Monday, October 30, 2017

Leon: The professional (1994) [Review]

This evaluative essay for the movie Leon: The Professional was written by my friend Elie Tom and has been modified to be displayed properly here. I like it a lot so I decided to post it on my blog.


Léon: The Professional is a 1994 thriller film starring Jean Reno, Natalie Portman, and Gary Oldman and written and directed by Luc Besson. The film received favorable reviews from critics and is one of the best action/drama films of 1994. It pivots around an unusual relationship between Léon, an Italian hitman, and Mathilda, a 12-year-old girl living in a dysfunctional family. The fresh thriller plot, outstanding acting and role performance, and a one a kind script earned Léon: The Professional it’s spot as one of the best drama films of its time and up to this day.


The plot is straightforward compared to most movies of the same genre; the movie is not driven by a plot-driven movie but rather driven by characters. There is no particular plot twist, although there are a few spectacular action sequences like the climax’s police shootout. The film mainly revolves around the relationship between Leon and Mathilda, and how they change each other’s lives.  Mathilda's abusive father draws the attention of corrupt DEA agents, who have been paying him to hide drugs in his apartment. Although Mathilda is young, she becomes interested in Leon and his job, seeking revenge for the horrific acts committed upon her.



The performance of the actors in the movie is unprecedented. Natalie Portman as delivers a brilliant performance a twelve-year-old Mathilda as she is able to portray childlike innocence and raw emotion combined with awareness and intelligence that are years ahead of her age. Mathilda is the star of the film, and Portman is outstanding in playing this difficult role. Jean Reno as Léon delivers a sharp character who sets all of his focus on his hitman assignments until Mathilda comes along. You really can sense what Léon’s character is about from the first few scenes; an extremely skilled hitman who is like a child in many ways. Jean Reno plays Leon perfectly. Danny Aiello as Tony makes you wonder whether he’s a bad guy or good guy. His minor role as Tony was excellent and fits the movie like a jigsaw puzzle. Last and certainly not least, Gary Oldman, as the corrupt DEA Agent Norman Stansfield, moves the story along and controls it with his actions. He plays of the most memorable negative role ever and mixed both fear and sarcasm in his actions at the same time. Oldman especially chews the scenery in a way that's both amusing and utterly menacing especially with his Beethoven obsession.


One issue that may arise in this movie is in the script, although it is one of the best scripts of its time. The love story between a twelve-year-old girl and a hitman would turn a few eyes, but Besson handles it in the most natural way by adding awkwardness in Leon’s script when Mathilda tries to bring up adult topics. There is a breathtaking and heartbreaking scene where Mathilda walks down the corridor past her apartment and knocks on Leon's door to evade the gunman standing at the door to her apartment. You can’t but emphasize with Mathilda. In another scene, a beaten Mathilda asks, "Is life always this hard or just when you’re a kid?" and Leon pauses only to respond with “always like this”. What really stands is the brilliant script and the straightforward direction of the action sequences. Portman, Reno, and Oldman deliver lines that would not be appreciated have they been spoken by any other performer.




Luc Besson's movie delivers an intense story that is amplified with the perfect-fit casting. Every aspect of the movie adds to the unique overall package. Leon: The Professional attained its success without special effects overuse or a large shooting location. Besson's approach provides it with a European look; Paris in New York. Portman, Reno, and Oldman along with Danny Aiello show us that great acting cannot be replaced. One impressive thing about the movie is how it’s basic story is maximized to it’s potential by the depth of the characters and outstanding acting and a one a kind script along with many other elements that go into the making of the movie.



The depth of the characters in this movie hooks you from the moment it starts. Matilda is played with great resourcefulness by Portman, who is required by the role to be, in a way, stronger than Leon. She has witnessed many violent things in her life most of which is through her dysfunctional family. She is wise for her age and this is seen when she makes references to movies: "Bonnie and Clyde didn't work alone," and "Thelma and Louise didn't work alone. And they were the best." Léon who has learned to repress his emotions in order to perform his job as a hitman. His world is changed when Mathilda turns to him for help and he learns about living a normal life, even if the circumstances which unite them are far from normal.

Share:

Saturday, October 14, 2017

Successful application in UKVI's strict system

I've been recently (~ 2 weeks ago)  given a tier-4 visa study in the United Kingdom:

A post shared by George Chalhoub (@georgechalhoub) on

However, I'd be a liar if I say that the process has been easy or straightforward. In fact, obtaining that visa was a long and tedious process which has cost a lot of money, time, paperwork (and an acceptance at St Andrews).

