Log in

Recent Entries 
25th-Jun-2009 10:05 am - Nice way to backup lj data
I've been missing ljarchive after I moved fully away from windows, but this approach looks promising. django-ljsync is a django app that can connect to an lj account and download all the data and comments. Google apps has detailed porting instructions for django, so it's possible to have a google apps hosted blog that'll also serve as a backup of the lj data. As a plus, it'll allow me to get rid of the ads and the minor annoyances of lj. It's still a one-way sync, but something's better than nothing ;) If I am not going to Kabini this weekend, that'll be one fun project to do.


26th-Apr-2009 09:05 pm - Battery life on the N810
I've been battling a bad battery for weeks on the N810. And i had tried all the tricks in the trade, like disabling the wimax module entirely, turing down wifi power consumption, turning off bluetooth, turning on power saving mode on wifi etc...

All this while I hadn't checked out what the maemo wiki said on this topic, and the first thing they say is to disable RD mode. I had done that a long time ago to look at the bootup messages and forgot to turn it off since then. I've disabled it now, and the tablet's been running in a semi idle state for three hours with just .01 percent drained. Wow!

BTW, this text was written in maemo-wordpy. Check it out in case you haven't heard about it, it's cool stuff.
13th-Apr-2009 07:59 pm - How not to design websites
A friend of mine pointed me recently to myntra which is an indian based website that prints custom T-shirts. I liked the design he showed me, and in an impulsive mood bought it. Being an indian dot com, I usually have relaxed expectations, but this site struck me as being really bad assed for a lot of reasons from the moment I went on check out to returning back to my account page.

For starter they use the CCavenue.com payment gateway. Okay, now that's technically not their fault, but I have had bad experiences with CCavenue. And not just me, a sizeable crowd gets turned off from shopping on sites that use this gateway. They are impossible to deal with, they have a dysfuntional customer service department and refunds is one hell of a procedure. I've been screwed by these guys once, and I avoid them as much as possible.

No feedback when the site makes all those ajax calls. Seriously, how hard is it? throbber.gif is a Create Commons licensed image, and all you have to do is show that gif when the site is busy making some AJAX calls.Either that or make sure that they run in less than a second. You don't have to use the throbber, but for frak's sake, show some line of text when the user clicks on something. Something as simple as processing...

I ran into this problem showed when I was about to refer some friends. I clicked on submit and nothing happens. Impatient, and knowing that I have a lousy mouse button, I click again. And again for 5 times. I finally got a popup by that time, and the next four in quick succession. Turns out that the website sent everyone 5 mails, each with a different invite code. Wow! That's a hell of a discount. The invite box disappeared at that point, but I am pretty sure it's a div with style:visible=hidden. If I wanted to generate more codes, all I had to go was to enable firebug and keep changing it at will. Which brings me to my next point.

Intrigued by this, I did a view source on the page. The entire coupon generation thing was on the client side. Really, I am not kidding here. Sure it's a cheap way to save some processing power on your website, but do you as a website really want to expose that to your customers? I'll be frank, I am a cheap bastard, and if you give me your coupon code generator in your javascript, you can rest assured that I'll be using one every time I make a purchase. And obscuring it isn't really that hard. I have the js around from the landing page which I am not posting here for obvious reasons ;)

I use random word at [my_lj_userid] dot com for all promotional email and signing up to sites. And while passing coupons to friends that don't have a domain name of theirs, I use userid+myntra@gmail.com to avoid them being spammed in the future. All the custom domain email got delivered while every single invite to gmail wasn't sent at all. My roomate checked him junk folder, trash etc.. and there wasn't a trace of the invite. The culprit I am sure is a broken email parser. This one beats me. There are a lot off-the-shelf parsers for literally every language. I am pretty sure it's a broken regex for emails. For crying out loud, all those were valid RFC compliant email addresses, where did those invites go?

