Monday, January 18, 2010
Wednesday, January 13, 2010
Privacy is more and more a concern
I was really taken aback when I read this news this week that the Facebook CEO says "Privacy is no longer a concern" and that "sharing information online is the new social norm"! I'm shocked and I'm not sure if he really thought of anything more than running his own business successfully. I think the reality is "social networking is the new norm and privacy is becoming a concern more and more. Facebook/Orkut should ensure privacy of the information".
That said, I do not under-estimate the complexity of the problem they have on hand. It is not as easy as it sounds (if it did). Bringing up literacy on -- privacy of confidential information, the way the data leaks, do's and dont's, is more than difficult in reality. The fundamental problem as I said earlier in one of my posts is that, the users are mostly common men. No one can blame them; there are many such cases in real life. I still drive my car without knowing how a Common-Rail-Diesel-Engine (CRDI) works -- but there I never had/have to. Hmm, that's not the case with the Internet.
I see so many issues around with more and more social networking platforms coming up with more and more vulnerabilities. Sure, the social networking sites provide a means to collaborate and share info; but how many of us ensure that the info we share reaches "only" the people we intend to share with!! and that's where the problem is. There is so much private info shared all over these sites, that I bet, you can unlock one (out of say 200) of your friends' mailbox using 'forgot password' feature just by visiting their profile. We can't blame the email providers, as if they go any stricter than this, the actual user doesn't remember them too to recover his own password! Still, the email providers are forced to come up with more and more security options. If this is the case with a mailbox, imagine banking!! omg! Don't be surprised if you are asked with a security question like 'who is the best friend of your father-in-law's second sister's husband?' ;)
People are so happy to have more and more online friends. The "count" is all that counts. What they don't think about is that, people whom they don't know are also going to be treated equally with their best friends in terms of sharing info. Sure, the websites offer granularity and options to group friends and control the privacy settings. But how many know it / use it? Not many. Apparently, the ones who are consciously handling the privacy settings are the ones who share the least already! And all this does not happen consecutively for someone to remember. I might add 5 friends this week and I might end up sharing a confidential information after 6 months. I may not remember that I had those totally "online" (and possibly virtual) friends, but they now have the info that I don't want them to know. In spite of the websites (like facebook/orkut) warning the users, it is difficult to enforce this. Users are mostly in a hurry to share and go read what others have shared. At some point, the users only look for an easy way to get rid of that popup and get back to business -- unfortunately defeating the whole idea of those warnings!! but that's reality. Sometimes I feel really odd when I see the privacy setting for 'friends of friends' -- this doesn't make sense to me at all. In spite of you being extra careful on sharing info, this might just screw up the entire deal. To me, a friend of my friend should belong to 'Everyone'. In security, one should consider the worst case as default.
I've read and also realized that there is a lot of encroachment happening into the privacy of the individuals without they knowing about it. It seems there is a concept catching up called 'virtual friends' wherein, bots (computer programs) try to create friendships with unknown people. There was also a study that says many people have the tendency to accept unknown online friends. I can tell you that recently the number of friend requests that I get on both orkut/facebook have increased and believe me, I don't know most of them. With more and more real people having funny names on their profiles, it is obviously getting easier for bots to deceive us. I might have rejected some real friend requests because they sounded abnormal. Maybe someone (or many) somewhere is making the grounds; silently gathering info; or waiting to.
and someone out there says privacy is no longer a concern!! hmmm...
That said, I do not under-estimate the complexity of the problem they have on hand. It is not as easy as it sounds (if it did). Bringing up literacy on -- privacy of confidential information, the way the data leaks, do's and dont's, is more than difficult in reality. The fundamental problem as I said earlier in one of my posts is that, the users are mostly common men. No one can blame them; there are many such cases in real life. I still drive my car without knowing how a Common-Rail-Diesel-Engine (CRDI) works -- but there I never had/have to. Hmm, that's not the case with the Internet.
I see so many issues around with more and more social networking platforms coming up with more and more vulnerabilities. Sure, the social networking sites provide a means to collaborate and share info; but how many of us ensure that the info we share reaches "only" the people we intend to share with!! and that's where the problem is. There is so much private info shared all over these sites, that I bet, you can unlock one (out of say 200) of your friends' mailbox using 'forgot password' feature just by visiting their profile. We can't blame the email providers, as if they go any stricter than this, the actual user doesn't remember them too to recover his own password! Still, the email providers are forced to come up with more and more security options. If this is the case with a mailbox, imagine banking!! omg! Don't be surprised if you are asked with a security question like 'who is the best friend of your father-in-law's second sister's husband?' ;)
People are so happy to have more and more online friends. The "count" is all that counts. What they don't think about is that, people whom they don't know are also going to be treated equally with their best friends in terms of sharing info. Sure, the websites offer granularity and options to group friends and control the privacy settings. But how many know it / use it? Not many. Apparently, the ones who are consciously handling the privacy settings are the ones who share the least already! And all this does not happen consecutively for someone to remember. I might add 5 friends this week and I might end up sharing a confidential information after 6 months. I may not remember that I had those totally "online" (and possibly virtual) friends, but they now have the info that I don't want them to know. In spite of the websites (like facebook/orkut) warning the users, it is difficult to enforce this. Users are mostly in a hurry to share and go read what others have shared. At some point, the users only look for an easy way to get rid of that popup and get back to business -- unfortunately defeating the whole idea of those warnings!! but that's reality. Sometimes I feel really odd when I see the privacy setting for 'friends of friends' -- this doesn't make sense to me at all. In spite of you being extra careful on sharing info, this might just screw up the entire deal. To me, a friend of my friend should belong to 'Everyone'. In security, one should consider the worst case as default.
I've read and also realized that there is a lot of encroachment happening into the privacy of the individuals without they knowing about it. It seems there is a concept catching up called 'virtual friends' wherein, bots (computer programs) try to create friendships with unknown people. There was also a study that says many people have the tendency to accept unknown online friends. I can tell you that recently the number of friend requests that I get on both orkut/facebook have increased and believe me, I don't know most of them. With more and more real people having funny names on their profiles, it is obviously getting easier for bots to deceive us. I might have rejected some real friend requests because they sounded abnormal. Maybe someone (or many) somewhere is making the grounds; silently gathering info; or waiting to.
and someone out there says privacy is no longer a concern!! hmmm...
Tuesday, January 05, 2010
Various video interfaces and their qualities
There are so many types of video interfaces (ie., cables) that we come across every other day and not everyone understands what they are. It is essential to understand them, so we can use the best option that we have. There is definitely differences in the video quality and because these standards have evolved over time, not all video devices (be it a TV or a video player) have all available options. This has enforced the recent device manufacturers to support a variety of video interfaces, thus they ensure backward compatibility with the other end (a TV or a player). Unfortunately this has brought in confusion to the common people when they just look at the back of their new LCD TVs. Those olden days TV would just have one RF cable input, nothing else!! Gone are those days! Now, if you look at a modern TV, there are whole bunch of outputs (yes, including that RF cable input), and it isn't easy to choose the right cable to use for your need unless you understand what it means. Thanks to all those unique swanky colors, that lets us easily identify them on two devices.
It so happens that if both your devices (player/TV) are recent ones, you will have many choices. At that point, it becomes important to use the right one. Here are the various cables in the increasing order of their quality:
1. RF coaxial cable: This is the old one, that used to run from the Antenna on the terrace. This has the least quality. The TV Tuners for computer are exactly meant to decode this input. Carries both audio and video.
2. Composite (RCA): This is the most popular yellow plug thingy. Composite cable offers more quality than the coaxial ones. This is so very popular that, people still use this for video signals even when they have better options. That said, even today, this is still the most available option (in India). Many lower end DVD players/TVs only support till Composite. Carries only Video.
3. S-Video: The name apparently derives from the phrase 'Separated-Video'. In S-Video, the video signal is mainly separated into two parts: Chrominance (color) and Luminance (light intensity) signals. This offers much better clarity while solving some shortcomes in the composite signal. S-Video cable appears as a single cable, but has multiple terminals within it. Quality better than Composite. Not so commonly seen/used on TVs/players. Carries only Video.
4. Component: As it's name indicates, component video carries various components of the video separately. It is an enhancement over S-Video, by splitting the video signal into Chrominance (color) and 2 Luminance (light intensity) signals. And the luminance signal carries the subtraction of luminance and the Chrominance (Y). The signal is carried via 3 cables (Green, Blue and Red). The component video input/output is usually marked with Y, PB/CB, PR/CR. The second and third channels are actually B-Y, and R-Y respectively. This subtraction method reduces the bandwidth requirement and offers much more clarity than any earlier ones. This is becoming increasingly available these days (my Tata Sky Plus STB has component out). The clarity is apparent (against Composite/S-Video) when the size of the display is bigger and when the source of the signal is digital (note: Component signal is not digital, it is analog; I'm talking about the source of the signal, say MPEG2/4 as in DTHs). There is also a RGB Component video, which carries the R, G and B signals separately in 3 cables; but unless qualified with RGB, a Component video means the normal one. Quality better than all the above. Carries only Video.
5. DVI: Acronym for Digital Visual Interface / Digital Video Interconnect. Provides really high bandwidth to transfer high quality video including full-HD (1080p @ 1920x1080). DVI uses a single high quality cable with a number of internal lines. DVI has a quality much superior than that of component video too. DVI does not carry audio signal -- usually a preferred interface for computer to high resolution LCD monitors.
6. HDMI: Acronym for High Definition Multimedia Interface. There are various revisions on this video standard and this is the state-of-the-art video interface standard as of today. Unlike DVI, HDMI carries both video and audio. The video quality is just the same as DVI, and it also has provision to carry signals for 8 audio channels!! In addition it also carries a commanding control line (called CEC - Consumer Electronics Control) which allows the HDMI devices to communicate and command each other. To quote an example, when I turn off my LCD TV, it automatically turns off my Home Theatre (yes, both are connected by HDMI). HDMI-CEC is usually called in different names by different TV/Home theatre manufacturers. For eg., LG calls this SIMPLINK. This is a really high-bandwidth interface and requires a good quality cable for best results -- the cable is pretty costly; as of this writing a good HDMI cable of 3m length costed me Rs.800 in Bangalore. An interesting note is that: DVI and HDMI are compatible with each other at signal levels too, so it is pretty easy to get converters between them -- obviously HDMI-to-DVI will result in loss of information on audio, CEC on the receiving end.
The bottom line is: If you ever have a means to connect via HDMI, just do it! else, follow this ordering by quality and choose the right one. In my home, I have my home theatre connected to my TV via HDMI (I can watch full HD movies with Dolby Digital audio, with just that one cable running between them) and my Tata Sky Plus STB connected to my TV via Component.
It so happens that if both your devices (player/TV) are recent ones, you will have many choices. At that point, it becomes important to use the right one. Here are the various cables in the increasing order of their quality:
1. RF coaxial cable: This is the old one, that used to run from the Antenna on the terrace. This has the least quality. The TV Tuners for computer are exactly meant to decode this input. Carries both audio and video.
2. Composite (RCA): This is the most popular yellow plug thingy. Composite cable offers more quality than the coaxial ones. This is so very popular that, people still use this for video signals even when they have better options. That said, even today, this is still the most available option (in India). Many lower end DVD players/TVs only support till Composite. Carries only Video.
3. S-Video: The name apparently derives from the phrase 'Separated-Video'. In S-Video, the video signal is mainly separated into two parts: Chrominance (color) and Luminance (light intensity) signals. This offers much better clarity while solving some shortcomes in the composite signal. S-Video cable appears as a single cable, but has multiple terminals within it. Quality better than Composite. Not so commonly seen/used on TVs/players. Carries only Video.
