All posts by Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

The Pwnie Awards 2011: Reliving The Fail Moments of The Year

If you are a network security enthusiast, The Black Hat   ® Technical Security  Conference is an event you should follow religiously. This year’s Black Hat Conference at Las Vegas had some awesome events out of which, the Pwnie Awards was the moment of crowning.

The Black Hat remains the biggest and the most important technical security conference in the world by remaining true to our core value: serving the information security community by delivering timely and actionable security information in a friendly, vendor-neutral environment.

epic-failEvery year at the Black Hat Conference, the Pwnie award celebrates the achievements and failures of the security community. This year too, they were back to present the awards and the one company that was  disgraced badly was poor Sony.

To sum up the awards, the ASP.NET Framework received the Best Server-Sided Bugaward for allowing remote code execution and the FreeType library used in MobileSafari received the Best Client-Sided Vulnerabilityaward. While the Windows Kernel received the award for the Best Privilege Escalation Bug, the Lamest Vendor Response Awardwent to RSA for their handling of the SecurID compromise.

However, I was in for a surprise when I went over to the Most Epic Failsection and there was not one but five epic fails from the winner Sony- the PS3 jailbreak, Sony Online Entertainment account theft, the rise of LulzSec (it grew on Sony’s fails), PSN shutdown and Sony eventually firing its security team over the fiasco.

The Epic 0wnageaward went to Stuxnet but no one received the award personally for obvious reasons.

Sony is already a hot favorite with hackers and they have constantly ridiculed it to their heart’s content, but is Sony even listening to these voices? Does it make a difference even if they win the Pwnie Epic Fail? All they can say for the time being is Buy our award winning products!

(Image Credit)

UK Police Identifies Topiary as Jake Davis, Both LulzSec and Topiary Twitter Accounts Silent For Now

A few days ago, LulzSec made a comeback with its parent group Anonymous for  #OpPayPal  against PayPal. It also shot Lulz cannons against Mudroch and his News Corp, and released confidential documents relating to FBI contractor  ManTech International. ManTech International also does business with the USAF, NSA, Marine Corps and the Defense Intelligence Agency.
antisec-lulzsec
LulzSec made a comeback, but is anyone here impressed? For instance, Kaushik had this to say  about LulzSec.

Considering the little amount of mayhem that LulzSec caused and the disproportionately high amount of chest thumping they gave themselves, they always seem to be on the threshold of quitting.

I will not delve into how much everyone hates LulzSec. With the arrest of Topiary, the Lulz boat has lost its Jack Sparrow. Topiary was the showstopper and public face  of LulzSec. After his arrest, LulzSec has not spoken in its official Twitter account. Although his participation in the recent hacks was not remarkable, he held an important position in the group.

Topiary was also a part of Anonymous. Days before his arrest, his Twitter account was wiped clean and only one tweet remained-

You cannot arrest an idea.

After the arrest on Wednesday, the Metropolitan Police are confident they have the right man. Although, the arrested Jake Davis does not match with earlier speculated details (of him being Swedish and 23 years of age), but the Metropolitan Police department is going ahead with the prosecution. Jake Davis will appear in court tomorrow.

Name-Tagging People Exposes Picasa Web Albums on Google+

Google+ recently caused privacy concerns with its unique idea of tagging and sharing. Name-tagging people in a Picasa Web Albums exposes the entire album to the public in Google+ quite badly. Once you name-tag someone in a Picasa Web Album, your entire album becomes publicly visible to people tagged in the album. Not only this, people can also reshare all other photographs from those albums in which they are tagged.

In its Picasa help document, Google claims “Tagging is sharing”. Since when is that? Well, that is since Google+ came to be.
picasa-logo
Google has recently taken interest in this problem. Their reply at the help forum says,

The Google+ project is currently in Field Trial and we’re making rapid iterations on feedback we’ve received. We’re aware of the requests for more control over who can share albums and we’re working to address this.

That does not give an assurance for a fix but it echoes the fact that Google+ is open for change at the moment. Google+ has also listed a few dubious  suggestions like deleting your Picasa Web album or downgrading to move out of Google Plus. Either way, the solution to a problem cannot be another bigger problem, which is exactly what is being suggested here.