So, while doing all this I had refreshed the landing page once. That sent me another confirmation SMS. Did these guys seriously take my order twice? Don't you for example, um check the status of the order in your database before sending out a confirmation message?

Which brings me to my next point. The only people who avoid transactions are in the MySQL land. Because well, transactions don't always roll back smoothly, and if something screws up you end up with a data loss.Or wose, corrupt data.  I can't speak of more recent developments, but I've had to cringe a lot in my last job where I had to manage a 4.21 database and it's slaves. Seriously, I don't think anyone in their right minds would use MySQL for storing any sort of financial information. Okay, I am just guessing and border line trolling here, but I am ready to bet the backend is a MySQL db.

To be fair, the site does look good, and it has a lot of good stuff at decent prices. Yet, I am not fully convinced I want to do the whole ritual the next time I go on a shopping spree.
7th-Apr-2009 01:35 pm - openwrt first impressions
The first time I tried to install openwrt was on the Dlink DSL-502T. This router is reasonably well supported on openwrt, but in the process of juggling between instructions on two different wiki pages, I managed to convert that into a paper weight. The problem was partly my fault, since I took the standard AR7 firmware on the download page,  modified the headers and pushed it out via tftp without reading more on the nuances between 502 and 620-t. Nevertheless, the experience stayed with me, and was a good reminder on how not to do things. The good thing from the experience was that Airtel broadband replaces routers no questions asked. The bad thing? I now have to make do with a Zyxel modem that doesn't have enough horsepower to do PPPoA standalone. It's bridged with the wifi router, that PPPoEs out thankfully.

In recent times, I've been frustrated with the inability of the linksys default firmware on the WRT150N to do basic things and decided on giving openwrt another go. This time, things were smoother, and the router came back up after a reboot, with no quirks. I quickly restored the functionality I already had. Stuff like adding static leases in dnsmasq for my home gear (and there are a ton of them), dyndns updates using ddns-scripts, blacklisting ip addresses into a blackhole vlan. The blacklisting part works great, the sad part is that I never got to see their faces when they see that can now connect and don't have access to any place at all. The next phase is to goatse (warning: nauseating link) them by having all requests do an HTTP redirect.

I run an open ap, and I don't mind my neighbours leeching as long as they maintain a basic civility about it. Asking Indians to uphold manners is a tough deal, and I am happy that traffic shaping works great in linux. This was my primary objective of moving to openwrt. The stock firmware uses HTB/tc to do shaping, but does not give me control other than the stock idiot-proof options. Installing qos-scripts was a snap, and thankfully it had all the options that I wanted. The more I think of it, I can't understand why all router manufacturers don't enable QoS by default. It's extremely advantageous, and John Doe will be thankful for the percieved improvement in speeds.

Now, why do I like openwrt so much within the first two days? First ssh access. I can now sanely backup my configs via sshfs/rsnapshot and go back and forth in time if I need to look up something. It also theoretically makes upgrades a snap, and configuration is more easier when I can vi and sed.

Two, dnsmasq and and the ability to edit the hosts file. Sounds silly, but now I don't have to rely on multicast and zerotouch to do dns, an approach which doesn't work on the company windows laptop.

Three, QoS. Traffic shaping makes the network look more responsive to others, while I don't have to worry about throttling down bandwidth hogs. I can finally leave all of these tasks running full day long, without having to think much about it.

Four, vlans. Well, vlans are part of the standard firmware too, but that's where it ends. The stock firmware does not allow me to edit them, or prioritize traffic on it in any way. All this despite the fact that it has to do vlan based magic (?) whenever it changes most network settings. Having direct access to them in a joy, and it allows me to do funky stuff like isolating the network gear from the rest of the lan/wlan.