4. Component: As it's name indicates, component video carries various components of the video separately. It is an enhancement over S-Video, by splitting the video signal into Chrominance (color) and 2 Luminance (light intensity) signals. And the luminance signal carries the subtraction of luminance and the Chrominance (Y). The signal is carried via 3 cables (Green, Blue and Red). The component video input/output is usually marked with Y, PB/CB, PR/CR. The second and third channels are actually B-Y, and R-Y respectively. This subtraction method reduces the bandwidth requirement and offers much more clarity than any earlier ones. This is becoming increasingly available these days (my Tata Sky Plus STB has component out). The clarity is apparent (against Composite/S-Video) when the size of the display is bigger and when the source of the signal is digital (note: Component signal is not digital, it is analog; I'm talking about the source of the signal, say MPEG2/4 as in DTHs). There is also a RGB Component video, which carries the R, G and B signals separately in 3 cables; but unless qualified with RGB, a Component video means the normal one. Quality better than all the above. Carries only Video.
5. DVI: Acronym for Digital Visual Interface / Digital Video Interconnect. Provides really high bandwidth to transfer high quality video including full-HD (1080p @ 1920x1080). DVI uses a single high quality cable with a number of internal lines. DVI has a quality much superior than that of component video too. DVI does not carry audio signal -- usually a preferred interface for computer to high resolution LCD monitors.
6. HDMI: Acronym for High Definition Multimedia Interface. There are various revisions on this video standard and this is the state-of-the-art video interface standard as of today. Unlike DVI, HDMI carries both video and audio. The video quality is just the same as DVI, and it also has provision to carry signals for 8 audio channels!! In addition it also carries a commanding control line (called CEC - Consumer Electronics Control) which allows the HDMI devices to communicate and command each other. To quote an example, when I turn off my LCD TV, it automatically turns off my Home Theatre (yes, both are connected by HDMI). HDMI-CEC is usually called in different names by different TV/Home theatre manufacturers. For eg., LG calls this SIMPLINK. This is a really high-bandwidth interface and requires a good quality cable for best results -- the cable is pretty costly; as of this writing a good HDMI cable of 3m length costed me Rs.800 in Bangalore. An interesting note is that: DVI and HDMI are compatible with each other at signal levels too, so it is pretty easy to get converters between them -- obviously HDMI-to-DVI will result in loss of information on audio, CEC on the receiving end.
The bottom line is: If you ever have a means to connect via HDMI, just do it! else, follow this ordering by quality and choose the right one. In my home, I have my home theatre connected to my TV via HDMI (I can watch full HD movies with Dolby Digital audio, with just that one cable running between them) and my Tata Sky Plus STB connected to my TV via Component.
Sunday, January 03, 2010
Avatar 3D @ Fame Lido
I watched Avatar 3D at Fame Lido, Ulsoor, Bangalore. I took enough time before I went ahead to watch this film, so that I can get enough feedback on the 3D experience from the people who have already watched it. This was essential in Bangalore, because this is the first 3D film screened in commercial screens. Someone had reported bad experience on INOX, Jayanagar; There were lots of negative criticism on Fame Lido Shankarnag (MG Road, Bangalore) -- these were useful and I avoided these two. If not positive review on Fame Lido, at least I didn't read any negative comment on this one - so went ahead.
At the end of the movie, I realized there were various factors involved that affected my movie experience yesterday. So I would have to rate in three different ways:
Avatar 3D:
It was an awesome experience. This is first time I saw a full length 3D movie with 3D effects. The creativity on the various creatures, plants, trees, sceneries was jaw-dropping!! The concept slightly reminded me of The Matrix though. I believe, James Cameroon has consciously stayed away from making funny 3D effects, but concentrated more on making a real 3D film. 3D has been utilized as a tool to make the audience perceive the depth and details of the frame than anything else. I liked that. At some point, we get so involved in that 3D mode; removing the 3D glasses would show you how dumb the movie looks otherwise!
Fame Lido:
The theatre is located in Lido Mall, Ulsoor, Bangalore (near Trinity Circle). Due to the rail bridge construction for namma-metro, finding the mall and getting into the parking entrance is not easy for the first time. What's more? The Box office is on the ground floor and the screens are in 2nd and 4th floors. No indication or whatsoever. I went to the 4th floor directly (thanks to those notices inside the lift), just to learn that I had to collect the tickets at the ground floor. The automatic ticket kiosk was the only rescue. There are just 2 lifts of medium size, no escalator. If you reach the theatre just on time, you are going to be in soup. Parking is very very limited and a big mess. Specially if you reach there on a time when a previous show ends (which is usually the case), you may or may not get a lot. I was fortunate to reach there for the first show. But, it took me at least 20 mins to get out of the parking space. The ticket cost, snacks were all costly to the standards of other high class theatres in Bangalore, but I'm not convinced on the quality front. There was always a long queue in the snacks counter; the restrooms were like caves (albeit clean). The mall is still not complete and there is almost nothing other than the Fame Cinemas and a Coffee Day. I would never go there again, unless there is a compelling reason. There is a fundamental problem with the space and infrastructure, which I'm worried they can't resolve.
Avatar 3D @ Fame Lido:
The experience of watching a 3D movie, definitely changes based on the theatre. I've not watched Avatar 3D in any other theatre, so can't really compare against anything. But overall the experience was not disappointing. I could sense the 3rd D; the sound quality was good. The 3D glasses weren't of great quality, bit heavy; my nose bone was paining for a while after the film. The biggest issue in Fame Lido (Screen 3) was that the screen was small. When you look at the screen, it does not cover your complete view. This definitely makes a negative impact on a 3D movie -- lacking a complete 3D effect. That said, the quality of projection was good (unlike Fame Lido Shankarnag -- as per comments on the net). Ignoring everything outside the movie hall, the overall movie experience was not bad; but not a first choice theatre for Avatar 3D!
At the end of the movie, I realized there were various factors involved that affected my movie experience yesterday. So I would have to rate in three different ways:
Avatar 3D:
It was an awesome experience. This is first time I saw a full length 3D movie with 3D effects. The creativity on the various creatures, plants, trees, sceneries was jaw-dropping!! The concept slightly reminded me of The Matrix though. I believe, James Cameroon has consciously stayed away from making funny 3D effects, but concentrated more on making a real 3D film. 3D has been utilized as a tool to make the audience perceive the depth and details of the frame than anything else. I liked that. At some point, we get so involved in that 3D mode; removing the 3D glasses would show you how dumb the movie looks otherwise!
Fame Lido:
The theatre is located in Lido Mall, Ulsoor, Bangalore (near Trinity Circle). Due to the rail bridge construction for namma-metro, finding the mall and getting into the parking entrance is not easy for the first time. What's more? The Box office is on the ground floor and the screens are in 2nd and 4th floors. No indication or whatsoever. I went to the 4th floor directly (thanks to those notices inside the lift), just to learn that I had to collect the tickets at the ground floor. The automatic ticket kiosk was the only rescue. There are just 2 lifts of medium size, no escalator. If you reach the theatre just on time, you are going to be in soup. Parking is very very limited and a big mess. Specially if you reach there on a time when a previous show ends (which is usually the case), you may or may not get a lot. I was fortunate to reach there for the first show. But, it took me at least 20 mins to get out of the parking space. The ticket cost, snacks were all costly to the standards of other high class theatres in Bangalore, but I'm not convinced on the quality front. There was always a long queue in the snacks counter; the restrooms were like caves (albeit clean). The mall is still not complete and there is almost nothing other than the Fame Cinemas and a Coffee Day. I would never go there again, unless there is a compelling reason. There is a fundamental problem with the space and infrastructure, which I'm worried they can't resolve.
Avatar 3D @ Fame Lido:
The experience of watching a 3D movie, definitely changes based on the theatre. I've not watched Avatar 3D in any other theatre, so can't really compare against anything. But overall the experience was not disappointing. I could sense the 3rd D; the sound quality was good. The 3D glasses weren't of great quality, bit heavy; my nose bone was paining for a while after the film. The biggest issue in Fame Lido (Screen 3) was that the screen was small. When you look at the screen, it does not cover your complete view. This definitely makes a negative impact on a 3D movie -- lacking a complete 3D effect. That said, the quality of projection was good (unlike Fame Lido Shankarnag -- as per comments on the net). Ignoring everything outside the movie hall, the overall movie experience was not bad; but not a first choice theatre for Avatar 3D!
Wednesday, December 30, 2009
Tata Sky Plus -- Television redefined
Tata Sky Plus (TSP) isn't anything new that I'm trying to introduce to the crowd, but its extra-ordinary power pushed me to write about it. Even, I knew about Tata Sky Plus right from the time it was launched; knew about the features and felt amazed. But believe me, you need to experience it to appreciate it even further. The flexibility it offers is a real big leap in the realm of television broadcasts.
My USB TV tuner card had somewhat similar features (along with my TVProgramGuide application), but TSP is even better.
The crown of TSP is the ability to pause, rewind, record "live" TV. I know, some might feel that these are unnecessary features or luxury, but I've used it already many times in these 2 days (not because I have it, but because I needed it). It turns out that it is pretty common that we miss some critical scenes while we watch a TV, and ignore an inner urge to rewind it (because there is no way). We just live with it; but we don't have to, if 'we've TSP. I knew earlier that TSP allows the viewers to record one channel, while watching the other channel (yes, it has dual tuners built-in), but I didn't know that it would even allow you to record 2 different channels simultaneously while you watch one of the earlier recorded programmes - this is awesome. It requires a good amount of processing power. With a 160GB hard disk built into the DVR STB, TSP has all its space and power to do wonders -- it's a real multi-processing machine!!
There are many other good features in TSP too that are common across all DTH providers. I've only blogged about what's so special.
With their easy to use UI (I believe so), they have integrated all the features very well. Their user guide was a simple 15 page guide, with cool guidance. That said, the features it offers is a little beyond the understanding of a common man. e.g., a non-techy person "may" not be able to understand and enjoy all the features.
My USB TV tuner card had somewhat similar features (along with my TVProgramGuide application), but TSP is even better.
The crown of TSP is the ability to pause, rewind, record "live" TV. I know, some might feel that these are unnecessary features or luxury, but I've used it already many times in these 2 days (not because I have it, but because I needed it). It turns out that it is pretty common that we miss some critical scenes while we watch a TV, and ignore an inner urge to rewind it (because there is no way). We just live with it; but we don't have to, if 'we've TSP. I knew earlier that TSP allows the viewers to record one channel, while watching the other channel (yes, it has dual tuners built-in), but I didn't know that it would even allow you to record 2 different channels simultaneously while you watch one of the earlier recorded programmes - this is awesome. It requires a good amount of processing power. With a 160GB hard disk built into the DVR STB, TSP has all its space and power to do wonders -- it's a real multi-processing machine!!
There are many other good features in TSP too that are common across all DTH providers. I've only blogged about what's so special.
With their easy to use UI (I believe so), they have integrated all the features very well. Their user guide was a simple 15 page guide, with cool guidance. That said, the features it offers is a little beyond the understanding of a common man. e.g., a non-techy person "may" not be able to understand and enjoy all the features.
Monday, December 21, 2009
The high beam non-sense
I am getting to feel that the high-beam non-sense has tremendously increased on the roads in India in the recent times. With more people starting to ride on roads, with more and more powerful bikes and cars coming up, this has really become a PITA.
