suggests a way in which normal people can use it in the same way that normal people use social networks, the entire network shits the bed and starts screaming about keeping the outsiders out. But then also the same people heap judgment on people for still using Twitter when Twitter actually gives them what they want

People have reason not to trust Meta because of their behavior in the past, and we have extreme examples where Opensource protocols were subverted (XAMPP) and the opensource clients killed off. However, we also have the example of AOL which was a closed garden opening up their network and users to the Internet which introduced a ton of people to the Open Internet and while there were initial hiccups and adjustments required in the long run it was good for the internet to ingest the closed garden into an open network.

One of the biggest reasons for people sticking with Facebook/Whatsapp/whatever is the cost of switching and the Network effect. Basically, what that means is that people use a social network/site because their friends are already using it and it is difficult to get them to switch. I have tried getting my family and friends to switch to Signal from Whatsapp but since most folks are on Whatsapp it becomes a chicken and egg problem. We can’t move there because all the friends are here. Having Meta become a part of the Fediverse would allow me to move to a new network/server and still be able to connect with my friends / relatives on FaceBook. This interoperability lowers the switching costs allowing users the freedom to change servers without loosing the userbase/network they have build up on the old system/

Cory Doctorow has written a fantastic article about Facebook’s war on switching costs that goes into detail on how reducing the switching costs and increasing interoperability is a good idea.

Unfortunately, there are folks who think that only the chosen few should be allowed to use ‘their’ networks and are screaming their heads off about something that is not even a formal discussion yet. Meta has had a few exploratory calls with Mastodon server admins and that’s it. No one has ‘betrayed’ the users or sold out or whatever. I can’t remember how many folks have been referencing that post about ‘Geeks, MOPs, and sociopaths in subculture evolution’ that I wrote about a while ago (not linking to the original post because I don’t what to increase its visibility). It is the same standard whining for a certain part of the user group that always tries to gatekeep everything and it is annoying.

I would love to have everyone move to Mastodon so that I don’t have to log into Twitter to catch up with folks. Currently not everyone is on Mastodon which means that either I stop following their work or I log into Twitter to read what they are doing till they migrate. If Twitter federates then I wouldn’t have to do that, I could read their posts from the comfort of my own server. Same thing with Facebook, I don’t log in much there but that means that I miss a lot of updates from family who still use it actively.

However, the advantage of having an open federated network is that even if some of the admins have a hissy fit and block the Meta (or any other servers) nothing is preventing their users from deciding to move their accounts to a more sensibly managed server as they are not locked in.

– Suramya

June 20, 2023

It is now possible to track someone using SMS Receipt Messages

Filed under: Computer Security,Interesting Sites,My Thoughts,Tech Related — Suramya @ 6:04 PM

With modern technology it is getting more and more easy to track someone. There are many apps, devices etc that allow a target to be tracked in near realtime by someone. This can be done using an App on your phone, find my phone functionality, family phone track etc etc. As someone who is worried about getting tracked they can disable GPS, get a new dumb phone that doesn’t support GPS etc which can mitigate the threat to a large extent. Unfortunately, now there is a new attack surface that allows an attacker to approximately locate a target with up to 96% accuracy.

Researchers have figured out how to deduce the location of an SMS recipient by analyzing timing measurements from typical receiver location. Basically they measure the time elapsed between sending a SMS and the receipt of the Delivery report and then use a ML model to predict the location area where the target could be located. The other advantage of this attack is that it doesn’t require any specialized equipment or access to restricted systems but can be executed via a simple smartphone.

Short Message Service (SMS) remains one of the most popular communication channels since its introduction in 2G cellular networks. In this paper, we demonstrate that merely receiving silent SMS messages regularly opens a stealthy side-channel that allows other regular network users to infer the whereabouts of the SMS recipient. The core idea is that receiving an SMS inevitably generates Delivery Reports whose reception bestows a timing attack vector at the sender. We conducted experiments across various countries, operators, and devices to show that an attacker can deduce the location of an SMS recipient by analyzing timing measurements from typical receiver locations. Our results show that, after training an ML model, the SMS sender can accurately determine multiple locations of the recipient. For example, our model achieves up to 96% accuracy for locations across different countries, and 86% for two locations within Belgium. Due to the way cellular networks are designed, it is difficult to prevent Delivery Reports from being returned to the originator making it challenging to thwart this covert attack without making fundamental changes to the network architecture.

