It's Ehtisham

Room for Being Wrong

We all like to think of ourselves as being rational beings, unaffected by bias and holding opinions which are, majority of the times, always right.

During this, we fail to realize the fact that rationality, by itself, is nothing but subjective. If there’s nothing inherently objective and absolute, how can rationality be? To think that the choices we make, the opinions we form, and the decisions we take, all have to be right is based on a false assumption.

We often get into spontaneous arguments with friends, coworkers and family where we try our best to reaffirm our stance and how it’s the correct one. The arguments are based on subjective opinions, and in cases where a reference to some absolute facts is involved, people often end up believing what they’re thinking at the back of their minds are the apparent facts. This can happen without any true knowledge of the underlying facts.

For example, two persons debating which browser is the best. A Firefox fan can make up an argument that it’s the best browser since it’s installed on the most number of devices. It may or may not be true; but since that person is a hardcore user, they’d like to think of it as the most downloaded browser. In reality, Chrome, for example, may have more downloads. If the number of installs is the only criteria for being “the best”, shouldn’t Chrome be ahead, then?

This takes us to another challenge. When pointed out that our stance is factually incorrect, we often shift the argument. The basis of our previous argument no longer means anything.

In the example above, if the number of downloads is indeed the criteria for being the best, our stance turned out to be wrong and it’s Chrome which should be on top. How many will accept it and change opinion, if their assumption (read fact) was proven wrong?

Being self-critical can be good if we don’t judge others and don’t automatically put down the opinions of others. Embracing difference of opinion is excellent; the world can be a better place if we don’t always judge others as wrong and realize it’s down to having different perspectives.

I’ve just started reading the book Thinking, Fast and Slow, and it has me wondering: The understanding of how we think and make our choices is an interesting science, and being aware of it can help us in becoming more accepting of other’s views.

Home Advantage and Adjusting to Conditions

(My article for The Express Tribune, a major English newspaper in the country. Originally appeared here.)

Historically, cricket pitches in Asia had the tag of ‘lifeless’ and ‘flat’ associated with them. They’re considered as batting paradises where scores of 500 and above are regularly posted in Test matches, and taking 20 wickets is akin to climbing Mount Everest.

While it may be true in some cases, despite the notion that they’re flat, some non-Asian touring teams have often been found struggling in these ‘batting friendly’ conditions. The pitches on which Continue reading Home Advantage and Adjusting to Conditions

What Do You Do When Your Laptop Gets Fried?

It can happen. It has happened, to many a great warriors, and now to me as well, a mere mortal. Just when I was starting to wonder—why my laptop hasn’t malfunctioned since the time I bought it? Why am I so lucky? That was the moment. Evil eye struck. My own!

Honestly, laptops getting fried is a scary reality, but how you take it is what matters. The loss can be catastrophic, especially if it takes along your storage media as well, roasting it to nothing but a toast. People, by virtue of being humans, have different instinctive reactions to such events. It may trigger the fight or flight response in some, and while I can’t speak for others, I can tell you what my reaction was.

I was frying a cheese omelette, just a few minutes later. I had never fried a cheese omelette before in my life. So what do you do when your laptop gets fried? Personally, I fry a cheese omelette!

I’m glad I didn’t panic, as it does nothing but add stress when you should rather be calm. The best method of dealing with bad situations is to think. You can’t think if you’re not calm, and both are never mutually exclusive. From dealing with anger issues to responding to a rude comment on an online forum, if you remain calm, everything will start to fall back into place.

So coming back, I was done having my self-cooked, delicious cheese omelette, and the energy that it provided me with, I spent it on taking my laptop to a technician who was able to fix it. They say they invented Cloud for a reason. You can’t possibly realize its importance unless you go through this!

In a nutshell, when life gives you lemons, keep them in a refrigerator and cook something delicious.

Google Drive vs. Docs: Embedding Documents into WordPress.com Posts

You may have run into a scenario where a document, like a PDF, had to be embedded into one of your WordPress.com blog posts. There’s an official support article present here on how you can do that, but it only deals with Google Docs.

In this post, I’m going to talk about why you should rather use Google Drive for embedding documents and how to actually do it, because the embed code from Drive doesn’t currently work on WordPress.com. A slight modification is required in the URL.

A bit about Drive

Google Drive, the cloud storage platform by Google, also has the ability to store documents (.doc, .pdf etc.) and unlike Docs, it retains their original format once uploaded. It’s also a lot more easy to manage the documents in Drive—you can upload, view and share them, however, the ability to edit is only available in Docs.

Why Drive over Docs?

It’s in the layout! Documents from Drive embedded into posts look quite different from the ones embedded from Docs. Pics or it didn’t happen! Yes, I know, nothing is better than a visual illustration, so here is a comparison of a single PDF embedded via both the services:

Can you see the difference? Click to enlarge.

The PDF from Docs is shown in a layout where you have to scroll horizontally to read the lines. Moreover, you can’t even select any text, as the embedded PDF from Docs shows up as an ‘image’.

On the other hand, the embed from Drive not only fits the frame but also has an on-screen zoom control and a button for popping out the document in a new window. Makes for a better reading experience!

How to embed Google Drive documents

Now onto the practical part!