I wonder if (those) people even know that there are ways to control their beams. Maybe people like that extra indicator glowing on their dashboard, without bothering to worry about what it means. Not just cars, these days bikes' beams are also too bright to withstand. I hate these bike manufacturers for providing such big domes and reflectors -- specially the pulsars, unicorn etc., I can really feel that pain in my retina and like everyone else I would struggle to see through. No need to mention the consequences on the ride.
The other day, I started from office in a bad mood (as usual). Was driving my car on the service road in Outer ring road, Bangalore. There was an opposing car with high beams (nothing uncommon). It was really too bright, and with the scarce lighting on the service road, I could only see those two head lights in the whole world around me. Being frustrated already, I didn't want to ignore this. I thought I would at least let him know how it feels. So I just put my headlights on high-beam and drove towards him :) I was happy that he would have learnt a lesson by now; but interestingly, as our cars cross each other, this guy stops his car and scolds me for my high beam and leaves. Hmmm. feeling totally helpless when you are frustrated? priceless!!
Nothing is going to change, until this is seriously considered a traffic violation.
I wonder if (those) people even know that there are ways to control their beams. Maybe people like that extra indicator glowing on their dashboard, without bothering to worry about what it means. Not just cars, these days bikes' beams are also too bright to withstand. I hate these bike manufacturers for providing such big domes and reflectors -- specially the pulsars, unicorn etc., I can really feel that pain in my retina and like everyone else I would struggle to see through. No need to mention the consequences on the ride.
The other day, I started from office in a bad mood (as usual). Was driving my car on the service road in Outer ring road, Bangalore. There was an opposing car with high beams (nothing uncommon). It was really too bright, and with the scarce lighting on the service road, I could only see those two head lights in the whole world around me. Being frustrated already, I didn't want to ignore this. I thought I would at least let him know how it feels. So I just put my headlights on high-beam and drove towards him :) I was happy that he would have learnt a lesson by now; but interestingly, as our cars cross each other, this guy stops his car and scolds me for my high beam and leaves. Hmmm. feeling totally helpless when you are frustrated? priceless!!
Nothing is going to change, until this is seriously considered a traffic violation.
Monday, November 16, 2009
wassup...
I never thought I would run into such a long pause (2 months) in my blog. The reason is very simple : I had too much to write about, and I really didn't want to write all that. I have been (and am) conscious of the fact that I don't want to dump in too much personal info into this blog -- and that's why this silence :) People who know me personally might know how much my life has changed.. okay, this is why I didn't want to write!! shhhh.
I will definitely come back with a lots of useful info, that I came across during the past 2 months...lots to write. stay tuned, this blog is still alive!
Expect few more weeks of silence from my side!
I will definitely come back with a lots of useful info, that I came across during the past 2 months...lots to write. stay tuned, this blog is still alive!
Expect few more weeks of silence from my side!
Tuesday, September 08, 2009
Road route update on NH7 between Bangalore and Madurai
This is a status update on the condition of NH7 between Bangalore and Madurai as on end of August 2009. This is an info that every one looks out for before setting out on travel (on their own).
When compared to my previous ride on the same route last year (Dec 2008), the road conditions have improved a lot ie., a longer stretch has now been upgraded to 4 lanes and partially complete work have now been fully done.
Bangalore -> Hosur ==> Well, I don't see any useful improvement on this route. There is lot of bridges being constructed until Electronic city and the traffic is a paid anyways. Not a big stretch, so acceptable.
Hosur -> Krishnagiri ==> Bliss. You will soon forget the kind of trouble that Bangalore->Hosur route gave you. But heavy vehicles occupying both the lanes and trying to overtake each other at 20kmph is unavoidable. Just sit on the horn for sometime until they leave way for you.
Krishnagiri -> Salem ==> Toll gate at Krishnagiri!! Pay the toll and enjoy the ride; the roads are still so good. 100-120kmph easily almost all the time. Dharmapuri enroute goes unnoticed in the quality of roads now. Note: Watch for few one ways/under construction lanes. Yes, I remember few, but are very few.
Salem -> Namakkal ==> Toll gate at Thoppur (just before Salem). Remember to take the Salem by-pass and remember that even the by-pass might look like a city; so never get into the city and think you are on the by-pass.. confused enough? This stretch has improved a lot since my previous ride. I didn't see any issue and was very pleasant. From this point, always be cautious about one ways; you might get redirected once in a while.
Namakkal -> Karur ==> I remember a toll gate somewhere around here. Not sure of the exact location. It was just opening on the day I traveled. I can't tell you the joy I had when I was stopped at the toll gate and was let go without paying anything, saying 'it is opening only from midnight Sir!' :) Good roads, but watch out for one/two redirections.
Karur -> Dindigul ==> This stretch isn't complete yet. The roads are coming up, so you get to ride on one side of the road most times. Specially when you are on the wrong lane (driving on the right side of the highway), make sure to switch on your head lights and put it on "high-beam". Some drivers on high-ways literally sleep!! There was one more toll gate coming up, but this isn't going to open up for now, given the condition of the roads. Use this stretch to relax and do not try to maintain the speeds you did sometime back.
Dindigul -> Madurai ==> This stretch is around 60kms. I am surprised to see that this stretch is gone from nothing to near complete in the last one year. This route is almost totally done till Cholavandhan (~15-20kms away from Madurai). After this point, there is literally no space to get a 4 lane highway into Madurai. I don't see any work happening towards Madurai. So, if you are going to the Madurai city (or not going via Virudhunagar), you need to bite this bullet. This is road is the same old road between Madurai and Dindigul; it's pretty narrow and on peek times, there is almost no way to overtake. Better be patient; dangerous curves.
That said, I think there is a by-pass from Madurai towards Virudhunagar,Trinelveli that starts right after Cholavandhan. There is no traffic allowed in, at the moment but that might be the idea. Coming on NH7, and going through Madurai towards Trinelveli, Kanyakumari would make no sense, given the traffic. And if you are going towards Trichy,Chennai from Dindigul via Madurai, may God save you!! (the ideal route is Dindigul->Trichy->Chennai). If you are reaching Rameshwaram via Madurai, you have a whole city to go through. There is not much that can be done here. The by-pass is way too long to consider.
All in all, Bangalore -> Madurai stretch on NH7 is becoming better and better !!
When compared to my previous ride on the same route last year (Dec 2008), the road conditions have improved a lot ie., a longer stretch has now been upgraded to 4 lanes and partially complete work have now been fully done.
Bangalore -> Hosur ==> Well, I don't see any useful improvement on this route. There is lot of bridges being constructed until Electronic city and the traffic is a paid anyways. Not a big stretch, so acceptable.
Hosur -> Krishnagiri ==> Bliss. You will soon forget the kind of trouble that Bangalore->Hosur route gave you. But heavy vehicles occupying both the lanes and trying to overtake each other at 20kmph is unavoidable. Just sit on the horn for sometime until they leave way for you.
Krishnagiri -> Salem ==> Toll gate at Krishnagiri!! Pay the toll and enjoy the ride; the roads are still so good. 100-120kmph easily almost all the time. Dharmapuri enroute goes unnoticed in the quality of roads now. Note: Watch for few one ways/under construction lanes. Yes, I remember few, but are very few.
Salem -> Namakkal ==> Toll gate at Thoppur (just before Salem). Remember to take the Salem by-pass and remember that even the by-pass might look like a city; so never get into the city and think you are on the by-pass.. confused enough? This stretch has improved a lot since my previous ride. I didn't see any issue and was very pleasant. From this point, always be cautious about one ways; you might get redirected once in a while.
Namakkal -> Karur ==> I remember a toll gate somewhere around here. Not sure of the exact location. It was just opening on the day I traveled. I can't tell you the joy I had when I was stopped at the toll gate and was let go without paying anything, saying 'it is opening only from midnight Sir!' :) Good roads, but watch out for one/two redirections.
Karur -> Dindigul ==> This stretch isn't complete yet. The roads are coming up, so you get to ride on one side of the road most times. Specially when you are on the wrong lane (driving on the right side of the highway), make sure to switch on your head lights and put it on "high-beam". Some drivers on high-ways literally sleep!! There was one more toll gate coming up, but this isn't going to open up for now, given the condition of the roads. Use this stretch to relax and do not try to maintain the speeds you did sometime back.
Dindigul -> Madurai ==> This stretch is around 60kms. I am surprised to see that this stretch is gone from nothing to near complete in the last one year. This route is almost totally done till Cholavandhan (~15-20kms away from Madurai). After this point, there is literally no space to get a 4 lane highway into Madurai. I don't see any work happening towards Madurai. So, if you are going to the Madurai city (or not going via Virudhunagar), you need to bite this bullet. This is road is the same old road between Madurai and Dindigul; it's pretty narrow and on peek times, there is almost no way to overtake. Better be patient; dangerous curves.
That said, I think there is a by-pass from Madurai towards Virudhunagar,Trinelveli that starts right after Cholavandhan. There is no traffic allowed in, at the moment but that might be the idea. Coming on NH7, and going through Madurai towards Trinelveli, Kanyakumari would make no sense, given the traffic. And if you are going towards Trichy,Chennai from Dindigul via Madurai, may God save you!! (the ideal route is Dindigul->Trichy->Chennai). If you are reaching Rameshwaram via Madurai, you have a whole city to go through. There is not much that can be done here. The by-pass is way too long to consider.
All in all, Bangalore -> Madurai stretch on NH7 is becoming better and better !!
Friday, September 04, 2009
Dream Big
Courtesy: Pravs World
If there was ever a time to dare, to make a difference,
to embark on something worth doing, It is Now!
Not for any grand cause, necessarily.., but for something that tugs at your heart,
Something that’s your inspiration, something that’s your dream.
You owe it to yourself to make your days here count.
Have fun, dig deep, stretch, Dream Big.
Saturday, August 29, 2009
Caller Location Info v 0.3 for WinMo
Licensed under 
Here is the next version of my Caller Location Info app for Windows Mobile (for India).
Release-notes:
1. Includes a bunch of new additions to the mobile numbering. At least 250-300 new numbers added.
2. Includes 2 new service providers - Tata Docomo and Loop Mobile.
3. No changes to the STD list.
4. No bug fixes (no known bugs actually :D)
The installation instructions and other properties remain the same. See the earlier post for that.
Download the CAB installer.
Enjoy!
Here is the next version of my Caller Location Info app for Windows Mobile (for India).
Release-notes:
1. Includes a bunch of new additions to the mobile numbering. At least 250-300 new numbers added.
2. Includes 2 new service providers - Tata Docomo and Loop Mobile.
3. No changes to the STD list.
4. No bug fixes (no known bugs actually :D)
The installation instructions and other properties remain the same. See the earlier post for that.
Download the CAB installer.
Enjoy!
Thursday, August 27, 2009
Car tyre pressure for long drives
I recently went for a long drive (450kms) at a single stretch. I had the usual question of 'how much air pressure do I inflate in my car's tyres?'. This is the first time I was going all alone for such a long distance, so I decided to understand a bit more about air pressure and do the right thing.
In the Internet, there was no good summary of what is the right thing. I read a number of forums and articles, before I believed I understood. Let me explain a few basics of air pressure so you understand better. It is a well known fact these two external factors affect the tyre pressure:
1. Car's running time: If the car is on the move, the air pressure increases (possibly due to the collision between the air molecules, as they spin at a good speed). So it is generally advised not to fill up air after driving for quite some distance (>2km?) -- because by the time one reaches the petrol bunk the air pressure would have gone up by few psi's (a unit of measurement of tyre's air pressure). If there is no other means, then it is advised to leave the car at rest for appropriate amount of time before filling up air (this is mostly impractical). OR fill up few psi's (2?) more than what you intend, to account for the expansion.
