Monday, July 27, 2015
ICICI Bank gives unfettered access to your netbanking account to Google
Here's the text of an email I sent to them.
Subject: ICICI Bank gives unfettered access to my netbanking account to GoogleNow, many websites trust Google Analytics to provide them insights about their users, and in many cases you might be able to argue that its fine if a script is provided directly by Google. However, my bank account details are too sensitive for Google or any other third party to be given unfettered access like this, no matter how much you may trust them. I hope ICICI Bank will remove Google's scripts from their netbanking website soon.
Hi,
It seems ICICI Bank is using Google Analytics to track user behaviour and Google Tag Manager to track online campaigns. To enable this your netbanking website loads Javascript sources directly from these two services. The URLs are:
https://www.google-analytics.com/analytics.js
https://www.googletagmanager.com/gtm.js?id=GTM-WZFKRK
This unfortunately gives Google unfettered access to my netbanking account. The first script, from Google Analytics, is loaded on both the login page and on subsequent pages after login. The second script is loaded only after login. Some of the things that this allows Google to do are:
* Steal my customer id and password
* Read my debit card grid number (not all, but some of the pages where the grid numbers are required load these scripts)
* Get info (account number, balance, etc.) about my bank account, loan account, deposits, etc.
* Read my account statements
* Get the list of my payees for funds transfer (including their account numbers)
This list is by no means exhaustive, but even leaking this much info about your users to a third party is extremely worrying. This is serious enough that I am considering moving to another bank where my privacy is taken more seriously.
For the sake of your users, please remove all references to these external scripts from your netbanking website on a priority.
Chaitanya
Also, while its better to check for yourself, here's "proof" of what I am claiming:
Monday, October 07, 2013
Print bit representation of a signed integer in Common Lisp
So, how do you print the bits of a signed integer in Common Lisp? Easy enough:
(defun print-bits (n)
(let ((*print-base* 2))
(print n)
(values)))
> (print-bits 10)
1010
Or
(defun print-bits (n)
(format t "~B" n)
(values))
> (print-bits 10)
1010
But what happens if you try to print a negative number?
> (print-bits -10)
-1010
Not exactly what we were looking for -- we were looking for the bit representation of this number in two's complement form, which is how logical operations treat integers in Common Lisp. So how do we print the bits in two's complement form? The trick is to use ldb. ldb returns a non-negative integer with the exact bits that were contained in the given integer, be it positive or negative.
(defun print-bits (n size)
(format t "~B" (ldb (byte size 0) n))
(values))
> (print-bits -10 8)
11110110
> (print-bits -1 16)
1111111111111111
where size is the number of bits that we want to print. Note that you need to be careful about size since this will truncate the printed bits if integer can't be represented in size bits.
Bonus: How do you pad this binary representation to the given size with zeroes on the left for positive numbers? (negative numbers are already padded)
(defun print-bits (n size)
(format t (format nil "~~~D,'0B" size) (ldb (byte size 0) n))
(values))
> (print-bits 1 4)
0001
> (print-bits 1 8)
00000001
> (print-bits -1 16)
1111111111111111
Labels: cl, lisp, programming
Saturday, July 27, 2013
A neat reader trick for DO/DO*
LOOP every time I needed to use a general purpose looping construct, yesterday I decided to give DO/DO* a shot. The biggest problem that I had with DO was code repetition when the step-form and init-form of an iteration variable were to be the same. For example:
(defun alignment-octets (encryption-fn)
(let ((block-size (find-cipher-block-size encryption-fn))
(octet-1 65)
(octet-2 66))
(do* ((test-input-1 (make-octets block-size :initial-element octet-1))
(test-input-2 (make-octets block-size :initial-element octet-2))
