Dec 30, 2020

The Books and Games that got me through 2020

 Tis the year-end. And here I am reflectin' on the year past. 

Its been a Topsy-turvey year so far. Things don't go to plan, but in 2020 the plan was tossed into a black hole. Holed up in your home for months, watching the stories unfold on news channels - mostly pretty bleak hasn't been that great for the mind. 

Add to it the work pressure. Where things used to take a few mins, now it takes a day. There is this story of a server going down in the office which needed to be restarted. The launch was in a few days. The offices - actually the whole country - was on lockdown. How do you do that ? Its been crazy. 

I do not watch much TV apart from a few shows like The Kapil Sharma Show. Most of my free time goes into gaming and reading. Following is the list of 2020. ( You can also check out the list of books from 2019 here )


Books

I haven't read a lot of books this year. My goal was 12 books, and I have fallen short of that. Not enough time. Here's a small list from this year :

Ender's Game 

This was a re-read. I had read this book a few years back. Then watched the movie. Then read the book again. Now it started to make a lot more sense than earlier. After researching a bit it seems that this book is binary - some people like it some don't. I liked it after the 2nd reading.



 

 

 

 Dune

A sci-fi classic. However, I don't really rate this one high. The reason being that this says sci-fi, but it really has very limited sci-fi aspects to it. Its more of a political setting with a prophesy. Over the years, I have started to dislike stuff with prophesies, as that means that main hero is really not doing anything themselves. Its all written in the stars. I like books where the hero stumbles along and tries to make the best of the situation. I re-read it again this year as the new DUNE movie is coming out, so wanted a refresher. 




The Anarchy

This book by William Dalrymple traces the history of how a small company run out of a small building in England became the biggest corporate of all time, and conquered the unconquerable lands of India. This book along with An Era of Darkness (by Shashi Tharoor) and The Men who Ruled India ( by Philip Mason ) provide a good insight into how England was able to rule over India. 





Roars and Trumpets : Tales from the Wild

A fantastic book by Gurpreet Singh who spent much of his life overlooking tea estates in Assam and his encounters and love for the wild life there. A must read if you are interested in wildlife and doubly so if you ever had wondered "what was life like in India a few decades back" . It traces the life story of Gurpreet Singh from the time his dad used to take him hunting in the North West Provinces before India got Independence to the life in the far flung reaches of Assam. A time when guns could be carried in as baggage in planes !




Early Indians

A book that traces the ancestry of Indians via DNA studies of current population and matching with the DNA from archaeological remains found all over the world. While the book is good in the sense that it tries to make the esoteric scientific advancements and how the migrations happened, it is very repetitive, like the publisher told Tony Joseph that his book was too lean and he needs to add more content into it. The unfortunate effect is that in many places things are repeated again and again.




Black Panther Comics

For a brief time, Comixology was giving Black Panther comics for free as a tribute to Chadwick Boseman. So I got as many of them as I could. 

Wakanda Forever !





A Promised Land

A master orator, Obamas latest book is a riveting read (I still haven't finished it). It traces his journey from his early days into the field of politics. A very straight forward written book, and I was quite surprised by how easy it is to read.







Dec 13, 2020

sha256 mismatch errors - Ubuntu running in VirtualBox on Windows host

 I had this peculiar problem of updates and pip installs failing on an Ubuntu #linux VM running in VirtualBox on Windows

Errors are like the following:


$ pip install --upgrade django
Collecting django
Using cached Django-3.1.4-py3-none-any.whl (7.8 MB)
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
django from https://files.pythonhosted.org/packages/08/c7/7ce40e5a5cb47ede081b9fa8a3dd93d101c884882ae34927967b0792f5fb/Django-3.1.4-py3-none-any.whl#sha256=5c866205f15e7a7123f1eec6ab939d22d5bde1416635cab259684af66d8e48a2:
Expected sha256 5c866205f15e7a7123f1eec6ab939d22d5bde1416635cab259684af66d8e48a2
Got caa8b913f298bf97bf9a826f14519b3d777d63b034561f3acfc57dbe099577d0

I spent the greater part of the day working on fixing this as I needed to start a new django project. 

Here are a few things you can do to make sure this is working:

  • Update to latest version of VirtualBox
  • Check if you have any other virtualization software running on your host OS. In my case I had docker running. Uninstall it.
  • remove the cached pip files . Typically this is : $ rm -rf ~/.cache/pip/
  • Now do a  $ pip install django . It should work now.


Oct 25, 2020

Securing your Personal Work

My last post on securing the online classes for your kids drew in a lot of interest. I got a lot of friends also call me up / ping me offline about their own work/home place security. As one friend commented "an adapted version of this for adults would be useful". 

In this post, I go over all the discussions that I had with people for their own personal setups.

There are still 2 parts to ensuring that your personal work is secure. 

  1. The technology that we can use
  2. The behavioral changes

1. Technology

Working from home when the pandemic started was awesome - wasn't it ? No more long commutes. No more getting ready early. Learn the stuff you most like doing (which apparently for the large majority was cooking). 

Its also been awesome for the criminally minded people. Spam related to covid response is quite prevalent. Here is a snapshot of the Covid response dashboard from McAfee: 


And that's just the new threats from COVID related spam. All the existing threats still exist. Companies are still getting hacked and your data is still getting out there. The most recent one I know of is the Dr Reddy's data breach

So, now lets talk about the tech needed for making your life a bit easier. 