2. Ambient temperature: This is straight forward. Air expands on heating -- thus the pressure inside the tyre is proportional to the temperature. So it is advised to fill up air in the morning or in the evening when the temperature has cooled down a bit. This is the right thing because, the recommended air pressure is always the "minimum" air pressure that is recommended for the tyres for that load. This is why the values change from car to car even if the tyre properties are the same. The maximum pressure a tyre can withstand is usually embossed on the tyre itself (usually in the range of 44 psi, in India).
Based on all these facts, during a long drive, it makes sense to expect the tyre pressure to increase heavily. As a result a common misconception is to fill up few psi's less than the recommended. Unfortunately, there is a logical explanation that supports the common misconception -- I had a similar opinion earlier. However it turns out that this is "wrong". At reduced air pressure, the area of the tread that is in contact with the road increases -- this gives better comfort, but poorer handling of the vehicle. Due to the increase in the area of contact, the heat generated at the tread increases -- at a long run, this leads to a faster wear and tear of the tyre tread and poor control. An already worn out tyre might even burst at high speeds -- not to mention what happens to the driver.
To add to it, when I reached home (after 450kms) and measured my tyre pressure again (if you don't have a tool, get one for long drives), 2 psi had vanished from all my tyres!!! Now, this also means that on a long drive, due to the pressure on tyre (bumps and jumps), the air had also leaked gradually (all 4 tyres of mine are brand new and also have nozzle caps, nothing to suspect on the tyres). Watch out, so you don't go below the recommended pressure mid way of your drive.
Usually the recommended air pressure is much lesser than the max pressure the tyre can withstand (for eg., for my car, the max tyre pressure is 44 psi, and the recommended is around 30 psi) -- so on a long drive it is advised to inflate the tyre to a few psi's more than the recommended, for the reasons mentioned above. I had inflated to 34 psi for this drive.
Understand, inflate and have a safe drive!!
Disclaimer: That said, I am not responsible if there is any unexpected event due to the increased pressure. Use your own conscience to validate the info above.
In the Internet, there was no good summary of what is the right thing. I read a number of forums and articles, before I believed I understood. Let me explain a few basics of air pressure so you understand better. It is a well known fact these two external factors affect the tyre pressure:
1. Car's running time: If the car is on the move, the air pressure increases (possibly due to the collision between the air molecules, as they spin at a good speed). So it is generally advised not to fill up air after driving for quite some distance (>2km?) -- because by the time one reaches the petrol bunk the air pressure would have gone up by few psi's (a unit of measurement of tyre's air pressure). If there is no other means, then it is advised to leave the car at rest for appropriate amount of time before filling up air (this is mostly impractical). OR fill up few psi's (2?) more than what you intend, to account for the expansion.
2. Ambient temperature: This is straight forward. Air expands on heating -- thus the pressure inside the tyre is proportional to the temperature. So it is advised to fill up air in the morning or in the evening when the temperature has cooled down a bit. This is the right thing because, the recommended air pressure is always the "minimum" air pressure that is recommended for the tyres for that load. This is why the values change from car to car even if the tyre properties are the same. The maximum pressure a tyre can withstand is usually embossed on the tyre itself (usually in the range of 44 psi, in India).
Based on all these facts, during a long drive, it makes sense to expect the tyre pressure to increase heavily. As a result a common misconception is to fill up few psi's less than the recommended. Unfortunately, there is a logical explanation that supports the common misconception -- I had a similar opinion earlier. However it turns out that this is "wrong". At reduced air pressure, the area of the tread that is in contact with the road increases -- this gives better comfort, but poorer handling of the vehicle. Due to the increase in the area of contact, the heat generated at the tread increases -- at a long run, this leads to a faster wear and tear of the tyre tread and poor control. An already worn out tyre might even burst at high speeds -- not to mention what happens to the driver.
To add to it, when I reached home (after 450kms) and measured my tyre pressure again (if you don't have a tool, get one for long drives), 2 psi had vanished from all my tyres!!! Now, this also means that on a long drive, due to the pressure on tyre (bumps and jumps), the air had also leaked gradually (all 4 tyres of mine are brand new and also have nozzle caps, nothing to suspect on the tyres). Watch out, so you don't go below the recommended pressure mid way of your drive.
Usually the recommended air pressure is much lesser than the max pressure the tyre can withstand (for eg., for my car, the max tyre pressure is 44 psi, and the recommended is around 30 psi) -- so on a long drive it is advised to inflate the tyre to a few psi's more than the recommended, for the reasons mentioned above. I had inflated to 34 psi for this drive.
Understand, inflate and have a safe drive!!
Disclaimer: That said, I am not responsible if there is any unexpected event due to the increased pressure. Use your own conscience to validate the info above.
Wednesday, August 12, 2009
Dangerous Windows Explorer options
If you are a Windows user and in Windows Explorer if you do not have the file extensions visible (option: Hide file extensions for known types) and also have the habit of viewing the files in any mode other than 'details' mode (Thumbnails, Tiles, Icons, List), then you need to be definitely be aware of this vulnerability awaiting you.
Last week, I plugged in one of my pen drives into my friends comp and noticed that there was an extra folder (in the name 'New Folder'). I was sure I didn't create that, but was just curios as to how it got created. The apparent reaction was to click on the folder to see what files it has. I click on it, but nothing happens, the folder doesn't open. This is when I realized the possible trap.
After analysing, it turned out that my friend's comp was already infected with a virus; and I guess the virus automatically copies itself to any removable media attached to the comp. It spreads itself onto removable drives and creates autorun.inf to get control on the next comp where the pen drive is inserted (as explained by my earlier post). When that explains why the 'new folder' was created, it was still unclear as to what was inside it. Later, I figured out that, that Windows Explorer was configured (by default) to not show file extensions, and that the view mode was also tiles mode -- so some otherwise-apparent things have gone missing and before we could realize, the damage is done. It turned out that, the 'New Folder' was not a folder/directory, but an application with the application icon set exactly the same as a normal Windows Folder icon. See it for yourself.
In this scenario, MyFolder is an application, while MyFolder2 is a real folder -- Can you spot any difference?? Absolutely not. An immediate reaction for anyone would be to open the new folder, but end up executing the application!! This is a real danger.
Then I disabled the 'Hide extensions for known filetypes' and changed the view to details mode; Now you should spot the difference:
The application in the picture was created by me on my dev setup for testing; it is totally harmless. Apparently when any application has its icon set the same as 'Windows Folder', McAfee jumps in and tags it as a 'W32/Generic.worm.b' virus. Even my test application was caught promptly -- not bad.
So please be aware of this and think twice before clicking on anything from a removable drive (even if it is a folder). If the computer was not infected earlier, all it requires is a click to get infected (and as I had mentioned in my previous post, do not let autorun kick in anytime you insert a removable drive). It is a good practice to show the extensions all the time (unfortunately, Windows Explorer hides it by default :( ). The other good practice is to create 'system restore points' regularly, so you can get back to a clean state if required (this shall not be 100% effective for all cases).
Last week, I plugged in one of my pen drives into my friends comp and noticed that there was an extra folder (in the name 'New Folder'). I was sure I didn't create that, but was just curios as to how it got created. The apparent reaction was to click on the folder to see what files it has. I click on it, but nothing happens, the folder doesn't open. This is when I realized the possible trap.
After analysing, it turned out that my friend's comp was already infected with a virus; and I guess the virus automatically copies itself to any removable media attached to the comp. It spreads itself onto removable drives and creates autorun.inf to get control on the next comp where the pen drive is inserted (as explained by my earlier post). When that explains why the 'new folder' was created, it was still unclear as to what was inside it. Later, I figured out that, that Windows Explorer was configured (by default) to not show file extensions, and that the view mode was also tiles mode -- so some otherwise-apparent things have gone missing and before we could realize, the damage is done. It turned out that, the 'New Folder' was not a folder/directory, but an application with the application icon set exactly the same as a normal Windows Folder icon. See it for yourself.
In this scenario, MyFolder is an application, while MyFolder2 is a real folder -- Can you spot any difference?? Absolutely not. An immediate reaction for anyone would be to open the new folder, but end up executing the application!! This is a real danger.
Then I disabled the 'Hide extensions for known filetypes' and changed the view to details mode; Now you should spot the difference:
The application in the picture was created by me on my dev setup for testing; it is totally harmless. Apparently when any application has its icon set the same as 'Windows Folder', McAfee jumps in and tags it as a 'W32/Generic.worm.b' virus. Even my test application was caught promptly -- not bad.
So please be aware of this and think twice before clicking on anything from a removable drive (even if it is a folder). If the computer was not infected earlier, all it requires is a click to get infected (and as I had mentioned in my previous post, do not let autorun kick in anytime you insert a removable drive). It is a good practice to show the extensions all the time (unfortunately, Windows Explorer hides it by default :( ). The other good practice is to create 'system restore points' regularly, so you can get back to a clean state if required (this shall not be 100% effective for all cases).
Wednesday, August 05, 2009
Spam or not?
Whenever I receive any "interesting" spam, I have the habit of investigating and tracking down the sender and trying to analyze the motivation of the sender. This email caught my attention in the same way.
See the email for yourself.
Yes, that is all it had. My initial reaction was that, the hacker sender was a amateur so he didn't know how to make the mail look legitimate -- but not for so long, when I discover that this email was totally legitimate and was indeed sent by Standard Chartered Bank - SCB (Unless!! : read the epilogue of this post).
Ok, let's go through the email. The email is poorly formatted (maybe spam?). The only useful content is the 'Click here' link and it points to something like http://pop4.mailserv.in/sc/lt.php?id= eh8IBgAGA19XRAwETAA6XweWkKK (more and more like spam). I clicked on this link, and I was taken to a page that looked exactly like SCB's site; it didn't take me long, before I figured out that the page was actually the real SCB inet banking login page, and not a fake one!! I verified the SSL certificates and they are valid, trusted and belong to SCB (Thanks to the further confirmation from Firefox that it said I had visited this site more than 100 times earlier -- 100 is just an illustration, don't try to guess anything). At this point, I had no answer. If that was a spam, why would I be redirected to the bank's page; and if it was not a spam, why would a bank send such a suspicious email and redirect to a login page through a third-part link??!!! Instead of speculating, I thought I would analyze the technical aspects of this email first.
Given that the link didn't point directly to the bank's site (but to mailserv.in), I first verified if sc.com (see the from address of the email) belongs to SCB. It turned out that sc.com is legitimate and registered against SCB's head office in Hong Kong. Now that sc.com is valid, I verified the email headers to check if the email was indeed sent from 'sc.com' domain. The email had come from an MX from cleanmail.in and the return path is to sc.mailserv.in. Now, it makes sense why the link was pointing back to mailserv.in. At this moment, I thought it was a spam originating from mailserv.in. But when I digged out more details, I was shocked. mailserv.in belongs to a legitimate email service provider registered in Mumbai. When I went through their customer lists, I started to believe that this email is legitimate -- all of its customers are well known institutions in India including a handful of banks (Interestingly, SCB is not listed as one of them). But a list of customers of this grade, made me believe that an email from mailserv.in would not be a spam.
One last thing I still wanted was, to take a look at how the redirection from pop4.mailserv.in to SCB's inetbanking site happens -- just to ensure if there is any injection of any XSS stuff. I did a wget on the given URL, pop4.mailserv.in just returns an HTTP error code 302 (meaning Moved Temporarily) and redirects to the SCB's legitimate page. This was a clean redirection and this solves the last question, and the sender has no "hacking" benefit out of this.
