Chandan Log

Vulnogram – Making the world safer one CVE ID at a time, since 2017.

More than a year ago I published a tool named Vulnogram for creating and editing CVE information in JSON format. JSON is one of the preferred format for exchanging CVE ID assignment information for vulnerabilities.

The name Vulnogram is inspired from Greek origin suffix ‘-gram’ which is used for denoting something written or recorded especially in a certain way. Vulnerability related information when recorded in a standard format can help in aggregation, curation, dissemination, analysis and remediation. This enables automation and efficiency in response activities.

Vulnogram project aims to make it easier for vendors and security researchers to accurately record vulnerability information for inclusion in the CVE List. In other words sharing vulnerability related information should be as easy posting on Instagram!

Vulnogram online edition is accessible at

The code for Vulnogram is hosted on github


Announcing OpenGrok Foundation and

OpenGrok Foundation is an all volunteer non-profit organization that aims to promote research and development of free and public technologies that advance human understanding of complex software systems. We have launched a new website for this effort at

OpenGrok Foundation was formed in 2018 and is led by major contributors to the OpenGrok project over the years.

Everything you need to know about cryptography in 1 hour

A good talk by Colin Percival about cryptography with introduction and common mistakes made while using cryptography in applications.
Recommended for anyone who does anything with cryptographic algorithms and software.

[ width=”550″ height=”443″]

Fast Forward in Time: Flower Bloom

A lily bloom that lasted approximately 6 hours is compacted to 25 seconds. This was taken with a Canon SLR camera wired to a computer that captured an image every 35 seconds. The photos were combined to form a 30 frame per second video.

Desktop OS for Personal Computing

with 5 comments

I have been using OpenSolaris as my primary desktop for quite a while – it has been working well, all the devices except blue-tooth work.
Features like suspend-resume and network auto manager have made life easier. With ZFS boot environment and Image packaging system, it has been easier to eliminate unwanted software and services to keep the desktop lightweight. I do not want to waste CPU cycles on fancy cruft that comes with default installation which may not required for desktop usage.

I usually keep upgrading to the latest builds, but noticed that few things have been degrading compared to previous builds I have been running. Mainly it looked like the boot up time had increased to more than a minute compared to something which it look 20-30 seconds previously. Rather than spend time debugging what went wrong, I surveyed a number of available Desktops to see if I am missing anything by running OpenSolaris, looking for something that works well and has a fast neat UI. I use virtualbox extensively to get access to different versions of Solaris as needed. In this Survey I used trial on VirtualBox as the first yardstick, followed by USB or CD booting it on my laptop.

1. Windows 7. A trial version is available for download – It looks like they rearranged few things on Windows Vista, fixed few bugs and called it new – like expired food in a new can. Slow and sluggish and certainly I may not buy it even if they give a 99.99% discount on it. I ran it on Virtual box as well as installed it on a spare partition, to try it.

Rating 2 out of 5.

2. Ubuntu Netbook Remix – the same old Gnome user interface with an additional launcher which looks like was assembled in a hurry. Tried it on VirtualBox but did not consider it worthwhile to try it further.

Rating 1 out of 5

3. Intel’s Moblin – seems promising given it is still being worked on. Interface is much better than other Linux distros out there. It worked on Virtual box, but it panics when booted with USB stick. May be I will giver it a try when they get it working.

Rating 2 out of 5 (would have been higher if only it worked)

4. Live-Android – booted really fast, and has a refreshingly new GUI interface that is years ahead of the Windows 7 and Gnome. The USB booting does not seem to work. Booting from CD works. They are still working on it, and there are hacks to install other Android apps on it.
Working with browser is tough and it doesn’t look like it gives any access to the file system. However it has what I was looking for in my personal computer desktop – a fast and usable interface.

Rating 5 out of 5 (hoping it will mature into a full Desktop)

5. It seems Google is working on an OS called Chrome OS. If it is similar to Android and delivers on speed and usability, I am sure it would replace my existing Desktop. It might also mean the end of Windows Desktop and many other copy cat Linux Distributions out there.

6. Tinycore – offers a neat way to start with a cruft-less operating system that weighs less than 11mb and then add applications like firefox.
Rating 2 out 5 (requires a bit of work to install and to get it working)

7. Webconverger – another distro that launches just the browser, worth mentioning.

There were a bunch of other distributions that I wanted to try like Fedora, Ubuntu and gOS, but looking at their screenshots, my guess is that they aren’t any better than Android at this time so it would be futile to try them. At the moment I may install tinycore on the spare partition and upgrade to a better option if one becomes available.

Netbooks and the end of the Laptop Decade

with 2 comments

If you are in the computer industry, it is not uncommon that friends or
family often consult you to recommend a computer or a laptop. There are
several things that make answering it difficult, especially for an
average consumer who may be buying their first laptop with hard earned

  • A. good $1000 laptop does not offer value-for-money to someone wanting
    to use gmail and Internet
  • B. It will be obsolete in an year and newer software will run slower

When I first heard about the features of OLPC – (One Laptop Per Child)
especially its battery life and networking features etc., my reaction
was that those features should be part of any average consumer computer
– trying to sell it to kids made it look like a scam. If I had 400$ to
spend for a child’s education, there are a dozen better ways to spend
it. A computer would be near the bottom of that list.