Which Anti-Virus to use ?

As always, if you are on Windows, an antivirus is a necessity. You could go with Windows Defender, as it has become quite robust, but 3rd party security vendors are much more focused on the security aspects. For instance, if I need some clarification on the WD scanning, how do I contact them. OTOH, with a vendor like McAfee or QuickHeal or Kaspersky etc, I know I can call their customers support to resolve issues I have. 

How does one decide on which AV to use Vibhu ? The most commonly asked question. 

The tests done by 3rd parties like AV-Test are a pretty good indicator of what to use. Here's the comparison for Windows tests and what you are looking at is the protection rating, followed by protection, followed by usability. As you can see, there are a lot products with full ratings on all 3 parameters.

 

 But ... Vibhu, this is so confusing still ! There are too many choices ! What do I do ?

I would suggest you on this parameter - have a look at your existing AV - are you happy with it ? Does it compare well in the listing above ? Keep it. 

If you are looking for a new AV, then check which is the current market leader in your country. Its better to get something which has a good spread in your local markets as they have got there. 

Now, that the basics are set. You now have narrowed down to the product and you visit the website and the store. Oh Gosh ! What a lot of  different products there are ! Hey, I just wanted something for my PC - how the heck am I supposed to make sense of this confusion ! 

First things first - look at all the devices you have at home. Many products now provide protection for multiple devices - and if you have a lot ( your laptop, your wife's, your kids, phones etc), you want a solution which can install on all with just one subscription. 

Secondly, you do not want the base AV. The days of just having an antivirus is over. You want something that protects the internet also. Most AV products have a "Internet Protection" or equivalent. Thats the base you are shooting for. 

Ok. The product is out of the way. 

But there is still more. Passwords. 

Most of the hacks these days happen due to weak passwords. You have no idea how much. You also probably have no idea in which all breaches your passwords have been exposed. The point to start here to figure out where your passwords are. Trust me, unless you have a very new email , your details are out there on some corner of the Dark Web. 

Start with going to https://haveibeenpwned.com/ . Check by entering your email. See where all the breaches were and when. Now you have to do 2 things:

  1. Check if you have changed your password after the hack. Most companies do send out intimations to you to change the password in case of any such breach. 
  2. Check if you have used the same password anywhere else. If so, change it. 

There are many password managers out there. You should really consider using one. Most of us have issues with remembering more than a few passwords. The tools generate random passwords and store them securely, so you don't need to remember them all.

2. Behavioral

Tech gets you so far. And yet it won't help if you are not careful about a few things. Here are a few things you really need to start doing:

Check those URLs !

You get a lot of emails. And in scanning them you suddenly see something that gives you pause. The Tax department has sent you a mail with a link. You click that. It opens a site which looks just like the tax website and you need to log in. Hang on there cowboy. Give it a a pause.

Most Scam mails work in the same way - they entice you by fear or greed. The first thing you need to do is check if the email is coming from a legitimate location. Usually the emails are shown with the name, not the email address. You need to check if the email is correct. A tax email from a @gmail domain name is for sure a fraudulent one. Next, you need to check the link you are supposed to click on. On the desktop its easy - just hover above the link and you can see where it goes to. 

Lets do this by example. What do you see the below link as ? 

Let search on www.google.com 

It goes to google.com - right ? But now if you hover over it, you will see it is actually going to this blog. That's a very friendly example of how this works. Scammers are not so friendly. 

Many AV products provide web or URL protection. Make sure that your product has that. Even better, be suspicious of such mails and do not click links. Instead, for example, in this case, go to the tax website directly, not by clicking the link, and then log in.

But maybe something happened and you did click the link. Now you are on the website. Check the location of the URL bar for a few things : 

a. Does it have the lock symbol ? Most fraud sites do not. If it does, click it to see where it is registered to. E.g. the one form reddit is :

 

Scammers do not usually spend any effort for such security. 

b.  check if the URL is the correct one for your tax/bank/etc. e.g. the url could be www.redditcom.com . This is suspicious. Note the site is redditcom.com. That's the modus operandi used by scammers. Make something so similar to the real thing that you get fooled into thinking its the correct one. Some variations of this could be: 

  •  reddit-com.com.  Notice the change in the address by adding a simple - symbol. Nope, not going to enter the details there. 
  • It may be ending in something other than the .com you are used to. e.g. instead of reddit.com it may be pointing to reddit.xyz . 
  • It could also be something that may be prefixed to another website address - e.g. reddit.wordpress.com 

Make a note of the websites you use. Check every time you get a mail that you are going to the correct website. Its good too err on the side of caution.

Passwords Again

Finally, I would come to the passwords used. Although I covered it in the tech section, its still a behavioral change. We are not used to thinking of so many passwords. Nowadays it seems like that whichever site we go to, we need to create a login. Unfortunately, that's how it is. 

So, at the bare minimum, you need to have a different password for each website you go to. There are various ways that you can use to generate the passwords:

  1. Use a password manager tool to generate and store the password as outlined in the tech section. 
  2. Make a password using phrases. XKCD has a good post on it. Check it out. https://xkcd.com/936/ 
  3. Use a random password generator like the one on : https://passwordsgenerator.net/ . However its going to be difficult to memorize it.  

It's become a rather long post already, so I am going to leave it here for you to digest it.

-- 

I would love to hear your thoughts on what you think. Let me know in the comments below or reach out to me on twitter @vibhurishi