(change-index 0 (1+ change-index))
(mismatch-start (mismatch (funcall encryption-fn test-input-1)
(funcall encryption-fn test-input-2))
(mismatch (funcall encryption-fn test-input-1)
(funcall encryption-fn test-input-2)))
(mismatch-end (mismatch (funcall encryption-fn test-input-1)
(funcall encryption-fn test-input-2)
:from-end t)
(mismatch (funcall encryption-fn test-input-1)
(funcall encryption-fn test-input-2)
:from-end t)))
((= block-size (- mismatch-end mismatch-start))
(subseq test-input-1 0 change-index))
(setf (aref test-input-2 change-index) octet-1))))See the iteration vars
MISMATCH-START and MISMATCH-END above. I spent some time thinking about how this could be avoided. It didn't seem like DO itself would help us much here. Maybe MACROLET would help, but the solution would probably not be very clean or readable. This seemed like a dead end. However, the Common Lisp reader has a trick up its sleeve -- the dispatch macro character constructs #n= and #n#. To put it simply, if any s-expression is prefixed with #n= (where n is an unsigned decimal integer), then the Lisp reader will replace any corresponding #n# with this s-expression. To be more accurate, the reader treats #n# as a pointer to the same(eq) object that is labeled by #n=.Let's see this in action:
(defun alignment-octets (encryption-fn)
(let ((block-size (find-cipher-block-size encryption-fn))
(octet-1 65)
(octet-2 66))
(do* ((test-input-1 (make-octets block-size :initial-element octet-1))
(test-input-2 (make-octets block-size :initial-element octet-2))
(change-index 0 (1+ change-index))
(mismatch-start #1=(mismatch (funcall encryption-fn test-input-1)
(funcall encryption-fn test-input-2))
#1#)
(mismatch-end #2=(mismatch (funcall encryption-fn test-input-1)
(funcall encryption-fn test-input-2)
:from-end t)
#2#))
((= block-size (- mismatch-end mismatch-start))
(subseq test-input-1 0 change-index))
(setf (aref test-input-2 change-index) octet-1))))
An elegant solution to a not so simple problem. Now try this in your favourite language!
Labels: cl, lisp, programming
Thursday, May 10, 2012
A git diff driver for core data model files
git diff, what exactly changed. Usually, the output looks like:
diff --git a/Recipes.xcdatamodel/elements b/Recipes.xcdatamodel/elements
index 35a20f3..939bc61 100644
Binary files a/Recipes.xcdatamodel/elements and b/Recipes.xcdatamodel/elements differ
diff --git a/Recipes.xcdatamodel/layout b/Recipes.xcdatamodel/layout
index 052f0e8..18906a4 100644
Binary files a/Recipes.xcdatamodel/layout and b/Recipes.xcdatamodel/layout differ
Git, however, provides a way to diff binary files as if they were text. Using a diff driver and a binary to text converter[1], we can control git's diff output so that we get this:
diff --git a/Recipes.xcdatamodel/elements b/Recipes.xcdatamodel/elements
index 35a20f3..939bc61 100644
--- a/Recipes.xcdatamodel/elements
+++ b/Recipes.xcdatamodel/elements
@@ -2,8 +2,8 @@ Entity: Image (NSManagedObject)
Att: image Transformable O dafQGIhBFATAxE1hyQd5z5cpRg0OLP4+M+W3+xhA6jU=
Rel: recipe Recipe image Nullify I fVH2lmmkHE4j/FvzfJ2et3KsNxcA8p5BJp2d/xd4hH0=
-Entity: Ingredient (Ingredient) 5tCLlA1r9p1UWdOTr3XJ+ZzBr6bxraWAs3Vt9zCAZek=
- Att: amount String O b9/jjR2iJtm4oldVJwj25X+/hpEL6/1CM5hLhgV48Iw=
+Entity: Ingredient (Ingredient) 7nbTTDaWG1lAddHYHum4xP4IA/N90NYv9GLkGK+sueQ=
+ Att: amount Integer16 O RmH9Sk61kxsb8+GUEqlEkIuV4tDjxxhMNsHUu/tBW6I=
Att: displayOrder Integer16 kMPJ+qU+fnBipO5Ajep+KT3rKB9zeOPrav0q4rMSt7k=
Att: name String jLmWXAAxrGiROYTzEQlBrZZTlb6f2bF9575UvHrUaJA=
Rel: recipe Recipe ingredients Nullify O I GvmjTsOh76OGkr0Lmnxdh8u6FO4E+iuEYa0mRZPuKJQ=
diff --git a/Recipes.xcdatamodel/layout b/Recipes.xcdatamodel/layout
index 052f0e8..18906a4 100644
Binary files a/Recipes.xcdatamodel/layout and b/Recipes.xcdatamodel/layout differ
The great thing is that, this works not only for
git diff, but any git command which displays diff output e.g. git log -p, git show, etc.To do this for your own iOS or Mac OS X projects, try XCDataModelPrinter -- a small little project I wrote. The README should help you get started. If you have any questions, drop me a message at mail at chaitanyagupta dot com.
