Salora Arya - excellent features for unbeatable price

Salora Arya – an excellent phone for an unbeatable price


The Salora Arya is an incredible phone for an unbeatable price. It appears that they have saved the money from advertising to keep the price low, because I had never heard of the phone till I started comparing tech specs when I needed to buy one in a hurry.

It arrived in a neat box with efficient packaging that will take up minimal space to store (and thus I don’t have to throw it away – this wins points).

I will write a longer review later, but at a price of Rs.4,999/- here are the highlights.

  • Quad-core processor – it is FAST.
  • 5 MP main camera (8MP with software)
  • 2MP front camera (5MP with software – I really liked the photos from this)
  • Plenty of space to load apps (5GB or so free)
  • Touch screen that works like a dream (This matters to me – it is a long story for another time)

It does not LOOK cheap.

User reviews indicate that it may have a less than satisfactory battery backup, but I have not encountered that yet and not traveling much, I am rarely in a position to not be able to charge my phone, so even if true, this isn’t a deal breaker for me, at least.

If you are looking for a great phone at low cost, this is it: Arya A1 Plus (Black-Silver)

The links in this post are affiliate links. However, I am not in the business of recommending products I don’t believe in. This is what I purchased. It is the lowest price available.

Disable SSLv3 on Nginx to prevent #POODLE vulnerability

In the wake of POODLE vulnerability discovered in SSLv3, surprising number of people are not sure how to disable SSLv3. So here is how to do it.

In your Nginx SSL configuration, find the line that shows the protocols. It will be something like this:

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

Remove the SSLv3 from it and make it

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

That is all.

This is not relevant if you aren’t using SSL, of course.

Google’s guessing games #privacy #humor

Imagine my surprise today when a google search result showed my location below the search results (nil).

Virar West, Virar, Maharashtra – From your Internet address – Use precise location
 – Learn more

I live in Virar East, so the guess was off by a few kilometers. Curious to see how accurate it gets, I allowed it to use “precise location”.

Result?

Friends Colony, Hallow Pul, Kurla West, Mumbai, Maharashtra – Reported by this computer – Update location
 – Learn more

That would be a few dozen kilometers away with an entire Lok Sabha Constituency lying in between mine and the stated target area’s :p

Moral of the story? If you live in an area barely covered by Google Maps, you’d probably do better activating snooping stuff to obfuscate your location :p

Note: this was funny and an obvious backfiring of “precision” if it added an error that put the location in another district altogether. Your mileage may vary. This is not a serious privacy tip :p

reset-the-net

Reset the net – Don’t ask for privacy, Take it back

A long overdue backlash against state spying (and NSA in particular) has some of the biggest websites on the internet joining forces with internet rights activists to unleash an unambiguous message. Don’t ask for privacy, take it back.

reset-the-net

Internet website and application owners are encouraged to adopt strong encryption based security measures to prevent spying and spread awareness to more people. Here is are resources for various security measures against spying. It doesn’t get easier than this. Do it. The 5th of June will see splash screens raising awareness on sites participating in the campaign.

While the protest is against NSA and US policies, the internet is a world without boundaries, and I do believe that Indians cannot afford to remain disinterested. As power concentrates in fewer and fewer hands, greater resources are spent protecting it from all threats, real and imagined with scant regard for individual and privacy rights.

So I have decided to support the campaign even if it doesn’t protest Indian government (yet). As some of you may have noticed, all my blogs are now ssl enabled. This will continue. I will be using more security features, and perhaps share how you can get them too (since my ideas are n00b and wallet friendly, I imagine they may help some).

Edward Snowden, whose leaks on government spying became a massive last straw for many, has endorsed the campaign in a must read letter.

“One year ago, we learned that the internet is under surveillance, and our activities are being monitored to create permanent records of our private lives — no matter how innocent or ordinary those lives might be.

Today, we can begin the work of effectively shutting down the collection of our online communications, even if the US Congress fails to do the same. That’s why I’m asking you to join me on June 5th for Reset the Net, when people and companies all over the world will come together to implement the technological solutions that can put an end to the mass surveillance programs of any government. This is the beginning of a moment where we the people begin to protect our universal human rights with the laws of nature rather than the laws of nations.

We have the technology, and adopting encryption is the first effective step that everyone can take to end mass surveillance. That’s why I am excited for Reset the Net — it will mark the moment when we turn political expression into practical action, and protect ourselves on a large scale.