Five: Direct access to iptables, and the init scripts. The hardware that connects to the ap/lan from my home are all assigned static leases in a network. All external clients will now get assigned a lease from the pool. I've also set iptables rules to prevent external users from accessing the internal network (Note to self: Punch a hole for the dude who connects to the DAAP server). Also, I've classified all traffic from this network as neighbour, and throttled it all the way down, lesser than the priority of the bulk classification. Now, the bandwidth will be prioritized for all hosts in the internal zone, and the neighbours get the leftovers. All this work, because some morons do not understand the meaning of "openap; torrents -> blacklist" while connecting. This brings me back to the goatse idea, I love it the more I think about it.

This is not to say there aren't annoyances. The config format took some time to get used to. There's still no support for draft-N (this isn't that much of a deal breaker for me, because the only hardware that runs it is now turned off for most of the time), and the firmware doesn't have access to all the leds. I haven't had the need to upgrade yet, but I won't be surprised if it's a PITA.

All in all, I am very satisfied with openwrt. And the WRT150N is a very powerful machine. It's got a 266 Mhz CPU that's good enough for all the heavylifting needed for iptables, and it has 8Mb of RAM (something which you don't find so easily in most hardware available today). If you're looking to buy one, be careful to look for the V1 routers - the V2 doesn't run openwrt AFAIK.
After the disastrous death of the Shures, I've just gotten my replacement phones, the Nuforce NE-8. They've hardly been burned in yet, but right out of the box they sound awesome. In fact, the best IEMs I've ever heard. The sound separation is much better than the Grado SR60 (now that's a first for me), and is very noticeable even to an untrained ear. The high end is really there and visible but not harsh or jarring. The mids are also sweet, and the vocals slightly subdued gives it that classy touch. The base is the best part - it's there all the way down to around 30Hz and is not boomy like the Sonys or to an extent the Shures.

I've been trying to find fault with these babies, and it's very hard. The soundstage is slightly less grander than the Grados, but the better quality of the sound makes up for it. I've been toying around with the double flange replacement ear tip - the sound is more natural with it on. Time to go back to rehearing my music - if you're ever on the lookout for replacement IEMs, I'll highly recommend these.
So, I was having this balcony discussion today evening with ti22  on the need for a headphone case. I never saw the need for one, since I always have my earphones plugged in or lying on my desk. The argument went on for a while and then died down. I totally forgot about it and went back home in the cab. While getting down, I didn't notice that my earphones were unplugged and hanging out. It got stuck in the cab's door and the cabbie went on ahead unaware of it. I managed to call him and get him to come back, by then the damage had already been done. The headphones were all muddy (in the literal sense) and soiled and the rubber buds are useless. What's worse - it seems like the right phone got a tyre treatment. The plastic casing has cracked out, and I can see that the wires are shaky. It still plays decently (wow!), but now I'll have to hunt for my next set of phones that'll set me back by 50 - 100$. Just on the day before my vacation. Life sucks. And i hate you Murphy, whoever you are.
13th-Feb-2009 09:38 am - World's most priciest RJ45 cable?
wowI stumbled upon this really awesome proprietary ultra premium Denon Link cable while looking for a Denon headphone. It's really just a simple cat-5 RJ45, it's not even cat-6. And it's available for a bargain price of just $499! For those lazy to read through the link, here is what Denon has to say about it:

Denon's 1.5 meter (59 in.) proprietary ultra premium Denon Link cable was designed for the audio enthusiast.  Made from high purity copper wire and high performance connection parts, the AK-DL1 will bring out all the nuances in digital audio reproduction from any of our Denon DVD players with the Denon Link feature connected to a Denon Link enabled Denon A/V receiver.  The AK-DL1 employs high level tin-bearing alloy shielding not typically available in commercial cabling, to eliminate data loss caused by noise.  Additionally, signal directional markings are provided for optimum signal transfer.  Attention to detail when building this cable was used by employing high quality insulation and woven jacketing to reduce vibration and to add durability. Rounded plug levers help prevent breakage.

Hey it even comes with Downloads and manuals, in case you get stuck installing it.