1. This technique is explained eloquently in the book Pro Git.
Thursday, April 08, 2010
Adidas miCoach Review: Week 4
This is week 4 of my four week review of Adidas miCoach. Read the whole series here.
After my rant last week about the inability to create custom interval workouts on miCoach, I got a nice little comment on the post to checkout a new custom workout builder "next" week. Well well, come this week and I got this and more:
- a brand new forum
- add/edit routes
- an "achievements" page
Custom workout builder
One of the two most useful additions to the miCoach website, this one completely fixes my issues with the interval workouts from last week. Here's a quick rundown on building a custom interval workout:
Select your workout type
Then you define your interval workout. You can set the warmup/cooldown sections and upto 8 different kinds of interval sections. You also need to set the number of repetitions for the interval sections.
An overview of what your heart rate zones for the workout will look like, and you are done.
This is almost perfect for my needs. One thing which will make it even better is that if one could also set the "duration" for the interval sections in terms of distance and not just time. But overall, its a job well done and its dead easy to define your own interval workouts.
Forum
Another welcome addition is the brand new forum. There's the "help" section and then there's the "talk" section -- the former to seek help regarding the device or the website (presumably there would be some admins there), and the latter for general discussion around running and the device (I am sure there will soon be a few bragging contests around people's running "achievements" :P )
Achievments
A novelty feature, mostly. But certainly makes you feel good!
Add/edit routes
Another new addition is that you can pin your routes on a map (via Google Maps). You can supposedly add ratings, notes, etc. This is something I haven't really used much yet, so can't say much about it. I guess I'll add some of my running routes in Gurgaon and Jalandhar at some point of time.
Conclusion
I was a little low on running mileage this week -- managed only a short interval workout on one of the weekdays and then an 18K run on Sunday. All in all, I've put in nearly 90 km worth of outdoor running (not counting treadmill runs in the gym) in the last four weeks (I know its not much -- will have to gradually increase my mileage again), and I have come away quite impressed with the product. Some of the more useful things for me have been:
- Getting an accurate idea about the distance run when running on the road
- The coaching system is really useful for interval based workouts
- Love the way running stats are presented on the site
Another way I benefited from this device was that I picked up my running momentum again. Since I had no major upcoming events to run in since the Mumbai marathon in Jan, I had slacked off quite a bit on running in February. Thanks to the obligations placed by the miCoach contract, running is back on track :) Hopefully things will continue to get better.
Labels: micoach, micoach-review, running
Wednesday, March 31, 2010
Adidas miCoach Review: Week 3
This is week 3 of my four week review of Adidas miCoach. Read the whole series here.
Update 1: (7th April, 2010) One of my primary rants against the miCoach website in this post -- the inability to define any custom interval workouts -- is now taken care of after a recent upgrade. More in week 4.
After two weeks of miCoach usage, I have been fairly impressed by the stats and graphs that it provides. Its great fun to drool over the graphs -- especially after a good run. Not only that, the information captured by the device is quite granular -- down to once every few seconds. This is probably more than what you need, but still its good to have it.
But what about the "coaching" part of miCoach? As I have said before, for the long runs, where I run easy for a period of 1:30-2:00 hours, I haven't really found the coaching very useful -- for those runs I just find the stats collection useful. Even for short runs which I run at a moderate pace, I don't really use the coaching function.
However, there is one kind of workout which I still hadn't tried with miCoach (and its something that I hadn't done in months) -- the interval workout.
Interval workout
Essentially, in an interval workout, you run for a short period of time at a fast pace, and then slow down (could be even to a brisk walk) to recover. This cycle is repeated a certain number of times. Doing intervals brings a nice variation to an otherwise uneventful routine, plus it also helps build pace and strength.