Join us on June 5th, and don’t ask for your privacy. Take it back.”

-Edward Snowden

In other news, Google has released the code for its upcoming “End to End” Chrome plugin offering end to end encryption to prevent email spying. It is also intended to be an easy way to get secure communication for people at risk and thus will carry a burden of having to aim for usability as well as flawless security. The Chrome plugin is currently in the alpha state and Google has released it with an Apache 2.0 licence inviting hackers to find security flaws under its bug bounty programme.

Together with statistics released about the use of encryption in sent and received email via Gmail, Google’s message for today is powerful and straight.

Use encryption to communicate by email.

Other organizations supporting Reset the Net include Reddit, WordPress

WordPress All In One SEO Pack plugin users should upgrade NOW #vulnerability

The Scuri blog has posted that the All in One SEO plugin had two vulnerabilities they had pointed out earlier, and the just released update fixes both. AISEO users are advised to upgrade as soon as possible.

While auditing their code, we found two security flaws that allows an attacker to conduct privilege escalation and cross site scripting (XSS) attacks.

In the first case, a logged-in user, without possessing any kind of administrative privileges (like an author of subscriber), could add or modify certain parameters used by the plugin. It includes the post’s SEO title, description and keyword meta tags. All of which could decrease one’s website’s Search Engine Results Page (SERP) ranking if used maliciously.

While it does not necessarily look that bad at first (yes, SERP rank loss is no good, but no one’s hurt at this point, right?), we also discovered this bug can be used with another vulnerability to execute malicious Javascript code on an administrator’s control panel. Now, this means that an attacker could potentially inject any javascript code and do things like changing the admin’s account password to leaving some backdoor in your website’s files in order to conduct even more “evil” activities later.

Read more: Vulnerability found in the All In One SEO Pack WordPress plugin

Also, commenter Orun Bhuiyan brings up an important security point when he points out that the AISEO plugin echoes a generator tag with the version number, thus exposing both plugin and version number and making it easy for malicious entities to target vulnerabilities when such situations arise. This has been pointed out on several forums including several plugins containing settings to mute generator tags, but it continues to be a problematic default that is a major security risk leaving wide swathes of content vulnerable before updates can be applied.

Varnish config for wordpress with ngx_pagespeed and wp-touch

This is the Varnish config I am using currently. It is working with wp-touch, pagespeed and wordpress and (bonus) deals with the pagespeed not allowing pages to cache. No time for pretty comments and explanations, here’s the code. I will answer questions, or come back and explain the code in comments – but it is pretty self explanatory.

backend default {
.host = "127.0.0.1";
.port = "80";
.first_byte_timeout = 300s;
}

sub generate_user_agent_based_key {
set req.http.default_ps_capability_list_for_large_screens = "LargeScreen.SkipUADependentOptimizations:";
set req.http.default_ps_capability_list_for_small_screens = "TinyScreen.SkipUADependentOptimizations:";

set req.http.PS-CapabilityList = req.http.default_ps_capability_list_for_large_screens;

# Lazyload
if (req.http.User-Agent ~ “(?i)Chrome/|Firefox/|MSIE |Safari”) {
set req.http.PS-CapabilityList = “ll,ii,dj:”;
}
# lazyload_images (ll), inline_images (ii), defer_javascript (dj), webp (jw) and lossless_webp (ws).
if (req.http.User-Agent ~
“(?i)Chrome/[2][3-9]+\.|Chrome/[[3-9][0-9]+\.|Chrome/[0-9]{3,}\.”) {
set req.http.PS-CapabilityList = “ll,ii,dj,jw,ws:”;
}
# odd ones
if (req.http.User-Agent ~ “(?i)Firefox/[1-2]\.|MSIE [5-8]\.|bot|Yahoo!|Ruby|RPT-HTTPClient|(Google \(\+https\:\/\/developers\.google\.com\/\+\/web\/snippet\/\))|Android|iPad|TouchPad|Silk-Accelerated|Kindle Fire”) {
set req.http.PS-CapabilityList = req.http.default_ps_capability_list_for_large_screens;
}
# mobile
if (req.http.User-Agent ~ “(?i)Mozilla.*Android.*Mobile*|iPhone|BlackBerry|Opera Mobi|Opera Mini|SymbianOS|UP.Browser|J-PHONE|Profile/MIDP|portalmmm|DoCoMo|Obigo|Galaxy Nexus|GT-I9300|GT-N7100|HTC One|Nexus [4|7|S]|Xoom|XT907″) {
set req.http.PS-CapabilityList = req.http.default_ps_capability_list_for_small_screens;
}
# Remove placeholder header values.
remove req.http.default_ps_capability_list_for_large_screens;
remove req.http.default_ps_capability_list_for_large_screens;
}

