Facebook Privacy for the uninitiated

So everyone hears about someone’s Facebook account getting ‘hacked’ these days, they even report it on the news ever so often. Let me first break this to you, you were not ‘hacked’. You were ‘highjacked’. The difference in the semantics is significant; ‘hacking’ implies this person did it:

Hackers prefer leather

Meanwhile as per the usual case, highjacking implies this:

I aslo messaged all his friends as him to tell them that I suck

I’m sure those images speak a thousand words, but just in case it didn’t, here’s the difference with words.

How people could highjack your account:
1. You forgot to logoff from a public PC
2. You didn’t log off from your PC and allowed someone to use it
3. Someone has access to your phone, because it’s stolen or you just lent it to them

How people could hack your account
1. Brute force guess your password (ok technically this is still highjacking, not hacking but I’ll leave it here anyway)
2. Break into Facebook’s servers, right through their million dollar firewalls and sysadmins

How To Protect Yourself

1. Enable SSL on Facebook
This protects you from Man In The Middle attacks, especially a problem if you’re browsing from a public location (eg: a Cyber Cafe). To do this go to the settings page on Facebook (here) and turn on “Secure Browsing”. This should be enabled by default anyway.

2. Clean up your sessions
Facebook allows a pretty easy way of doing this. This page allows you to view where your account is currently logged in from. If you do not recognise any of those sessions, kill them. This also allows you to log off from a different browser remotely. eg: If you forgot to log off from your computer at work, you can do just that from home on your home computer. To be precise, yes you can log off your account on the office computer from your computer at home.

3. Protect your Phone
This is critical, not just for Facebook. Your phone stores a huge amount of information, someone who gains access to your phone has access to just about half your life. Treat it with as much care as you would (say) your passport. A very easy way of doing this is to use an unlock code on the phone. This is the single most ignored security advice, most people do not have access codes because it’s a nuisance to enter a PIN evertime you want to use your device. I assure you the cost of typing in 4 digits is worth it. And please don’t make your unlock code 0000, 0123, 1234, or your birthdate.

4. Use a secure password
Meaning do not use your name, your Significant Other’s name, your birthdates, your address, your first pet’s name, your children’s name, or any combination thereof.

5. NEVER reveal your password
This should be obvious. Nobody from Facebook will ever ask for your password. Never ever type your Facebook password anywhere besides Facebook’s apps or login page

6. Look behind you
The most obvious way people get your password is by looking over your shoulder. Srsly, watch your back.

7. Don’t save your password on the Browser.
They are reversible. Anyone with a very little knowledge and access to your computer can reverse your saved passwords.

8. Don’t share your passwords between different accounts or websites.
If one server or one service is compromised (as it always is), and someone gains access to your password on one service(say LinkedIn), people can link your accounts together and they will try the password from one account on any one of your other accounts.

9. Change your passwords regularly.
People don’t do this for the fear of not remembering their password. Not a great reason. When’s the last time you changed your Facebook password?

but if you ever forget, just ask Uncle Sam

Firefox 23 breaks DuckDuckGo (kinda). Well here’s a fix

Firefox has 2 search bars. Kinda. The address bar and the search box used to be configurable separately so that the search engine chosen for the address bar is irrelevant to the search engine set for the search bar. This behaviour has been disabled in FF23; the search engine selected in the search bar dictates the engine used in the address bar (the keyword.URL parameter doesn’t actually do anything anymore). So those of us who want 2 separate address bars are left out to dry.

UNTIL NOW. The Keyword Search plugin available here solves all your problems.

“Leap service is not running”

Happens quite a bit on Windows 7. The Leap Motion device is running nicely for a while, then you unplug it and plug it back in, and boom: no service. Simple solution is to restart the service.

Start > All programs > Accessories > (Right Click ‘Command Prompt’) > Run As administrator c:\> net start LeapService

If something similar happens on Linux, where the Leap Motion controller used to work and just suddenly stops, check your leap daemon. ensure none of the daemons are running $ ps aux |grep leapd . Kill all the daemons that are running $ killall -9 leapd and then restart the daemon $ leapd

Using Linux RT Kernel

It’s taken me a while to mess around with the Linux RT system, so here’s a somewhat full documentation of what I did. I assume some Linux compiling knowledge and a safe environment to actually do this, such as a chroot environment or a virtual machine or your roommate’s computer who isn’t going to know what happened.