Since then a number of commercial small low-cost, efficient and Internet
oriented laptops have appeared in the market. These are also called
Netbooks (v/s Notebook)

Number of companies making them suggests that these are becoming popular.
While the hardware used is pretty awesome, the software stack has to catchup. The
personal computer software industry has a long way to go before it is
ready for the average consumer.

Especially focus has to be on making software run faster, simpler and more usable. Bloatware should be avoided and software should be able to run with limited resources.
System should be able to boot in a couple of seconds and response time for any click should be strictly less than 100 milliseconds (except where the network latency comes into picture).

It seem to be a trend that the common software, (such as browsers, mail clients, games and operating systems) get bloated and slower with each revision. The Gnome desktop my OpenSolaris Indiana takes almost as much time to load up as the system takes to boot up.
There is probably one drastic solution to it, that software developers should use old systems which were made 5 or 6 years ago. That way, regressions in performance become visible as soon as they are introduced.

Home Theater Architecture

At the computer history museum in Mountain view, piles of old machines are displayed row by row chronologically, as if each row represents a decade of design. Computers made in 60’s look like washing machines or dishwashers, while those made in 70’s look like Technicolor typewriters. The machines designed in 80s are black rectangular plastic boxes that look like VHS video cassette players or audio receivers today.
Or is the vice versa?

Majority of home theater equipment today seems to be stuck in the VHS era – they measure like 2 feet in length and breadth, and half a feet in height weighing at least 10 kilograms. If you are in the market for home entertainment electronics, there are hundreds and thousands of gadgets in the market. However finding something that meets my few requirements was challenging. My requirements were:

  • Small size, fewer components – home theater should not make living room like an electronic junkyard – should blend with home decor
  • Support best of technology – HD video and audio from multiple sources such blu-ray disks, cable and over the air HDTV, FM, streaming video and news from Internet.

In terms of inputs and output connections it must have the following:

Home Theater Box requirements

  1. WiFi or Ethernet for streaming Internet media
  2. USB and Firewire for connecting peripherals such as memory cards, external disks, mp3 players, keyboard, camera etc.,
  3. ATSC, DVB tuner with CableCard support to get HDTV from cable or antenna or any PAL/NTSC sources
  4. FM/AM/SW HD-radio tuner and analog audio input from mic, stereo and may be digital audio inputs like optical toslink or s/pdif
  5. Infrared remote control
  6. Should play Blu-ray, DVD and audio CDs
  7. output to HD screen
  8. output to 5.1 surround sound speakers

Surprisingly, there aren’t many (or any) boxes out there in the market that do all the above. Wast majority of the systems you may find at a local electronics store meet only couple of the requirements above. You would need to stack a bunch of them in order to setup a home theater.
it seems like the manufactures making these devices copy each other, even to the price tag, and yet no one ever built a modern system.

One option is called an HTPC (Home theater PC). There are a couple of systems which currently available, some made by Sony (VAIO TP series) are priced at $3000. Another recent one which caught my attention is Dell Studio Hybrid. Mac Mini could have been considered if only it came with a bluray drive and optical audio. One problem is finding a good software for these systems. Last time I evaluated opensource home theater software (such as MythTV), nothing matched the Apple’s frontrow or Sony’s media bar interface.

My current home theater setup (built more than a year ago) looks like this:

Home theater setup

  • Playstation3 caters for requirements 1, 2, and 6.
  • Pioneer HTS surround sound system does 4.
  • Samsung HDTV tuner does some of 3, Cable settop box does others.
  • A Sony programmable remote control takes care of 5

PS3 is a good and fast blu-ray player, has great potential as an Internet media device. I am eager to see PS3 Life software.
Beware of players which take more than a couple of minutes to load a blu-ray disk, players which cant be upgraded.

Pioneer HTS series audio system when I bought it was the only few its kind in the US, where a compact audio receiver is built into the subwoofer and hardly noticeable compared to 2ftx2ft beasts. The speakers are off white and blend with my wall and floor and aren’t conspicuous.
These days Sony also makes such compact audio systems.
Beware of or avoid systems often called as HTIB which are DVD players with 5 speakers, but cant receive surround sound audio from other devices such as Cable TV STB.

A Sony programmable universal remote switches devices/functions can learn signals from various remotes. You can packup all the original remotes to reduce clutter. It operates all the devices transparently except Playstation. Beware of or avoid remotes that don’t have “programmable” or “learning” feature.

All the devices and a Mitsubishi HD projector are hidden in a ventilated side table next to sofa in the living room. The projector projects a screen 9ft in diagonal on the opposite wall. A subscription to netflix provides a supply of high quality blu-ray movies to watch in the evenings. We see life size news anchors and weather experts walking across our living room. This setup caters to most of the requirements, however getting streaming video from Internet like Reuters news or Hulu or youtube requires a DLNA server. Watch this space for future posts discussing HTPC architecture.