The biggest problem with this method is that it doesn’t depend on any software or anything that needs to be installed on the target phone. You just need a phone that supports SMS, which is pretty much all phones in the market. There is an option to disable delivery reports which would mitigate the threat to an extent but is an opt-out setup rather than an opt-in. One way to reduce this vector would be for manufacturers to disable the delivery report by default and folks who need it can enable it from settings instead of the other way round which is the case right now.

Source: HackerNews: Freaky Leaky SMS: Extracting user locations by analyzing SMS timings
Full Paper: Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings

– Suramya

June 12, 2023

A DIY Robot for automating a Cold boot attack now exists

Filed under: Computer Hardware,Computer Security,My Thoughts,Tech Related — Suramya @ 11:58 PM

A Cold boot Attack has been around for a while (It was first demo’d in 2008) but it has been a fairly manual tricky operation till now. But now there is a new DIY Robot has been created that reduces the manual effort for this attack. Now you might be asking what on earth is a Cold Boot Attack? No, it is not referring to having to wear cold shoes in winter. It is actually a very interesting attack where the attacker freezes the RAM chips of a system while it is running and then shuts it down, after which they remove the RAM chip and put it in another device to read the data from it. Because the chip has been cooled significantly it retains the information even after the system is shutdown long enough for information to be extracted from it. The original cold boot attack involved freezing a laptop’s memory by inverting a can of compressed air to chill the computer’s DRAM to around -50°C so that it persists for several minutes, even after the system was powered down.

Ang Cui, founder and CEO of Red Balloon Security has created a process & robot to extract the chip from the system. The robot is a CNC machine which is has a FGPA (field-programmable gate array) connected to it. The robot chills the RAM chips one at a time, extracts them from the board and then inserts them into the FGPA that reads the contents of the chip allowing them to extract the data from it. To make it easier and allow them more time to remove the chip, the system monitors the electromagnetic emanation of the device which allows them to identify when the system is running CPU bound operations. Once they identify that, they can extract the chip when the system is using the CPU and not reading/writing to the RAM. This gives the robot a window of ~10 milliseconds to extract the chips instead of having to do it in nanoseconds.

Cui and colleagues demonstrated their robot on a Siemens SIMATIC S7-1500 PLC, from which they were able to recover the contents of encrypted firmware binaries. They also conducted a similarly successful attack on DDR3 DRAM in a CISCO IP Phone 8800 series to access the runtime ARM TrustZone memory.

They believe their technique is applicable to more sophisticated DDR4 and DDR5 if a more expensive (like, about $10,000) FPGA-based memory readout platform is used – a cost they expect will decline in time.

Cold boot attacks can be countered with physical memory encryption, Cui said.

This is not an attack the average user has to worry about but it is something that folks working on critical systems like banking servers, government systems, weapons etc need to be aware of and guard against. More details on the attack will be provided during a talk at the REcon reverse engineering conference in Canada titled “Ice Ice Baby: Coppin’ RAM With DIY Cryo-Mechanical Robot

Source: Hacker News: Robot can rip the data out of RAM chips

– Suramya

June 9, 2023

Sound based Quantum Computers are now closer to reality due to breakthrough research

Filed under: Computer Hardware,Emerging Tech,Quantum Computing,Tech Related — Suramya @ 3:19 PM

We all know about the ongoing efforts to build a Quantum Computer by encoding information into quantum states of particles of light (photons), however there is a parallel effort ongoing that is trying to build Quantum Computers that are based on Sound instead of light. This effort being led by Andrew Cleland at the University of Chicago, just had a major breakthrough and created a device that is a key component in building a sound based Quantum Computer.

Phonons are the fundamental quantum vibrations within materials, with individual phonons representing the collective motion of many trillions of atoms. The team built a chip that allows them to create single phonons on demand which are about a million times higher pitched than audible sound. They then passed it into a beam splitter which consists of 16 tiny, parallel aluminium strips designed so that any sound that hits them gets reflected and transmitted in equal parts. At supercooled temperatures they found that the Phonon entered a quantum superposition state where the whole particle was simultaneously in the state of being reflected and transmitted.

Cleland says that this is exactly what they hoped would happen because this process is a necessary step for running calculations on quantum computers that rely on particles of light. To make their chip even more like a sound-based quantum computer, the researchers also successfully recreated the way two particles of light are commonly made to “talk to each other” and how their behaviour is controlled during light-based computations.