I’ll start with a simple program in C to test the RT Kernel. Get it here, adapted from the official docs’ provided example. You can compile it on your regular stock kernel as such:
$ gcc -o test_rt test_rt.c -lrt
You can then run the program a number of times to see what the minimum run time is.
$ time sudo ./test_rt
My personal record is about 10 seconds on a stock kernel on VirtualBox running a single CPU. However, we know that testing this program on a standard machine with low load is not indicative of a `real` real time system. So we now run our program under high load. But first, we need to simulate that high load:
$ sudo stress -c 1000 -i 100 -m 2 --vm-keep -t 120
(note that the -m 2 uses (2 * 256)MB of memory, so make sure you have enough!)
And then, we’ll run the test_rt program again.

Patching the Kernel

In this example I’m working with kernel 3.8.4. You may want to use a different version of the kernel, in which case look for the highest version of the patch available here: https://www.kernel.org/pub/linux/kernel/projects/rt/
And download the corresponding vanilla kernel here: https://www.kernel.org/pub/linux/kernel/v3.x/

And moving along, here’s how we patch:

  1. In your home directory go to the Download folder and download the patch file in bz2 format (mandatory for this exercise) and the vanilla kernel.
  2. Unpack the kernel, and go into the directory
    $ tar -xjvf linux-3.8.4
    $ cd linux-3.8.4
  3. Apply the patch
    $ patch -p1 < <(bunzip2 -c ../patches-3.8.4-rt2.tar.bz2)
  4. Configure the kernel using the config file from your existing kernel
    $ cp /boot/config-$(uname -r) .config
    $ make oldconfig

    IMPORTANT:
    1. when prompted for preemption model, select option 5 – Fully Preemptible.
    2. When prompted for debug options do not select it. Turning on the debug flags (which is the default option) will decrease performance.
    3. For every other prompt you can just press which selects the default
  5. Build the kernel
    $ make-kpkg clean
    $ CONCURRENCY_LEVEL=$(getconf _NPROCESSORS_ONLN) fakeroot make-kpkg --initrd --revision=0 kernel_image kernel_headers
  6. Install the .deb files
    $ cd ../
    $ sudo dpkg -i linux-headers-3.8.4-rt2_0_i386.deb linux-image-3.8.4-rt2_0_i386.deb
  7. Reboot into your new kernel. Note: the steps above do not make this kernel your default. You will need to select the appropriate kernel from your grub menu

At this point you can try running the benchmarking script again. My record was under 2 seconds, down from the 10 seconds mentioned above.

Note: If your performance actually decreases, you may want to check to make sure your debugging flags were turned off during compile.

Installing CDT as a plugin in Eclipse.

This is only relevant if you already have Eclipse IDE, perhaps for developing Java, and you want the relevant C/C++ development plugins. If you are only developing on C/C++, you could just as easily download CDT in a standalone IDE right here

The following is an alternative, which only installs the relevant CDT plugins.

  1. Start Eclipse
  2. Help > Install New Software > “Available Software Sites” > “Add”
  3. Name: CDT, Location: http://download.eclipse.org/tools/cdt/releases/juno > OK
  4. Now you’re back to the Available Software popup, the first label at the top says “Work With”. Click the drop-down, select CDT (or “All”. Whatever)
  5. Select the relevant C/C++ tools.

Other plugins you might find useful:
Git stuff: http://download.eclipse.org/egit/updates
Linux Tools – Valgrind, Gprof, etc: http://download.eclipse.org/linuxtools/update

How to insult your hires

So some dude from a “Talent Recruitment” company insulted me. Here’s how:

From: Shawn Low
To: <me>;
Subject: Career Opportunity
Sent: Thu, Jan 3, 2013 9:24:41 AM

Hi Alvin,
Could you please contact me on my mobile (+6012xxxxxxx) or via email (shawn@xxxxxxxxxx.com), giving me your present contact number, for a quick chat about a career opportunity?
This is Shawn here from Talentsbay, a headhunting firm. Thanks.