Google+ has a nice networking site going on. People love the concept of circles. They appreciate huddles and are intrigued by how simple, yet how elegant the entire Google+ system is. Fresh out of the incubator and that too half-baked, Google+ needs some more honing before it can go mainstream. Bugs keep springing up every now and then. However, bugs with a privacy concerns edge are dangerous. They attract a lot of negative press.

Google should work fast to resolve this issue and nip it in the bud. The issues can be seen on the Google Picasa Support forum at  this link.

Google Protects the +1 System From Automated Scripts by Tracking Mouse Movements

Google +1  is a powerful tool in Google Search and it is capable of driving a consistent organic traffic to your website. More importantly, it forms a powerful network for your website on Google Search and enhances its visibility across circles. With this powerful a system, Google has to bring in advanced security so that the system is not gamed. To do just that (and maybe more), Google has devised a unique way of securing the +1 system from automated scripts.
google-plus-one
A recent  question on Stack Overflow  brought my attention to what Google is doing to protect +1. You will be surprised to know that Google tracks your mouse movements. Now, Google has been notorious for tracking users and their behavior and their tracking systems have troubled skeptics for years. However, this mouse tracking is different. This is an innovative solution to a troublesome problem and deserves appreciation.

The mouse movement of a user uniquely identifies the behavior of that user. It generates a random number using the entropy of the cursor movements. This random number acts as a unique ID can be used for a variety of purposes that are unclear at the moment. However, it seems like a good way to prevent automated scripts and bots from clicking on +1.

An excerpt from the Google +1 TOS reveals,

We may share aggregate statistics related to users’ +1 activity with the public, our users, and partners, such as publishers, advertisers, or connected sites. For example, we may tell a publisher that 10% of the people who +1’d this page are in Tacoma, Washington.

It states clearly that Google can also reveal your usage patterns to advertisers.

Further insight

Some further digging on this topic spilled more awesomeness. This analytics scheme (mouse cursor tracking) is not used only by Google but also by Bing.  This paper  [link to pdf file] outlines Bing’s methods and reasons for tracking user mouse movements. The paper also echoes the well-known fact that cursor movements are an approximate reflection of eye-movements, thus acting as an eye-tracking system. In short, tracking the cursor also gives us patterns on how humans take interest in a page. This can help in designing a better UX for search and other related business.

(Via: Hacker News)

Nginx Becomes a Company, Brings in More Process and Ensures a Better Product

Nginx is an HTTP and reverse proxy server famous for its slick performance. A few days back, the people behind the Nginx project decided to form a company and thus set standards for all their operations. Nginx is not as popular as Apache but it is indeed a better option than Apache if you want peak performance and can manage the correct setup. The  servers at Techie-buzz  are also powered by Nginx because it is lightweight and uses lesser memory than traditional Apache servers.
nginx-server

Nginx  (pronounced engine-x) is a lightweight, high-performance  Web server/reverse proxy  and  e-mail  (IMAP/POP3) proxy, licensed under a  BSD-like license and written by  Igor Sysoev. It has been running for more than five years on many heavily loaded Russian sites including  Rambler(RamblerMedia.com). According to Netcraft Nginx served or proxied  4.70% busiest sites in April 2010. Here are some of success stories:  FastMail.FM,  Wordpress.com.

Nginx is fast and efficient. The statistics above prove that it is suitable for high loads and can handle them efficiently because of its built-in features. A recent announcement on the official Nginx website says;

Recently it became very clear for me that because of increasing popularity of Nginx and the volume of work required to develop the code and doing support, I really need to put it at another level.

So, I have decided to focus even more on Nginx and established Nginx as a company to fully dedicate myself to the project.

The open-source community welcomes this news. Very few companies in this world deal exclusively in Open Source software. Out of those, fewer have made it big in the tech-industry. People are already comparing the business model of Nginx to that of RedHat, which deals in support and consulting. RedHat has formed a profitable business out of OSS with this model. It is expected that the Nginx project will go into the support business with this model and earn good revenue.