Here, they simultaneously sent two phonons from opposite directions into the beam splitter and saw their respective superposition states influence each other. In the future, they will use this procedure to implement simple operations that make up computer programs.

Dirk Bouwmeester at the University of California, Santa Barbara, says that for particles of light, procedures like quantum teleportation or creating entanglement hinge on using beam splitters, and now they could be done with particles of sound as well. “It is truly spectacular that the team could replace photons with phonons,” he says.

There are a lot of interesting applications for this technology once it matures, for example it could be used to connect computer components that are hard to connect to each other. Using sound as the carrier instead of light opens up more possibilities. Their research has been published in the Science Journal (DOI: 10.1126/science.adg8715)

Source: NewScientist: Sound-based quantum computers could be built using chip-sized device

– Suramya

May 19, 2023

KeePass exploit helps retrieve cleartext master password – Fix ETA July 2023

Filed under: Computer Security,My Thoughts,Tech Related — Suramya @ 8:06 PM

Security is hard to do and no matter how careful you are while coding every software will have bugs in it and some of these bugs have major security implications. Keepass which is a very popular password manager is vulnerable to extracting the master password from the application’s memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. The bug is being tracked as CVE-2023-32784.

The issue was discovered by a security researcher known as ‘vdohney’ who has unfortunately also published PoC code that exploits the vulnerability called the “KeePass Master Password Dumper” on GitHub.

KeePass Master Password Dumper is a simple proof-of-concept tool used to dump the master password from KeePass’s memory. Apart from the first password character, it is mostly able to recover the password in plaintext. No code execution on the target system is required, just a memory dump. It doesn’t matter where the memory comes from – can be the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), various crash dumps or RAM dump of the entire system. It doesn’t matter whether or not the workspace is locked. It is also possible to dump the password from RAM after KeePass is no longer running, although the chance of that working goes down with the time it’s been since then.

Tested with KeePass 2.53.1 on Windows (English) and KeePass 2.47 on Debian (keepass2 package). PoC might have issues with different encodings (languages), but that’s not confirmed as of now (see issue #3). Should work for the macOS version as well. Unfortunately, enabling the Enter master key on secure desktop option doesn’t help in preventing the attack.

The attack does require either physical access to the system or the system would need to be infected with Malware that give an attacker remote access with the ability to perform thread dumps. They can also extract the password from the process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys) or RAM dump of the entire system.

The fix for the problem is in the works and the initial testing looks promising. Personally I think that the security researcher should have waited to release the PoC code till the fix is available but to each their own I guess.

Source: Bleepingcomputer.com: KeePass exploit helps retrieve cleartext master password, fix coming soon

May 16, 2023

Using AI powered chatbots to answer questions about a book series

Filed under: Artificial Intelligence,Books Related / Reviews,Tech Related — Suramya @ 5:38 PM

One of the things that I have been wanting for a while is the ability to look up stuff about a book or series so that when a new book in the series comes out I don’t have to re-read the old books before starting the new one. I end up doing that because otherwise since I have forgotten a large part of the backstory it would make the new book a lot less enjoyable. There are some authors who solve this problem by summarizing the backstory when the book starts and it is really useful. When ChatGPT and associated AI bots started picking up one of the ideas I came up with was to create a chatbot trained on a book series so that I can ask it a question about the book and get an answer. Would be really useful when dealing with book series with a large cast and multiple overlying stories.

Recently privateGPT showed up in my feed with the following claim: “Ask questions to your documents without an internet connection, using the power of LLMs. 100% private, no data leaves your execution environment at any point. You can ingest documents and ask questions without an internet connection!” and it seemed like it was the perfect tool for what I wanted to do so I downloaded the program from GitHub and set it up on my machine.

Once the software was installed, I copied a single book from the Mercedes Lackey Valdemar series called Darian’s Tale 01: Owlflight into a temp directory and told privateGPT to ingest the contents. The ingestion took hours even though the file was only ~600kb in size, I left it running overnight and it completed sometime during the night. Then I ran the prompt to be able to query the chatbot. The first few times I tried querying it, the app crashed because I ran out of memory. So I enabled SWAP on my system and then it finally ran the query and answered.