Best Regards,
Shawn Low
Principal Consultant

Talentsbay Sdn Bhd (932119-T)
Suite 27-11, Penthouse, Signature Office,
The Boulevard, Mid Valley City,
Lingkaran Syed Putra,
59200 Kuala Lumpur, Malaysia

Mobile: +6012 xxx xxxx
Tel: +603 2297 xxxx
Fax: +603 2287 xxxx
Website: www. talentsbay .com

I wasn’t interested. Partly because I don’t trust recruitment agencies. Mostly because I’ll be in the US for a while. I decided to tell him that. Politely.

 Subject: Re: Career Opportunity
From: Dartarrow <me>
Date: Thu, January 03, 2013 9:10 pm
To: “Shawn”

Sorry. Not interested. How do us you find me anyway? I need to remove my online profiles

I’m pretty sure that reply was rather polite. His next reply however sounded like a scorned girlfriend you dumped for a 17yo cheerleader.

From: “Shawn Low”
To: “Dartarrow”
Subject: RE: Career Opportunity
Date: Thu, 03 Jan 2013 18:48:11 -0700

Sorry, the email must have been sent to you by mistake by my assistant. It was meant for another Alvin, an intelligent, smart, qualified and high-calibre candidate. I do not know how your email could have been included in our privileged list of high-performing candidates.

No signature, no “sent from my assistants iPhone”, no “regards”, no “whoopsies”.
And just as I thought we were getting along

svn:ignore directory

I don’t know how the book recommends, but here’s how i do it. Took a while to figure out:

svn propset svn:ignore "*" cache/classes/

remember the double quotes and backslash at the end.
Also the effects would be available immediately – you’d see the files with “?”s immediately disappear

Hishammuddin can help with Perception

The claim: crime rates are low. They are only perceived to be high.

There’s an easy way to improve perception of Crime Hishammuddin Hussein. You have a 19 year old daughter correct? Let her walk around different shopping mall parking lots after 10pm. Let her walk through the city center after 11pm. Without police escorts, and all that jazz. If you’re worried about the fact that she may be recognised as your daughter which will mean higher security risk, well then, that’s just your perception. Why should the reality affect your perception but not ours? Wash, rinse, repeat in Johore, Penang, or wherever else one month at a time.

If you’re willing to do this, then the rakyat have nothing much to say really. There will be nothing more for you or the Police to prove as far as perception vs reality is concerned.

Oh The Star. You make me lol

I’m not saying the editor of The Star should resign.
I’m not saying calling Fiddy Cent “RM1.50″ didn’t make me laugh.
I’m not saying Spell Check would solve all your problems.

I’m just saying: this is what happens when you hire people without integrity, which is of course a prereq for working in a Gov-owned brain-washing mechanism.

Ampang Line Extension

SOOooOo.
Since I couldn’t find a proper map of the Extension project, I decided to make one.
This map is of the LRT Ampang Line Extension project. Done in gmaps for increased awesomeness.

*brief history:
The Ampang line extension is part of a greater project involving the extensions of the Ampang Line LRT (formerly knows as STAR LRT) from Sri Petaling to Putra Heights. On the Kelana Jaya LRT lines (formerly known as Putra), the extension will start from Kelana Jaya and also end in Putra Heights. These projects are of course spearheaded by the government.

Putra Heights is developed by Sime Darby. A Government Linked Company.

Big Bad Wolf Sale

Getting there:
If you’re taking the KL-seremban highway, take the Serdang / UPM exit. You will reach a cross junction, go straight and there will be a turning to the left. There will be a sign for ‘MARDI’. Mardi is your friend and your best bet for an available signboard.

Go on straight until the end where it will be a T-junction (where you will need to turn left or right). Turn right. Past that point it’s all pretty blurry to me. Look for signboards for MAEPS and find a parking spot. A bus will (should) take you from the parking lots to the sales.

 

buying the books:
The organizers provide boxes. Bring your bags and save on the plastic bags. A luggage you can roll around would probably be best. Most of the books are properly categorized right. The books in huge quantities and possible crowd favorites are still stored on the pallets.

There were however a crapload of unsorted books. Big mistake on the part of the organizers I think. Wouldn’t waste my time  on these.

In a nutshell:
Good: Lots of payment lines. Friendly well trained staff. Customer service booth with space to store your books, so you don’t need to lug them around. And of course you can’t argue with the prices.

Bad: A DJ convincing you you’re lucky to be buying books at 70% off. Not the best collection of books. The one in KLCC was better.

