Summer of 2014

I am back home for summer, after a year-long internship in Northern England. Now I am looking for accommodation for next year, while catching up on university work that...I probably need to catch up on, to be ready for next year. It is probably a bit sad that this is my last real summer holiday, and I have nothing planned for it.

I found a news article from Birmingham Business School, titled "MSc Investments student among winners of the Credit Suisse IT Challenge", dated 9 June 2014 (Wayback Archive). Who might be the MSc Investments student mentioned? That would be me, who am not even a student of the School in question. Not that I am complaining too much for having a positive article written about me. I am actually very happy about it. I was also congratulated on Twitter by the School of Electronic, Electrical and Computer Engineering (a student at which I am not), though they did not claim me as their student.

I also found out today that some Wikipedians had an RfC and banned archive.is links on Wikipedia because the company owner made an unapproved bot to automatically add archive URLs in references, even though, according to the RfC, it did not prioritise archive.is links over other services. It is not good when a group of editors do this, disregarding the problems such a ban would cause for the project, which suffers from link rot, and for the editors, who either have to spend their time finding alternative archive sources, or have to remove verifiable information from articles because other archives do not exist for the references with dead links.

I was working on a few articles on Wikipedia from the colonial era, and some about feudal Kerala, and I noticed that I spend a lot of time on references, finding them, summarising them, and even formatting them using the templates. It might be worth it to look at some of the existing reference formatting tools, and modifying them so that they are more useful, and suit my needs, and those of other Wikipedians, better.

Compromised trusted webspace: Phishers hack Georgian government website

Checking my e-mail today, I saw that I had a message claiming to be from Santander, regarding my Internet banking account. Now, I don't bank with Santander, so I knew instantly that it was a phishing e-mail.

Here it is (click the image to see larger version):

Phishing e-mail sent to me

I hovered the cursor over the link and saw that the website linked was on the Georgian government's domain! Expecting the issue to have been resolved already (that is, the authorities removed the malicious content), I clicked the link. Instead, it took me to a page which then redirected me to a phishing page resembling Santander's website.

The page is on Google's blacklist, but Internet Explorer still opens it without any warnings. The address of the part on the Tbilisi website is as follows.

URL of malicious file on tbilisi.gov.ge

The source code of the malicious website comprises of just four lines, and redirects the victim to another website (click for larger image).

Source code of file on the infected site

The website that actually hosts the phishing page, finca-agroturisme.com, is a Catalan website that also appears to have fallen victim to the hackers. Literally, just now (as I was typing), the infected page was removed from the finca-agroturisme website. Hopefully, this means that the admins discovered the hackers' attack and removed the malicious content. Unfortunately, the material on the Tbilisi website is still there., so I will try to contact the webmaster to notify him or her of the problem.

Compromising a government website is a cunning strategy, indeed. People trust the government in general, at least not to steal too much of their money, so phishing using a government domain would probably induce the victims to let their guard down. Government websites get hacked all the time, but this is the first time I've seen one being compromised by phishers, as opposed to groups like Anonymous.

Happy New Year 2013

The new year is upon us. 2012 has passed. The universe hasn't been blown up. Happy New Year.

Christmas was good, and I got a shiny new laptop as a present. Now it is almost time to go back to university, so I better get started on that homework that's due on Monday.

What I did last summer

Not having been able to secure an internship in the first year, I was very happy to have been offered a position at Sublime Software as a developer for the Briar project in the summer of 2012.

The Briar project is an open source, invitation-based, secure news and discussion platform to help people in countries where communication over the Internet is monitored. It is meant to help democracy and civil rights activists, as well as journalists. It can make use of Bluetooth connections and similar networks, aside from the Internet. You can read more about it by clicking the link above.

Dr Michael Rogers of the Briar project assigned to me the creation of a cryptographically secure pseudorandom number generator. Java already includes a secure pseudorandom number generator, SecureRandom, but it depends on the implementation. Briar needed a reliable, deterministic random number generator, so I was assigned the job of implementing Fortuna, a CSPRNG created by cryptographers Bruce Schneier and Niels Ferguson. Fortuna is named after the Roman goddess of luck, who is also commonly referred to as lady luck. The book that I used for help is called Cryptography Engineering: Design Principles and Practical Applications.

I created three Java classes to implement most of Fortuna's functions. First was the deterministic generator, which used SHA-256 and AES. The second was the accumulator, which accumulated entropy and used it to seed the generator. It also contained methods to read and write seed files. The third was a class which actually collected entropy from various sources and sent it to the accumulator. This part would run as multiple threads, each thread collecting data from different sources (such as the keyboard, or /dev/random on Linux), and when it had enough data, it would send it to the accumulator. One of the sources was the RDRAND instruction on Intel's Ivy Bridge processors; I used inline assembly in a C class to make use of Intel's random number generator, and linked to it from Java.

Working on the Briar project was a great experience; I was already interested in cryptography, having taken part in the National Cipher Challenge twice, so this experience made me even more interested in the field. I am currently taking an online course on cryptography on Coursera, taught by Professor Dan Boneh of Stanford University.

