Hack It!

Moving to wordpress

2009-12-07T23:27:00.000-08:00

I have moved my blog to wordpress. Please update your bookmarks to arunsag.wordpress.com . Thanks :-)

Micro blogging with emacs addons

2009-10-31T23:03:00.000-07:00

Emacs has become my favourite application these days, Its now part of my digital life. I always wondered why i have missed such an nice app before.

For those who are n00bs and non-geeks goto http://www.gnu.org/software/emacs/tour/

Emacs-color-theme:
Makes life colourful :D. It hasn't made into Fedora repository yet, But package review is on at https://bugzilla.redhat.com/show_bug.cgi?id=501101

Add the following to your ~/.emacs file to get it working

(require 'color-theme)
(color-theme-initialize)
(color-theme-robin-hood

Emacs-jabber:
I used it to connect Gtalk from emacs, FYI gtalk uses a open protocol named XMPP (jabber).It is a great app. Find the package review request at https://bugzilla.redhat.com/show_bug.cgi?id=508316

Add the following to your ~/.emacs file to get it working

(setq jabber-account-list
'(("email@gmail.com"
(:network-server . "talk.google.com")
(:connection-type . ssl))))

Back to Micro blogging:

Identi.ca is a free software microblogging service, similar to Twitter, based on the Laconi.ca code base. It has a Twitter bridge, which means you can associate your twitter account to identi.ca , so that the notices you post to identi.ca will be posted to your twitter account too;

It has a XMPP bridge, which means you can post notices to identi.ca from gtalk (gtalk uses XMPP). To post notices to identi.ca using gtalk add update@identi.ca bot to your gtalk contacts list and activate the bridge in identi.ca .

Facebook has a identi.ca app http://apps.facebook.com/identica/, which fetches notices from your identi.ca account and posts updates in facebook;

So the tree goes like,
XMPP (gtalk)-> Identi.ca ->{Twitter,facebook}

Now, the heck it relates to emacs? yes, use emacs-jabber and msg update@identi.ca to post notices;

BitlBee:

Alternatively, you can use BitlBee; BitlBee brings IM (instant messaging) to IRC clients. It's a great solution for people who have an IRC client running all the time and don't want to run an additional MSN/AIM/whatever client.

Bitlbee and erc can be combined to get a good experience;

Configuring bitlbee:

cat /etc/bitlbee/bitlbee.conf |grep -v "#"
[settings]

RunMode = inetd
User = bitlbee
DaemonInterface = 127.0.0.1
DaemonPort = 6667
ClientInterface = 0.0.0.0
AuthMode = Open
ConfigDir = /var/lib/bitlbee/
PingInterval = 0

[defaults]

We use xinetd to run bitlbee:

bash-4.0$ cat /etc/xinetd.d/bitlbee
# default: off
# description: bitlbee is an IRC gateway to other IM networks.
service ircd
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = bitlbee
bind = 127.0.0.1
server = /usr/sbin/bitlbee
type = UNLISTED
port = 6667
log_on_failure += USERID
}

Start xinetd,

service xinetd start
chkconfig xinetd on

Now in emacs,

M-x erc
IRC Server: 127.0.0.1
IRC Port:6667
Nick:zer0c00l
Password:

Above erc commands should get you inside bitlbee's local irc server;

Register your nickname:

You should register your nick with local bitlbee irc server using,

register 'password'

(Don't forget to auto identify =P )

Add your IM account(s):

account add jabber email@gmail.com 'password'

Activate your IM account(s):

account on 0

Now it should automatically connect you to gtalk; Bitlbee supports Various IM networks including yahoo;

Identica Mode for Emacs:

If you don't want wasting your time with bitlbee, emacs-jabber and XMPP bridge; Then emacs-identica-mode is the one for you;Its under review at https://bugzilla.redhat.com/show_bug.cgi?id=532241

Identica mode for emacs HOWTO: http://blog.nethazard.net/identica-mode-for-emacs/

Setting up a Network installation Server

2009-08-20T02:51:00.002-07:00

Couple of days back , i have installed nearly 100 machines of my alma mater's lab with Fedora 11. I used PXE based network installation instead of using DVD's on each machine.I tried to document it here, as it might help someone who tries to do the same in future.

To install Fedora , we need the iso image (DVD) inside the hard disk. If you have a DVD but not the iso file its easy to create the iso file from DVD, just insert the DVD inside the machine and issue the following command,

dd if=/dev/sr0 of=/media/disk-1/fedora11.iso

Install following packages in your existing Fedora installation by using,

yum install httpd syslinux tftp-server dhcp system-config-kickstart

Configure TFTP server:

The TFTP Server configuration file is stored in /etc/xinetd.d/tftp

Example configuration file,

service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot/
per_source = 11
cps = 100 2
flags = IPv4
}

Note the server_args variable , it refers to the TFTP root.

start the TFTP server using,

/etc/init.d/xinetd start

Configuring DHCP:

The DHCP configuration file is stored in /etc/dhcpd.conf
Sample configuration file:

allow booting;
allow bootp;
ddns-update-style interim;
ignore client-updates;
authoritative;
subnet 172.16.16.0 netmask 255.255.240.0 {
option subnet-mask 255.255.240.0;
option broadcast-address 172.16.31.255;
range dynamic-bootp 172.16.28.2 172.16.28.240;
next-server 172.16.24.199 ;
filename "pxelinux.0";
}

Note 1:
In above sample configuration file, next-server is the IP address of your TFTP server.
The IP addresses in above configuration file should be adjusted according to your network.

Note 2:
If DHCP fails to start, check /var/log/messages for error messages.

Start the DHCP server using,

/etc/init.d/dhcpd start

Using Kickstart:

Kick start file is used to automate the installation process,

Open kickstart file creator by issuing following command,

system-config-kickstart

When configuring kickstart using GUI, it should be noted that, the "Installation Method" should be "HTTP" , "HTTP server" field should be the IP address of machine which is having Fedora DVD dump. The "HTTP Directory" should be the directory in which you dumped (mounted) the iso file (here it is 'fedora11').

The packages to be installed can be preselected from the GUI tool.

After selecting various options from the kickstart GUI tool, save the file as ks.cfg.

Setting up Apache Webserver:

I have assumed my machines IP address is 172.16.24.199

Create a folder named fedora11 in /var/www/html/ (need to be root)

Mount the Fedora's ISO image (needs to be root) inside /var/www/html/fedora11/ using,

mount -o loop /media/disk-1/fedora11.iso /var/www/html/fedora11/

Copy the ks.cfg (kickstart file) inside /var/www/html/

Start Apache webserver using,

service httpd start

Copying files to TFTP root:

Create a directory named /tftproot

Copy the kernel (vmlinuz) and ramdisk (initrd.img ) from the DVD and paste it in /tftproot/ directory. (you can find kernel and ramdisk in images/pxeboot/ directory of the installation media or the ISO file.)

Copy the /usr/share/syslinux/pxelinux.0 inside /tftpboot/ directory.

Create a directory named /tftpboot/pxelinux.cfg

Create a file named 'default' and place it inside /tftpboot/pxelinux.cfg/ directory,

The content of the 'default' file should be,

DEFAULT pxeboot
TIMEOUT 10
LABEL pxeboot
KERNEL vmlinuz
APPEND initrd=initrd.img ksdevice=eth0 ks=http://172.16.24.199/ks.cfg lang=en_US keymap=us
ONERROR LOCALBOOT 0

Booting clients:

Switch on the machine in which you wish to install Fedora, enter into Bios setup and Enable PXE booting with LAN. Set the first boot device to network interface card (if required) and start booting from the network. Thats it!

Further Reading:
Cobbler - Installation server https://fedorahosted.org/cobbler/
ks.cfg - Sample kickstart file http://sagarun.fedorapeople.org/misc/ks.cfg

What i am up to these days

2009-08-02T00:17:00.000-07:00

Whenever some one ping's me in gtalk the first question he/she asks is "What doin?" "vetti?" ( 'vetti' means scratching the chair/bench without doing/having any job to do :P)

I am really tired of answering those people, how many times i can sing the same song to each and everyone? so i decided to write what really i am up to these days.

I am happy to announce that, i finished my dgplug summer training task, which is "Kannel SMS setup on fedora" check it out http://wiki.dgplug.org/index.php/SummerTraining09:Projects/Kannel_SMS_setup_on_fedora

Then i joined Indradg's intern ship, and did following tasks

Configured squid http://www.burntomlette.in/index.php?title=Squid

Configured OpenLDAP and made squid to authenticate it users with OpenLDAP http://www.burntomlette.in/index.php?title=Squid_authentication_with_LDAP

Indradg wanted me to use Fedora-DS instead of OpenLDAP , so i did the same.
http://www.burntomlette.in/index.php?title=Squid_authentication_with_FedoraDS

Currently i am working on a piece of php code which i wrote for a website and trying to port it under codeigniter framework.

In the mean time i am keeping an eye on spechards MediaSpy project ;) and Qt software.

Finally, Yesterday my Head Of the Department has asked me to have a look inside my alma mater's IBM blade server and configure mail, so have to work on it :) !

My response to subverted national draft policy on open standards

2009-07-07T04:55:00.000-07:00

Pro-Microsoft entities like NASSCOM,MAIT are trying to subvert the Draft policy on open standards crafted by GOI by changing it in last minute.
Download the subverted draft from here.Everything seems ok, except the section 6.

In response to the subverted draft, i have sent an email to those who are relevant as urged by this post.

