Profile cover photo
Profile photo
Sitaram Chamarty
571 followers -
...one more monkey
...one more monkey

571 followers
About
Sitaram's posts

Black day for privacy in India, among many other things...

Our own "papers please" implementation, "Aadhaar", is as of today mandatory for pretty much everything.

The supposed objective is AML (anti-money laundering).

During last November/December's demonetisation exercise, there were dozens of reports of low-income people suddenly having lakhs (lakh == 100,000) or more rupees credited into their accounts, and they had no clue. Basically, what we know as "money mules", this time with a banking twist instead of being "cash".

In other cases, people with hoarded cash paid their minions 50,000 each (the upper limit of how much an individual could deposit without risking an audit), presumably to be collected later.

Mandating Aadhaar does not make any difference to these tricks ; in fact, it's even better: the risk to the mule is much higher now, because it's his biometric that was used!

Crime (and politicians -- don't kid yourself that organised crime runs without several politicians being paid off) and terrorism (Pakistan's ISI, mainly) will adapt. They have lots of incentive to do so, and there's no shortage of poor, illiterate, people who can be coerced or incented to be their "Aadhaar mules".

That's one side of the problem. The other side is biometrics.

I've said in the past that once the rewards are sufficiently high, the biometric arms race (the ability to fake biometrics versus being able to detect/defeat them) will heat up. Already, the Samsung 8 iris recognition spoof has shown the way forward for one part of the problem. I am pretty sure that, soon enough, only the integrity of banking officials will prevent a bank account from being drained at will by crims.

Not that this couldn't happen before, but perversely, the ease with which a hand signature could be forged was some protection -- at least you could complain, sue, etc., with some chance of getting your money back.

Now, if they claim your biometrics were there, you're toast. Whether you were there or not!

Just like with the increased risk to mules... Aadhaar works against the victim. In fact, someone has said (I'll update once I find the URL) that "Aadhaar doesn't protect you in any way; it only protects the government from you". Or words to that effect.

Finally, so far we're talking about the non-scalable, targeted, attack model. Wait till someone figures out how to automate that -- which will happen as soon as the aadhaar database gets stolen! (And if you don't think it ever will, you haven't been following infosec news lately.)

from https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/

> You are probably thinking you’re too smart to fall for this. It turns out that this attack has caught, or almost caught several technical users who have either tweeted, blogged or commented about it.

Yes yes I am. Totally. And I don't know how you can say "technical users" if they're not using IMAP and mutt to access gmail.

Which -- needless to say -- would never have fallen for this trick. It'll show up as an image in the "Attachments" menu.

I need help with g+...

Some of the communities I am part of have some people whose posts I don't want to see. "Mute profile" does not appear to have done the trick. "Block..." is for them not to see what I write (which I don't care about).

I'm not sure what else to try; any ideas?

The following text went into a comment on a thread that is only tangentially related. I rarely wax eloquent these days, so I thought I should put up the same text here, if only so that I can find it easier next time I want to point someone to it.

This was in response to someone complaining about the quality of English in a technical article about installing and using telnet (a far bigger crime than bad English, IMNSHO).

The "last sentence" referred to was "write in a language you're comfortable with".

----

In principle, I agree with you, but in practice, that's pretty low on the list. I am an Indian, and I've never gotten used to reading text with the kinds of errors you describe (you're spot on by the way). It's more like I've learnt to live with it, and to pick my battles.

As to your last sentence, impossible for most Indians. Unlike Europe, technical education in India is strictly English, AFAIK. We'd be hard-pressed to come up with words for all the concepts involved -- we'd constantly be creating long, cumbersome portmanteau words to fill the gap, or simply use the English words, transliterated.

And with 22 official languages, the Balkanisation of technical literature -- if people did what you suggested -- would be a huge problem in and of itself.

I'm afraid you'll just have to live with my compatriots' writing style. Believe me, I've tried being a Henry Higgins of the written word -- it doesn't work.

"Use proper English and you're regarded as a freak..." ring a bell? That was me until I gave up.


Post has attachment
So... I've been using this aliasing system I wrote for a year or so now -- you'll find it at https://github.com/sitaramc/active-aliases -- and I recently fixed it up some more, cleaned up the documentation, etc.

Over all this time, I've also tried to find any similar projects, but could not. I'm a little surprised about that so... here's the question: does anyone know of other projects similar to this? I'm looking for "food for thought" :)

If you don't want to go to that site and glance through the README, the TLDR is that it's a way of writing command/argument/option parsers for shell in a cascaded fashion -- the command that the user typed keeps morphing to a new one based on a list of pattern matches, and finally what remains at the end gets executed.

I've always tried to make sure I don't land up in echo chambers (specifically, read only what support my side). I think I mostly succeeded (except perhaps ... umm never mind).

But what happens when the echo chamber you're trying to make sure you're not trapped in, essentially covers all the shows you watch on youtube (and since you live in India, you don't get Fox "News")?

I see a disturbing parallel, at least in their acceptance of reality, between Trump and Kim Jong-un.

Prediction: within 6 months Trump will be taken as seriously as we take Kim Jong-un's statements and claims.

One of Stephen Colbert's best lines is when he lampooned GWB at a White House Press Correspondents' Dinner. He said (quoting from memory): "This is a president who believes Wednesday what he believed on Monday, regardless of what happened on Tuesday".

I find myself longing for the days of GWB as president. At least GWB's reality was defensible on that apocryphal Monday!

Post has attachment
https://www.wired.com/2016/12/never-ever-ever-download-android-apps-outside-google-play/

what rubbish! f-droid.org is perfectly safe, arguably even safer than the official playstore because it warns against non-free addons, non-free network access, and so on.

There are two kinds of people in this world.

Those who think having the last word means they won, and those who merely got tired of arguing with an idiot.

<sigh>

http://www.theregister.co.uk/2017/01/05/russian_convicted_hackers_work_for_gov/

I regularly use "TPFCC" (taxpayer-funded cyber-criminals) as a collective abbreviation for organisations like the NSA in the US and similar organisations in other countries. I only meant that the organisation was criminal.

Is it any surprise then that Russia seems to have taken that one step further and started recruiting actual criminals?

TBH this kind of thing has been happening for years. It is probably justified when applied to specific individuals with very specific/specialised skills (like that "Catch me if you can" guy whose name I can't recall), but this is much broader than that.
Wait while more posts are being loaded