Update: I recently read in another blog post that this cable has an Amazon detail page. Is it good? If you thought the Tuscan Whole Milk were golden, wait until you read some of these reviews posted for Denon. It's hard to pick a favorite from many of those gems, but I am leaning towards this review, and the 4 pages of comments posted. Yes, 4 frikking pages of nerd jokes.
1st-Feb-2009 05:09 pm - kde 4.2 rocks
I am barely 30 minutes into it, and it's a much better improvement over kde 4.1. This feels like a desktop env!
26th-Jan-2009 07:07 pm - 2600 classic working with isync
I am riding on the success of converting an ATA into a paperweight in less than 2 days after I bought it that it's surprising something works. It's surprising that this "hack" to get the phone working with iSync wasn't that complicated. James Lloyd has a page where he has listed the changes needed for most Series 40 phones. The hack there extends a base plugin for S40 3rd edition, and does not work for later revisions. (^F in the comments give a lot of frustrated users). For my reference, I had the information that the 8800 is a supported phone on iSync, and that uses the same version of S40 as my phone.  A little more googling revealed this howto for writing iSync plugins. Firing up the isync plugin maker, I got the GMI and GMM in less than a minute. a s/8800/2600-c2/g job on the relevant lines gave me a working support! Contact and Calendar syncing works now, and I haven't run into any problems. Now lies the much more daunting job of keeping my Yahoo contacts, Gmail contacts, Plexo and OSX address book in sync. Just so that I have a backup of my changes in the interwebs, here's a copy of the modification I made to /Applications/iSync.app/Contents/PlugIns/ApplePhoneConduit.syncdevice/Contents/PlugIns/PhoneModelsSync.phoneplugin/Contents/Resources/MetaClasses.plist

                <string>Nokia+Nokia 2600</string>
                <string>Nokia+Nokia 2600 Classic</string>
                <string>Nokia+Nokia 2600c-2</string>
                <string>Nokia+Nokia 2600</string>
                <string>Nokia+Nokia 2600 Classic</string>
                <string>Nokia+Nokia 2600c-2</string>

If you have a 2600c and you're looking to get it working with iSync, I'll be interested in hearing your success. Heck, if there's demand, I can create a dmg wrapping up these changes.
4th-Jan-2009 02:52 pm - The art of password management
If you're anything like me, once upon a time you've religiously kept using strong passwords. A different one for each email provider, mixing alphanumerics with symbols. Every password you've created was immune to dictionary attacks and virtually unguessable. Even if someone got hold of one of your passwords, the vulnerability was limited to just that account. The problem? I have 34 accounts (no kidding!) that I regularly use, and no frikking clue on how to manage them. It never used to be this way. I've tried password managers, from the windows versions to kwallet, java versions etc.. Kwallet stuck with me the longest, mainly because at that time, my only desktop was a linux machine. Since then, I've been using a very mixed environment regularly switching between a mac, a gentoo box, and the company's windows laptop. Recently, I've thrown an N810 to the mix, and now I've got a huge problem with my lack of a good password manager.

My solution for this distributed system has been very crude. I've stored my password in a plain text file on my webserver, added an .htaccess to prevent anyone else from accessing it and download the file via ftp whenever I need an obscure password. Yeah, truly a hack job. But it worked because there were no good alternatives at that time. Now when I look back, that was the point where it started doing downhill. Opening the password file became very complicated that I started using it less and less. To counteract it, I'd started keeping categories of passwords. One common password for all my bank accounts, another one for all my email accounts, another one for social networks etc... On most places my id has been sarathmenon, so it's still a simple enough strategy. It went on fine for a while, until I've noticed more complications. Some places started adding complicated restrictions in the name of security. My classic example is hsbc.in. They demand that the userid have numbers to prevent dictionary attacks. The number can't be at the beginning or the end and has to be in the middle somewhere. Great, now I have a new userid to remember. The problem doesn't stop there. They require me to avoid symbols in the password. For yet some explained reason, it improves security, or prevents babies from being murdered somewhere. That was a complication because now I have deviated from my self imposed standard. Soon paypal joined that list, along with a lot of other sites.

