The first “botwall” by Shape Security

“Bot” based attacks are perhaps the cheapest as well as most disruptive form of attack on a website. A familiar example is the DDOS attack. A hacker can use an an array of computers to send too many requests or opcodes to a website to make it malfunction or break into its user accounts. Web apps are much more vulnerable as the source code of the pages running on the client machine is visible. A relatively new US based start-up Shape Security has just announced in their blog that they have designed a new device that will trick the bot attacks by modifying the source code of the website frequently. This makes it much more difficult to continue with automated attacks and the hacker will have to fall back to manual methods which is much more expensive in terms of time vs. effort. The chief goal is to continue serving affected clients without the server getting disrupted. What the new “botwall” will do in simple terms is to change fields like “password” into “sdgdjghfhf”, i.e. morph it into something random. Shape Security already has some noteworthy backers: Google Ventures, Google Chairman Eric Schmidt, Kleiner Perkins Caufield & Byers (early investor in FB and Amazon), Enrique Salem (former CEO, Symantec). If the “botwall” delivers what it promises, it will definitely bring a new dimension to web apps security.

Webpage: ShapeShifter

[Courtesy: Jester Raiin]

Fritzing: create your board prototypes

Think you can become the next great name in PCB designing? You may start with Fritzing: an industry standard and open source PCB board design software with a strong ecosystem of numerous users playing with it. Fritzing is fun to use like any other programming IDEs those come with basic GUI constructs to build more complex interfaces. It can even help learn Electronics with a practical oriented approach. You can turn your own circuit designs into PCBs fast with Fritzing. It also has its own toolkit based on an Arduino UNO for quick hands-on. If you can’t think of a project to start with, find one from the Projects section and start contributing. There are too many of them waiting for you!

Webpage: Fritzing

inxi: fetch system information

inxi is a script that fetches the details of your system, specifically hardware for you. It is quite handy when you need to touch-base with your hardware.The options page extensively details on the numerous things that inxi can do. For simplifying the usage, the authors are working on a GUI as well, though the progress is admittedly slow.

Installation instructions on Ubuntu:

$ sudo apt-get install inxi

To get a list of full options, run:

$ man inxi

Besides showing system information, inxi can show you the weather too! Run:

$ inxi -xxxw

Webpage: inxi

Safeplug: anonymize your network traffic

Security and privacy of users is of prime importance. A hardware product from Pogoplug, Safeplug attempts to ensure it by re-routing your entire network traffic via the well known Tor network. It connects to your router and you can enable or disable it from the Safeplug page. Continue reading Safeplug: anonymize your network traffic

BIOS vs. UEFI boot

technicalUEFI (Unified Extensible Firmware Interface) can be considered as the next-gen replacement of BIOS. It is a layer that sits on top of the system firmware and enables your OS to communicate to the firmware through it. UEFI takes care of the inherent design shortcomings of BIOS with the ability to access the total system memory, run in 64-bit mode, an extensible design by plugging in new features like an appealing graphical mode and so on. In this article we will see how different traditional BIOS boot (from a hard disk) is from UEFI boot.

BIOS Boot Mechanism

The bootstrap code (bootcode) resides in the first 446 bytes of the first sector (Master Boot Record) of a hard disk. The bootcode is loaded at location 0x7C00 in the RAM and gets executed. Even writing a basic bootcode needs the knowledge of assembly language programming (example simple bootcode). An example of a full-fledged bootcode is the Linux i386 bootcode. The size constraint of 446 bytes also needs many responsibilities to be handed over to a second level bootloader like GRUB. Additionally BIOS cannot access the total RAM available in your system and runs in 16-bit mode. x86 Boot Sector tutorial.

UEFI Boot Mechanism

UEFI overcomes the above problems with BIOS boot by moving the bootcode to a partition on your disk called the EFI system partition. The EFI system partition is a FAT12, FAT16 or FAT32 partition on a GPT partitioned disk (as opposed to an MBR based disk for BIOS). Hence the size of the bootcode, which is now the EFI binary bootloader file, can be much more. UEFI detects the EFI partition on a hard disk and if the file is present it starts executing it. This UEFI bootloader file can be generated in the EDK II development environment using the C language (examples). The bootloader can chainload another bootloader like GRUB or load the OS. Another OS boot mechanism is: the OS installed in the system adds an entry in the NVRAM which points to the device (lets say a hard disk) where the bootloader is present. At system boot, the UEFI environment looks into the NVRAM entries and loads the bootloader from the disk pointed to.

As you can understand by now, the boot mechanism is greatly simplified and enhanced in UEFI. More on EFI Boot Loaders:

Managing EFI Boot Loaders for Linux

Fix Intel HDA controller low volume on Linux

audioIf you are experiencing low volume at maximum limit on a machine with HDA controller the way to get a high volume is to reset all the raw pin settings to default. HDA Analyzer does that for you. Before moving on from here, be sure you know what you are doing. This may lead to critical unforeseen issues.

First you need to make sure you have HDA. Run this:

$ lspci|grep -i audio
00:1b.0 Audio device: Intel Corporation 7 Series/C210 Series
Chipset Family High Definition Audio Controller (rev 04)

Once you have confirmed, download the HDA Analyzer script (hda-analyzer.py) and run it as root. It will download some other scripts and then you will get the GUI showing all the detected cards, codecs and nodes. If you already know which pins to tweak around with you can directly do that. Otherwise just click on all the different nodes and then exit the GUI (a quicker way is to select the first node and then use the Down arrow key to traverse through all). Before exiting it will ask you the following:

HDA-Analyzer: Would you like to revert settings for all HDA codecs?

Click Yes. Now check if there is a gain in max volume. My volume level increased heavily on a Sony VAIO with the above controller. And you can still gain more by using software Amplification from Ubuntu Sound Settings if you are on Ubuntu. Just don’t blast your speakers literally! 😉

N.B.: the settings are not stored across reboots on all distros. A solution is discussed here. But be very cautious. There may be side effects.

Another possible solution

Edit /etc/modprobe.d/alsa-base.conf as root. Search for the following line:

options snd-usb-caiaq index=-2

Add the following line below it

options snd-hda-intel model=3stack

Waiting for the best smartphone

coffee_compAnd who’s not, you ask… Maybe the subject line would have been more appropriate if I wrote – searching for the best smartphone platform. In reality the top (and with similar hardware) smartphones based on the same platform differ very little in features, performance and looks. The smartphone war has a new dimension now – it’s an war of ecosystems, not just some models. The number of developers, app users, manufacturers are very significant factors when you try to decide which one is the best. Let’s have a look at the current platforms dominating the market today (alphabetically) –

  • Android: Google didn’t have to pay anything for the core and Samsung didn’t have to pay anything for a ready to market platform and hence the lower price. While I agree that the price is proportional to the hardware (primarily) and other cost (like design, development, manufacturing) involved, Android could never reach the performance that one can expect on Linux. While the main factor is the UI framework, even the native C++ browser feels much slower than the iPhone’s browser. Contrary to common illusion – Google has produced many mediocre products in its history.
  • iOS: Overpriced and much hyped. I mean, come on… they don’t even pay the Chinese workers in the manufacturing unit a respectable daily wage. (Not convinced? Read this.) Wish Steve Jobs rests in peace. Their hardware is good but doesn’t count up to what they charge. With more competition from cheaper and reasonably priced platforms like Android, Apple will definitely suffer.
  • Windows: I am seeing a BSOD for Windows in the smartphone arena from Surface results. They had a huge advantage from being very much friendly with Intel but now both are on the decline. With the desktop hardware era ending and Intel losing the battle to ARM on smartphone hardware, I find it hard to believe Microsoft would remain more than a service provider in a decade’s time from now. A dying Nokia can’t recharge them either.

What we are seeing here is an opportunity for a platform which will give you a stunning performance at a standard price and can scale. Don’t worry, newer platforms are going to look way cooler, that’s not a concern anymore. When I say scale I mean that you get a desktop and a smartphone together – something that renders the need for touching any other device kaput. There are many hurdles to overcome here, e.g. a regular desktop gamer will always prefer an Alienware to a smartphone, a regular office suite user handling excel sheets will look for a big screen. Another important feature all smartphones are deliberately missing today is – hardware upgrades. It’s a cunning business strategy and it’s a pity people don’t see they are paying huge amounts to get stuck with the same hardware till it’s an outdated waste. Only software upgrades is the most profitable con ever played in the history of consumer electronics. I’m sure some smartphone manufacturer is going to offer hardware upgrades and change the history of smartphones. A smartphone with all these features is yet to arrive and I wish it emerges out of open source software. I have high hopes on initiatives like Ubuntu Mobile, Firefox OS, Tizen, Replicant etc.

TLP: Linux power saver

cool_penguin_smallI wrote about the promising Linux utility Jupiter in a previous post. Unfortunately Jupiter development has ceased and though I still use it on my laptops on Raring (13.04) I don’t think it will be supported on 13.10. While looking for an alternative tool which saves power in a similar fashion I came across TLP – a purely cmdline utility which gives much more flexibility to seasoned Linux users (but may be a bit intimidating for newbies). To make things easier, it has an extensive documentation and I could find an excellent explanation of the configuration file options here. All it needs is a clean GUI with ease of usage. Did not try it yet as Jupiter is still giving me < 50°C CPU temperature but definitely worth a try as some users have reported a core temperature lesser than that on Windows.

As a rule of the thumb, irrespective of the OS you use, set your screen brightness low to save both your eyes and power.

To install TLP on Ubuntu 14.04 and above:

$ sudo add-apt-repository ppa:linrunner/tlp
$ sudo apt-get update
$ sudo apt-get install tlp

Webpage: TLP

i7z: Intel i3, i5, i7 reporting tool on Linux

chipIf you want a detailed information of your Intel i3, i5 or i7 CPU on Linux, try this tool out – i7z. Pretty simple to compile with minimal dependencies. It gives you a lot of detailed information to know your CPU better, e.g. do you know if your Turbo Boost or Hyper-Threading is enabled? Use this tool to check.

Website: i7z