Other than that, I started learning to drive, which I might  post about in the future. From December onwards, car insurance providers will no longer be able to discriminate against men, so driving might become feasible. I doubt it, though. I can't think where I would want to drive to, that I cannot get to by train or bus conveniently.

My first impressions about Google Drive

As a prelude to the impending reformat I have been putting off, I decided yesterday to organise, to an extent, my files. I started categorising them and put them into the right places of the directory tree that I created inside Dropbox, so that my all my files would stay synchronised all the time. Now, this is not the first time I have attempted this. I remember doing something similar in 2008 on my old 333MHz computer, even downloading a Total Commander-like multi-panel replacement for Windows Explorer. I tried it again with my external hard disk some months ago, after I switched from Windows 7. I think there may have been other instances, but I can't recall them immediately. Anyway, this time, I hope to stick to the structure so that I don't have to go through this sorting and re-sorting process all over again. At least not in the near future.

While I was organising my files, I recalled my files that I had stored in Google Docs. Some of those files belonged in the organised folder structure that I had created. So I downloaded Google Drive, and after some testing, nested its folder inside my Dropbox folder. My rationale was that I would keep my most frequently accessed or edited documents in the Google Drive folder so that I may view and edit them from the university, and move the more infrequently accessed ones outside it, to wherever it belongs in Dropbox. While I was doing this, I noticed that most of the files inside the folder were associated with Google Chrome, rather than a local word processor; further investigation revealed that the files in question had a .gdoc extension.

"How convenient", I thought. Now I would be able to open the documents straight in Google Docs, and if I needed to, I could probably open them up in another office program. I started moving some of the .gdoc files to other locations in my Dropbox folder, outside Google Drive. Out of curiosity, I thought I would check if these files really would open in other office suites. If not, I could just open them in Google Docs and export them to the format I needed them in. I dragged the file into OpenOffice.org Writer, revealing the file to be merely a link to the document that is actually stored on Google's servers. That's right. The file contains a line of text which identifies that file, and Google Docs opens this file from Google's servers. Your actual file never gets stored on your computer. Note that this is only for files in Google Docs' format. Files in formats, like PDF, do get downloaded and can be opened in your local PDF viewer (which, ironically, is Google Chrome, in my case). Anyway, when the link files are moved outside the Drive folder, the Doc gets moved to the Bin in Google Docs. I found this rather disappointing. I had hoped for a system where I could save a file into Drive and edit it in Docs and local office suites without having to convert between formats. I have exported the files I needed to take out, to standard formats now. Docs integration was probably the biggest thing about Google Drive for me, but it has turned out to be little more than clever shortcuts.

Second year exams

It's that time of the year, again. Exams. Exams everywhere.

My first exam, on the pure mathematics module, is tomorrow. I have done little revision, though I am trying to make the best use of what little time I have left...by writing a blog post, of course.

I am fairly confident about part B, involving complex numbers. Now, that's either because I know the material reasonable well, or it is because I have no idea what it is about, and I'm deluding myself. Part A is slightly (and by slightly, I mean, significantly) harder, and deals with real variable theory. A bunch of stuff about limits, continuity, Rolle's Theorem, and other stuff I haven't even got to, yet. I will really need to put a lot of effort into this, if I am to achieve a respectable mark for this module. That may mean I have to make a few cups of tea, tonight.

A Wikipedia banner ad for a paid survey?

In the early hours of today, while researching Yippies on Wikipedia my report for the Communication Skills and Professional Issues modules, I stumbled upon a banner that was quite different from the usual "personal appeal"s.

Banner ad on Wikipedia for a Harvard public goods game

"Please help advance research", it said, "with a quick interactive online experiment". Sure, why not? I clicked the banner, and it took me to a website, which told me that I would be paid at least $10 for my participation. How nice of them. I continued to the survey, and was delighted to find that it was a public goods game. I had learned of these from the Behavioural and Experimental Economics module while writing notes for a student, and I was happy about the opportunity I had received to actually take part in such an experiment, and perhaps utilise some of what I learned in the module.

The first round had three or four members contributing some part of their $10 allowance. I decided that since I was given this money for no other reason, I might was well be trusting, and contribute. I think I contributed $9, as did another member. Someone else contributed a mere $3. I got $13 in total from that round. Another round had an ultimatum game. I split the cash 50-50, which turned out to be the minimum limit the other participant had set. Yet another round had a rather interesting game that I do not recall encountering before. It was one where I could transfer some amount from my $10 allowance to the other player. This amount is tripled when they receive it. So if I transfer all of my $10, they get $30. I transferred $7, and correctly anticipated a return of $10. So they got $11 and I got $13.

There were also a few other rounds about splitting money, and finally some questions about how much I trusted the participants and the surveyors. I expected a punishment game, but there were none, unfortunately. Anyway, I got $23, $2 of which I donated to the Red Cross, and $1 to the Wikimedia Foundation, keeping $20 for myself. It was really interesting to take part in the survey, and it's nice to have been paid for taking it. Thank you Harvard, Sciences Po and Wikimedia!