Now, the miCoach website does provide some interval training routines in its custom workouts. I picked one of them and went for a run. Here's the graph for the run:
For this workout, the coaching function actually did turn out to be quite useful. The plan that I selected was a time based interval training workout -- run at an easy pace for a few minutes, then run hard and fast for a minute, and recover and repeat. Thanks to the attached earphone, I was getting constant feedback about when to slow down or speed up -- didn't have to worry about looking at my watch all the time. One minor annoyance has been keeping the earphone in place when running fast, but I think that is something which can be taken care of.
As I had mentioned in the week 1, its a shame you can't really "customize" the custom interval workouts. The kind of routines they have provided are good, but its too limited. Too bad, 'cause miCoach really shines here.
Not just for running
I thought it would be fun to try it out while doing some physical activity other than from running. Occasionally, instead of taking the lift, I take the stairs to reach my office on 14th floor. One day, I strapped on miCoach before doing so, and here's what it says about my heart rate:
The heart rate monitor atleast, could turn out to be useful for workouts other than running, if its that important to you. Maybe I'll try it in the gym someday.
Long Run
Sunday was, as usual, long run day. I had originally planned to do a 20K run this time but could only manage 15. Maybe it was the evening weather which affected my run, or maybe the oncoming summers were to blame. Maybe it was just an off-day. I was also consistently feeling very thirsty throughout the run, which was a bit baffling. Anyways, I did, again record stats for the entire run using miCoach. But I haven't been able to find the time to upload the workout details yet (thanks, again, to the fact that they have no utility for Linux).
So conclusion from this week has been that miCoach is great for interval training workouts. Unfortunately the number of interval workouts on the website are very limited. If they were to increase that number, or, better still, allow their users to define their own workouts, it would be awesome.
Labels: micoach, micoach-review, running
Tuesday, March 23, 2010
Adidas miCoach Review: Week 2
This is week 2 of my four week review of Adidas miCoach. Read the whole series here.
Continuing with my ongoing review of the miCoach, I did a couple of outdoor runs this week -- a difficult 8K in the getting-really-hot afternoon sun and then hit the road for late Sunday morning for a good 15K.
As I mentioned last week, I would try adjusting the heart rate settings and see if I could stay in the "zone" a little more than last week. The factory HR settings seemed fine to me, so I reverted to that. And here are the results:
So I stayed a lot above the green zone again (which was my target zone for the run), although the pace was fairly easy (maybe the HR was high due to the sun). I have decided not to focus too much on this zone business for plain and simple runs for now. I will also try to squeeze in an interval training run this week to see how my heart rate varies with it.
Achievements, history and training journal
A few other niceties I discovered on the website:
Achievements
This comes with the Dashboard view (which gives a summary of the latest workout) -- shows "lifetime" achievements for five of the parameters that it tracks: time, calories, distance, heart rate and pace.
History
Bar graphs showing historical running time, grouped by either year, month, week or day.
Training journal
A list view for the completed workouts -- loads of information in a compact view. Nice.
Workout export and backups
One issue that I do have with the webiste at the moment is that there doesn't seem to be anyway for me to export or backup all the workout data that I am uploading here. While Adidas has done a great job with the website, I am not too happy about not having any local backup of my workout data. And if the website doesn't remain upto the mark later on, it will be good to have an alternative (I don't see why Adidas would make this easy to happen though).
Linux support
I complained to Adidas via their feedback link about the lack of Linux support. Got a response back (the same day) that they don't support Linux for now and the "suggestion will be passed on to the responsible department". Guess that means nothing for now :( If you are a developer who works on miCoach you would have one very grateful customer if we saw Linux support soon!
Stride sensor battery issue
One issue I have encountered a few times now is that when the it is switched on, Pacer refuses to detect the stride sensor until I take out the stride sensor's battery and put it in again. This is really annoying if I have to do this everytime I need to use miCoach. I wrote to Adidas about it and they replied back that this might either be an issue with low battery or with pairing.
What's next?
So my training log shows that I have done about 43K worth of outdoor running in the last couple of weeks. That's a bit on the lower side -- but then again, summers are here! Still, I want to hit the 100K mark for four weeks, so I will be aiming to do about 60K worth of running in the coming two weeks. I will also try to squeeze in a couple of interval training sessions and hope that miCoach's "coaching system" will prove a little more useful here.
Labels: micoach, micoach-review, running
Subscribe to Posts [Atom]