After all this, I finally believed that this mail was legitimate and not a spam. I am really depressed with the kind of security implications that such an email would cause. If a legitimate institution can send a spam-like email, why wouldn't it be easy for a spammer to send a legitimate-like email and deceive the user??!!
I still "wish" this to be a spam (I just can't believe a bank would do this!!); If it was a spam, the only benefit for the sender that I can "speculate" is: Maybe the sender is tracking the number of users who actually click on this link and navigate. Maybe the sender would send a number of such legitimate messages, and then suddenly a phishing email, so the user doesn't realize the difference and gets trapped. I can't think of anything else.
Any other thoughts?
If you enjoyed reading this analysis, you might also be interested in my analysis of another interesting spam I received.
Disclaimer: I've no confirmation from SCB that it is legitimate email. So it could still be a spam. Use your own conscience and decide it for yourself.
See the email for yourself.
Yes, that is all it had. My initial reaction was that, the hacker sender was a amateur so he didn't know how to make the mail look legitimate -- but not for so long, when I discover that this email was totally legitimate and was indeed sent by Standard Chartered Bank - SCB (Unless!! : read the epilogue of this post).
Ok, let's go through the email. The email is poorly formatted (maybe spam?). The only useful content is the 'Click here' link and it points to something like http://pop4.mailserv.in/sc/lt.php?id= eh8IBgAGA19XRAwETAA6XweWkKK (more and more like spam). I clicked on this link, and I was taken to a page that looked exactly like SCB's site; it didn't take me long, before I figured out that the page was actually the real SCB inet banking login page, and not a fake one!! I verified the SSL certificates and they are valid, trusted and belong to SCB (Thanks to the further confirmation from Firefox that it said I had visited this site more than 100 times earlier -- 100 is just an illustration, don't try to guess anything). At this point, I had no answer. If that was a spam, why would I be redirected to the bank's page; and if it was not a spam, why would a bank send such a suspicious email and redirect to a login page through a third-part link??!!! Instead of speculating, I thought I would analyze the technical aspects of this email first.
Given that the link didn't point directly to the bank's site (but to mailserv.in), I first verified if sc.com (see the from address of the email) belongs to SCB. It turned out that sc.com is legitimate and registered against SCB's head office in Hong Kong. Now that sc.com is valid, I verified the email headers to check if the email was indeed sent from 'sc.com' domain. The email had come from an MX from cleanmail.in and the return path is to sc.mailserv.in. Now, it makes sense why the link was pointing back to mailserv.in. At this moment, I thought it was a spam originating from mailserv.in. But when I digged out more details, I was shocked. mailserv.in belongs to a legitimate email service provider registered in Mumbai. When I went through their customer lists, I started to believe that this email is legitimate -- all of its customers are well known institutions in India including a handful of banks (Interestingly, SCB is not listed as one of them). But a list of customers of this grade, made me believe that an email from mailserv.in would not be a spam.
One last thing I still wanted was, to take a look at how the redirection from pop4.mailserv.in to SCB's inetbanking site happens -- just to ensure if there is any injection of any XSS stuff. I did a wget on the given URL, pop4.mailserv.in just returns an HTTP error code 302 (meaning Moved Temporarily) and redirects to the SCB's legitimate page. This was a clean redirection and this solves the last question, and the sender has no "hacking" benefit out of this.
After all this, I finally believed that this mail was legitimate and not a spam. I am really depressed with the kind of security implications that such an email would cause. If a legitimate institution can send a spam-like email, why wouldn't it be easy for a spammer to send a legitimate-like email and deceive the user??!!
I still "wish" this to be a spam (I just can't believe a bank would do this!!); If it was a spam, the only benefit for the sender that I can "speculate" is: Maybe the sender is tracking the number of users who actually click on this link and navigate. Maybe the sender would send a number of such legitimate messages, and then suddenly a phishing email, so the user doesn't realize the difference and gets trapped. I can't think of anything else.
Any other thoughts?
If you enjoyed reading this analysis, you might also be interested in my analysis of another interesting spam I received.
Disclaimer: I've no confirmation from SCB that it is legitimate email. So it could still be a spam. Use your own conscience and decide it for yourself.
Friday, July 31, 2009
Booting Linux live from mobile phone
== If you had landed here thinking this is about booting Linux on your mobile phone, "NO". This is about booting Linux on a comp/laptop from a mobile phone ==
The concept of booting and using Linux without having to install it on hard disk (aka Live CD) has been there for years (at least 10?). Thanks to Knoppix -- the pioneer in this approach. This later evolved to booting a live CD from media other than just CDs, like pen drives etc., With the later BIOS, supporting USB devices in the boot list, this had become pretty handy. I was a big fan of Damn Small Linux (DSL), which is really a damn small linux (with just a 50MB foot print) and goes almost invisible on your pen drive. I used to happily carry around DSL on my pen drive 2-3 years back.
But hold on. Why do I need to carry a bootable linux on my pen drive?? Anyways I need a comp to boot it; and the comp would anyway have an OS installed. Then why? True, but it is handy. I primarily see this useful for 2 purposes:
1. To use it as a recovery tool if something terribly goes wrong with my comp -- I do backup my master-boot-record (MBR) and the partition table (pretty easy to backup/restore from linux) etc., so I can recover my PC if something goes wrong at that level. This is also useful to analyze any comp for that matter if that fails to boot.
2. I can carry a set of applications along with me. If I have a comp infront of me, I would like to have a C/C++ compiler on it, maybe python interpreter and sometimes Office suite (MS office or open office). I cannot expect this everywhere I need it. Well, my own personal comp in my home town (one of the powerful ones I had during my Engineering with 64MB RAM and 500MHz processor :D) now barely has anything useful in it. It does not have most of the applications that I would need for today; and some times it does not even boot when I need it to :) No photoshop, python, games etc., Carrying a linux satisfies all (at least, most of) these requirements.
This being so useful, the major setback is the necessity to carry around that pen drive all the time; this drawback supersedes and suppresses all its advantages, and I mostly did not have my pen drive with me when I needed it ; And at some point, I forgot which of my 'n' pen-drives had the Linux live installed -- and that was the end to my use of this approach.
Recently, this thought struck my mind -- Why shouldn't I use my mobile phone as a pen drive, as I carry it all the time. And now that I have a Windows Mobile phone, I was really interested to see my "Windows" phone striving hard to help me in booting Linux on my comp :). But, I wasn't sure if that would work, without having to have a dedicated memory card. I was very clear that this is useful only if I can use the memory card for any other use on my mobile, like earlier. I tried various flavors including Fedora, DSL and Knoppix. My first choice was DSL -- it being so small, but that failed to boot off any pen drive on my laptop and my desktop (Gave up! maybe it does not support a variety of hardware?). Fedora 11 was the next choice. I used this live USB Creator, but that failed to boot too -- I didn't spend much time on it. I thought I would try out the legend Knoppix and it just worked effortlessly. The only important thing to notice in this project is, that we need to boot Linux off a FAT16 drive. The knoppix live CD comes with the isolinux boot loader that operates off an ISO -- but that wouldn't help us here. Thankfully, syslinux is a boot loader that does this job for us.
So, here is what you need to do if you need to boot Linux from your pendrive or Windows Mobile or any other mobile that supports Mass-storage mode.
On Windows: (TRY AT YOUR OWN RISK!!!)
1. Download Knoppix Live CD ISO image.
2. Download syslinux.
3. If mobile, put your Mobile in USB Mass-storage mode and connect it to your PC (else connect your pendrive to your PC).
4. Extract the Knoppix ISO to a folder say C:\MyFolder (Many software could do this including WinZip, 7Z etc.,)
5. Copy all the files from the C:\MyFolder\boot folder to C:\MyFolder\ (ie., bring the files inside boot folder to the parent directory).
6. Rename C:\MyFolder\isolinux.cfg to C:\MyFolder\syslinux.cfg (thankfully the config files are similar between isolinux and syslinux).
7. Delete the isolinux.bin file from C:\MyFolder\ (we don't need this).
8. Now copy all the files from C:\MyFolder to your mass-storage folder (say G:). Note: Directory structure should be such that all files in the C:\MyFolder should be in the root directory of your mass-storage drive.
9. IMPORTANT: Be very careful at this step. If you give a wrong drive letter, you may spoil your computer from booting. Open up a command prompt. CD to the folder where you have syslinux and run 'win32\syslinux.exe -ma G:' (I assume G: is your mass-storage drive).
You are all set. Make sure you have USB removable device / USB HDD in the boot list (with priority ahead of your HDD) of your computer. If all done well, connect your mobile/pendrive to your comp and reboot; you should see Knoppix booting off it.
Here is my Lenovo T400 Laptop booting Knoppix from my Windows Mobile ASUS P320: (The video is little long, please feel free to forward if you feel bored; but I want to provide even granular details for the interested, so didn't strip it down).
Have fun!
The concept of booting and using Linux without having to install it on hard disk (aka Live CD) has been there for years (at least 10?). Thanks to Knoppix -- the pioneer in this approach. This later evolved to booting a live CD from media other than just CDs, like pen drives etc., With the later BIOS, supporting USB devices in the boot list, this had become pretty handy. I was a big fan of Damn Small Linux (DSL), which is really a damn small linux (with just a 50MB foot print) and goes almost invisible on your pen drive. I used to happily carry around DSL on my pen drive 2-3 years back.
But hold on. Why do I need to carry a bootable linux on my pen drive?? Anyways I need a comp to boot it; and the comp would anyway have an OS installed. Then why? True, but it is handy. I primarily see this useful for 2 purposes:
1. To use it as a recovery tool if something terribly goes wrong with my comp -- I do backup my master-boot-record (MBR) and the partition table (pretty easy to backup/restore from linux) etc., so I can recover my PC if something goes wrong at that level. This is also useful to analyze any comp for that matter if that fails to boot.
2. I can carry a set of applications along with me. If I have a comp infront of me, I would like to have a C/C++ compiler on it, maybe python interpreter and sometimes Office suite (MS office or open office). I cannot expect this everywhere I need it. Well, my own personal comp in my home town (one of the powerful ones I had during my Engineering with 64MB RAM and 500MHz processor :D) now barely has anything useful in it. It does not have most of the applications that I would need for today; and some times it does not even boot when I need it to :) No photoshop, python, games etc., Carrying a linux satisfies all (at least, most of) these requirements.
This being so useful, the major setback is the necessity to carry around that pen drive all the time; this drawback supersedes and suppresses all its advantages, and I mostly did not have my pen drive with me when I needed it ; And at some point, I forgot which of my 'n' pen-drives had the Linux live installed -- and that was the end to my use of this approach.
Recently, this thought struck my mind -- Why shouldn't I use my mobile phone as a pen drive, as I carry it all the time. And now that I have a Windows Mobile phone, I was really interested to see my "Windows" phone striving hard to help me in booting Linux on my comp :). But, I wasn't sure if that would work, without having to have a dedicated memory card. I was very clear that this is useful only if I can use the memory card for any other use on my mobile, like earlier. I tried various flavors including Fedora, DSL and Knoppix. My first choice was DSL -- it being so small, but that failed to boot off any pen drive on my laptop and my desktop (Gave up! maybe it does not support a variety of hardware?). Fedora 11 was the next choice. I used this live USB Creator, but that failed to boot too -- I didn't spend much time on it. I thought I would try out the legend Knoppix and it just worked effortlessly. The only important thing to notice in this project is, that we need to boot Linux off a FAT16 drive. The knoppix live CD comes with the isolinux boot loader that operates off an ISO -- but that wouldn't help us here. Thankfully, syslinux is a boot loader that does this job for us.