GO.UK has a clear guide to applying for a tier-4 visa application but it doesn't have all the details and more detailed PDF documents ( > 100 pages) have to be read to make sure you are compliant with all of their guidelines.

What are the most recent UK Visa incidents?

Starting the application 

That wasn't hard because of a new beta system called Visa4UK where you sign up, sign in and apply for a visa application online. There is no need anymore to fill any papers. It is intended to be used by applicants from abroad.

Making the payments

All visa applications require you to pay an amount of 456$, plus an immigration health surcharge of 300$ which totals 800$. The amount is only refundable if you don't attend your visa interview and withdraw your application online prior to your interview time. If your visa application has been unsuccessful, the amount remains nonrefundable. 

Setting up an interview 

Luckily, that was easy as well. After making the payment, you will be able to set up an interview date using the UKVI's web application Visa4UK. I don't have a screenshot anymore of the page but it looks like this (My interview was not in May 2017, illustration picture only):


Degree award delayed

Despite finishing all my courses and requirements at university in July 2017, the university was unable to provide me with a degree telling me to actually wait until September 2017 because of the vote of the Senate. This is clearly an issue as St Andrews University (where I have an acceptance) starts on the 8th of September 2017. I would not be able to catch my university on time. 


Emailing UKVI

At that point, I've had to email UKVI and ask if I can apply for a Tier-4 visa before my degree was officially awarded and the answer was no.


Emailing UKVI again

At this point, I was really desperate; I told them about my issue and that I would be late for St Andrews but the answer was still no:


Postponing the interview 

At that point, I have no choice but to postpone my visa interview until my degree was awarded.

No degree awarded yet 

On September the 2nd, LAU still didn't award me my degree. 

Withdrawing my visa application

At this point, I've decided to withdraw my visa application and I realized it is unrealistic to attend St Andrews anymore which starts on the 8th of September. Even if the visa is awarded (which would take time), I would be very late to register for and attend St Andrews.

Informing St Andrews I'm not attending 

That was done in writing as you see below:


Official Degree Awarded

Finally, the good people of LAU have given my degree on the 7th of September.

Checking another university

At this stage, I've confirmed to the University of Southampton that I'm attending (already had an acceptance) and I've asked them to issue a CAS. The university was set to start on 28 September.

Starting new visa application

That was done quickly and urgently. New payments were set.

Parents joint bank account issue

One of the UKVI's major Tier-4 visa requirements is proving that you can finance yourself. I've had decided to use parent's joint bank account. But it turns out, it wasn't accepted. UKCISA has reported:

It’s important to be aware that according to page 52 of the Tier 4 policy guidance and paragraph 1A(k) of Appendix C of the Immigration Rules you are only allowed to use money held in a joint bank account if you are one of the named account holders.  If you use a joint account that is not in your name then there is a risk that your Tier 4 application will be refused.

Requesting copy of urgent sponsorship letter

So I've had now to urgently request from my partial sponsor Fondation Sesam to send me a letter of partial sponsorship support to provide with my application. And they did quickly:

A post shared by George Chalhoub (@georgechalhoub) on


Registering with TLSContact Beirut

This is UKVI's commercial partner that handles all visa applications and interviews in person. I've had to register there and link application and confirm interview times:


Paying for priority visa


Attending the interview

September 13: I've attended the video interview and submitted my passport and all the documentation required.


Application transferred to UKVI


September 13: The application was transferred for decision.

Application received by UKVI 

September 17: The application was received for decision by the UKVI.


Decision Made by UKVI

September 24: The application was accessed for decision by the UKVI.


Passport ready for collection

September 25: The password was ready for collection by TLSContact.


Visa acceptance letter

I've picked up my password and the letter informing me the visa application has been successful.


What next?

I've left Lebanon in few days to catch up with the University of Southampton.
Share:

Tuesday, September 5, 2017

iCloud Trauma: 13,625 images and videos disappear and how I recovered them

Imagine that you wake up one day to find out that 13,625 images and videos have disappeared from your iPhone, iPad, and iCloud.com.

This is exactly what happened to my iCloud and specifically iCloud Photo Library. I woke up one day to find out that all of my old images from March 2014 till March 2017 now have disappeared.

I kept refreshing icloud.com/#photos, changing browsers, and researching. The "Deleted Photos" folder was empty. I was screwed.

I even waited a day to check back iCloud.com and still images didn't show up.