A company brings a lot of bureaucracy along with it. However, as time goes by, people learn to appreciate the processes within a company. At the end of the day, this allows seamless operations and provides a platform over which the business can grow, irrespective of the scale of business at a later stage. For Nginx, this move will provide an authoritative branding and attract more enterprise customers.

Debian Offers Help in a Messy World of Software Patents

We have already seen how Microsoft is ramming its 18,000 patents into all Android device manufactures and making them pay for technologies that Microsoft does not deal with even remotely. Microsoft is nowhere in the Android game and this is a questionable action from Microsoft. Owning a lobby of patents to raise hue and cry on every other Android related technology is not really an ethical business practice. If you want to know how exactly Microsoft is earning more from Android than its own Windows Phone 7 platform, read  this  coverage  by  Joel Fernandes.

us-patents

The world of software patents is getting ugly and the competition is extremely high. In such a world, it is extremely important to have a fair understanding of the technologies you are dealing with and the patent infringement it can cause. Generally, Open Source projects are not claimed against patent infringements because they are community efforts mostly and because they do not have the funding to pay hefty sums. However, prevention is always better than cure.

The Debian project has created an FAQ with some heavy legal aid that can give people an idea of patent liabilities pertaining to Community Distribution of Free and Open Source Software. It starts with the very basics of patents and explains the difference between patents and copyrights. Then, it goes on to explain infringements and the risk of patents to FOSS community projects and limitations of geographical boundaries on patents. If you are a developer working on a community project, you should absolutely know the risks and liabilities involved and  this FAQ  can offer good help to get started.

Bring Facebook Like Looks to Google Plus and Bring Google Plus Features on Facebook

Google Plus is undeniably the hottest social network this week. It has registered an overwhelming response from people all over the world. Facebook might be the most populous social network currently but I see no reason why it would not lose that title soon. We have done a complete coverage of Google Plus. Invites are not working at present, but you can always make use of these Google Plus tips to enhance your experience.

The battle for the social space is clearly between Google and Facebook now, and this ensures that both these companies will continue to improve their products briskly. However, the process of switching social networks can be an annoyance when some friends do not migrate over to the other network. Here is a little something you can do about it until they do migrate eventually.

Use Google Plus like Circles on Facebook

If you have some stubborn friends who just won’t move over to Google Plus from Facebook, and some other unfortunate ones who did not get a chance when invites were open, you have an option. There is a way you can use Google Circles in Facebook (courtesy of a few Facebook engineers). Head over to Circlehack and connect with your Facebook account. Once there, you can create circles (very similar to) the way you do on Google Plus. These circles are actually lists in Facebook and the exact procedure is outlined here. Creating circles is the only fascinating thing about this hack. It does not convert into an enriched Facebook experience in any way though.

What you should watch out for is the big feature Facebook will announce next week.

facebook-circles

Use the Facebook theme on Google Plus

I am not sure why someone would want to do this but just for the heads up, yeah it can be done and here is how you can do it.

The first step is to install stylish for you browser. Next, go to this page for the Google+ Facebook uesrstyle. Reload your Google Plus page  and you will see a Google Plus with the blue looks of Facebook.

facebook-google-plus

From most of the feedback and user reactions, I can say Google Plus has what it takes for domination in the social networking space. It will definitely get better with slight more polishing. What is left to be seen is whether users migrating over from other competing social networks find it usable enough or it falls flat on its face like Google Wave.

Facebook Updates the Facebook Comments Box Plugin, Adds Features and More Control

The Facebook nemesis is already here and it’s called Google Plus. If you didn’t catch a glimpse of Google Plus yet, I suggest you read on. Of course, you will need invites before starting out, so  we are giving out invites and helping you  set up your account too. However, I won’t talk about Google Plus in this post. In the midst of all the Google Plus hoopla, Facebook has announced two important updates to its Comments plugin that is in use at over 300,000 blogs and websites.

The first update comes as a “Reverse Chronological” sorting of comments. As is obvious from the name, it will sort comments starting with the latest ones at the top. This is a nifty feature. When the courses of discussion in comments steer in other directions, you can get a hang of the topic by reordering comments upside down. Long story short, this will help you get to the latest comments by timeline.