Upload the PDF or any other supported format and share it with the desired audience. To do this, right-click the document and select Share. To make it public, click Get shareable link:

After it’s shared, double-click the document which opens up a preview, then select the pop-out button:

Next, click Embed Item under the options menu:

Copy the embed code and paste it in the post:

Now, wait before publishing the post!

There’s one change you got to make in the code. Where it says drive.google.com, change it to docs.google.com. If you don’t make this change, WordPress.com will turn the code into a simple hyperlink and the embed will not work.

They haven’t added the domain drive.google.com to their whitelist yet, so until it’s resolved, you have to use this method. Rest of the code should remain the same, except width and height which you can modify according to your liking.

Happy embedding, and let me know which embed source you personally prefer! 🙂

Protect Your Android Phone from the Latest MMS Bug

Yesterday, security researchers discovered a critical flaw that affects almost all Android phones, that’s about one billion smartphones worldwide if you want to quantify. The scary part is that attackers only need to know your phone number in order to take over your device! There’s a good chance, rather it’s almost certain that your device is also vulnerable. Don’t panic, though, this post is about how you can easily guard your phone against this Stagefright bug, but a bit of background first.

It works by exploiting a security hole in Stagefright library, which is used by Android OS to render incoming videos embedded within an MMS. Thus, attackers can remotely send a specially-crafted MMS to your number, and upon retrieval, a malicious code embedded in it can silently become a part of your phone. Heck, it can even stealthily remove any traces of the received MMS and much more.

Solution

First one will disable the transmission of any sort of MMS, the second involves stopping your messaging app from automatically downloading/retrieving incoming MMS, as that’s when the code gets executed.

Disable sending/receiving of all MMS messages:

Disable MMS APN for Stagefright — Settings > More > Mobile Networks

Open Settings > More > Mobile Networks. You will get to the first screen above.
Tap “Access Point Names”.
Choose the APN which handles your MMS settings
At the details screen, tap APN to change the value of APN to any random string. Don’t forget to write down the existing value, as you’ll need it to restore MMS functionality

I recommend this method if you don’t use MMS messaging and are not expecting any incoming MMS either.

Disable auto-retrieve in your Messaging app:

The exact steps depend on the messaging app that you’re using. Here are the screenshots of Hangouts and Messenger (messaging client in Lollipop) app:

Disable auto-retrieve in Lollipop Messenger

For Messenger:

Go to Settings > Advanced and disable auto-retrieve

For Hangouts:

Slide the drawer
Go to Settings > SMS > and ‘uncheck Auto Retrieve MMS’.

Apply updates from your phone manufacturer

Note that the above fixes are temporary solutions. For a permanent fix, contact your phone manufacturer, see if they have any update on offer and how you can apply it. For rooted phones, the consequences can be particularly severe if a successful exploitation occurs.

This bug is not in the wild yet, that is, there are no reports of it being exploited at a mass scale, partly because the researchers who discovered it haven’t released a proof-of-concept yet.

They’re going to present it at Black Hat USA on August 5th though, and there’s a possibility of attacks emerging after that so apply the fixes or updates as soon as possible!

Google.com.pk Hacked — Technical Details

Google.com.pk (Google Pakistan) website was hacked early morning today, and from the last several hours is still inaccessible. This domain gets all the traffic from Pakistan; people get redirected to it if a Pakistani IP opens Google.com.

Not only Google, other big names like Yahoo, Microsoft Pakistan and Apple are also apparently “hacked”. The domains Microsoft.pk, Yahoo.pk and Apple.pk remain inaccessible.

Turkish hacking group/individual “Eboz” has claimed responsibility by uploading a defaced page. The question, however is, were they all really “hacked“? Nope, not really. Let’s analyze a few things.

Performing a simple WHOIS lookup on Google.com.pk reveals the following DNS records, as of 9PM PST:

DNS records

name

class

type

data

time to live

google.com.pk

127.0.0.1

3600s

(01:00:00)

google.com.pk

dns2.freehostia.com

3600s

(01:00:00)

google.com.pk

SOA

server:	dns1.freehostia.com
email:	support@freehostia.com
serial:	1353750918
refresh:	28800
retry:	7200
expire:	604800
minimum ttl:	86400

3600s

(01:00:00)

google.com.pk

dns1.freehostia.com

3600s

(01:00:00)

google.com.pk

preference:	10
exchange:	mbox.freehostia.com

3600s

(01:00:00)

As you can see, the NS records, responsible for resolving a domain name to IP address have been changed freehostia.com’s nameservers. It’s a free web hosting provider, and Google, Apple or other affected big brands surely won’t be using a free hosting service!

What this reveals is that the hackers managed to take control of the domain registrar/registry and changed the DNS records. In this case, .pk domain names are handled by PKNIC.

It’s important to note that this doesn’t mean those hackers actually gained access servers of these companies. It’s highly unlikely! Rather, they just pointed the domain names to their own DNS records and people accessing these websites were redirected to the pages setup by hackers.

Google.com.pk is not opening because the IP address to which it points has been changed to 127.0.0.1. That’s a local loop IP address and if you try to open it, you just access your own computer’s port 80.