Exact thoughts 

"Fuck you Apple, literally fuck you". I couldn't process it. I trusted iCloud and I thought my data was safe there but apparently, it wasn't. Those images were important to me and only some images from 2014 were backed up. The rest weren't.

First attempt to contact Apple Support 

The first attempt to contact their support was an utter failure. I was barely hearing the support personnel (who was located in Egypt and speaking Arabic). The call disconnected before I articulated my problem and they didn't bother to call me back, they instead sent me this: 


An empty email with a header message saying contact us. Not even a body message. 

Using forensic tools

At that point, I completely gave up on Apple and I started looking for online help to fix my issue. I found a great forensic tool called Elcomsoft phone breaker for Mac:

 What this tool claimed to do was:


"Elcomsoft Phone Breaker can extract photos and videos stored in the user’s iCloud Photo Library. In addition to existing files, Elcomsoft Phone Breaker can extract media files that have been deleted from the Library during the past 30 days. Selective downloads are possible by specifying which user-created albums to download."



Exploring Elcomsoft PhoneBreaker

I was really skeptical about this software so  I decided to give it a try, I have turned off two step authentication temporarily and logged in via their program to see this interface:


I was really happy that now my missing images are appearing in "Deleted". On icloud.com, the deleted folder was empty. However, they were being displayed in this software.



Purchasing Elcomsoft PhoneBreaker

At that point, Elcomsoft has proven to be working (by allowing me to recover only up to 10 pictures). I had to purchase the software for USD200.  



After a few minutes, I received my registration code:

Starting the Download:

This was the most chaotic part. The download took almost a day despite having an internet speed of 1.5 MB/s. The download has interrupted at least 20 times (due to poor internet connectivity or iCloud issues/restrictions).



However, I realized later that the download is resumable because the pictures are downloaded in chunks inside a hidden folder called .chunks. The contents of the folder look similar to this:



So every time the download interrupted, I re-downloaded it using the same directory that had .chunks, so the download resumed instead of restarting. At the end of the day, I had my images downloaded. 


Images had no timestamp

Images were mixed without a date, so they lost they lost their chronological order. I realized that at that point, I have to contact Apple again.

Another attempt to contact Apple 

This time I couldn't even submit a request:

Final attempt to contact Apple 

The next day, I kept trying to contact support until they managed to call me. This time, finally, I was able to talk to a support technician from Apple. Apple performed their security checks and when they have done that, they have informed me that they will be able to recover them.

Their support was really great. 

Images reappear in Recently Deleted

After the call ended, support was able to restore images to "Recently Deleted" but not to "All Photos".





Support attempts to call me again 

Only to inform me this time that images have been recovered but they are in the "Recently Deleted" folder and I had no move them back to other folders to prevent the permanent deletion of them in 30 days. 



Case Closed

Images have been recovered. I moved on. 

So, what caused this?

It is not really known what caused the images to be removed. But I believe, when I have switched from my old to my new mac, I used Apple's Migrate Assistant, which moved the old Macbook data to the new Macbook. Later on, I activated iCloud Photos. So the contents of the Photos app were synced (Which had few images only).

I think that iCloud Photo Library thought that I have removed the images and thus removed them from iCloud Photo Library and consequently all of my devices.

What is the lesson?

Never trust the cloud and specifically iCloud. Your data isn't safe and might be removed forever. Physical encrypted backups for everything are a must.

Final thoughts

It was important to deal with this situation calmly, I will not stop using iCloud Photo Library even though it fucked up; but I will increase my backups with those photos. I have already downloaded Google Photos and I will be allowing the app to store all of those images. I will be also having physical and encrypted backups of those images.
Share:

Sunday, July 16, 2017

Challenge: No Internet & Cell Phone For 7 days

I've known this blogger since I was very young. Inspired by Leo Babauta's post "A Month With Limited Internet, & Now No Cell Phone", I have decided to go offline for 7 days. It believe it is an important challenge. Similarly to Leo Babauta, I:
  • Make my living on the Internet.
  • Watch movies on the Internet.
  • I receive my mail on the Internet.
  • I manage my academic duties on the Internet.
  • Study on the Internet.
  • Listen to music on the Internet.
  • Practice programming on the Internet. 
  • Socialize on the Internet.
  • I pay my bills on the Internet.
  • I make my purchases on the Internet. 
  • Backup my data on the Internet.
  • And so on...
I don't consider myself as a person struggling with internet addiction, but as a person who spends a lot of time online and sees the Internet as something that has of extreme value and importance in my life.