sub vcl_hash {
# Block 3: Use the PS-CapabilityList value for computing the hash.
hash_data(req.http.PS-CapabilityList);
}
# Block 3a: Define ACL for purge requests
acl purge {
# Purge requests are only allowed from localhost.
“localhost”;
“127.0.0.1”;
#Add your server IP to this list
}
# Block 3b: Issue purge when there is a cache hit for the purge request.
sub vcl_hit {
if (req.request == “PURGE”) {
purge;
error 200 “Purged.”;
}
}

# Block 3c: Issue a no-op purge when there is a cache miss for the purge
# request.
sub vcl_miss {
if (req.request == “PURGE”) {
purge;
error 200 “Purged.”;
}
}

sub vcl_recv {
call generate_user_agent_based_key;

set req.http.X-Forwarded-For = client.ip;
set req.http.Host = regsub(req.http.Host, “:[0-9]+”, “”);

# Block 3d: Verify the ACL for an incoming purge request and handle it.
if (req.request == “PURGE”) {
if (!client.ip ~ purge) {
error 405 “Not allowed.”;
}
return (lookup);
}
# Blocks which decide whether cache should be bypassed or not go here.

# Did not cache the admin and login pages
if (req.url ~ “/wp-(login|admin)”) {
return (pass);
}
// server1 must handle file uploads
if (req.url ~ “media-upload.php” || req.url ~ “file.php” || req.url ~ “async-upload.php”) {
return(pass);
}

// do not cache xmlrpc.php
if (req.url ~ “xmlrpc.php”) {
return(pass);
}

// strip cookies from xmlrpc
if (req.request == “GET” && req.url ~ “xmlrpc.php”){
remove req.http.cookie;return(pass);
}

# Remove the “has_js” cookie
set req.http.Cookie = regsuball(req.http.Cookie, “has_js=[^;]+(; )?”, “”);

# Remove any Google Analytics based cookies
set req.http.Cookie = regsuball(req.http.Cookie, “__utm.=[^;]+(; )?”, “”);

# Remove the Quant Capital cookies (added by some plugin, all __qca)
set req.http.Cookie = regsuball(req.http.Cookie, “__qc.=[^;]+(; )?”, “”);

# Remove the wp-settings-1 cookie
set req.http.Cookie = regsuball(req.http.Cookie, “wp-settings-1=[^;]+(; )?”, “”);

# Remove the wp-settings-time-1 cookie
set req.http.Cookie = regsuball(req.http.Cookie, “wp-settings-time-1=[^;]+(; )?”, “”);

# Remove the wp test cookie
set req.http.Cookie = regsuball(req.http.Cookie, “wordpress_test_cookie=[^;]+(; )?”, “”);

# Are there cookies left with only spaces or that are empty?
if (req.http.cookie ~ “^ *$”) {
unset req.http.cookie;
}

if (req.http.Accept-Encoding) {
# Do no compress compressed files…
if (req.url ~ “\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$”) {
remove req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ “gzip”) {
set req.http.Accept-Encoding = “gzip”;
} elsif (req.http.Accept-Encoding ~ “deflate”) {
set req.http.Accept-Encoding = “deflate”;
} else {
remove req.http.Accept-Encoding;
}
}

# Cache the following files extensions
if (req.url ~ “\.(css|js|png|gif|jp(e)?g)”) {
unset req.http.cookie;
}

# Check the cookies for wordpress-specific items
if (req.http.Cookie ~ “wordpress_” || req.http.Cookie ~ “comment_”) {
return (pass);
}
if (!req.http.cookie) {
unset req.http.cookie;
}

# — End of WordPress specific configuration

# Did not cache HTTP authentication and HTTP Cookie
if (req.http.Authorization || req.http.Cookie) {
# Not cacheable by default
return (pass);
}

# Cache all others requests
return (lookup);

}

# Block 5b: Only cache responses to clients that support gzip. Most clients
# do, and the cache holds much more if it stores gzipped responses.
if (req.http.Accept-Encoding !~ “gzip”) {
return (pass);
}