So, here is what you need to do if you need to boot Linux from your pendrive or Windows Mobile or any other mobile that supports Mass-storage mode.
On Windows: (TRY AT YOUR OWN RISK!!!)
1. Download Knoppix Live CD ISO image.
2. Download syslinux.
3. If mobile, put your Mobile in USB Mass-storage mode and connect it to your PC (else connect your pendrive to your PC).
4. Extract the Knoppix ISO to a folder say C:\MyFolder (Many software could do this including WinZip, 7Z etc.,)
5. Copy all the files from the C:\MyFolder\boot folder to C:\MyFolder\ (ie., bring the files inside boot folder to the parent directory).
6. Rename C:\MyFolder\isolinux.cfg to C:\MyFolder\syslinux.cfg (thankfully the config files are similar between isolinux and syslinux).
7. Delete the isolinux.bin file from C:\MyFolder\ (we don't need this).
8. Now copy all the files from C:\MyFolder to your mass-storage folder (say G:). Note: Directory structure should be such that all files in the C:\MyFolder should be in the root directory of your mass-storage drive.
9. IMPORTANT: Be very careful at this step. If you give a wrong drive letter, you may spoil your computer from booting. Open up a command prompt. CD to the folder where you have syslinux and run 'win32\syslinux.exe -ma G:' (I assume G: is your mass-storage drive).
You are all set. Make sure you have USB removable device / USB HDD in the boot list (with priority ahead of your HDD) of your computer. If all done well, connect your mobile/pendrive to your comp and reboot; you should see Knoppix booting off it.
Here is my Lenovo T400 Laptop booting Knoppix from my Windows Mobile ASUS P320: (The video is little long, please feel free to forward if you feel bored; but I want to provide even granular details for the interested, so didn't strip it down).
Have fun!
Friday, July 24, 2009
Windows Mobile Mass-storage drains battery
I recently discovered that my Windows Mobile (ASUS P320) phone drains battery if the USB connection setting is set to 'Mass storage'. In fact it terribly drains; almost half its usual time. It drains battery even if the phone is not connected over USB to any host and even if the phone is in sleep mode. Horrible and unexpected!!
So, in case you have a Windows Mobile phone and suffer with pretty poor battery performance (less than 1.5 days) check if you had changed the USB setting to 'mass-storage' (Start->Settings->Connections->USB). Set it to 'activesync turbo mode'. Change to mass-storage only when required and change it back. It is quite likely that this problem is specific to Windows Mobile 6.1, but I would not be surprised if this issue exists in other versions.
Also, many people complain about WinMo phones switching off much earlier than the battery becoming totally empty. It is important to understand that phone switching off itself on low battery is for your own benefit; if a WinMo runs totally out of battery, it is as good as a hard reset (you lose everything in your phone memory including applications (on phone mem), messages, contacts etc.,). Ideally it switches off when charge in the battery goes below 10% and you can still boot it back again in emergency (it tries to switch off again); I've even made calls at those times. Also, even if the phone is switched off, it still uses battery to keep the memory contents alive; so the remaining 6-10% is reserved to preserve your data until you get to a charger. So it is better not to force boot. I think, usually there is also a small internal backup battery, to support changing of phone batteries without losing data, but that's not going to last long.
So, in case you have a Windows Mobile phone and suffer with pretty poor battery performance (less than 1.5 days) check if you had changed the USB setting to 'mass-storage' (Start->Settings->Connections->USB). Set it to 'activesync turbo mode'. Change to mass-storage only when required and change it back. It is quite likely that this problem is specific to Windows Mobile 6.1, but I would not be surprised if this issue exists in other versions.
Also, many people complain about WinMo phones switching off much earlier than the battery becoming totally empty. It is important to understand that phone switching off itself on low battery is for your own benefit; if a WinMo runs totally out of battery, it is as good as a hard reset (you lose everything in your phone memory including applications (on phone mem), messages, contacts etc.,). Ideally it switches off when charge in the battery goes below 10% and you can still boot it back again in emergency (it tries to switch off again); I've even made calls at those times. Also, even if the phone is switched off, it still uses battery to keep the memory contents alive; so the remaining 6-10% is reserved to preserve your data until you get to a charger. So it is better not to force boot. I think, usually there is also a small internal backup battery, to support changing of phone batteries without losing data, but that's not going to last long.
Thursday, July 16, 2009
TVProgramGuide -- developer's view - #2
This is a follow up of my previous post on developer's view on my TVProgramGuide application.
There were 2 APIs identified : InitIR and GetIRCode
The next step is to identify the return types, calling convention, parameter list and types of these two. Let me explain how I discovered them for one of those APIs (GetIRcode - the difficult one) by reverse-engineering their disassembly.
Disassembly of ThatDll!GetIRCode
Calling convention:
An easy technique to identify the calling convention is to look for the 'ret' statement @25,28 (I would also advise to double check with the caller's next instruction disassembly to make sure he doesn't play with the stack pointer). In stdcall calling convention the callee is supposed to free the stack space for arguments. I think here we are debating only over stdcall and cdecl calling conventions. So, if the 'ret' statement has any value given as operand (no. of bytes to free up on stack), then the calling convention should be 'stdcall'. In most cases, DLLs are stdcalls -- and this observation ensures that for this dll.
Return type (and out params):
In this case, we had already discovered that the technical return type is an int (and was returning 0x0 on keypress and 0xff on no keypress). However, we are still lacking the keycode when a key was pressed. If you look at the epilogue of the function, there are two branchings (clearly two rets @25,28). Please note the "mov byte ptr [edx],0FFh" @26. This looks like an error case, when SendVendorCmd failed (@21). A close look at the diassembly (@18,21) reveals that this code flow occurs when the return value of SendVendorCmd is non-zero (!=ebx); it should also be noted that the return value of GetIRCode is the same as the return value of SendVendorCmd (note that there is no change in eax after the call to SendVendorCmd). If you look at the success path(@22,23), an out parameter of SendVendorCmd (@[esp+4]) is copied on to the address in edx (note the byte ptr mov -- the out param value is so an unsigned char).
Argument list and types:
We are almost done. The only missing piece is to figure out what is edx pointing to. This is a crucial and challenging part. Please bear with me. The statement 'mov edx, dword ptr[esp+10h]'@20, means that the address of the parameter is on the stack. The return statement denotes a 4 byte cleanup on the stack; so it is likely that the fucntion takes only one parameter and that is a pointer to a byte (unsigned char*). However, it is not clear if the [esp+10h] belongs to the local stack variable in this function or is really a argument pushed by the caller -- use of ebp might have been much clearer, but we don't have a choice here. Looking at the disassembly of SendVendorCmd (ret 8) tells me that it uses 8 bytes on stack for arguments. So after the call to SendVendorCmd, the esp will be less by 8 bytes. Now if you carefully account for all the push and pop instructions in this function before [esp+10h]@20, you would find out that the [esp+10h] is indeed pointing to [esp_0+4h] if esp_0 is the esp at the time of entry of the function. [esp+4h] at the entry point clearly skips the return address and lands on the first argument to the function.
And hence the function is 'int (__stdcall *ThatDll!GetIRCode)(unsigned char*)'
I believe I don't have to mention about the InitIR API. But that was pretty simple; the prototype turned out to be 'void (__stdcall *InitIR)(void)' :D.
Now, how to I use ths info to dynamically hook onto the existing TV tuner application is the only critical missing part. Stay tuned!
There were 2 APIs identified : InitIR and GetIRCode
The next step is to identify the return types, calling convention, parameter list and types of these two. Let me explain how I discovered them for one of those APIs (GetIRcode - the difficult one) by reverse-engineering their disassembly.
Disassembly of ThatDll!GetIRCode
10001190 83ec0c sub esp,0Ch
10001193 8d442400 lea eax,[esp]
10001197 53 push ebx
10001198 8d4c2408 lea ecx,[esp+8]
1000119c 33db xor ebx,ebx
1000119e 50 push eax
1000119f 51 push ecx
100011a0 c6442410c0 mov byte ptr [esp+10h],0C0h
100011a5 c644241102 mov byte ptr [esp+11h],2
100011aa 885c2412 mov byte ptr [esp+12h],bl
100011ae 885c2413 mov byte ptr [esp+13h],bl
100011b2 885c2414 mov byte ptr [esp+14h],bl
100011b6 885c2415 mov byte ptr [esp+15h],bl
100011ba c644241601 mov byte ptr [esp+16h],1
100011bf 885c2417 mov byte ptr [esp+17h],bl
100011c3 c744240c08000000 mov dword ptr [esp+0Ch],8
100011cb e870ffffff call ThatDll!SendVendorCmd (10001140)
100011d0 3bc3 cmp eax,ebx
100011d2 5b pop ebx
100011d3 8b542410 mov edx,dword ptr [esp+10h]
100011d7 750c jne ThatDll!GetIRCode+0x55 (100011e5)
100011d9 8a4c2404 mov cl,byte ptr [esp+4]
100011dd 880a mov byte ptr [edx],cl
100011df 83c40c add esp,0Ch
100011e2 c20400 ret 4
100011e5 c602ff mov byte ptr [edx],0FFh
100011e8 83c40c add esp,0Ch
100011eb c20400 ret 4
Calling convention:
An easy technique to identify the calling convention is to look for the 'ret' statement @25,28 (I would also advise to double check with the caller's next instruction disassembly to make sure he doesn't play with the stack pointer). In stdcall calling convention the callee is supposed to free the stack space for arguments. I think here we are debating only over stdcall and cdecl calling conventions. So, if the 'ret' statement has any value given as operand (no. of bytes to free up on stack), then the calling convention should be 'stdcall'. In most cases, DLLs are stdcalls -- and this observation ensures that for this dll.
Return type (and out params):
In this case, we had already discovered that the technical return type is an int (and was returning 0x0 on keypress and 0xff on no keypress). However, we are still lacking the keycode when a key was pressed. If you look at the epilogue of the function, there are two branchings (clearly two rets @25,28). Please note the "mov byte ptr [edx],0FFh" @26. This looks like an error case, when SendVendorCmd failed (@21). A close look at the diassembly (@18,21) reveals that this code flow occurs when the return value of SendVendorCmd is non-zero (!=ebx); it should also be noted that the return value of GetIRCode is the same as the return value of SendVendorCmd (note that there is no change in eax after the call to SendVendorCmd). If you look at the success path(@22,23), an out parameter of SendVendorCmd (@[esp+4]) is copied on to the address in edx (note the byte ptr mov -- the out param value is so an unsigned char).
Argument list and types:
We are almost done. The only missing piece is to figure out what is edx pointing to. This is a crucial and challenging part. Please bear with me. The statement 'mov edx, dword ptr[esp+10h]'@20, means that the address of the parameter is on the stack. The return statement denotes a 4 byte cleanup on the stack; so it is likely that the fucntion takes only one parameter and that is a pointer to a byte (unsigned char*). However, it is not clear if the [esp+10h] belongs to the local stack variable in this function or is really a argument pushed by the caller -- use of ebp might have been much clearer, but we don't have a choice here. Looking at the disassembly of SendVendorCmd (ret 8) tells me that it uses 8 bytes on stack for arguments. So after the call to SendVendorCmd, the esp will be less by 8 bytes. Now if you carefully account for all the push and pop instructions in this function before [esp+10h]@20, you would find out that the [esp+10h] is indeed pointing to [esp_0+4h] if esp_0 is the esp at the time of entry of the function. [esp+4h] at the entry point clearly skips the return address and lands on the first argument to the function.