===
Dear Sir,

I am an engineering graduate from TamilNadu. I happened to read the updated (subverted) National draft policy on open standards from http://fosscomm.in/OpenStandards?action=AttachFile&do=get&target=Policy_On_Open_Standards_V2.pdf .

I strongly disagree with section 6,which has been introduced to favour proprietary software companies like Microsoft.Why there should be mandatory characteristics in section 5 , as they can be overlooked as specified in section 6.

More than one standard will create lot of confusion.There is no use in this Policy if you go ahead with section 6.

I came to know that section 6 was introduced by NASSCOM and MAIT who always favour the people who they do business with (Microsoft)(no ethics only profit?).

I would like to give you some pointers regarding the reactions in electronic media about the policy change:

1. http://lists.fosscom.in/pipermail/network-fosscom.in/2009-July/000346.html
2. http://osindia.blogspot.com/2009/07/last-minute-dramas-around-around-open.html

Thanks and Regards
Arun SAG

--
A computer is like air conditioning: it becomes useless when you open windows.
<-Fighting 4 Freedom->

===

Similarly kapil has sent an explanatory reply on the subverted draft, you can find the copy of his response here.

Getting started with Git and Gitorious

2009-07-04T05:32:00.000-07:00

This is my small 'how to' regarding Git and Gitorious.Its targeted towards the beginners.

For Git mbuf has created a nice presentation named "di-git-ally-managing-love-letters" :),i suggest beginners to read and understand it first.

Link to the presentation:
http://shakthimaan.com/downloads/glv/presentations/di-git-ally-managing-love-letters.pdf

He explained the slides in an IRC classroom session, the logs of that class is available in dgplug's wiki

Link to the his session logs:
http://www.dgplug.org/irclogs/2009/2009-06-30_mbuf_git.log

The above two materials can be used as an excellent how-to for Git beginners.

Gitorious:

Gitorious is a website that provides you with infrastructure to manage your project.It uses Git as a Version Control System.

Using Gitorious:

1.You need to create an account in Gitorious.Its fairly simple and straight forward.

2.You need the public key to be uploaded (copied and pasted) in Gitorious.

Creating a public key:

Install openssh:

sudo yum install openssh

Run ssh-keygen:

bash-3.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/zer0c00l/.ssh/id_rsa):/home/zer0c00l/.ssh/id_rsa_test
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_test.
Your public key has been saved in /home/zer0c00l/.ssh/id_rsa_test.pub.
The key fingerprint is:
fb:db:03:4d:43:ca:37:02:0f:b6:90:22:ca:71:60:15 zer0c00l@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| ooE. . |
|..... o + . |
|..o. . o * o |
|.. . = = |
| S = o |
| .. . |
| . . |
| . .. |
| o... |
+-----------------+
bash-3.2$

Note: The password need not be your root or current user accounts password.

The public key will be stored in: /home/(yourusername)/.ssh/id_rsa.pub

bash-3.2$ cat /home/zer0c00l/.ssh/id_rsa_test.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0nQ56VUU7nHjBWZPUja1nsCofdYfJhAu9XZtcixKBTZp6lKgQxnOwXYszhk6W9eV/GRcht3DL7L6i1pnyc8vic1xpC9/tkMcwEkglLhWfN3SNR6MmNPTb4mM1DeLCdyd5f7Ff6kYgy2s8RmYBf2YopfbMUlyXIlKec1AHIsqvG+YixCMTOpl5io0619ac1R0xaP6E7h8hepvUEGcKmBnuxg8UhEifj+m3NG3XJvWWUx1zTvB1CXyFNx3qiFj+UxkdrmeDO/PdEPd9HcaN1jX3e1Y+jqUD8QdlEVAC9tkGIN6mG3BpVgWdsRlMtEFUPsHPFGC6tmjzuJAVOT1Hk5ROQ== zer0c00l@localhost
bash-3.2$

So copy it and paste the public key in Gitorious.

Note: Don't copy my key :P, you don't know the password.

3.Create a project

http://gitorious.org/new

4.Add repositories

5.Push the code from your local Git repository to remote Gitorious repository.

Gitorious provides users with possible workflow commands relevant to each operation.(see screen shot for more details )

Edit: If you want to start and don't know where to begin, start cloning my code ;)

git clone git://gitorious.org/kalaisurabi_php_code/mainline.git

My Summer Training Task:Kannel SMS setup on fedora

2009-07-01T00:42:00.000-07:00

I came to know about dgplug's summer training when kushal announced it in ilugc,i didn't know mbuf will be there to guide us [:)] ,my task in summer training is to setup a SMS gateway on fedora with kannel, test it and document it.

With the help of kannel you can send/receive sms from your GNU/Linux box.(Don't just think of some third party text message sending sites [:P], its more than that )

Here are the use case scenarios i am trying to address:

* User sends us a text message.

* We might send them a reply after processing it (web application is used to process the text message).

* We might also periodically able to send the user text messages.

I successfully completed testing the last use case and in the process of documenting it.

I always wanted to create a desktop app for GNU/Linux with GTK+ ,i am thinking of picking up another project after finishing this task [;)].

Apart from summer training i am now teaching php in a private training centre for free,you know what teaching is the best way for doing some GNU/Linux advocacy [:D].

btw: Switch to firefox 3.5 ;)

Nerd or Geek?

2009-05-13T03:06:00.000-07:00

I had an interesting conversation with my school and college mate , whether we both are nerds or geeks...

Conversation with mafriend@gmail.com/gmail.26A0C263

Conversation with mafriend@gmail.com on Wed 13 May 2009 03:21:44 PM IST:
(03:21:44 PM) mafriend@gmail.com: just looked at ur fotoz awsome dude
(03:22:08 PM) SAGA: yaaa
(03:22:09 PM) SAGA: :D
(03:22:13 PM) SAGA: thnx da
(03:22:20 PM) SAGA: thats uvari
(03:22:21 PM) SAGA: :D
(03:22:27 PM) mafriend@gmail.com: gracylyne is rit (gracelyne started it all, she commented on my photo , and called me NERD)
(03:22:32 PM) mafriend@gmail.com: u r nerdy guy
(03:22:32 PM) SAGA: hehehe
(03:22:33 PM) SAGA: :D
(03:22:36 PM) SAGA: illaaa
(03:22:38 PM) SAGA: geek
(03:22:41 PM) SAGA: :D
(03:22:42 PM) SAGA: hehehe
(03:23:11 PM) SAGA: did u saw that thing on back of ma tshirt? (there was a nice sentence abt linux in my t-shirt, which i uploaded in a social n/wking website)
(03:23:36 PM) mafriend@gmail.com: u r a GEEK i agree
(03:23:44 PM) mafriend@gmail.com: s that was awesome
(03:23:49 PM) SAGA: yaa
(03:23:57 PM) SAGA: nerds are bookish ppl
(03:24:13 PM) SAGA: there is lot of difference b/w geeks and nerds
(03:24:23 PM) mafriend@gmail.com: ok :-)
(03:26:26 PM) mafriend@gmail.com: nerds are not bookish
(03:26:46 PM) mafriend@gmail.com: they are the people with above average IQ
(03:26:57 PM) mafriend@gmail.com: geeks are imaginative
(03:27:04 PM) SAGA: yaaa
(03:27:42 PM) SAGA: http://www.wikihow.com/Tell-the-Difference-Between-Nerds-and-Geeks

(03:29:32 PM) mafriend@gmail.com: "geek" is someone who is a nerd without "skillz."
(03:29:38 PM) mafriend@gmail.com: this is perfect
(03:29:44 PM) SAGA: :D
(03:29:48 PM) SAGA: yaaa
(03:30:11 PM) SAGA: i never had probs with socializing with ppl as nerds