So, from Monday, 17th July till Sunday, 23rd July, I will not be connected to the Internet and my phone will be turned off. They will be out of reach and if possible out of the house to avoid the temptation. I will be writing down what happens every day, and in addition to not being connected to the internet, the challenge includes:
  • No SMS or chatting of any kind.
  • No movies or series of any kind.
  • No listening to music of any kind.
  • No use of laptop of any kind.
  • No use of cell-phone of any kind.
  • No use of television of any kind.
As mentioned above, the challenge will go for 7 days and in addition to that, it is a "cold turkey" challenge. Cheating is not allowed nor tolerated and would mean the challenge has failed.
Share:

Monday, July 3, 2017

Recovering a hijacked Facebook account

I can without a doubt confirm that the most hijacked and hacked accounts worldwide belong to Facebook. I have been asked myself to recover more than 15 accounts belonging to my friends or mutual friends. I don't succeed most of the time.

For example, my best friend's girlfriend had her account hijacked 1 month ago. The girl noticed the change one month later. I was asked to remedy the situation, I was having trouble even locating her account, but when I did nothing could recover her account back. The hijackers set up trusted friends, new email, new phone, new photos and even a new name.

Recently, my friend's account was hijacked and I was asked to recover it. It was an immensely important account used to conduct business and had chats were supposed confidential, so I wasn't taking it lightly.

The password's been obviously changed and the email address (Hotmail) hijacked and two-step authentication set up (Confirmed from Hotmail's account recovery process). So, recovering the account was pretty much a dead-end confirmed with Facebook's horrid message:


So, I was really stuck. At this point, there is was no direct way to contact Facebook regarding hacked accounts. You can directly contact them for impersonation or copyright issues but not for hacked accounts. 

Then, after that, I have asked the victim to find any web browser where he's logged in on Facebook in the past (with the old password), screenshot he's sent:


After he has pressed on "click here", he has indicated that the Facebook account has been compromised, next photo:


After the victim clicked on "Secure My Account", he was taken to this page, the victim's Hotmail account was compromised so he clicked on "No longer have access to these?":



And surprisingly, and taken to this annoying and useless page, the victim has clicked on "I cannot access my email account":


Then, Facebook asked for a new email address:


At this stage, an email address that I operate was provided, this page below was shown; however, this page is not accessible for everyone. The URL for this page is the following https://www.facebook.com/help/contact/278918555806469/ but apparently will not be enabled for anyone unless they went through the recovery process (from a browser that they have logged in on in the past):


After the ID has been provided, Facebook Support directly sent me an email since the victim set up an email of mine as the contact email for the resolution of the issue:


Since the victim has uploaded his ID, I have briefly described the issue to Facebook:


One day later, the account was recoverable. Win:


But we were not done yet, I've had to reverse the damage. First, I've had to invalidate the old email and add another email for the victim. At this point, I've set up an email for him from my domain name and added it to his Facebook. The email had two-step authentication configured on it as well as a complex password, and no matter what I can recover it:



The email was confirmed:


Then, the account was logged out of all the devices: 
Added phone numbers, emails and apps were all removed:


Recent activity was checked as well for malicious posts added:


That's it, the account was recovered and two-step authentication was activated now; a step the victim didn't know existed in the first place. 
Share:

Friday, June 30, 2017

How to get the url of the currently playing video of a playlist in JWPlayer 7?

In case you are a JWPlayer fan (like me), you will most probably reach a point where you'd have to use their API. I am talking mostly about the "JW Player JavaScript API Reference".

I have recently been trying to get all of the sources (.mp4 files of the same video, each with different quality) of the currently playing video item from a playlist with multiple videos (2 or more video items). I have searched a lot online no how to do that but no real help was provided as you see in the link below:

How do I get the filename of the currently playing item from a playlist containing more than one?

But nothing was helpful, so I had to dig through JWPlayer's API and find out myself how to do it in the Playlist section here. It is definitely very easy and the trick is to simply under their API and use it properly. The code uses JQuery so make sure you import it.

Here is the full code (playlistVideoLinks.js):


Here is the minified code (playlistVideoLinks-min.js):



Share:

Thursday, June 29, 2017

Can you really hack a Chromebook and get 100K from Google?