# Block 6: Mark HTML uncacheable by caches beyond our control.
sub vcl_fetch {
# For static content related to the theme, strip all backend cookies
if (req.url ~ “\.(css|js|png|gif|jp(e?)g)”) {
unset beresp.http.cookie;
}

# A TTL of 30 minutes
set beresp.ttl = 1800s;

return (deliver);
}
# Block 7: Add a header for identifying cache hits/misses.
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = “HIT”;
} else {
set resp.http.X-Cache = “MISS”;
}
}

Ubuntu 13.10 internet very slow “nothing helps” fix

I installed Ubuntu 13.10 on my laptop and went nuts with the laggy laptop. I have 2gb memory on it, which shouldn’t be causing such a comatose experience. I installed drivers, tweaked memory, did a hundred things, nothing helped.

Digging around in the innards, I found that /etc/resolv.conf was very strange and was showing localhost as the name server. This couldn’t be right. Digging around, I found that any attempt to put working DNS servers was getting rewritten.

In the end, I found a strange fix. Network Manager configuration (sudo gedit /etc/NetworkManager/NetworkManager.conf)was using dns from dnsmasq. Guessing (rightly as it turns out) that I didn’t need dns served from my computer (and i have no idea how it would sync it), I commented out that line and restarted network manager. It looks like this.

<code>dns=dnsmasq</code>

Commented it out like so

<code>#dns=dnsmasq</code>

Now /etc/resolv.conf is showing the DNS servers it gets from the internet provider.

I have no idea if this is the “right answer”, but if your computer is slow and freezing on using internet, and your /etc/resolv.conf is showing 127.0.1.1 or 127.0.0.1 or something as your dns server instead of proper dns server IPs, it is worth a shot. You can always uncomment it if it doesn’t help.

My computer is running faster, freezing less and hasn’t yet exploded.

Ioncube with Nginx+php-fpm giving 502 gateway error SOLVED

Ubuntu 13.10 seems to be having trouble with ioncube and php-fpm. My earlier guide on loading ioncube may not work for you anymore.

This is really strange and I have no idea why no one seems to mention it, but if you are getting frustrated trying to install the ioncube loader on php-fpm, just ignore the instructions to create the 20-ioncube.ini file, and plug the line directly into the end of your php ini.

Steps to install ioncube loader with php5-fpm

cd /usr/local
sudo wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
sudo tar xzf ioncube_loaders_lin_x86-64.tar.gz
mv /usr/local/ioncube/* /usr/lib/php5/20121212/

This is the same.

Now, instead of creating a file called 20-ioncube.ini or ioncube.ini directly add it to your php.ini file (On Ubuntu with a repository installed php5-fpm package, php.ini will be found at /etc/php5/fpm/php.ini)

At the very end add:

zend_extension = /usr/lib/php5/20121212/ioncube_loader_lin_5.5.so

Then restart php-fpm

service php5-fpm restart

If it still doesn’t work, try doing the same thing as root.

If you can’t find your php.ini, create a php file on your website with some random name. Open it in an editor and add the line:

Access the file on your site with a browser. It will have all kinds of info about php, including the configuration files (php.ini and others) locations.

Ubuntu network slow RTL8101E/RTL8102E PCI Realtek

I recently reinstalled Ubuntu, and found that my network was agonizingly slow. Installing the driver from the Realtek website fixed this. My card is RTL8101E/RTL8102E PCI Express Fast Ethernet controller, but I imagine this will work for other versions too.

The problem is that the default driver does not support this card well. Blacklist it.

sudo gedit /etc/modprobe.d/blacklist-network

and add

r8169.ko

to it

Download driver from the Realtek website.

Extract it. Compile it by going to the folder where you have extracted it (Downloads, for example) as root (your prompt will be something like this: root@vidyut-Compaq-435-Notebook-PC:~/Downloads/r8101-1.025.00#)and:

make

and

make install

The make install didn’t work for me, so I had to manually copy it into the folder.

cp src/r8101.ko /lib/modules/3.11.0-12-generic/kernel/drivers/net/ethernet/realtek/

Then run:

depmod -a
modprobe r8101
service network-manager restart

That should do it or try

ifconfig eth0 down
ifconfig eth0 up
service network-manager restart

Your network should be working normally now.