(03:31:14 PM) mafriend@gmail.com: Hobbies involving Calculus, Quantum Physics, and other theoretical sciences are good indications of a nerd, while an obsession with Japanese Manga or some form of technology puts them in line with a geek.
(03:31:25 PM) mafriend@gmail.com: this is another perfect short
(03:31:52 PM) SAGA: yaaa
(03:32:01 PM) SAGA: so your are a nerd
(03:32:07 PM) SAGA: and SAG is a geek
(03:32:09 PM) SAGA: right?
(03:32:41 PM) mafriend@gmail.com: i dont agree
(03:32:45 PM) SAGA: yy?
(03:32:49 PM) mafriend@gmail.com: im a lame man still
(03:32:55 PM) mafriend@gmail.com: nerds may speak in layman's terms for your benefit because you may not understand the basic concepts of their area interest. Geeks may speak in detail about their own interests, unconcerned with whether or not you truly comprehend it.
(03:33:13 PM) mafriend@gmail.com: this point is little obstarcle 2 me 2 be called as nerd
(03:33:21 PM) SAGA: hahahaha
(03:33:22 PM) SAGA: :D
(03:33:25 PM) SAGA: whatever
(03:33:36 PM) SAGA: but nerd and geeks are complicated terms
(03:33:38 PM) SAGA: :)
(03:33:58 PM) mafriend@gmail.com: ill say the most complicated
(03:34:03 PM) SAGA: yaaa
(03:34:04 PM) SAGA: :D
(03:34:07 PM) SAGA: correct
(03:34:08 PM) mafriend@gmail.com: im 80% nerd and 20% geek
(03:34:19 PM) SAGA: i am the opposite
(03:34:20 PM) SAGA: :P
(03:34:27 PM) mafriend@gmail.com: s :-)
(03:34:41 PM) mafriend@gmail.com: all coz of daniel thomaz (daniel thomaz is ma school )
(03:34:49 PM) mafriend@gmail.com: theve made people like that
(03:34:55 PM) SAGA: hey , i saw pearl 2 days back (pearl is a girl, and my school mate)
(03:34:55 PM) mafriend@gmail.com: blame them
(03:35:01 PM) mafriend@gmail.com: Ho!
(03:35:03 PM) mafriend@gmail.com: gr8
(03:35:04 PM) SAGA: but didnt have chance to speak wit her
(03:35:15 PM) SAGA: she looks same
(03:35:20 PM) mafriend@gmail.com: she became lean and black
(03:35:21 PM) mafriend@gmail.com: ma mom said
(03:35:23 PM) SAGA: yaaa
(03:35:29 PM) SAGA: she became lean
(03:35:31 PM) mafriend@gmail.com: she saw her a year back
(03:35:35 PM) SAGA: oh
(03:35:39 PM) SAGA: i saw her in a marriage
(03:35:42 PM) SAGA: tvl
(03:35:47 PM) mafriend@gmail.com: Oh!
(03:35:51 PM) mafriend@gmail.com: whos marriage
(03:35:52 PM) SAGA: she stared at me from a long distance
(03:35:53 PM) SAGA: lol
(03:36:02 PM) mafriend@gmail.com: did she know u
(03:36:07 PM) SAGA: ADJ family marriage function
(03:36:10 PM) SAGA: i guess so
(03:36:15 PM) mafriend@gmail.com: Oh!
(03:36:25 PM) SAGA: i look the same right?
(03:36:45 PM) SAGA: u have her email id or something?
(03:36:50 PM) SAGA: she never uses computers?
(03:37:10 PM) mafriend@gmail.com: no
(03:37:19 PM) mafriend@gmail.com: i dont have any of her contacts
(03:37:21 PM) mafriend@gmail.com: Nerds may not feel the need to defend attacks against their areas of interest, since their fields are far too advanced to be toppled by simple arguments. However, geeks may find the need to defend their interests when attacked. The interests of geeks are often ridiculed or put-down by those who do not fully appreciate them. For nerds, they know that their interests are beyond normal peoples' understanding, so they just accept that as a natural phenomenon.
(03:37:40 PM) mafriend@gmail.com: this is little interesting abt NERDY behaviour
(03:37:52 PM) SAGA: yaaa
(03:37:55 PM) SAGA: Nerds dont care
(03:37:56 PM) SAGA: :D
(03:37:57 PM) SAGA: yaaa
(03:38:11 PM) SAGA: but i care if my opinion is harmed
(03:38:13 PM) SAGA: :D
(03:38:16 PM) SAGA: i am no nerd
(03:38:17 PM) SAGA: :D
(03:38:37 PM) mafriend@gmail.com: i wont care
(03:38:45 PM) SAGA: :)
(03:38:47 PM) SAGA: :D
(03:39:19 PM) SAGA: mafriend its an interesting conversation
(03:39:23 PM) SAGA: i am gonna save it
(03:39:24 PM) SAGA: :D

So All guyz and gals Dont call me Nerd call me Geek ! I am not a Nerd, I am the Geek :D

How GNU/Linux helps those poor and helpless windoze users

2009-04-23T09:13:00.000-07:00

I used to be the Windows virus killer in my hostel, when ever some one's system gets infected or he gets annoyed by those windows virus they call me.LOL even they call me as a doctor :P .I don't use that windoze sh1t these days.

But you cannot say those poor folks that, i can't remove that autorun.inf and KHATARA.exe (some virus that targets ms outlook), its all about helping your neighbours right?

May be my tips will help those other doctors (aka windoze virus killer ;) )

I usually plug that infected usb drive inside my GNU/Linux box and use the below command:

find . -name "*.exe" -exec rm -i {} +;

What it does is that, it recursively searches from the current directory for files with EXE extension, when it finds a file with EXE extension it passes it as an argument to interactive rm command , which deletes that EXE file if you press 'y' .HeHe i won't press that 'y' ,the usb drive owner usually does that :P (some viruses usually replicate themselves , you could see some 100 virus files inside an usb drive :O, so the owner will press 'y' 100 times :P).

some windoze apologist may say, "who cares about your linux, i will format my usb drive", What if your usb drive contains some usefull data that you really care about?, please don't say "I WILL USE THAT FREE ANTIVIRUS PROGRAM WHICH IS JUST 10 MB" , most antivirus programs don't give a sh1t about those new viruses these days.

Some people ask about the operating system i am using, i usually explain about it,impressed folks usually ask me to install GNU/Linux for them:),so far i did some 20 GNU/Linux installs in the hostel alone.

It's really sad that i am going to leave the hostel soon (course completed ), i am going to really miss this virus doctor job ;)

Happy hacking ;)

Super ubuntu for linux noobs

2009-04-22T08:48:00.000-07:00

Some one from http://hacktolive.org/ has created/remastered the ubuntu 8.10 with additional features ;), he calls it as super ubuntu. It has all type of media playback by default and has most of the apps.

Here is the list of features:

* System and application updates: all updates released for Ubuntu, GIMP 2.6.3, OpenOffice.org 3, Firefox 3.0.4
* Better Multimedia Support: MPlayer and VLC, DVD-playback, MP3 support and other multimedia codecs
* Better Internet experience: aMSN, aMule, Adobe Flash player and Opera
* Support for portable applications/other installation methods: Autopackage, SFS Technology, Smart Package Manager, Wine and Zero Install
* Support for more technologies: Java RE, Microsoft Office 2007 file formats, others...
* Graphical interfaces/managers: compizconfig-settings-manager (Compiz), Gufw (Uncomplicated firewall), ndisgtk (NDISwrapper) and padevchooser (PulseAudio)
* Utilities: Adobe Reader, EnvyNG, Furius ISO Mount, GParted, NDISwrapper, Ubuntu Tweak and StartUp-Manager
* Extra repositories

Download Super ubuntu:

http://hacktolive.org/wiki/Super_Ubuntu (http)

http://www.mininova.org/tor/2101216 (torrent)

This version of ubuntu has been created with reconstructor (http://reconstructor.aperantis.com/)

PS:I intentionally omitted GNU as this version ubuntu doesn't confirm to GNU's philosophy .

Download All media player plugins of ubuntu 8.10 offline

2009-04-22T08:10:00.000-07:00

Ubuntu 9.04 is going to be out soon (just 1 day i guess),This is post is for 8.10 users, If you install ubuntu 8.10 in your machine, you will have download each and every media plugins from the internet.

I found an offline installer for ubuntu 8.10 that could install you with all necessary plugins to enable multimedia playback.

Here is the link:
http://www.zshare.net/download/58154243c664b105/ (http)
http://www.mininova.org/tor/2450336 (torrent)

Read more about ubuntu offline installer here: http://hacktolive.org/wiki/Ubuntu-restricted-extras_offline_installer

Ok you have a good internet connection, you don't want this offline installer or it doesn't work ,you could still install all these plugins using a single command.

sudo apt-get install ubuntu-restricted-extras

Enable all software sources in software sources list before using above command (see below picture)

Download VLC media player offline: http://hacktolive.org/wiki/VLC_offline_installer_(Ubuntu)

WARNING:The above said steps will install proprietary blobs inside your computer, if you really care about the free software philosophy and freedom, refrain from using them.

Microsoft thinks their users are fools.

2009-04-22T07:37:00.000-07:00

I came to know that windows 7(aka: vista 7) will only allow users to run three applications at a time.This is real shame.

"This edition is intended for poor and developing nations" (omg)

Here is the press release:

We know emerging markets have unique needs and we will offer Windows 7 Home Basic, only in emerging markets, for customers looking for an entry-point Windows experience on a full-size value PC.

We’ll also continue to offer Windows Starter edition, which will only be offered pre-installed by an OEM. Windows Starter edition will now be available worldwide. This edition is available only in the OEM channel on new PCs limited to specific types of hardware.

Do yourself a favour: Use free and fully functional operating systems like fedora or ubuntu, don't use this cripple ware please.

References:
http://tech.slashdot.org/article.pl?sid=09/04/21/1356245&from=rss

My maiden Drupal webportal

2009-04-03T21:33:00.001-07:00

I have been asked to develop a web portal for my departments upcoming international conference, iconct09.

First i showed them drupal.They were using old and outdated proprietary server side scripting language ASP.

I took care of drupal modules,juniors took care of the themes, i would like to mention some of the modules i used.

Conference ->Awesome module by zyxware technologies, i personally thank Mr.Santhosh raju who now maintains the module for zyxware,When ever i say there is an issue with the module, he helped me by fixing the code immediately, i sometimes wondered is this an example for cathedral and Bazaar, yes it is, the developer directly gets feedback from the end user and changes things.

Email registration -> allows user to login using email id

Feedback -> Cool floating feedback bar

CCK ->content construction kit (needed by Conference module)

Auto assign Role ->Assigns default role to newly registered users

SMTP authentication support -> allows you to use another smtp server (local windoze smtp server or gmail smtp server)

Admin menu and Admin menu drop down -> Cool drop down menu for admins

Jquery Menu -> To enable cool expandable jquery menus.

Backup and Migrate -> To backup mysql database

Theme -> Acquia Marina

Have a look at the web portal and feel free to give a feedback ;) http://www.mepcoeng.ac.in:81/iconct09

Issues:

For some people their organization may be blocking port 81, so use a web proxy like https://ctunnel.com/ ;)

This month Fedora classrooms

2009-04-03T10:41:00.000-07:00

This month fedora classroom classes are going to happen on april 4 and 5.

Topics Finalized are ,

April 4:

1.Setting up a Virtual Routing Environment using Fedora and User Mode Linux -- Balaji Gurudass
2.Introduction to Netlink Sockets - What are they -- Balaji Gurudass

April 5:

1.Introduction to busybox and qemu on fedora -- Balaji Gurudass
2.Fedora Networking Basics -- Kevin Fenzi

Classes will start at 10.15 UTC ('date -u' will give you the time in UTC ;) )

Meet you all there in irc.freenode.net #fedora-classroom

More Details @ https://fedoraproject.org/wiki/Classroom

Flirting with ettercap #1

2009-04-02T23:05:00.000-07:00

Playing in schools network is kind of fun ;-).You might have heard about cain , it for windoze to play around in network.

Gnu/Linux got a more cool tool called ettercap (i have been using it for years) get it from ettercap.sourceforge.net.

Fedora Guys could install it with "yum install ettercap"

Getting Started with Ettercap:

i mostly work in runlevel 3, if not open up terminal (or ctrl+alt+f1 ;)) Switch to root user, because normal users cannot open raw sockets i guess. (correct me if i am wrong)

Just type: "ettercap"

It will ask you to select an user interface.

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Please select an User Interface

Here Interface refers to whether you want "Text" interface or "Ncurses" interface or "Gtk" interface.As we are working in terminal we use text interface (I am a command freak )

T <- for Text interface
C <- for Ncurses interface
G <- for GTK interface

we are going to use T. Type:"ettercap -T" in terminal.

You will see contents of packets being printed on your terminal so we started listening to the active interface.Any time press 'q' to quit ettercap its the safest way to quit ettercap (no ctrl+c please, its deprecated )

Now Type: "ettercap -Tq"

What we are doing is, asking ettercap to be quiet, "Hey ettercap don't sh*t on my screen by printing the contents of each packet you capture"

Network Interface Selection:

A computer might have more than one network interfaces like your wired lan, wireles lan,loopback interface and so on.

ettercap can work on any interfaces, all we have to is tell ettercap which network interface to use.

To list the available network interfaces

Type "ettercap -Tq -I"

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

List of available Network Interfaces:

eth0 eth0
lo Local Loopback

so, we have two network interfaces eth0 and lo.

To select the network interface use "ettercap -Tq -i eth0", i have selected my wired lan so that ettercap will listen and sniff packets.

If you are those windoze user, i am sorry you have to deal with odd network interface names.

Man in the niddle attack with ettercap:

Type:"ettercap -Tq -i eth0 -M arp:remote /target-range1/ /target-range2/

The packets between target-range1 and target-range will be hijacked and they will be going through our machine (magic of arp-cache-poisoning)

Example:"ettercap -Tq -i eth0 -M arp:remote /192.168.1.1/ //"

Let 192.168.1.1 is the gateway of our network,then all the packets between the gateway and all the machines in the subnet will be going through our machine (i.e we are the gateway for all the machines :P )

Another Example:"ettercap -Tq -i eth0 -M arp:remote /192.168.1.12-25/ /192.168.1.26-50/

We could specify range of ip address.

Packet Logging:

type:"ettercap -Tq -L dump -i eth0"

Two files will be created dump.eci and dump.ecp these files can be analysed with etterlog ;) .

type:"etterlog dump.eci"

It will display the connection details of dumped packets.

type:"etterlog -p dump.eci"

It will display the passwords captured if any ;)

man etterlog for more details.

Some people might want to view the captured packets in more cool protocol analyser like wireshark, but you cannot open dump.eci and dump.ecp with wireshark.To do so you have to save the packets in pcap (tcpdump) format.

use "ettercap -Tq -w dump -i eth0"

After completing packet capture you could directly open the dump using wireshark.

converting from pcap format to etterlog format:

Type:"ettercap -Tq -L dump -r pcap" where pcap is the packet dump file we just saved in tcpdump format.

Links:

http://openmaniak.com/id/ettercap_arp.php

http://openmaniak.com/ettercap_filter.php

Coming soon: Ettercap plugins :D

Making pidgin work in Mepco

2009-03-31T12:55:00.000-07:00

For those who use Gnu/linux, pidgin (www.pidgin.im ) is the default internet messenger, the default settings in pidgin won't allow you to connect gtalk in mepco.

The reason is ,
chatenabled.google.com and talk.google.com is blocked.

We need some minor tweak to get every thing work click->Accounts->Edit account info

And in advanced tab use the setting as in above picture.

PS:The credits goes to nitin as he was the first to find this hack B-)

The quote i love a lot

2009-03-25T20:45:00.000-07:00

Yesterday i happened to watch pulp fiction, there was a quote by SAMUEL L. JACKSON, I simply loved it here it is,

Jules: You read the Bible?

Ringo: Not regularly.

Jules: There's a passage I got memorized. Ezekiel 25:17. "The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he who, in the name of charity and good will, shepherds the weak through the valley of the darkness. For he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who attempt to poison and destroy my brothers. And you will know I am the Lord when I lay my vengeance upon you." I been sayin' that shit for years. And if you ever heard it, it meant your ass. I never really questioned what it meant. I thought it was just a cold-blooded thing to say to a motherfucker before you popped a cap in his ass. But I saw some shit this mornin' made me think twice. Now I'm thinkin': it could mean you're the evil man. And I'm the righteous man. And Mr. .45 here, he's the shepherd protecting my righteous ass in the valley of darkness. Or it could be you're the righteous man and I'm the shepherd and it's the world that's evil and selfish. I'd like that. But that shit ain't the truth. The truth is you're the weak. And I'm the tyranny of evil men. But I'm tryin, Ringo. I'm tryin' real hard to be the shepherd.

Beware of TOYA boys

2009-03-17T08:57:00.000-07:00

You know whenever people come to my room with some kind of virus problem in their windoze machine, i usually ask them to give a try to Gnu/Linux.

But you know these Toya boys, usually ask those people remove GNU/linux, by telling some FUD's.
They never change for good and dont allow others to change.

I thought initially that its only happening to me, no these TOYA boys are every where...
Take a look at http://linuxlock.blogspot.com/2009/03/toya-boys-fight-linux-flow.html

So what is TOYA? TOYA="Talkin' Out Your A**."

India Moves to Free Software, So Microsoft Fights Back with Gentle Bribes and Partners

2009-03-16T21:05:00.000-07:00

Roy schestowitz of boycottnovell writes on Recent FOSS happening in india, and how microsoft is fighting back with bribes..

Dont forget to read "Microsoft Fights Back with “Addiction” Ware" subpost ;)

Read more at http://boycottnovell.com/2009/03/16/india-moves-to-free-software/

Wanna Learn Gnu/Linux? Fedora Guys will teach you

2009-03-04T17:45:00.000-08:00

The fedora community is going to conduct weekend long list of events for people to get acquainted with fedora and Gnu/Linux.It will be like virtual class room.

All classes will be held in irc @ #fedora-classroom in irc.freenode.net. If you are not familiar with irc, see https://fedoraproject.org/wiki/Communicate/IRCHowTo

Those who frequently ask me about *standard books* to learn Gnu/Linux please make use of this opportunity.

For more information about the classes and time lines please go to https://fedoraproject.org/wiki/Classroom

Badam halwa foss conf 2009

2009-03-02T04:40:00.000-08:00

Thiagarajar College of Engineering, Madurai (TCE), has conducted a 3 day conference on free open source software (www.fossconf.in) with a little help ilugc and nrcfoss.I attended all the three days.

As we registered for a demo stall, for the first two days i was busy explaining about my demo stall.
The demo stall was on "Security power tools in linux".Initially i thought of giving demo on nmap,ettercap and metasploit framework.But removed metasploit framework at the last moment.

Most people came there were familiar with nmap.I explained them about ettercap.How to create hostlist.How to do a MITM with ettercap.How to use various ettercap plugins.I explained about arp cache poisoning.

They provided internet connection (both wireless and wired) and assigned ip in class A.So i took some range to demo ettercap.

I nmaped their proxy server.Intercepted communication between particular range of computers and the proxy server to demo ettercap (well no offence, i havent stored or captured any thing important).

People were amazed to see the TFT screen of my laptop when i started packet visualization (packet visualization just printf's all packets)

One guy from TCE claimed that nmap is a freeware not free software (Oh my holy god), i took pain to show the license information in the man pages of nmap.(/gpl)

Kids of TVS matric higher secondary school,explained about their demo stalls in cute english.I bow Mr.Raman who made a wise choice of giving prizes to encourage the school students.

Today in Tamilnadu foss grows really in schools not in colleges (:() .I know a lot of engineering students who dont know a heck about linux, this is a real shame.

I met people like shakthi kannan (http://www.shakthimaan.com/) .Jaya Engineering college CSE hod, who is the stepping stone for foss in his college (www.jayafossclub.org).I met collabnet people (people who created svn).Ubuntu tamil team.

On the last day, the demo stalls were closed, so attended talks. Morning I attended the first session which was about NRC-FOSS academic initiatives (?).And raised some interesting questions.

Then second session i attended was about "Network tools in linux" by barathi subramaniam.Which was very basic to me.

The third was about Eclipse IDE.

And fourth was a blast, people who created SVN explained us about SVN,GIT and CVS.

See pictures:http://www.shakthimaan.com/Mambo/gallery/album53
more pictures:http://www.flickr.com/photos/35956002@N03/

Long live foss and foss conference.. :-)

Mepco got enlightened

2009-02-22T08:48:00.000-08:00

The Computer Society of India of Mepco Schlenk Engineering College, Sivakasi organized a two-day workshop, "Innovate 09", on Free/Open Source Softwares on February 21 (Saturday) and February 22 (Sunday), 2009 in the college premises. Mr. S.Baskar, CEO of LinuXpert Systems, Chennai and Mr. Ravi Jaya, free-lance trainer conducted this training programme. This event recorded a total of 382 participants comprising of students from various colleges in the vicinity of Mepco schlenk engineering college.

Name of the College Total No. of Participants

1) Mepco Schlenk Engineering College, Sivakasi 168
2) Ayya Nadar Janaki Ammal College, Sivakasi 110
3) Kalasalingam University, Krishnankoil 90
4) Sethu Institute of Technology, Kariapatti 7
5) Karunya University, Coimbatore 3
6) SCAD Engineering College, Tirunelveli 2
7) PSNA Engineering College, Dindigul 1
8) Dr. Sivandhi Adithanar Engineering College, Tiruchendur 1

Total 382 students

Before the commencement of workshop, we had installed Fedora-10 distribution in four labs comprising of nearly 140 machines using
the FOSS-Lab Server provided by LinuXpert Systems.

On day one, around 345 students attended the session which dealt with the introduction and basics to the Linux Operating System like Linux installation, Introduction to FOSS, Basic Linux commands, Introduction to LAMP/MySQL, Web Development with PHP and Apache HTTPD Web Server in Linux.

On day two, around 275 students participated in the session which included Shell Scripting, PERL Programming, Python scripting, Virtualization and MySQL Administration using PHPMyAdmin.

The workshop accomplished the aim of providing a spark of knowledge about FOSS into the minds of the students...

My first talk on Gnu/Linux and free software

2009-02-16T06:43:00.000-08:00

Today,I have conducted a tech talk on Gnu/Linux in my college ..People were very excited about the compiz-fusion effects i shown them..I just covered the very basic things..Even most of them asked questions back..One girl came forward and tried her hands with compiz effects :)

It was really a mixture of fun , free software philosophy and knowledge ...Thanks to club innovative.

Upcoming Foss Events:

State level workshop on Linux -venue:Mepco schlenk Engineering College,sivakasi. date:Feb21,Feb22
(All are invited, for more details please contact jagadish1988[at]gmail[dot][com] )

National level Conference on FOSS: -Venue:TCE, madurai dates:Feb 27, Feb 28 and Mar 1

(For more details goto www.fossconf.in)

well i am not going to conduct those events (just a participant)..They are going to be conducted by professionals

See you all there :)

Those who missed my tech talk please feel free to download the presentation(pdf) (odp) and mail me for any clarifications..

A call to the Gnu/Linux community!

2009-02-14T02:43:00.000-08:00

Credits for the original poster:http://gedece.blogspot.com

There's a game studio made by only two people, that released an excellent game for Windows, called World of Goo. I recently saw that the piracy on this game is over 95%, and it's only a 20 dollars game.

This game is being pirated because it's really good, but with the same mindlessness that they pirate big chain's 40 or 60 dollar games. And that's something that's completely unfair, because this isn't some impersonal game chain, here they are going against a pair of extremely imaginative programmers that released an addictive, intelligent and anything but monotonous game,

The game also features a generous whole chapter demo, so you can't complain that you can't test it before buying it.

Now, the fun begins. Some of you will ask, what does this have to do with Linux anyway? Easy to answer. Lately this programmers are working in a Linux native port, and that gives us an amazing opportunity.

Imagine for a moment what would happen if Linux users bought more original copies than Windows users. I can answer what could happen. Those innovative programmers will make next game for Linux, and not Windows.

Even more, when the Linux version of World of Goo is released and we buy a lot of copies, this will bring a press release of enormous importance "There are more Original copies of a Linux version of a game sold than for Windows". This sends three important messages: There are games for Linux, there's money to be made programming for Linux and, more important of all, there's no need for anticopy systems under Linux to make people buy the games.

This is why I make this political declaration: I'm now saving the 20 dollars to buy the game once it's released for Linux. I strongly suggest you all do the same.

This article can be copied in other sites, as long as Demasiado Personal http://gedece.blogspot.com is given credit as the first site where this appeared.

How your piracy helps Microsoft?

2009-02-10T09:07:00.000-08:00

I hate the word "piracy" people from M$ uses it often..

Richard stallman says "pirates are people attacking ships; they have nothing to do with software "

Well i found something on IT wire.com on how microsoft feels about piracy!

Snippets from ITwire article:

"Gates has also, in the past, confirmed how important piracy is to Microsoft: "Although about 3 million computers get sold every year in China, but people don't pay for the software... Someday they will, though. As long as they are going to steal it, we want them to steal ours. They'll get sort of addicted, and then we'll somehow figure out how to collect sometime in the next decade.""

Read more

Why i use GNU/Linux and Free software?

2009-02-03T03:51:00.000-08:00

I thought it will be nice to list the reasons for me to use GNU/linux and Free software!

1. First It works!

2. I don't have money to buy software [:P] (well free software doesn't need to be free of cost but most of them do)

3. I love the ethics and philosophy involved in free software.

4. I don't like cracking software.

5. I hate searching for cracks and keygens on that nasty website

6. I don't want to be called as a pirate by morons

7. I don't like installing antivirus (It doesn't mean that GNU/linux dont have viruses)

8. I hate updating them [:P]

9. I hate installing device drivers in windows (As they come along with GNU/linux, i dont have to)

10. I hate installing additional generic software separately which i use in day to day business (GNU/linux has most of the generic software inbuilt with the default installation like pdf readers,browsers, media players,instant messenger,cd/dvd writing software,office productivity software,archiver )

11. I dont have to fear of viruses and pendrives anymore.I hate using buggy IE.

12. I hate using mouse (a culprit which will make you tired and sick), I have become a command freak [:P] (you can control each and every part of GNU/linux using commands)

13. GNU/Linux helps me saving battery power of my laptop.

(how? i made my GNU/linux notebook to start in runlevel 3, which never starts the GUI by default, i used to listen songs by creating mplayer playlist and start playing files in runlevel 3 [:D] that is command line. you know what i get 4.5 hours of battery life :) )

14. I have lot of interest in security.

15. I want to be in control of my computer and don't want the computer to control me [:)]

16. I like sharing free copies of GNU/linux with others.which proprietary software forbids me to.

17. Finally i hate monopoly!

note:points 15 and 16 are added as lajpat's recommendation :)

Google Marked Every site as Harmfull last evening!

2009-01-31T20:31:00.000-08:00

Last evening google marked its every search result as harmful [:D] ...

Edit: Google says sorry! [:P]

If you did a Google search between 6:30 a.m. PST and 7:25 a.m. PST this morning, you likely saw that the message "This site may harm your computer" accompanied each and every search result. This was clearly an error, and we are very sorry for the inconvenience caused to our users.

What happened? Very simply, human error. Google flags search results with the message "This site may harm your computer" if the site is known to install malicious software in the background or otherwise surreptitiously. We do this to protect our users against visiting sites that could harm their computers. We maintain a list of such sites through both manual and automated methods. We work with a non-profit called StopBadware.org to come up with criteria for maintaining this list, and to provide simple processes for webmasters to remove their site from the list.

We periodically update that list and released one such update to the site this morning. Unfortunately (and here's the human error), the URL of '/' was mistakenly checked in as a value to the file and '/' expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes.

Thanks to our team for their quick work in finding this. And again, our apologies to any of you who were inconvenienced this morning, and to site owners whose pages were incorrectly labelled. We will carefully investigate this incident and put more robust file checks in place to prevent it from happening again.

Thanks for your understanding.

Here is another explanation :http://blog.stopbadware.org/2009/01/31/google-glitch-causes-confusion

Search your Stick!

2009-01-28T04:27:00.000-08:00

I got an interesting mail from one of my dearest mentor ,senior and a great software professional..

I wanna share that mail with you all.....

Here we go.............

Hi All,

Hope i meet you all in pink health and best cheers. Every one of you should be tight and committed in your projects and wishes that you come out with a successful work.
Happened to see a lot of happenings in Mepco Site. If you have a chance for attending those, please do it, as it may help you on your career mending.

As you all know, the IT market is suffering from a serious recession, it becomes more important for a campus placed Graduate to equip himself, more than a job seeker.
Yes friends,. Some of your friends (seniors) who got a campus placement in esteemed org. are still waiting for their training call. they are neither inducted nor informed. I happened to meet one such junior and she shared a sense of helplessness.

Tough life ahead. Its more tougher than life in Mepco.
The recession seems to exist till 2010 and ofcourse, you a challenging days ahead.Concentrate more on learning concepts than languages, improve the level of adaptability and ofcourse high skill required in self marketing.

You might have heard that preference for S/W eng for marriage has been reduced due to their insecurity(Thank god, i got it done 2 yrs before).Not only Loans denied for professionals also jobs are denied.I am not trying to scare you all. I am neither a poochandi nor a Otraikannan. These are hard truths in the market.

Companies like, infy , wipro and TCS have started their lay offs. Managers are informed of pay cuts and no increments for the year of 2009-2010. hard to digest.

Sathyam played a key role in bringing down the credentials of Indian IT. There are going to be challenges across the It industry to recruit the out coming 40K employees.No ideas about the project they handled. Now its board says that its employees can be paid for the month of Jan.Pathetic condition.

Still, we start early in the morning, travel for more than 40 KM, sit in front of our mail boxes with lot of expectations on any new assignment or appraisal.Its hope that we can walk in this rope. But to walk we need a balancing stick, which gives us the confidence to move up. Being struck in this period, this becomes necessary for you too.

So friends... "Search for your Stick and practice your walk..."

Sorry if i have bored you. Just thought of sharing things with you all.

I have missed the mail ids of our other friends. If you find it worthfull, do pass it on as well.

Do excuse, if i have taken much of your time.....I started this mail as i was not having any assignemnts. Expecting atleast i would be assigned some task from you all, in teh from of replying....

Back to work (thinking of what to do.....)

--
Regards,
Suresh VeeraRaghavan

-----------------

"Concentrate more on learning concepts than languages"

I love this line.Here we stand guys, i happen to see many people doing their project in .NET and JAVA ,well most of them outsource.

Please open your eyes guys and gals tough days ahead :(

How a pro-microsoft girl respond when you talk her about free software?

2009-01-16T23:55:00.000-08:00

Last evening, i had talk with some girl who is running Micro$oft dot net club in a college, I tried to explain her why micro$oft isn't good for the students community...

But she was good at making me angry by her words...

Let me write down some of her responses ..which came from her without knowing what to say for my questions....

ME: people in microsoft campus club don't have irc channel huh?Then why don't you create one in freenode.net :P ?

SHE:okay

What? Arrrgg

ME:In kerala they are using free software in all departments..now it seems to be there is a problem there..the IT advisor has been changed...ms is trying something bad there....

SHE:hohohoho :D

ME: why don't you drop your ms campus club for the sake of students?Any way no one is going to come to your club :p?

SHE:wateva

i dont give a damn

go 2 hell

[she used "hohoho" many times :P ]

Then i said her about the current IT scenario about our country,"We people are always going to work for a service company, we always doing background work for big MNC's then they are make out work as a product and selling back to us, why dont we create our own product ? free software encourages entrepreneurship "

She:so why you are waitin for go get it buddy...

Finally she said "i am not disagreeing with you people" "i like it too"

------------------------------

Lesson learnt: Never ever try to preach fanboys (fangirls i wonder does this word exist?)of M$

Making Udev to work for you

2009-01-15T05:05:00.000-08:00

What is Udev?

Whenever you plug a device in your linux box,the node(device file) corresponding to the device is created in /dev directory.Udev is daemon which manages dynamic creation of these files.udev not only provides dynamic device management but also creation of user chosen device names,running a script or program when a device node is created.
The above functionality of udev is controlled by rules.The default rules are kept in /etc/udev/rules.d/ directory.The sweet part of udev is that we can write our own rules and make udev work for us :).

Well how i made udev to work for me?

I have no broadband connection :( (fighting with my dad to get one :P).I use my nokia 3110c mobile phone to connect Airtel GPRS/EDGE.To connect the internet i plug my mobile using a usb connector the usbmodem(well mobile acts as usbmodem) will be detected as /dev/ttyACM0.Then i open terminal use wvdial command to connect the internet,its really a boring task to open the terminal and issue wvdial command each time.

How to write a rule so that it automatically connects me to the internet when i plug-in my mobile:

To write a rule we should identify and match the device uniquely, in my case the device is my usb modem.
There are several matching keys available so that you can precisely finger point your device to udev and make udev to take appropriate action defined by you.

Here are some matching keys:
* KERNELS - match against the kernel name for the device, or the kernel name for any of the parent devices
* SUBSYSTEMS - match against the subsystem of the device, or the subsystem of any of the parent devices
* DRIVERS - match against the name of the driver backing the device, or the name of the driver backing any of the parent devices
* ATTRS - match a sysfs attribute of the device, or a sysfs attribute of any of the parent devices

For example to pinpoint my hard drive to udev the rule will be like this:

KERNEL=="sda",SUBSYSTEM=="block",ATTR{size}=="312581808",NAME="my_hard_drive"

The above rule specifies udev if the kernel name for the disk is 'sda', if its a block device and the size of it is 312581808 then name it as my_hard_drive..so you can see /dev/my_hard_drive device file created when the rule is parsed by udev.

Well one might wonder how did i get these information? Here comes udevinfo in handy.

[root@localhost ~]# udevinfo -a -p /sys/block/sda/

The above command will give you the detailed information about the device(hard drive in this case) which is something like this.

looking at device '/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block/sda':
KERNEL=="sda"
SUBSYSTEM=="block"
DRIVER==""
ATTR{range}=="16"
ATTR{removable}=="0"
ATTR{size}=="312581808"
ATTR{capability}=="12"
ATTR{stat}==" 60259 55701 1692944 1457888 342794 1393752 13915984 186839073 0 1982886 188349105"

looking at parent device '/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/block':
KERNELS=="block"
SUBSYSTEMS==""
DRIVERS==""

looking at parent device '/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0':
KERNELS=="0:0:0:0"
SUBSYSTEMS=="scsi"
DRIVERS=="sd"
ATTRS{device_blocked}=="0"
ATTRS{type}=="0"
ATTRS{scsi_level}=="6"
ATTRS{vendor}=="ATA "
ATTRS{model}=="ST9160823ASG "
ATTRS{rev}=="3.AD"
ATTRS{state}=="running"
ATTRS{timeout}=="60"
ATTRS{iocounterbits}=="32"
The output is truncated....

when writing rules you cannot combine and mix-up attribute of diffrent parent devices.

The above method might be easy if you can find where your device is in sysfs file system (i.e /sys ).But its really difficult(atleast for the firsttimer ) to find out exactly the desired device in /sys folder.To get around this problem just plug-in your device and use the below command.

udevinfo -a -p $(udevinfo -q path -n /dev/)

To list the attributes details about usb modem(mobile) use the below command:

udevinfo -a -p $(udevinfo -q path -n /dev/ttyACM0)

well ttyACM0 is the usb modem i just inserted.The output will be something like....

looking at device '/devices/pci0000:00/0000:00:1d.1/usb6/6-2/6-2:1.1/tty/ttyACM0':
KERNEL=="ttyACM0"
SUBSYSTEM=="tty"
DRIVER==""

looking at parent device '/devices/pci0000:00/0000:00:1d.1/usb6/6-2/6-2:1.1/tty':
KERNELS=="tty"
SUBSYSTEMS==""
DRIVERS==""

looking at parent device '/devices/pci0000:00/0000:00:1d.1/usb6/6-2/6-2:1.1':
KERNELS=="6-2:1.1"
SUBSYSTEMS=="usb"
DRIVERS=="cdc_acm"
ATTRS{bInterfaceNumber}=="01"
ATTRS{bAlternateSetting}==" 0"
ATTRS{bNumEndpoints}=="01"
ATTRS{bInterfaceClass}=="02"
ATTRS{bInterfaceSubClass}=="02"
ATTRS{bInterfaceProtocol}=="01"
ATTRS{modalias}=="usb:v0421p005Ed0491dc02dsc00dp00ic02isc02ip01"
ATTRS{bmCapabilities}=="6"

looking at parent device '/devices/pci0000:00/0000:00:1d.1/usb6/6-2':
KERNELS=="6-2"
SUBSYSTEMS=="usb"
DRIVERS=="usb"
ATTRS{configuration}==""
ATTRS{bNumInterfaces}=="15"
ATTRS{bConfigurationValue}=="1"
ATTRS{bmAttributes}=="e0"
ATTRS{bMaxPower}=="100mA"
ATTRS{urbnum}=="13625"
ATTRS{idVendor}=="0421"
ATTRS{idProduct}=="005e"
ATTRS{bcdDevice}=="0491"
ATTRS{bDeviceClass}=="02"
ATTRS{bDeviceSubClass}=="00"
ATTRS{bDeviceProtocol}=="00"
ATTRS{bNumConfigurations}=="1"
ATTRS{bMaxPacketSize0}=="64"
ATTRS{speed}=="12"
ATTRS{busnum}=="6"
ATTRS{devnum}=="5"
ATTRS{version}==" 2.00"
ATTRS{maxchild}=="0"
ATTRS{quirks}=="0x0"
ATTRS{authorized}=="1"
ATTRS{manufacturer}=="Nokia"
ATTRS{product}=="Nokia 3110c"

[The output is truncated...]
And here is the rule:

KERNEL=="ttyACM0",SUBSYSTEM=="tty",ATTRS{manufacturer}=="Nokia",ATTRS{product}=="Nokia 3110c",RUN+="/usr/bin/wvdial"

RUN+="/usr/bin/wvdial" calls the wvdial to dial the internet (my case airtel :)) when the modem is detected by udev in /dev/ttyACM0 according to the rule written it will automatically call wvdial to connect :)

Create a new file something called 10-local.rules inside /etc/udev/rules.d/ directory, write your own rules and save it.Remember don't mess with the existing rule files!

Custom rules can be written to handle any device like digital camera,pendrive,external harddrive,etc that you plug-in into your linux box...

So lets start writing rules...... :) i guess does windows have such feature? or do they allow users to do these type of things without a third-party software?

References and Further reading:

http://reactivated.net/writing_udev_rules.html -Good documentation on writing udev rules

http://kernel.org/pub/linux/utils/kernel/hotplug/udev_vs_devfs --Udev vs devfs

http://www.kernel.org/pub/linux/docs/device-list/devices.txt -- list of devices and their corresponding device names in /dev folder helps you to find your device file names :)

Having Fun in IRC

2009-01-12T00:24:00.000-08:00

Well it was fun monday......Just logged into irc-channel created by Mr.lawgon (he has some other name)
Have a Look @ the conversations.........
zer0c00l its me.... :P ;)

--> You are now talking on #nrc-foss-edu
--- Topic for #nrc-foss-edu is Welcome to #nrc-foss-edu a channel to discuss FOSS in higher education in India || Channel rules: http://nrcfosshelpline.in/code/wiki/NrcFossEdu || http://nrcfosshelpline.in/code/ || mailing list: nrcfossconsult@googlegroups.com || FOSS certification: http://nrcfosshelpline.in/syllabus/FossWebDeploymentEngineer
Topic for #nrc-foss-edu set by lawgon at Tue Dec 2 17:34:19 2008
#nrc-foss-edu :[freenode-info] please register your nickname...don't forget to auto-identify! http://freenode.net/faq.shtml#nicksetup
zer0c00l-> so when will anna university give more importance to foss?
>nickserv< register ******(ma passwd) sagarun[at]gmail.com
lawgon-> who knows?
zer0c00l-> well i guess you know
why dont you people push
a student in government school uses open office in his lab..but when he comes to anna university affiliated engineering college he is forced use Microsoft office in his first semester
why is this gap?
may be its not your question lawgon
some moron from 218.75.53.68
sshd my computer
:(
how can i kick him
well its some Chinese moron
http://218.75.53.68/sp/wp_webuser.sp he is running http as well
let me send an abuse email
--> HDB (i=3b5dac22@gateway/web/ajax/mibbit.com/x-41d70ce0f3234a0e) has joined #nrc-foss-edu
HDB-> yoohoo
lawgon: see my reply on why a license is needed?
HDB-> zer0c00l: hello
zer0c00l-> hello HDB
HDB-> zer0c00l: who you sending abuse email to?
zer0c00l-> somebody from 218.75.53.68 made ssh connections to my computer
this morning
its seems like a Chinese government website
http://218.75.53.68/sp/wp_webuser.sp
HDB-> wow. chinese govt is doing hacking??
zer0c00l-> may be somebody hacked the Chinese government servers
and using that server to hide himself
government servers are soft targets
well i want to inform them
that their server is compromised
how can i do that
any idea?
HDB-> zer0c00l: buy a ticket to beijing
zer0c00l-> http://www.cooleasy.com/whois.php?ip=218.75.53.68
thats a good idea
well buy me a ticket
HDB-> ask Lap_64 uncle
zer0c00l-> oh
Lap_64 uncle are you there?
knock knock uncle
let me ask in binrev
www.binrev.com/forums
i wonder how he got my ip address
HDB-> zer0c00l: maybe random try. what's your ip??
zer0c00l-> i dont want to tell that
hehehe
why you need thaty
?
ask the operator
probably he knows it
HDB-> oprater??
no he doesnt
zer0c00l-> oh
HDB-> freenode knows it
zer0c00l-> yeah
HDB-> oops, you are not protected. your ip is visible on doing /whois zer0c00l
zer0c00l-> too bad
then i have to use a strong password
and disable unnecessary vulnerable service
omg i am running hell lot of services
HDB-> you are on windows xp
?
zer0c00l-> no
i hate windows shit
HDB-> Lap_64 uncle is windows fan
zer0c00l-> hahaha
o
HDB-> never upgraded from Windows 98
zer0c00l-> i have bad opinion about people using windows
HDB-> no, Lap_64 is fine
zer0c00l-> your ip is 59.93.*.* (edited :P)
:D
HDB-> yeah I don't hide it. what's the point
zer0c00l-> why cant i port scan your computer?
* HDB is small fish
zer0c00l-> using windows vista or something?
iptables up and running?
HDB-> zer0c00l: don't do that stuff. it is illegal. and if you are in India, you can be arrested :-(
HDB-> laws are very tough
zer0c00l-> oh really
HDB-> yep
where are you? chennai?
zer0c00l-> btw i am using neighbors wifi
hehehe
yep
HDB-> then he will get arrested. what city?
zer0c00l-> omg
thats bad
HDB-> what?
zer0c00l-> arrested
:O
HDB-> IT Act 2000 (Amendment 2006)
zer0c00l-> oh
HDB-> btw, amendment 2006 was really passed in 2008
zer0c00l-> i read about that
its baad
HDB-> took them 2 yrs
brb...
<-- HDB has quit ("http://www.mibbit.com ajax IRC Client")
zer0c00l-> zer0c00l wonders: HDB a police officer or lawyer
does any one knows how to prevent ssh logins from the internet
how can i make sshd to ignore logins from the internet
well google search will help me i guess
:)

------------

But really i wasn't using my neighbours ip address at that time. [:P]

Debian OpenSSL Vulnerability and Diffie Hellman keyExchange

2008-11-30T22:35:00.000-08:00

Cryptographic Keys:

Cryptographic keys are foundation for internet security. They are used in Encryption,Authentication and Digital Signature.

Cryptographic keys are considered to be most secure as they are harder to guess.

The Difficulty of guessing the keys are measured in entropy(The number of bits at least needed to describe it) . Entropy is measured in bits.80 bits and above are considered to be “very secure”.

Windows LanMan hashes are easy to crack(ex:rainbow tables) as their entropy is less than 36 bits.

What is OpenSSL?

OpenSSL is an open source implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.

The Keys generated by openssl package are often used in TLS/SSL,SSH etc.

Algorithms Implemented in OpenSSL:

OpenSSL supports a number of different cryptographic algorithms:

Ciphers: Blowfish, Camellia, DES, RC2, RC4, RC5, IDEA, AES
Cryptographic hash functions: MD5, MD2, SHA, MDC-2
Public-key cryptography: RSA, DSA, Diffie-Hellman key exchange, Elliptic curve

The Debian OpenSSL Vulnerability:

The Debian version of the OpenSSL library was the subject of a security breach discovered in late May 2008 generated keys from a much smaller entropy pool than normal.

Random numbers are used in various cryptographic functions. The linux operating system makes the developers job easier by collecting random events such as the speed at which you type and the exact path at which you move the mouse and store them in /dev/urandom.The developer can use this /dev/urandom instead of coding his own random number generator.The OpenSSL package relies on this /dev/urandom (highly random,provides most of the entropy) and the process Id(just 15 bits depends on architecture) for providing randomness to its cryptographic functions.One of the debian developer tried to prevent Valgrind(Valgrind is a tool to find out memory leaks) warnings related to the use of uninitialized memory within the OpenSSL libraries.He commented out two identical lines of code, however One of which pseudorandom number generator was actually used to add entropy from /dev/urandom to the pool; and so removing it meant that the seed would be taken directly from the process ID, and nothing more.

The result is that there are only 32,767 maximum possible encryption keys for each architecture (such as i386).Its the worst bug debian ever had.Its is easy to brute force and guess the keys.

The affected distributions are Debian 4.0 (Etch) and ubuntu 7.10-8.04(as they are build on debian).

They patched this bug on may 13th its a multi line comment and they simply uncommented the two lines of code .Have a look at the vulnerability and the patch http://tinyurl.com/funnypatch

Diffie Hellman KeyExchange and OpenSSL vulnerability:

Diffie-Hellman key exchange (D-H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.

Lets say X and Y are two hosts and they want to exchange keys with diffie hellman keyexchange algorithm

1.X chooses a prime number 'p' and base 'g'

2.Then X chooses a random number 'a' which is secret to it

3.X computes 'A' and sends A,p,g to Y.

4.Similarly Y chooses a random number 'b' which is secret to it

5.Y also computes 'B' and send it to X

6.X and Y computes their secret key K using 'B' and 'A' respectively.

The computation of 'A', 'B' and 'K' are shown in below figure:

In the above Algorithm the Global known (known to all even man in the middle)values are p,g,'A','B'

The secret values are the randomly generated a and b

If one needs to guess the key he needs to guess the random numbers either 'a' or 'b'....

Obviously the security of diffie hellman keyexchange algorithm is in randomness of 'a' and 'b'.If we use the vulnerable version of openssl, our random number is limited to 32,767 keys.So its easy to bruteforce and guess them.

The worst part of this vulnerability is that if you are using distributions other than debian and ubuntu and say i am secure then its not true...because its the nature of diffie hellman keyexchange.

Let me explain this,lets say an vulnerable ubuntu host X exchanges keys with a clean fedora host Y using diffie hellman keyexchange. Even though the fedora is not vulnerable there are chances that secret key exchanged between fedora and ubuntu can be compromised,because an attacker can make a guess on vulnerable ubuntu's secret key 'a' using A(which is easily guessable because of vulnerable openssl ubuntu) .

The Fix:

We can get around this problem by using blacklisting the vulnerable keys, and generating the new keys using patched openssl. There is and whole wiki available at debians website about what are all the applications affected and how to blacklist keys etc.

Here is the link:

http://wiki.debian.org/SSLkeys

Vaaranam aairam Song Ullta->Funny just read it

2008-11-30T06:59:00.000-08:00

I got this message this message from one of my friend and as this is exam time its funny just read it and correlate it with vaaranam aairam song "mundinam paartheyney"

Naan idha solliyey Aagannum!

Hai HOD, I'm Arun SAG... Naan itha solliyae aganum enna sem avalo kastam. Inga yevanum ivalavu kastama oru sem pathiru pangalana.. ha ha Pathiruka mattanga! and i think intha semmu arrear than!!
Munthinam padichaene! Oru mannum puriyaliyae! Enna thaan panuveno! Nenjamum punnanande! Ithanai naalaga book than parkamal! enguthan poneno natkalum veen anethey!