And hence the function is 'int (__stdcall *ThatDll!GetIRCode)(unsigned char*)'
I believe I don't have to mention about the InitIR API. But that was pretty simple; the prototype turned out to be 'void (__stdcall *InitIR)(void)' :D.
Now, how to I use ths info to dynamically hook onto the existing TV tuner application is the only critical missing part. Stay tuned!
Sunday, July 12, 2009
TVProgramGuide -- developer's view
=== this post is for educational purposes only. please do not apply these concepts to hack into or do illegal stuff ===
As promised earlier, here is my post on what's behind my TVProgramGuide application.
For the ones who do not have the background on the topic and for the ones who did not read my post on my application -- I had a TV tuner hardware and an application that works with it. I could use my TV tuner remote to control the TV. Now I need to find a way to hook into this design and capture the TV remote key presses, so I can use it in my own applications (important: without affecting the TV app's functionality). I'm keen in mentioning only the critical and difficult portions of this app.
The whole issue can be split into multiple major issues:
1. Finding out the DLL and the APIs that the current app uses to read the remote key presses.
2. Reverse-engineer the APIs and find out their calling convention, return types and parameter lists (and types) -- you would definitely need if you are going to hook into the APIs.
3. Find a means to hook/patch the functionality to allow both the TV app and my app to capture the strokes -- multiple options available. Read on.
4. Decipher the codes to match the real keys on remote -- if 1-3 are complete, this shouldn't be difficult.
Let me talk about each one of them in detail.
Finding out the DLL and APIs:
The TV application and the tuner hardware are from different vendors. This have me the hope that there might mostly like be a dll which provides the set of APIs to talk between the two. Using dependency-walker I found the list of modules that the TV tuner application was depending on. I filtered a set of non-system DLLs that got installed along with the TV tuner application. Then listed down the "exports" table from each of those DLLs and looked for any reasonably named API that relates to this. In one of those DLLs (I'm not disclosing the name of the DLL to keep this hack anonymous), there was an API named 'GetIRCode' -- having known that remotes work on Infra-Red (IR), this was suspicious. There were other APIs named 'InitIR', 'GetOneButtonStatus' etc., which seemed more and more closer towards the functionality I was looking at. I was almost sure.
Here's the export table of that identified DLL :
To make sure if these are indeed the APIs that I was looking for: I attached the debugger (windbg) to the TV tuner application and added breakpoints to all APIs in that DLL. As the application starts, I got a breakpoint hit in Dll!InitIR. Makes sense. Then, I could see breakpoints continuously being hit on Dll!GetIRCode (yes, continuously). I just realized that there was no callback mechanism, and the application continuously polls for keypresses by calling GetIRCode (ahem!, waste of CPU). But is it really what I think? Just to make sure that this API was doing something useful on a key press, I looked at the return code of GetIRCode after each invocation. It returned 0xff (likely a -1 in signed byte) most times. I set a conditional breakpoint on the return statement of this function to break if the return value is != 0xff (ie., break if register eax != 0xff). I realized from my testing that, whenever I pressed a key on my TV remote, this break point was hit and the return value was 0 -- hmmm, almost there, but where is the key code??? hack isn't that easy :). A good news was that, during the runtime (when I tested with remote key presses), the TV tuner application did not call any other API on this DLL.
So, at the end of this step, I have discovered the DLL and two APIs that I might need to hook into. And also that GetIRCode returns 0 once after a key was pressed (note: I still do not know how to identify the key, just hoping that this API would help) -- no idea about the calling convention, return types, the parameters I need to pass in to these APIs and their types. Way to go!!
Step 2 for reverse-engineering those APIs for calling convention, parameter list/types is a long topic, stay tuned!
As promised earlier, here is my post on what's behind my TVProgramGuide application.
For the ones who do not have the background on the topic and for the ones who did not read my post on my application -- I had a TV tuner hardware and an application that works with it. I could use my TV tuner remote to control the TV. Now I need to find a way to hook into this design and capture the TV remote key presses, so I can use it in my own applications (important: without affecting the TV app's functionality). I'm keen in mentioning only the critical and difficult portions of this app.
The whole issue can be split into multiple major issues:
1. Finding out the DLL and the APIs that the current app uses to read the remote key presses.
2. Reverse-engineer the APIs and find out their calling convention, return types and parameter lists (and types) -- you would definitely need if you are going to hook into the APIs.
3. Find a means to hook/patch the functionality to allow both the TV app and my app to capture the strokes -- multiple options available. Read on.
4. Decipher the codes to match the real keys on remote -- if 1-3 are complete, this shouldn't be difficult.
Let me talk about each one of them in detail.
Finding out the DLL and APIs:
The TV application and the tuner hardware are from different vendors. This have me the hope that there might mostly like be a dll which provides the set of APIs to talk between the two. Using dependency-walker I found the list of modules that the TV tuner application was depending on. I filtered a set of non-system DLLs that got installed along with the TV tuner application. Then listed down the "exports" table from each of those DLLs and looked for any reasonably named API that relates to this. In one of those DLLs (I'm not disclosing the name of the DLL to keep this hack anonymous), there was an API named 'GetIRCode' -- having known that remotes work on Infra-Red (IR), this was suspicious. There were other APIs named 'InitIR', 'GetOneButtonStatus' etc., which seemed more and more closer towards the functionality I was looking at. I was almost sure.
Here's the export table of that identified DLL :
To make sure if these are indeed the APIs that I was looking for: I attached the debugger (windbg) to the TV tuner application and added breakpoints to all APIs in that DLL. As the application starts, I got a breakpoint hit in Dll!InitIR. Makes sense. Then, I could see breakpoints continuously being hit on Dll!GetIRCode (yes, continuously). I just realized that there was no callback mechanism, and the application continuously polls for keypresses by calling GetIRCode (ahem!, waste of CPU). But is it really what I think? Just to make sure that this API was doing something useful on a key press, I looked at the return code of GetIRCode after each invocation. It returned 0xff (likely a -1 in signed byte) most times. I set a conditional breakpoint on the return statement of this function to break if the return value is != 0xff (ie., break if register eax != 0xff). I realized from my testing that, whenever I pressed a key on my TV remote, this break point was hit and the return value was 0 -- hmmm, almost there, but where is the key code??? hack isn't that easy :). A good news was that, during the runtime (when I tested with remote key presses), the TV tuner application did not call any other API on this DLL.
So, at the end of this step, I have discovered the DLL and two APIs that I might need to hook into. And also that GetIRCode returns 0 once after a key was pressed (note: I still do not know how to identify the key, just hoping that this API would help) -- no idea about the calling convention, return types, the parameters I need to pass in to these APIs and their types. Way to go!!
Step 2 for reverse-engineering those APIs for calling convention, parameter list/types is a long topic, stay tuned!
Sunday, June 28, 2009
A data alignment issue -- example
=== the examples assume a 32bit compilation ===
Understanding what data alignment is and realizing the need for data alignment is a different topic by itself; I'm not going to write about it as there are lots of them around.
Issue: The first member of a struct need not me located at the starting (offset 0) of the struct instance (yes, assuming there are no virtual functions).
Unfortunately, in most cases, this happens to be true; however the point here is that it needn't be. I've personally seen this behavior recently which led me to write this (albeit on a 64bit compiler).
Consider the struct definition,
Assuming a2 is an instance of A2,
offset of A2::a => (char*) &a2.a - (char*) &a2; // offset of a2.a from the starting of a2 => 0
offset of A2::b => (char*) &a2.b - (char*) &a2; // offset of a2.b from the starting of a2 => 4
Clearly a2.a starts from the zeroth byte, and a2.b starts at the fourth byte. The layout of the struct is as follows {a2.a|*|*|*|a2.b|a2.b|a2.b|a2.b} where * represents the padding bytes and each | represents a byte boundary.
It is important to note that, C/C++ standards do not allow the compiler to change the ordering of the struct's members in its memory representation (please let me know if someone feels this is wrong). However, if you think a while, you would realize that without any change to the ordering of the members, the padding can be moved around while still fulfilling the data alignment requirement.
For eg., the memory layout of A2 could also have been {*|a2.a|*|*|a2.b|a2.b|a2.b|a2.b} where * represents the padding bytes and each | represents a byte boundary. This is perfectly valid and easily invalidates the assumption about the address of first member of the struct -- because the offset of a2.a is now 1 instead of 0.
ok, but why would someone rely on this assumption??! Pbly not directly; it does not make sense to use a2, where a2.a is to be used. However, in nested structures, this might go unnoticed. Consider this scenario,
Understanding what data alignment is and realizing the need for data alignment is a different topic by itself; I'm not going to write about it as there are lots of them around.
Issue: The first member of a struct need not me located at the starting (offset 0) of the struct instance (yes, assuming there are no virtual functions).
Unfortunately, in most cases, this happens to be true; however the point here is that it needn't be. I've personally seen this behavior recently which led me to write this (albeit on a 64bit compiler).
Consider the struct definition,
//the sizeof(A) will be 4. This is trivial. Now consider this struct,
typedef struct _A {
int b;
} A;
//
//A2 has one char in addition. Some people might expect the sizeof(A2) to be 5 -- but in reality the sizeof(A2) would be 8 due to the data alignment requirement. So where is the extra 3 bytes (called padding) gone? let's examine the offsets of the individual data members to figure out the gap.
typedef struct _A2 {
char a;
int b;
} A2;
//
Assuming a2 is an instance of A2,
offset of A2::a => (char*) &a2.a - (char*) &a2; // offset of a2.a from the starting of a2 => 0
offset of A2::b => (char*) &a2.b - (char*) &a2; // offset of a2.b from the starting of a2 => 4
Clearly a2.a starts from the zeroth byte, and a2.b starts at the fourth byte. The layout of the struct is as follows {a2.a|*|*|*|a2.b|a2.b|a2.b|a2.b} where * represents the padding bytes and each | represents a byte boundary.
It is important to note that, C/C++ standards do not allow the compiler to change the ordering of the struct's members in its memory representation (please let me know if someone feels this is wrong). However, if you think a while, you would realize that without any change to the ordering of the members, the padding can be moved around while still fulfilling the data alignment requirement.
For eg., the memory layout of A2 could also have been {*|a2.a|*|*|a2.b|a2.b|a2.b|a2.b} where * represents the padding bytes and each | represents a byte boundary. This is perfectly valid and easily invalidates the assumption about the address of first member of the struct -- because the offset of a2.a is now 1 instead of 0.
ok, but why would someone rely on this assumption??! Pbly not directly; it does not make sense to use a2, where a2.a is to be used. However, in nested structures, this might go unnoticed. Consider this scenario,
//The code at line 23 may or may not work as intended, based on the result of data alignment for the struct A5. This is a perfect disguise of this untrue assumption. So, Beware!!
typedef struct _A3 {
char a;
void *ptr; // assume that by design, ptr points to A4 or A5
} A3;
typedef struct _A4 {
char c;
} A4;
typedef struct _A5 {
char c;
int n;
} A5;
void print_members(A3 *pa3)
{
// assume by design:in most cases pa3->ptr points to a A4 instance.
// and given that both A4 and A5 have the common first member
// it might be tempting to write a code like following.