How to View the Last Comment in Facebook Comments Plugin?

In order to view the last comment, you will need to reorder comments as shown in the screenshot below. Click on the down arrow beside the comment count and select the “reverse Chronological” option.

sort-facebook-comments

Another addition to Facebook comments is the “boost comments” option, which is available for webmasters only. With this feature, webmasters can push comments higher up so they are always visible to new commentators. This makes those comments sticky and allows webmasters more control over Facebook comments, which is a welcome change.

Many webmasters still loath Facebook comments for obvious reasons. However,  Justin Osofsky, the Director of Media Partnerships at Facebook has clarified,

Many partners have reported significant increases in referral traffic and engagement.

Can that be a good enough reason to use Facebook comments on your website or blog? Will you start using Facebook Comments on your blog, now that it has new features?

The Only Good That Came out of Lulzsec- Good Publicity for CloudFlare

Over the last few months, LulzSec has ransacked through the Internet causing mayhem. They started out with some bright zeal but their downfall was full of pathos. As time went by, it became clearer- they were a group of immature hacktivists who will lay their hands on just about anything. At the end,  their Lulz boat hit rock and this caused their hasty exit. Long story short, their disoriented nature brought upon them a sense of aimlessness.

cloudflare-lulzsec

This debacle might result in stringent laws that would curb many freedoms people enjoy online. However, in the midst of all this fiasco, a company specializing in web caching and spam security got all the attention they ever needed. CloudFlare was the unsung passive hero in this LulzSec affair and it deserves applause here.

The  CloudFlare blog starts the story with,

Thursday, June 2, 2011 was an otherwise unremarkable day in our office until we got word that LulzSecurity.com, a site that had quietly registered for CloudFlare earlier the same day, had allegedly published information it obtained from hacking the Sony Pictures’ website.

Within hours of the publication, we got notes from concerned individuals asking us to remove LulzSecurity.com’s website.

CloudFlare gives excellent protection against spam. However, it has also resulted in additional benefits, like a drastic increase in website performance and massive bandwidth saving for many websites. Overall, CloudFlare is on hot wheels after the LulzSec affair. I am not highlighting LulzSec and its deeds in this post.  LulzSec has been ridiculed enough already! CloudFlare was questioned a lot on it providing service to the LulzSec website. What I am definitely advocating here is how CloudFlare handled the matter with utmost care  both at an administrative and at a technical level. Neither did they allow themselves to be bullied into censoring content they serve, nor was their network compromised after repeated attempts. Better still, they utilized the attempted hacks on them to define a  better ruleset. You can read all about in their official announcement.  Also, read  Netcraft’s analysis of CloudFlare traffic from this affair.

Here is an explanation of how CloudFlare takes your website to the very next level. You can catch the video at Vimeo here.

Eldar Murtazin Confirms MeeGo Will Be Back in 2012, in a Different Form Though

After the release of Nokia N9, people are extremely apprehensive about the future of MeeGo and especially that of the  Nokia N9 device. Nokia N9 has succeeded in generating quite a buzz but there has been fair criticism about its use of MeeGo, which seems dead on arrival. MeeGo is an open source project and Nokia was in favor of its development for quite some time.

Now that Nokia is talking more about Windows Phone 7, it seems like it is going to drop MeeGo completely. The fact responsible for this perception might have been Nokia’s involvement with the Windows Phone 7 and a recent statement  from Stephen Elop on the future of MeeGo. However, some recent Meego inside news throws more light on this affair.

eladr-murtazin-confirms-meego


Meego unterface will be reused in s40 next generation touchscreen devices (mid2012). So, yes we could say that Nokia Meego will be alive :)less than a minute ago via web Favorite Retweet Reply

Now, Eldar Murtazin has confirmed that Nokia is bringing back MeeGo in 2012. From what we have seen of the UI, MeeGo is stunning and is full of potential. It will compete directly with Android (because Apple fanboys are too involved to look elsewhere). If  Eldar is correct this time as well (he usually is), this will be great inspiration for developers working on the MeeGo platform.  However, there have been talks of Nokia loosing MeeGo developers and it is not clear whether there have been changes in that decision. As it seems from Eldar’s tweet, the MeeGo UI will be ported to Symbian S40, and it will live only in this manner. This goes hand in hand with the decision of bringing S40 devices with 1 GHz CPUs and apparently, does not really help MeeGo developers in any way.

How the matter will unfold still remains to be seen.  This long rant is a must read if you are interested to know what went wrong with Stephan Elop, Nokia and this whole MeeGo affair.

Will Firefox Lose its Enterprise Love for this Rapid Roadmap?

On one hand when the end user is ready to adapt to the latest version of browsers, there is another well-established user base that just won’t move to a newer version of browsers. These are numerous Enterprise, which make it very clear that their internal forums are going to work only on older unsupported versions of Internet Explorer and Firefox.

firefox-5

Firefox is on a crash course and apparently, it is not that easy for an Enterprise to switch to new browsers as and when they release. The reason? Well, you can spot it easily. Their internal networks are not created with web-standards in mind. This leaves them more compatible with older versions of browsers and takes a toll on their uses as well. What makes matters worse is when these enterprise solutions develop specifically for older versions of web-browsers (blame IE6).

Until now, Firefox has been a parallel browser of choice for Enterprise works and the reason is quite obvious. Their development was moving at a considerably  slow pace. Now, when Firefox wants to gather pace and reach a competitive position in the browser market, it runs a huge risk of losing Enterprise usage.

Read through this blog post and tell me why these lines sounds wrong.

For corporate customers, we’ll support each version of Internet Explorer as long as the latest version of Windows that it runs on is supported. For example, Windows 7 Enterprise is supported through January 2020. Internet Explorer 9 will therefore also be supported through January 2020.

It is exactly this attitude that will kill the web as we know it. What use is all the advancement in web technologies if your browser cannot leverage its power? Likewise, your app is not good enough either, if it is not agnostic to new browsers.

Clearly, Mozilla has done the math here. The number of Enterprise users using Firefox out of compulsion might be far less than the number of users it can gain from this move. The browser space has become extremely competitive and this was a right step towards a brighter future for Firefox.

Google Gets Approval for Self-driving Cars, The Future of Cars is Here

Finally, after months of controlled testing, Google has been able to get a law passed that authorizes it to drive around an autonomous car. In reality, this law allows the Department of Transportation to form rules and laws for any autonomous driven car, hence approving of the Google cars in a way. This also assures that any car manufacturer can now bring out a similar technology without worrying about these issues.

The first time an autonomous car was spotted was in October last year and this law will go a long way into realizing this car as a regular consumer product.

Here is a clearer picture as offered on PCMag,

Nevada defines “autonomous vehicle” as a motor vehicle that uses artificial intelligence, sensors and global positioning system coordinates to drive itself without the active intervention of a human operator.

The law does not mean that self-driving cars will instantly be “street legal” next year. Instead, it tasks the Nevada DMV to come up with a series of regulations surrounding all aspects of ownership and operation of autonomous vehicles, some or all of which will undoubtedly be used as models for the rest of the country.

The automobile industry is extremely competitive but their use of computer technology has always maintained a slow growth. However, now that the Google car is out, another car-manufacturer Volkswagen is experimenting its own autonomous driving system and you can read about it here.

ARM Support in the Linux Kernel, the Unseen and Untold Truth

ARM support in the Linux kernel has been a debated issue for too long and today, it stands at a point where it is making more compromises. Every device with its own code for ARM support creates a bloatware out of the entire ARM section in the Linux kernel. This is a huge dilemma because if these codes are not submitted at the end of the day, it will (probably) be termed as a violation of GPL v2 and if they are submitted, they are too complex to include into the kernel. So they just lay there.
arm-logo
With a mini community of independent agents formed inside the Linux kernel developer community itself, these device manufacturers are finding it hard to get their ARM changes upstream into the mainline kernel. The reason?

  1. There are too many of them
  2. They are highly complex in their own way
  3. Most of them are just redundant

In short, there is utter chaos when it comes to ARM support in the Linux kernel and it was best left ignored until now.