It has been almost a year since the search and artificial intelligence giant just announced on its Blogger blog that it is are willing to pay USD100,000 to whoever can hack its Chromebook. In a blog post called, Get Rich or Hack Tryin', Google said:
Increasing our top reward from $50,000 to $100,000. Last year we introduced a $50,000 reward for the persistent compromise of a Chromebook in guest mode. Since we introduced the $50,000 reward, we haven’t had a successful submission. That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool.


In other technical words, 100,000USD is to be given to whoever can hack its operating system Chromium OS that is updated almost daily from the finest and most talented software engineers.

Sounds like a good deal, yeah? Actually, not.  It is worth noting that Google set extremely hard rules and the chance of winning the amount is close to 0. Yes, it is possible to hack a Chromebook but your chances are close to 0. Here is more information about the reward:
We have a standing $100,000 reward for participants that can compromise a Chromebook or Chromebox with device persistence in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page).

What does it mean?
  • You need to find a bug in Chromium OS's sandboxing secure mechanism that has been evolving for four years. Sandboxing ensures that each Chrome Extension (they call them apps) is run in a restricted environment and is sandboxed (quarantined, imprisoned). In other words, you need to create a Google Extension and from that extension, you need to locate a bug in Chromium OS, if it does exist I assume.
  • Once you find this invisible bug, you create an extension that would take advantage of the bug so that it would escalade access and escape the sandbox. All that, you need to in Guest mode.
  • Once you escape the sandbox, you need to find a second bug that would allow you to tamper with the system and corrupt its files. That is, first, you need to find a third bug that would allow you to access the developer's mode from the guest mode.
  • One you gain access to the developer's mode from the guest mode, you need a way to break the administrator account inside of the "Linux-based" operating system from a non-privileged account.
  • Hold on, we're not done yet. It needs to be persistent. That means, once you edit the operating system files, you need to tamper secure boot scripts as well, which double checks the operating system files on boot to see if they were tampered with.
The hack, if found, is probably worth more than USD10,000,000 in the black market, the odds of getting a Chromebook hacked from the "guest" mode is about the same odds of winning the lottery. If you're looking for some quick cash, you might as well go buy a lottery ticket rather than go get a Chromebook and attempt the hacking.

The USD100,000 is just a tiny small amount from Google's pocket, but most importantly, it is a guarantee from Google that their Chromebook is safe, as long as no one wins the bounty, Google would smile and double the amount whenever they want.
Share:

Wednesday, June 28, 2017

A Hacker's Manifesto [Full Essay]

In few months, A Hacker's Manifesto will turn 31 years old. In honor of this essay, I will repost it on my blog. The Hacker's Manifesto is known as The Conscience of a Hacker. Date released is in January 8, 1986 and the author is The Mentor.

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me...

Or feels threatened by me...

Or thinks I'm a smart ass...

Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found.

"This is it... this is where I belong..."

I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.
Share:

Tuesday, June 27, 2017

Serving one billion monthly requests online

Today, I will blog about serving one monthly billion requests from a huge website of mine. I will speak about the architecture and network used to it. As it was recently reported on Cloudflare:



That makes around 37 million total requests per 24 hours and around 428 requests per second.


Half of the requests are cached through CloudFlare and the rest are served from Highwinds CDN. CloudFlare CDN directly is configured on top of Highwinds CDN. While this may sound vague, this means all of the website requests are passed through CloudFlare's CDN. CloudFlare's system is able to filter requests and they deliver .js and .css files from their network; the rest of the files (.jpg, .mp4 and .webm) are served from Highwinds. Reports from their Highwind's phenomenal interface SiteTracker 3.0: 


Highwinds is configured on top of Leaseweb's dedicated servers. Leaseweb is my favorite server provider. They are extremely reliable and operate their own solid network which is configured on top of Highwinds server. Traffic from one main server: 
Load on the server is tolerable (Around 800GB of bandwidth daily) due to Highwind's efficient caching. A quota of 34TB is served on that server (whether they are being used or not). They are never fully being consumed so I always pay for the reserved bandwidth that is never used.  I am bit stingy so I don't want anyone sharing the bandwidth, I don't want any competition.

I also occasionally use Google Cloud Console to deliver .json files

What is remarkable and common about Highwinds, Cloudflare and Leaseweb is that all they all operate their own networks.

Cloudflare owns 115 datacenters worldwide, and the number changes every one or two weeks whereas Leaseweb has a 5.5 Tbps bandwidth capacity and Highwinds operates multiple 10GigE backbones with stable PoP houses solid state drives (SSDs).

So, if I have to sum up the architecture used, it would look like this:


Share: