All posts by Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

[Update] Suspected Lulzsec Mastermind Arrested in Essex, Will They Lose Their Lulz Now?

After a joint operation by the FBI and the Scotland Yard, the police have made a  successful  arrest of a 19-year-old teenager who is suspected to be a LulzSec mastermind. Whether he really is a LulzSec mastermind is not confirmed yet and he is just a regular suspect. He deserves the benefit of doubt and it would be wrong to call him an offender.

lulzsec-logo

The joint operation by the FBI and Scotland Yard follows from the Sony, (probably) Lockheed Martin and the UK Census data leaks. This has resulted in what is being seen as the first arrest of any LulzSec member which can reveal some interesting facts about this Anonymous regroup.

The Metropolitan Police website has a statement on the arrest too. It reads as,

Officers from the Metropolitan Police Central e-Crime Unit (PCeU) have arrested a 19-year-old man in a pre-planned intelligence-led operation.

The arrest follows an investigation into network intrusions and Distributed Denial of Service (DDoS) attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.

The teenager was arrested on suspicion of Computer Misuse Act, and Fraud Act offences and was taken to a central London police station, where he currently remains in custody for questioning.

Searches at a residential address in Wickford, Essex, following the arrest last night have led to the examination of a significant amount of material. These forensic examinations remain ongoing.

The PCeU was assisted by officers from Essex Police and have been working in co-operation with the FBI.

What follows next might be an extradition to the US. We are expecting some update on this from the Team WebNinjas and from the LulzSec Twitter stream. Keep an eye on Twitter for real-time updates.

Update: LulzSec claims that the person arrested by the FBI and Scotland Yard is not a member and some of the tweets appearing in this image have been deleted by them so they are exclusive.

lulzsec-deleted-tweets

Google Acquires Sage TV, Google TV Looks Bright Again

Google TV is one of those Google products that could not quite make it yet. The product has been buried for some months now and this seems like a rejuvenation attempt for Google TV.

SageTV Media Center is a proprietary, commercial digital video recording (DVR) software package for Mac OS X, Windows and Linux. It requires that the host PC have a hardware based TV tuner card.

(Source)
sage-tv
The best feature of SageTV is its extensive support for media formats and its presence across multiple platforms. However, the store, technology and support links on the website are not following any page suddenly.

This is a disappointment for many who think a mod of XBMC could have done a much better job than SageTV. The Acquisition of a full blown and operational service indicates how serious Google is getting about Google TV now. Expect more news on Google TV very soon.

If you are still not clear about what SageTV is all about, this YouTube video will come to your rescue.

After the acquisition, the SageTV website reads,

We’re thrilled to announce that SageTV has been acquired by Google.

Since 2002, we’ve worked to change the TV viewing experience by building cutting-edge software and technology that allows you to create and control your media center from multiple devices. And as the media landscape continues to evolve, we think it’s time our vision of entertainment management grows as well. By teaming up with Google, we believe our ideas will reach an even larger audience of users worldwide on many different products, platforms and services.

We’ve seen how Google’s developer efforts are designed to stimulate innovation across the web, and as developers have played a core role in the success of SageTV, we think our shared vision for open technology will help us advance the online entertainment experience. We look forward to joining Google, and while we don’t have anything specific to announce at this time, we encourage interested developers to email:
[email protected]

Full speed ahead!

The SageTV Team

The SageTV Forums can be accessed here

While LulzSec is Enjoying 211,000+ Twitter Followers, Someone is Watching Over Them

LulzSec started out as the self-appointed online vigilance  commission. Now, it has replaced Anon as the next organized hacker group taking down websites. Anonymous suffered a  rift over leadership issues and went MIA. The Anon era might be past but its members and competitors are still out there and the most popular one of them  th3j35t3r is not happy at LulzSec. LulzSec has pissed off almost everyone by now.

anon-lulzsec

You all might remember  th3j35t3r as the guy who was taking down WikiLeaks a few days back. The same  th3j35t3r  is blowing their cover as it can be seen in  this Blogspot blog. He has published their chat logs from inside the IRC channels and has even gone so far as to expose some of those LulzSec members. The blogspot blog in question has entire conversations put up from IRC channels. As you read up the posts, you will numerous find individual profiles at the end of the blog as well with photographs and home addresses.

Clearly, no one finds the LulzSec lulzworthy anymore. They are trying desperately to cover their tracks with obvious methods, like encrypting drives and using Virtual private networks to stay behind closed doors. Let us see how far this level of anonymity works for them.

Another interesting observation in the expose is  Barrett Brown  of the (supposed) members of LulzSec who is a writer at Vanity Fair, Huffington Post and Onion. My understanding is that he is not really a LulzSec member and came into the crossfire when researching on something to write. Maybe he was just watching over the IRC like  th3j35t3r. Whether this is  th3j35t3r or not is well doubted but this blog makes one thing clear. LulzSec is a ruthless group hated by its own kind and pretty much everyone by now. You can follow this reddit discussion for continuous updates.

 

Firefox 5 is Here Before Schedule and We Are Impressed!

Firefox 5 was scheduled for a release on June 21st and Mozilla has put it on a very strict roadmap this year. However, what makes Firefox awesome recently, is how it is following these deadlines and the way it has released Firefox 5 ahead of a schedule. Yes, Firefox 5 is available ahead of the scheduled 21st June and you can grab it for a download.

firefox-logo

We brought you the download of the RC version for Firefox 5 a few days ago and it is full of new features and improvements. The download for Firefox 5 is available at the FTP channel (again) ahead of official announcement and it is available for all platforms. You can get it here at the Firefox 5 FTP directory.

If you are not following things, Firefox 5 is the next stable release of Firefox and you might want to learn some cool Firefox tweaks that go seamlessly with this version. The final build of Firefox 5 is missing a channel switcher and the most appreciated feature in Firefox 5 is the DNT header.

These are links for downloads of English versions.

Download English version of Firefox 5.0 for Windows

Download English version of Firefox 5.0 for Mac

Download English version of Firefox 5.0 for Linux

What follows next is Firefox 6, which is already in alpha and will be seen as a beta release in exactly two weeks from now. Do not uphold that scheduled date too seriously now, Mozilla might surprise us again! I am waiting for download visualizations of Firefox 5, which will follow only from an official release due sometime soon.

Lulzsec Gathers Some Lulz for Sure but People Need to Act Seriously

Anonymous is dead (or so it seems) after the rift, the crackdown and the leadership issues. A new hacker group LulzSec has taken the Internet by storms recently and it is replacing Anon in media coverage. This is LulzSec and they are like the young rebirth of Anon. Anonymous was a group of seasoned hackers who knew what they were doing and there was an air of maturity about them. LulzSec is a different breed of hackers. They improvise on their targets every day and try to take down internet services on personal request, all for the lulz.
lulzsec
The operations of LulzSec do not carry that aura about them that Anon had. It is more about lulz and less about playing the righteous police that earned Anon some love. The way they tweet about it openly and the way they operate is being frowned upon by many. A recent statement made by them is available here and you should read it to know what they are thinking.

Well if you ask me, this is just a cunning trick to keep people busy and this is simply their method of getting more attention. The LulzSec knows how it is forcing the Government to lay down stringent rules faster that will curb many freedoms people enjoy online.

They have a valid point too. What they are doing is playing the reverse psychology card that will probably bring security through insecurity. People will start taking passwords seriously and service providers will work on finding and fixing loopholes. People will be apprehensive about everything online and the LulzSec is proud to have brought this mayhem upon people.

There’s always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone’s Facebook picture turn into a penis and seeing their sister’s shocked response is priceless.

Some more of their rants against whitehats go here.

we just don’t give a living fuck at this point – you’ll forget about us in 3 months’ time when there’s a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle. People who can make things work better within this rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how to do over the course of a weekend, providing you aren’t mentally disabled.

As for myself, I will remember LulzSec as the bunch of cowboys, that tamed the Internet for quite some time. Call them the good or the bad, but they are in no way ugly. They are making the Internet a safer place and you can see how. You read a thousand blog posts every month giving you advice on password norms but how many did you take seriously until now?

Kinect is the Fastest Selling Consumer Electronics Device but Here’s Why It is Awesome

The Kinect might be the fastest selling and the most talked about consumer electronics device but it is more than just that. It is a honeypot for developers and the way developers have jumped on to the Kinect SDK bandwagon, it just assures that more awesomeness is on its way.

Kinect attracts a varied class of the tech-savvy consumer world. What developers are doing on the very first day of the Kinect SDK release will mesmerize you  nonetheless.

We have seen bits and pieces of Kinect hacks and things that were tried out until now. You can see them too in this YouTube video (NSFW) . Keep in mind that all these hacks involved the Xbox 360.

However, what happened yesterday was very different. A kinect SDK for Windows PC means that now, you can use the Kinect SDK without actually owning an Xbox 360. Just the Kinect will do! Ain’t it just great? The SDK released for Windows 7 PCs is still in beta and is aimed at enthusiasts.

Well, it is great and this came in to prove that greatness. The Channel 9 Code Camp at Redmond was spilling awesomeness for the last two days and the best part is this development spree is focused beyond games. You can check some samples in development here.

A Technet blog reports,

Remember Pong? One of the earliest arcade games got an pretty serious service pack this morning you! The human body became the controller of the paddles as two guys from  Lewis and Clark built a natural user interface version of Pong that used the skeletal tracking capability. Nick Wilson and Julian Dale showed up with no experience of coding on Windows both being  Emacs developers. Within 24 hours they’d both picked up Visual Studio, learnt C# and built their version of Pong. They were so impressed they told me they were heading back to college and planned to use this with their football team and saw a ton of potential to track quarterbacks in real-time and use it for coaching purposes.

But what took everyone aback (literally) at on of the lobbies of this code camp was this.

Now, we have known for years why MSFT is doing this.

What is left to be seen is what developers are doing with the audio capabilities. Kinect has gained popularity all for its camera hacks. The audio can also create wonders as Josh Blake has proved already.

The Kinect and its SDK for Windows will be the most awesome DIY hardware for indie developers and with this SDK, MS has unleashed a whole new world of possibilities that moves closer to Microsoft’s dream of the future.

Firefox 5 Final Beta is Out, Brings new Features and Confirmation of a Release Next Week

The Firefox 4 release event was a huge success and the visualization of downloads added fun to the otherwise monotonous event. This time, Firefox 5 is just around the corner and they have announced it today with the release of the final beta version. Firefox 5 beta is available from the beta channel and this is the final testing beta version. You can download it here.

Firefox 5 final build is out ahead of the scheduled 21st June date. Head over to this post for download links and other information.

firefox-5

Firefox is moving at lightning speed. It has moved to version 5 from the  earlier version 4 in just around three months. The first beta of Firefox 5 showed up  on the 23rd of May.

The most notable change in the beta release is the removal of the channel switcher. The feature was welcome but it is a surprise to see it gone suddenly. Apparently, the channel switcher was causing users to run multiple instances of Firefox releases. Apart from that, the new version brings stability enhancements and some CSS animation improvements.

firefox-5

Mozilla is also pushing Firefox for mobile parallel to this and it has graduated to version 5. You can get it  at this page. Both the desktop and mobile version include user tracking opt-outs using the legendary  DNT header and location tracking opt-outs. This gives the user a lot of control over what information he shares with websites.

You might want to brush up your Firefox  tweaking skills with this tutorial. The final version is coming exactly five days from now.

Reddit Hires Three New Talents, Things Look Better than Ever

The way news flows through the interweb might have changed with the advent of Twitter and other social sharing tools, but Reddit is doing better than ever. Reddit is one of those conventional websites where you submit news and it gets voted and discussed upon.

reddit-logo

At times you set out to make a service, but the users you attracts take it to the very next level. The same thing happened to Reddit. The awesome community at Reddit is perhaps the most interesting one on the Internet too. It attracts attention and provides valuable insight continuously with its AMA questionnaires. Reddit is multidimensional and you have to experience it first hand to know how awesome it is.

Reddit is one of the top 100 most visited websites online and requires some serious care. It is doing 1.228 billion pageviews this month with 18.8 million visitors. As always, the level of engagement on Reddit can be estimated from the average time on site that stands at around 15 minutes. Reddit was running with one developer for the last three months. To make things better, they have made three new hires at Reddit now.

Logan Hanks is the first of the three and is an ex-googler. This is good news, given that one of the programmers to leave recently went for Google. The second one is Keith Mitchell who is graduated from the Colorado School of Mines and is an expert on Python. The third one Brian Simpson is a chemical engineer with an edge in programming.

Reddit is an awesome community and needless to say, they will keep churning up awesome content. As always, these new hires at Reddit will keep things behind the scenes pretty.

Apache Traffic Server Announces v3.0.0 with Vast Performance Improvements

Apache Traffic Server is one of the most admired services to have come under the Apache Server Foundation project. Traffic Server is essentially a caching and load balancing server that manages your traffic in an effective manner. It has been used for a variety of caching purposes and serves as an effective CDN.

apache-traffic-server

Traffic Server project is a long running project and after nearly a year of development, it reached the status of an Apache Top Level Project or TLP on April last year. Just a few days afterwards in May, it reached version 2.0 and this transition to version 3.0.0 has taken merely a year.

The ASF page on Traffic Server says this.

Apache Traffic Serverâ„¢ is fast, scalable and extensible HTTP/1.1 compliant caching proxy server. Formerly a commercial product, Yahoo! donated it to the Apache Foundation, and it is now an Apache TLP.

At Yahoo, Traffic Server claims to have handled 400TB of data per day and this ensures that it has a very high tolerance.

The Wikipedia page on Traffic Server further says,

In the context of cloud computing, TS would sit conceptually at the edge of the cloud, routing requests as they come in. It could be described as a highway into and out of the cloud. In Yahoo!, it is used for the edge services shown in thegraphic distributed at the 2009 Cloud Computing Expo depicting Yahoo!’s private cloud architecture. In practical terms, a typical server configuration might use TS to serve static content, such as images and JavaScript, CSS, and HTML files, and route requests for dynamic content to a web server such as Apache HTTP Server.

However, some lesser-known facts about the capabilities of the new release are that it can withstand 200,000 requests per second, which is a 277% improvement on the earlier v2.0. Visit their FAQ page to learn more about Apache Traffic Server.

Mozilla Project MemShrink Looks Into Speeding Up Firefox

Firefox has a long standing history of excessive memory usage and slow startups. No matter how much of tweaking and customization we make, Firefox will still remain the same slow browser. This is finally identified as a problem at Mozilla and they are working on fixing the biggest annoyance in Firefox: the speed issues.

firefox-fast-web

When I talk about speed in this post, it is not related to the speed of surfing the Internet. I am talking about the responsiveness and startup of Firefox. The long waiting hours will soon be over and project MemShrink is here to make sure of that.

MemShrink is a project that aims to reduce Firefox’s memory consumption. There are three potential benefits:

  1. Speed: less cache pressure, and less paging. The latter is crucial, as it can destroy performance.
  2. Stability: fewer OOMs, whether due to address space exhaustion or otherwise. This results in fewer crashes (due to mishandling of OOM) or aborts.
  3. Perception: fewer people will complain about Firefox being a memory hog.

From what this page tells me, Mozilla has a number of leaks to take care of which have piled up over time. Mozilla developer Johnny Stenback has talked of the project MemShrink saying,

to help get more attention to this issue we’ll be starting up a MemShrink effort, where a group of people will get together to look at the big picture, triage bugs, investigate general approaches, and do some brainstorming.

One positive outcome from this will definitely be some improvement on Firefox memory usage, which shoots up with time and does that abnormally. The same problem is encountered on other browsers as well and sometimes, the Windows Task Manager cannot be trusted for correct memory usage readings. The fact is, Firefox is slow and this needs to change in future versions.

iCloud Sues Apple over Brand Name, Strengthens Case with Apple’s Poor Past Record

Apple never stops getting into disputes with their product names. This time, it is their iCloud service. With iCloud, Apple wants to take on the world of file syncing and storage, but it went a bit carried away with the name to notice that a company with the same brand name exists already!

icloud-trademark

If you are a regular reader here, you will have noticed  our coverage of iCloud and its use cases.

Today, Apple inched closer to ubiquitous  computing, the elusive dream all technology enthusiasts share. During their Worldwide Developer Conference today, Steve Jobs unveiled Apple’s consumer cloud service  unimaginatively named iCloud.

All this sounds good and there are various reactions on this cloud service all over the Internet. Some have perceived it as an uber sync tool while others are of the view that it just adds to the redundancy of these services. Anyway, what we seeing recently far surpasses all these speculation and research.

The very existence of this service is challenged, now that it is found to have the stolen name. Yes. Apple’s use of  iCloud is a trademark infringement over  an Arizona-based computer communications company. Apple upsets the company iCloud because of this move. This company specializes in VOIP and other communication technologies. Besides having the name iCloud for itself, iCloud also wants all of Apple’s iCloud marketing destroyed. This has a very good chance of ending in a sweet settlement and both the parties will go home happy because Apple already has an encroaching patent on iCloud and iCloud is not much of a cloud based service provider.

Are Facebook and Google Killing Innovation

Facebook and Google have the most talented pool of engineers and hackers when it comes to web-based technology. They compete head-on and are known to have delivered killer products that people love to use. However, with this growth, both these tech giants have become wormholes that suck up a bunch of talent every year and at times, focus it on the same tasks. I agree with  Eran Hammer-Lahav on this article.

innovation-at-facebook

This is true even more for Facebook than it is for Google. Googlers have a number of side projects that allow them their private innovative space. It is a company crawling with innovation and the 20% projects bring enhancements to the existing web technologies every day. Both Google and Facebook contribute to open source technologies as well. Facebook itself contributes actively to the Cassandra database project and Google has a number of projects going on to speed up the web, especially the spdy protocol.

I think Facebook is killing  entrepreneurship because all its work is focused on exactly one product lineup when they are capable of more. Absorbing all possible startups (or the workforce behind a possible future startups) under their banners, these companies are nipping possibly new services and products. However, the talent pool is not to blame for this.

Some people have excellent business ideas and no technical knowledge to pursue those ideas while others have sound technical skills but do not want to work on a startup. Many people who join these tech giants lack  entrepreneurship but have the technical skills. Out of those many, some gather ideas all throughout their stay, only to venture out on their own after a few years.

In short, an entrepreneur mind never dies. It might wander for a few years and learn along the way, but sooner or later, it will emerge. About innovation, well those who prefer working for these tech giants are innovating nonetheless.

(Image source)

After Skype; Linkedin, Foursquare and Netflix Join the Android Personal Data Leak Club

Remember how Android vulnerabilities were making news every morning a few months ago? Remember how Skype stored personal data in a plaintext format and it was all left out there in your phone’s SD card storage to be accessed by anyone? Well, the vulnerability is revisited. Just that it is not Skype this time. There are a number of apps that do the same mistakes and Netflix, Foursquare and Linkedin just joined the hall of shame.
android
Clearly, these mobile apps are not interested in the security and privacy of their users. This is like your OS storing login password in a text file. How would that feel? The vulnerability has been discovered by  viaForensics but it seems like this is becoming a trend with Android apps. There must be many more apps that do the same. It is only time before they are discovered.

The best thing about these things is that the moment they break out, fixes are released and things are better. However, if undiscovered, they just lay there.

Now, data theft is still better than password theft and the very nature of using the same login details everywhere is a huge risk for Android users of any of these services.

If you are a service oriented business, people understand that data is important for you to function properly. Their only privacy concerns is what exactly you are doing with this data and mishaps like these simply validate the paranoid people have with privacy. Companies have to start taking user data seriously and handle it with utmost care.

Facebook User Get Paranoid as Old Deleted Messages Reappear After Message Center Update

This is not scary movie but Facebook users are equally annoyed because their deleted messages are reappearing after a recent Message Center update. Facebook has been known for retaining data and it was made clear in many earlier instances that deleting a data from anywhere on the Internet does not necessarily mean it is deleted.

facebook-delete-data

A few months ago, there was this news on deleted Facebook photos being available even after deletion. They were available at the same old links. It was explained with theories like the data remains in the CDN that stores media content for services like these. However, this is only part of the story.

The real story of why things never get deleted on Facebook

Any deletion you perform happens only on the frontend. In simpler words, if you delete a photo on Facebook, Facebook makes changes to your account in such a way that it never comes back to you as an object accessible from the user-interface, but it is still out there. The same goes for messages and other things. I was taught the same thing during my first web-design classes and it felt really creepy. Though, this does happen at a lot of places. It saves the database from getting overheads from deletion and it is easier to run a small update query (for something like a deleted bit or flag) instead of a large resource intensive delete query on a database.

In the problem the user faced above, the Message Center update team (that’s what I am calling them) at Facebook did not go through the documentation well enough to take note that there was some code to make sure the user does not see his deleted messages. The developers of the Message Center completely overlooked that feature and will have to push updates to correct this bug.

Now, Facebook can boast all about how it uses Bittorrent technologies to push updates across its distributed servers but glitches and bugs like these make it look outright stupid. Whatever happened to testing codes before releasing them half baked? Facebook is not a one man show that it can be excused for this glitch. A full blown company competing with online tech giants, a company that upsets privacy watchdogs every day and  a company which is the largest social network in the world cannot afford to make mistakes like these.

Note: It would be a lie to say things never get deleted on Facebook. But they stay for a seemingly indefinite amount of time.

Bitcoin Faces Government Crackdown for Illegal Drug Purchase

This was to happen sooner or later. How can any government allow a currency that claims to be decentralized, is totally unregulated and is not under its direct control? On top of that, the EFF started accepting donations in Bitcoin a few days ago and the crackdown was going to come sooner or later once Bitcoin started gaining credibility like this.

bitcoin

Two US senators are encouraging federal authorities to crack down on Bitcoin, the reason being its use in illegal and anonymous drug purchase. Reuters reports,

Democratic Senators Charles Schumer of New York and Joe Manchin of West Virginia wrote to Attorney General Eric Holder and Drug Enforcement Administration head Michele Leonhart in a letter that expressed concerns about the underground website “Silk Road” and the use of Bitcoins to make purchases there.

The nature of Bitcoin makes it extremely hard for authorities to track down these drug abusers and this can prove to be a fatal blow to the currency system that could have shaken things up in the online world.

In further investigations, it has been found that a majority of the bank accounts being used in this drug abuse are based outside of the US. The decentralized nature combined with offshore bank accounts leaves very little in the hand of federal authorities to act upon. Decentralize ideas are hard to track, but they are equally hard to manage and operate. Bitcoin is facing the same problem of rogue users that any decentralized body without a central control will face sooner or later.