A4* pa4 = (A4*) pa3->ptr;
printf("%c ", (char) pa3->a);
printf("%c ", (char) pa4->c); // here the code is trying to print A4::c or A5::c
if(IS_A5(pa3->ptr))
printf("%d ", (int) ((A5*)pa3->ptr)->n);
}
//
Tuesday, June 23, 2009
TVProgramGuide - my application for tv tuners
This is about an application that I've recently developed, that can show real-time TV programme guide lines on the fly over a TV tuner video.
It is really interesting to see how subtle things can make a big difference in the way we carry out every day life. This idea struck my mind few weeks back, when I landed at entertainment.oneindia.in accidentally while trying to find out what movies are played for the day. The idea was to integrate this info about TV programmes into the existing TV tuner application, so I can fetch them whenever I need them. When I was first thinking about this idea, I didn't really expect it to be soo useful -- today I just can't watch TV without the aid of this app.
The idea sounds interesting but it is as vague as a patent. I spent the first week thinking about the feasibilty of this application, and about how to integrate this app into the TV system. I was pretty clear that this app is going to be of no-use if I cannot provide a means to use this application wirelessly (yes, using the TV remote). If I have to come to the comp, and use the mouse to find out 'what's coming up next?', I would rather visit the website in my browser and know about it. It is as simple as having a bookmark in my browser.
But I wasn't sure if I can hook into the TV remote, and get its signals. Even if I can, I should also ensure that my hooking does not affect the normal functioning of the TV tuner application, that is already using the TV remote and reacting to the signals. As specified in my earlier post on my TV tuner, the tuner's hardware (Trident) and the TV tuner application (Honestech) seem to be from different vendors -- this gave me the hope that there should be an interface available somewhere (although unpublished) using which the existing TV tuner app is receiving the TV remote key presses. I will definitely be writing a separate post on the technical details of how and what disassembling I had to do; but for now, it is that I've managed to discover the undocumented APIs that are used internally, and the appropriate DLLs and managed to hook into them seamlessly so the TV tuner application has no idea that I'm hooked in.
This hooking was done in C/C++. The remaining task was to download the TV programmes from their website (note: oneindia does not have the list for all channels. So I had to do a generic design to support any website; with abstract classes and interfaces, this isn't a problem anyway). For any non-system programming I prefer python (if not UI related) and C# if it has an associated UI. I admire the power of the modules/class libraries that these platforms provide; awesome! .Net comes handy with Http classes (System.Net.HttpWebRequest) to handle the HTTP requests/responses for downloading the programmes. And I used RegEx (System.Text.RegularExpressions.RegEx) to parse the HTML output and extract the program schedule. With a number of choices for sharing info (remote key press) between the C/C++ hook and the C# interface, I chose the simplest one: The windows registry. I intend to post a developer post on this later, but that's the overall technology behind this app.
Important features:
1. Automatically shows the 'now playing' programme on every channel change. The 'now playing' item is picked based on the current channel no. and the current time. This window shows up for 10 seconds and auto-hides. Very useful when we glance through the channels.
2. Channel change is detected by monitoring the remote key presses including numbers, up, down, recall etc., Interesting part was that channels can be changed by a sequence of key presses eg., key 1 followed by key 2 followed by key 3 in a short interval, is not 3 different channel changes, but a single change to channel no. 123. It had to be handled differently.
3. A special mode can be entered by a special key combination (that does nothing to the tuner app) in the TV remote. In this mode, the app overlays the 'coming up next 5' programmes list over the video. This info does not auto-hide. It can be closed by the Mute key on TV remote.
4. Seamless integration, so TV tuner works just well as before.
Here is the video showing my application in action as I watch TV on my comp:
Overall, I'm very happy with this app; one of my applications that I use the most. I'm hopeful to publish this app soon, after I make some generalizations (currently channel associations are hard-coded and not all channels are supported).
It is really interesting to see how subtle things can make a big difference in the way we carry out every day life. This idea struck my mind few weeks back, when I landed at entertainment.oneindia.in accidentally while trying to find out what movies are played for the day. The idea was to integrate this info about TV programmes into the existing TV tuner application, so I can fetch them whenever I need them. When I was first thinking about this idea, I didn't really expect it to be soo useful -- today I just can't watch TV without the aid of this app.
The idea sounds interesting but it is as vague as a patent. I spent the first week thinking about the feasibilty of this application, and about how to integrate this app into the TV system. I was pretty clear that this app is going to be of no-use if I cannot provide a means to use this application wirelessly (yes, using the TV remote). If I have to come to the comp, and use the mouse to find out 'what's coming up next?', I would rather visit the website in my browser and know about it. It is as simple as having a bookmark in my browser.
But I wasn't sure if I can hook into the TV remote, and get its signals. Even if I can, I should also ensure that my hooking does not affect the normal functioning of the TV tuner application, that is already using the TV remote and reacting to the signals. As specified in my earlier post on my TV tuner, the tuner's hardware (Trident) and the TV tuner application (Honestech) seem to be from different vendors -- this gave me the hope that there should be an interface available somewhere (although unpublished) using which the existing TV tuner app is receiving the TV remote key presses. I will definitely be writing a separate post on the technical details of how and what disassembling I had to do; but for now, it is that I've managed to discover the undocumented APIs that are used internally, and the appropriate DLLs and managed to hook into them seamlessly so the TV tuner application has no idea that I'm hooked in.
This hooking was done in C/C++. The remaining task was to download the TV programmes from their website (note: oneindia does not have the list for all channels. So I had to do a generic design to support any website; with abstract classes and interfaces, this isn't a problem anyway). For any non-system programming I prefer python (if not UI related) and C# if it has an associated UI. I admire the power of the modules/class libraries that these platforms provide; awesome! .Net comes handy with Http classes (System.Net.HttpWebRequest) to handle the HTTP requests/responses for downloading the programmes. And I used RegEx (System.Text.RegularExpressions.RegEx) to parse the HTML output and extract the program schedule. With a number of choices for sharing info (remote key press) between the C/C++ hook and the C# interface, I chose the simplest one: The windows registry. I intend to post a developer post on this later, but that's the overall technology behind this app.
Important features:
1. Automatically shows the 'now playing' programme on every channel change. The 'now playing' item is picked based on the current channel no. and the current time. This window shows up for 10 seconds and auto-hides. Very useful when we glance through the channels.
2. Channel change is detected by monitoring the remote key presses including numbers, up, down, recall etc., Interesting part was that channels can be changed by a sequence of key presses eg., key 1 followed by key 2 followed by key 3 in a short interval, is not 3 different channel changes, but a single change to channel no. 123. It had to be handled differently.
3. A special mode can be entered by a special key combination (that does nothing to the tuner app) in the TV remote. In this mode, the app overlays the 'coming up next 5' programmes list over the video. This info does not auto-hide. It can be closed by the Mute key on TV remote.
4. Seamless integration, so TV tuner works just well as before.
Here is the video showing my application in action as I watch TV on my comp:
Overall, I'm very happy with this app; one of my applications that I use the most. I'm hopeful to publish this app soon, after I make some generalizations (currently channel associations are hard-coded and not all channels are supported).
Wednesday, June 10, 2009
Fronttech TV tuner
After contemplating on this for quite sometime, I finally decided to buy a TV tuner. I don't intend (or I should say don't want) to spend too much time on TV. I was fairly confident that I was not going to buy a TV for sure; and if at all I go for something that would be a TV tuner card for my existing LCD monitor.
Then, the question was whether to go for a internal TV tuner, USB TV tuner or an external TV tuner. For those who aren't aware, there are 2 types of external TV tuner -- one that drives a CRT and the other that drives a LCD. So be sure to buy the correct one incase you have a LCD monitor. However, I didn't choose this because: I don't want to keep changing the cables to the monitor everytime I need to switch between TV and comp (my monitor does not have dual input); and I might want to parallely work while watching TV (or atleast check my stock prices, email, orkut). These being the problems on external ones, I was firmly confident that the internal/USB ones will have lot more "features" than the external ones like recording, PiP (Picture in Picture), scheduler etc., and given that it was software controlled, I was hopeful to try my hands on it by writing some code for it (I had no idea about what to do with it, but just felt an opportunity).
After throwing out the external solution, I had to choose between the internal one or the USB one -- both satisfy my criteria of software control. I chose USB as it looks safer to me anytime than a PCI interface -- I'm hopeful that a heavy spike on my cable wire, would cause less damage to my comp over the USB port. It also provides the convinience of moving the TV between my comp and laptop. Also, the internal ones might have difficulty with remote due to line-of-sight issues (not sure, if they even provide a remote for internal ones).
Anyways, after all this I finally zeroed on Fronttech USB TV Tuner (to be frank, I didn't really spend time on analyzing the brand to buy; Fronttech was easily available in the nearby shops and so I just went for it). I had bought it a month back and believe me, I have no regrets today. I think Fronttech is anyway just selling it as its own brand but it is not. The hardware driver identifies itself as 'Trident Analog Video' to Windows and the TV tuner software is from Honestech. Possibly, Fronttech takes care of marketting, sales, service/support.
It is so handy, fits in your palm. This is how it looks (Photo from Fronttech).
It comes with the following key features:
1. Real-time recording (at a click of a button on remote)
2. Recording scheduler (I can just schedule a recording and forget about it; watch it later).
3. Time-shifting (as they call it -- more later)
4. Supports NTSC and PAL
Unfortunately, PiP is not available, and I later learned that it is not available in any TV tuners (at least in the ones available here in India). As it requires support from the hardware level (tuning in, two frequencies at the same time), I cannot do any magic with software to emulate PiP. Ok forget it.
Recording is awesome, with no lag in the TV playback in real-time. There are options to select the resolution of recording along with the video encoding that is to be used.
I should definitely mention about the time-shifting. An easier way to describe the time-shifting is 'pause your live TV' slogan that many digital TV ads boast about. Yes, this feature allows you to pause a live TV and continue from there. This is technically feasible (just like anyother digital TV solution) by continuously recording the TV channel in the background. One very good thing about this TV tuner is (IMHO), I can enable time-shifting only when I need it; this prevents the application from continuously thrashing my hard disk when I really don't need to pause/playback (I believe Tata Sky Plus does continuous recording).
Another "strange" thing I discovered was (at least I didn't know this earlier): The auto-scan option for channel tuning is not as smart as the ones in the real TV. ie., it does not scan the complete set of frequency (at every possible increments) and infer if a clear signal is available at that signal. Apparently, on hooking to their application, I figured out that they have a constant pre-defined set of frequencies to be tuned for a given country (I even remember a function in one of their DLLs, GetFreqencyTableForCountryName). Ok how does it matter to me? It does. They have some 360 channel frequencies pre-defined for Indian Cable TV networks, but not all of them have a clear signal or channel transmitted. The tuner application is not smart enough to discover the absence of the channel and skip bookmarking the channel. So at the end of an auto-scan you will have 360 channels bookmarked, with only around 100 having meaningful video output and scattered all over. Grrr.. There is also no way to tune a single channel. ie., you cannot say, switch to channel 1 and start tuning the band to associate a different channel to channel 1 -- because the channel number by itself defines the frequency to be used, and channel no. 1 will always be pointing to the same frequency. Thankfully, they have the option to name the channels and associate channel shifting to work only on the favored channels instead of just blindly going through all channels. I was a bit uncomfortable here, but after a month, now I'm used to it.
Important: Do remember to backup your "channel.she" file from their installation folder once you configure your TV tuner and named all those channels etc., It is useful to restore the channel list in case you need to reinstall the application or you lose it (I lost it once -- how, is a different lengthy story!!).
Except for these few glitches, over all I'm very satisfied with the quality of its work with some stunning features.
Subscribe to:
Posts (Atom)