Ugly: Credit Card salesmen from OCBC pestering you into applying for a credit card. No signboards or directions to the damn place. It’s in the middle of fuckin nowhere, the least you can do is to have sign-boards.

 

 

Why MCMC is impotent

Malaysian Communications and Multimedia Commission (MCMC) has the job as *the* steering force for Teh Internetz in Malaysia. As far as I remember they have the job of regulating the ISPs which they failed at miserably.

Somebody somewhere lately bestowed upon them the role of witch-hunters, moral-police, and National Hypocrites. Which is about all they’re good for anyway. But now they’re bitching about not finding proof? Did you morons even look? Why don’t you start right here, and here. And while you’re at it:

Fix Your Fucking Website

Do you guys understand just how embarrassing it is that the Communications and Multimedia Commission website does not work?

10 bucks says they’ll blame Indonesian hackers soon.

How to test your webcam in Ubuntu

Testing your webcam is done with mplayer, first though you’ll have to install mplayer as so:

sudo aptitude install mplayer

then fire up mplayer as so but in one line:

mplayer tv:// -tv driver=v4l2:width=320:height=240:fps=200:device=/dev/video0 -nosound

And you SHOULD see your pretty face on the screen. Good Luck.

Collectd Python plugin

One of the most interesting development in collectd recently (4.9) would have to be the availability of a Python binding. You can find the man page here with some samples.

Another interesting feature available with collectd plugins is the availability to overwrite the `hostname`. This opens up a whole new page to collectd, including what I’m attempting right now which is active checks.

In any case, a sample python plugin which overwrites the `hostname` would look like so:

# Sample Python module to use python plugin 

import collectd

#== Our Own Functions go here: ==#
def configer(ObjConfiguration):
   collectd.debug('Configuring Stuff') 

def initer():
    collectd.debug('initing stuff')

def reader(input_data=None):
    metric = collectd.Values();
    metric.plugin = 'python_plugin_test'
    metric.type = 'gauge'
    metric.values = [100]
    metric.host = 'OverwritenHostname'
    metric.dispatch()

#== Hook Callbacks, Order is important! ==#
collectd.register_config(configer)
collectd.register_init(initer)
collectd.register_read(reader)

Lets assume a few things here:

1. Collectd installation:
/opt/collectd/current/,

2. python plugins
/opt/collectd/current/share/python/.

3. plugin file python_plugin_test.py will be in
/opt/collectd/current/share/python/python_plugin_test.py

The relevant corresponding config in /opt/collectd/current/etc/collectd.conf would look something like:

LoadPlugin python
<Plugin python>
  ModulePath "/opt/collectd/current/share/python/"
  LogTraces true
  Interactive false
  Import python_plugin_test
  <Module python_plugin_test>
    Test "This" "are" "the" "inputs"
  </Module>
</Plugin>

Dont forget to test your plugins by running sbin/collectd -C  etc/collectd.conf -T If this causes nothing to be printed on the STDOUT, that means your plugins are good.

N900 development Part 2

Before you continue on reading, understand that a prerequisite is for you to start with part 1 and especially Maemo’s Getting Started guide.

For this guide, I’ll be showing how to create multiple widgets in one window. The code from Maemo provides you one window with one widget (the button). You cannot add on more widgets to the example just like that. Adding >1 widget to a HildonWindow will still allow the program to compile, however if you run it you will have to expect an error message that looks something like “… as a GtkBin subclass a HildonWindow can only contain one widget at a time; it already contains a widget of type …”

So the alternative is to create one vBox (or hBox) and pack all other widgets (including other hBox and vBox) inside of it. The end result from the sample should be an applicati
on with an interface that looks like this

3-button hello world app on N900 emulator

3-button hello world app on N900 emulator

The blog formatting makes it a bitch to paste my code here, so just download the code into scratchbox environment with something like this:

wget http://dartarrow.net/wp-content/uploads/2010/03/hworld.c

You should now be able to compile the program with the following line:

gcc hworld.c `pkg-config hildon-1 --cflags  --libs` -o hworld 

Execute the programe

 ./hworld 

And voila.

Take note of how the hbox is prepared and then packed into the vbox. Understanding the interaction is key to your own gui development with C, GTK, and Hildon.

Credit where credit’s due, I stole and modified the code from Maemo’s Wiki