Unfortunately the answers I got were complete nonsense. You can see the questions I asked and the answers I got below:

Enter a query: what is a heartstone

llama_print_timings:        load time =   974.93 ms
llama_print_timings:      sample time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings: prompt eval time =   974.77 ms /     7 tokens (  139.25 ms per token)
llama_print_timings:        eval time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings:       total time =   977.55 ms

A heartstone is a type of music that is typically composed in the key of F major. It is characterized by a steady rhythm and a melody that is often slow and mournful. 
Heartstones are often used in classical music and are often associated with love and loss. They are also used in some contemporary music genres, such as folk and world music.

The correct answer is (as per Valdemar Fandom Wiki):

A Heartstone is both an artificial node produced by the Tayledras and the node’s physical anchor. The knowledge of how to create a Heartstone was given to the Tayledras by the Star-Eyed after the Sundering of the Clans. She tasked the Tayledras to cleanse the untamed magic caused by the Mage Wars. A Heartstone is used as a vessel to contain the cleansed magic. Ley-Lines are re-routed by Adepts and Masters to drain entirely into the Heartstone, bringing the surrounding area back to normal. Once their work is finished at that location, the Clan will establish a new Vale and Heartstone in a new area that needs cleansing. They drain the old Heartstone entirely and transfer the energy to the new Heartstone where they will begin their work anew.

So I asked another question:

Enter a query: who are the Hertasi

llama_print_timings:        load time =   974.93 ms
llama_print_timings:      sample time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings: prompt eval time = 26948.27 ms /     7 tokens ( 3849.75 ms per token)
llama_print_timings:        eval time =     0.00 ms /     1 runs   (    0.00 ms per run)
llama_print_timings:       total time = 26976.13 ms

The Herta si are a type of ghostly beings in the world of Eri. They are often associated with love and romance, and they are known for their ability to control and manipulate emotions. 
They are often depicted as beautiful, ethereal creatures, with long, flowing hair and eyes that glow with an otherworldly light.

In this result it is talking about characters from a completely different series called the Herta. The correct answer is:

Hertasi are popularly considered to be one of the five non-human sentient races created by Urtho, but the work to “uplift” the hertasi was begun earlier, by Sorcerer-Adept Khal Herta. When he died, his work passed to Urtho.

The wild hertasi began as large, solitary lizards living in swamps, with the intelligence of a dog. They were “mild-tempered reptiles, available in large quantities, living fairly simple lives.”[1] They could have been described as semi-sentient before the Adepts took a hand. After Khal Herta’s efforts, Hertasi “had simple structures, organized hunting and fishing, and rudimentary medicine.”[1] Today, they are extremely active, intelligent, cave and tunnel-dwelling, social creatures.

Since the results were completely useless like all the other AI chatbots that I have tried so far, I have removed the software on my machine and will come back to this at somepoint later in time by when things would have hopefully improved.

– Suramya

May 15, 2023

Quickly and easily removing the background in images or videos

Filed under: Tech Related — Suramya @ 6:29 PM

At times you want to get a copy of the foreground in a given image so that you can use it in another image, however traditionally that required an expertise in photoshop and a lot of patience. Now, thanks to Johnathan Nader there is an opensource tool called backgroundremover that allows you to remove the background from any image quickly and easily.

Installing the tool was quite simple and on my Debian machine I just had to run the following command:

pip3 install backgroundremover --break-system-packages

The –break-system-packages parameter was included because otherwise Debian doesn’t let you install/update global packages using PIP. Another option to install would have been to install a virtual environment for python and update there but I don’t like doing that, and was fairly confident that this wouldn’t break anything important.

After installation the usage is quite simple, you just pass it the image or video where you want to remove the background and the output filename and the system does the rest. It does take a minute or so the first time to download the models etc but after that it is fairly quick to finish. The command to convert looks something like:

backgroundremover -i inputfile.jpg -o outputfile.jpg

Once the script finishes you have an output file without the background. In my testing if the foreground was large and the focus of the image the system was able to successfully remove the background. In some cases a bunch of background artifacts were seen in the image next to the foreground image but it was still quite good.

It would have been awesome if we could have passed a flag to the program to remove the foreground instead of the background. That would have allowed us to remove photo-bombers or random folks who walked in on a photo being taken. I know there are scripts out there that do this but haven’t really tried any of them out.

– Suramya

« Newer PostsOlder Posts »

Powered by WordPress