The scenario is taking a turn and  attempts  are being made to standardize the process. ARM has moved to a separate Git tree but it still annoyed the maintainer all the more. Torvalds is rightfully annoyed here, as he would not include every bit of code that some device manufacturer somewhere has written to support some hardware that few people use!

This is a strong but a welcome decision because in the long run, it will keep hardware vendors from breaking the Linux ecosystem and acting in a more co-operative and a less competitive way.

The state of ARM in Linux kernel can still be ignored all right but we have seen how Microsoft is talking of a Windows 8 tablet now. ARM is indeed important for the future of portable and mobile computing and undoubtedly, Linux plays a major role in its future. The sooner they marry, the better it is for both of them.

Next Pit Stop for Google Chrome- Taking Communication Real Time

Google Chrome has come a long way from being the newbie in the browser market to being a major and decisive player today, with a say on how all things Google are served to the people. I still remember the first time Google talked of Chrome and announced a web browser saying,

All of us at Google spend much of our time working inside a browser. We search, chat, email and collaborate in a browser. And in our spare time, we shop, bank, read news and keep in touch with friends — all using a browser. Because we spend so much time online, we began seriously thinking about what kind of browser could exist if we started from scratch and built on the best elements out there. We realized that the web had evolved from mainly simple text pages to rich, interactive applications and that we needed to completely rethink the browser. What we really needed was not just a browser, but also a modern platform for web pages and applications, and that’s what we set out to build.

You can still read the legendary announcement here and read the Google Chrome comic here for a walk down memory lane.
google-chrome
Three years have passed since then and Google has brought awesome web-services and things are looking good on the user-level as well (clean and effective). The browser (not just Google Chrome but web browsers in general) is getting stronger day by day and Google Chrome is the first choice for those obsessed with speed.

The next step by Google is to provide a rich social experience inside the browser. I am not talking about Twitter or Facebook here. Think of contemporary communication mediums, ones that are still enjoyed by people. Spot on. Google is planning to bring audio and video chat into the browser as an inherent feature. This will eliminate the need for a third party web-app and a third party desktop application alike.

How is Google Chrome Planning on Being a Skype Killer?

WebRTC is an open source project to take things real time inside a browser. This is achieved using JavaScript APIs and HTML5. However, the backbone for the chat will be a service called GIPS, which is another one of Google’s acquisitions. GIPS specializes in Internet telephony and videoconferencing. Google already has the Google Voice card in place and this feature will bring Google as a major player in the VOIP market.

Once live, the technology can be used with anything Google provides or with any third party service that someone creates leveraging these technologies. The possibilities are endless here. This will most likely be Google’s next big  announcement  about Chrome.

Some further technical details are available here . Also, check this chromium mailing list for clarification.

Firefox 5 Finally Releases Officially after A Long Wait

If you are a regular reader here at Techie Buzz, chances are you have already read how we covered Firefox 5 being availability from the FTP channels. This release was available almost a week ahead of the official release. Once a Firefox release is made  official, it is pushed from the same FTP channel that we pointed out in that post. Therefore, you can be assured that it was indeed the final release.  The good news  today is that Mozilla has officially announced the release of Firefox 5. This means, you can download it at the official Firefox download page. This also marks the graduation of Firefox into a Firefox version 5.
firefox-5-download
I am sure you have already heard a lot about Firefox 5 so I will sum it up for you in as short as I can. There is no better place to download Firefox 5  than from the official Firefox homepage at Mozilla. Once you complete that download, here are some Firefox tricks and tweaks to apply.

What’s Next now that Firefox 5 is here?

Firefox 5 has come a long way from an idea to a release and next up is Firefox 6 with more awesomeness. I have serious doubts about any performance improvements (Firefox 5 disappointed me) in Firefox 6 but I am really happy about the way Firefox is allowing its users more control over the browser and the browsing experience. Firefox 6 will be out in August and will bring native progress bars (native to each OS), browser orientation based display of websites and push events from the server to a website.

Firefox 4 was downloaded over a 100 million times after the official release and we expect the same enthusiastic response from Firefox 5 downloads.