My password generation has been a very simple one. I take two series say, one is a list of car manufactures and the other would be the model numbers of motherboards I've owned. Now, I mix both and generate a password. eg. ferrari82i810 or porscheM2NMX. Swap a few characters for their equivalents in symbols and there you go. Now I end up with a f3rr@ri82i810. That's good enough for those sites that demand that I change my password recurrently (hint: office), with a series that's good enough to go for an entire year. Its mostly invulnerable to brute force attacks (well not as much as fully random passwords), and convenient enough for me. But I've noticed more and more that with more and more sites demanding me sign up, I've had to start different series for each one. Nothing short of a full blown password manager will cut it for me. I've been spending time searching for a good enough solution to this mess, something that's secure and still convenient.

My main criteria has been (in the order of my needs):
  • Open source only. If you don't trust me with your source, I am not going to trust you with my passwords. I don't mean to fully audit the source, but having the source available is always good if I want to check how they do security. Plus some bright mind somewhere would have written something good about their algorithms.
  • Actively developed. I am not clamouring for a new feature every week. Every program has some bugs, vulnerabilities get discovered every now and then. The program should have a good development team, that's receptive to constructive criticism and a competent enough team to fix bugs as soon as they appear.
  • Cross platform. This is absolutely a must. I use 3 different OSes. I also use 3 distros of linux across three different processor types, it should work on every single one of them without much mucking around.
  • Popular. It should be widely used, so that there has been enough guinea pigs before me ;) I don't want to be the person who tries out their arcane features for the first time, and sees that it bombs out horribly.
  • Good track record of security. I don't want something laden with enough holes to let a Hummer pass through. It does only password management, and should do it well. The lesser security holes ever discovered in the program, the better.
  • Distributed Architecture. I could be out on shared computers, I could be on thin clients, I could be on the moon using an Eniac to check my mail. I want password management for my online accounts, so I want the manager to be available online also. Having the database available online also works for me, but whatever it is should be secure enough.
  • Easy to use. Yeah, ease of use. I am not looking for an experience similar to opening konqueror's settings. There should be no monkeying around with thousands of checkboxes to save a password. If it can seamlessly integrate with my online life, more power to it.
That's a long list there, but having one ready made my search a lot easier. The list of good enough candidates quickly narrowed down to a few: KeePassX, Firefox's password manager with a master password and google browser sync, PassPack, Clipperz, Password Gorilla. Kwallet, Gnome's password managers like revelation were struck out because they aren't cross platform. Passpack wasn't opensource, Password Gorilla is clunky and made in Tcl/Tk (Why haven't you died yet?), Firefox's password management is well, encrypted in a plain text algorithm... A wrapper around gpg isn't an option, nor is pwsafe.

That left me with KeePass variants, and Clipperz. I am very hesitant of storing something in the cloud, when it comes to sensitive information. I don't want someone else's screwup to affect my life. KeePass on the other hand is easy to use, stores any amount of random data, and has clients available for all platforms (except maemo). Reading up more on Clipperz, I got more hooked. They supply all their javascript in one file, which is checksum verified on the client. Every password that the client stores is hashed locally with the passphrase. They store data on the server with AES. They themselves don't have a way to reverse engineer someone's key and the more I read their blog I liked their thoughts on security. Clipperz can run on the google cloud or my own servers. Their model is such that they don't trust the user and the user doesn't trust the server. Encryption happens on the client side, and the hashed password is sent out the server. They have open sourced their javascript based crypto libraries. Their UI also can store form details for the username and password, so after I login to their site, it's a one click login to all my online hangouts. All said, I am sold on clipperz. The only drawback is that the javascript heavy site is very taxing for maemo. But when I look at KeePass, I won't have an N810 client anyway, so they are pretty much on the same page.
This page was loaded Oct 26th 2016, 11:15 am GMT.