Anna University You don't have a Vision!

2008-09-07T02:50:00.000-07:00

"To become a good poet, one should read a lot
To become a good programmer, one should read others code"

"Some one said,The best way to learn coding is to imitate others coding"

When i was in holiday,my dad came to me and asked to fix a problem in his school's computers.It's a government higher secondary school.I went to his school and switched on some problematic machines expecting the windows operating system to boot.But what i saw there was Linux (Open suse ).Then i came to know that the Tamilnadu government has changed its policies, so that it will use only free software.Thanks to ELCOT who made this possible.

So the higher secondary students are using open office rather than M$ office, and Learning how to use linux.Free software reduces the cost of obtaining licenses(monopoly rents) from proprietary giants to the government.This story looks good.

"Bill gates once said 'The unauthorized copies of windows would act users get addicted and eventually microsoft will find a way to charge them' So,Schools should not provide windows are any other non free software to the students if they do so its like providing free packs of cigarettes to the students"--Richard Stallman

There's also secondary benefit to the students when they use free software, as the software source code is freely available, they can read it and learn more.Even they can join the community and start contributing..Which NEVER happens in case of proprietary software.

But when it comes to engineering especially Anna University...They are still using Damn old syllabus and damn proprietary software in their curriculum, so what they are doing is giving cigarettes and drugs to students and making them get addicted to it.Once in four years anna university should revise their syllabus, Instead of changing the syllabus in 2008 they just amended regulation 2004 instead of introducing new syllabus..They didn't change anything.

What anna university students(Most of the people comes from higher secondary level,where they studied linux ) are studying is Microsoft office,VC++ ,Oracle (RDBMS),Rational Rose,C# and .NET...The list of proprietary software goes on, why they can't make QT or TCL as their syllabus instead of VC++, why they can't use Mysql instead of ORACLE?.I don't know whats the alternative for rational rose, comment me if you know (but i am sure it exists)

Most of the private engineering colleges are using Microsoft's operating systems and making the students to use them.
For example the college, i am studying is paying Microsoft more than 1 million per year to get licenses..(LOL)
This is how they waste lot of money (LOL).

Also anna university is totally ignorant to free software and open source technologies.They made computer science and engineering as computer software education....Because most of the things mentioned in their syllabus can be studied externally...

The syllabus will not create a software engineer, its designed to create an application programmer (LOL).A software engineer is a person who creates technology and services...But Anna university syllabus for the affiliated colleges teaches the students how to use the technology rather than how to create it.

Here's the place where free software comes in...Think about an operating system subject with linux kernel? Think about an RDBMS with mysql?
They are giving students more than 54 papers in 4 years to study...i believe 6 papers per year is the best, which means 24 papers in 4 years(In IIT there are only 6papers per year!!!)

The students potential should not be evaluated using what they write (vomit), it should be evaluated by what they do......the project should be started from 2nd year itself.If you go and ask them why there is no free software's used in their curriculum, they may tell you we have a subject called FOSS as elective (who cares about electives these days..Mostly they are chosen by staffs rather than students).

"India is the largest consumer of free software, but the contribution to the free software they made is too less" institutions like Anna university are responsible for this type of criticism's .

Switching simply to linux and saying "hey i am using free software" is lame , we should understand the four freedoms the free software offers to us.

The government is using free software why are you not changing ? Usually the government should go behind the educational institutions,but here its different....

So at least students we should wake up and try to be a real engineer.

Don't Press pageup and pagedown buttons before asking M$

2008-08-25T11:41:00.000-07:00

Microsoft has granted patent for "Method and system for navigating paginated content in page-based increments"

Which is your page-up and page-down keys functionalities :P

So in my program lets say my own editor i add event handlers to handle page-up and page-down key press event then i am violating the patent of M$ (which is a regular lab exercise in our curriculum)

With these type of crappy patents they call the open source community as always violating the patents of M$........

For more information visit http://www.itwire.com/content/view/20193/53/

Only God knows when they are going to get patent for using space bar :D !!

How to protect yourself from viruses which spread through pendrives

2008-08-09T08:04:00.001-07:00

I write this thing as one of my classmates asked me to do so....

How viruses spread through pen drives?

when you look inside a infected pen drive ( use dir /a command in cmd prompt)

There will be a file called autorun.inf...It will look something like this...

[autorun]
open = virus.exe
shell\Open = &Open
shell\Open\Command = virus.exe
shell\Explore = &Explore
shell\Explore\Command = virus.exe

What it implies that when you double click (open) or explore your pen drive the virus will be executed...

So when you plug-in a suspected pen drive, just open up command prompt and navigate to the mounted drive using it..remember don't use the GUI (explorer)

Use "dir /a" command to list all the files available inside the pen drive, check for autorun.inf open it using "notepad autorun.inf" and look for the executable file.

use attrib command to delete the autorun.inf file (attrib -h -s -r autorun.inf) restart the explorer or remove the pendrive and reinsert it, it should work fine.

What to do the host system is already affected by the virus:

Most of the viruses spread through pendrives, have module to replicate themselves inside the pendrive when an unaffected pendrive is inserted.

So before inserting a pendrive, use tools like process explorer and SysInspector to scan your running processes.use your common sense to figure out the running virus and then terminate it...

Then use tools like Hijack this to remove the virus from automatically starting (msconfig too good for removing things from start-up).

Use a better antivirus and keep updating it frequently...

What a number huh?

2008-07-19T11:42:00.000-07:00

I Stay in hostel...Do you know what's my room number? Guess..............?

Let me tell it in the end......

Many of my friends told me, the room number matches what i do? [:P]

Interestingly, for all the four years the rooms allocated for me (through lots) were in corners...

For the first time i was called for an enquiry....Because one of my classmate had my number in his cell phone's contact list...(LOL we are not allowed to use mobile phones in the college)....

And i believe the room number played a vital role for this suspicion.....

People around me started calling me by my room number....

I have to tell about the room..It's pretty smaller than other rooms in the hostel..It has 3 windows..So no scarcity for light and breeze..

You cannot sleep there over than 6.3o am... Our planet's nearest star won't allow you to do so....

[:(]...

I usually go to bed by 2.00 am...So its too bad to getup by 6.30 am....But class rooms are very nice place where you can have a good sleep [:P]

And its a nice room...I can see who are visiting the hostel...[:D].....If some one come for raid then i will be the first person to know after the watchman! [:D]

Some people call me as a hacker.......(LOL)

To be a hacker means to do things in a spirit of play full cleverness exploring the limits of whats possible....

Hacking is mainly enjoying play full cleverness...Computers are not the only thing to hack.. you can hack in any area of life not necessarily with computers.....

Breaking rules harmlessly is an important aspect of hacking because its fun... Stupid authority who is making do things for no good reason.... it should be disobeyed..its not about breaking rules...If you can find a short programme then its a hack......

If you think i have this qualities then call me as a hacker..............

I believe hacking has also something to do with my room number.................

Guessed my room number................?
.
.
.
.
.
.
.
.

It's "$@)" can't find out what it is? OK open up your notepad and type this words (without quotes)...While typing don't press the SHIFT key..........

What a number huh? [;)]

PS:This number has something to do with ipc (IPC=Indian Penal Code)

Must Have Firefox Extentions!

2008-07-17T10:38:00.000-07:00

100% organic software? What is it?....

As software companies go,these people are a little unusual.... They define success in terms of building communities and enriching people’s lives, they don't even have Stock!

Yeah it's Brand new Mozilla Firefox and Mozilla Corporation...

Firefox Addons are one of the reason for me to use firefox ..Addons? What it is? Addons are little piece of software that extends firefox (in all aspects)....

I use these Addons or extensions (as they extend firefox's functionality) regularly...So i decided to write about my favourite extensions here...

Adblock Plus:

This addon is for people who don't like to see advertisements on the pages they visit..On installing this addon it will ask you to subscribe for an Ad filter (these filters are used to identify the adds )..Just select the first one..(easylist.usa)

This addon will be useful for people who are having slow internet connection(dialup)..As it blocks most of the adds your time and bandwidth are saved!

https://addons.mozilla.org/en-US/firefox/addon/1865

FlashBlock:

Its also another kind of bandwidth saving addon...It replaces Flash objects with a button, you can click to view them...

Let it be your youtube video or a yahoo's flashy advertisement it works!

https://addons.mozilla.org/en-US/firefox/addon/433

WOT

WOT stands for Web Of Trust....

With WOT you can identify the qualities of a website like (Trustworthiness , vendor reliability,Privacy and Child safety)

For example:

You are searching for screensavers on the internet..Google may give you a lot of results..The problem with free screensaver serving websites is that, they are not reliable (mostly) they may try to install malicious softwares in your computer..So WOT allows you to select the best website
out of your search....Even warns you when you are trying to visit a site with bad rating..

https://addons.mozilla.org/en-US/firefox/addon/3456

Foxmarks:

We know bookmarks are specific to a local computer...with this addon they are not...

Let say when you are in college you encounter a website of your own interest and bookmark it in the local machine for your future reference...that evening you are in home and want to visit the page you bookmarked...Here comes Foxmarks...Its a bookmark synchronizer..All you need to create an account and start bookmarking, all your bookmarks will be stored in their server...and can be retrived from your any computer with internet connectivity.......

https://addons.mozilla.org/en-US/firefox/addon/2410

DownThemAll:

Lets say you are in a internet cafe, you don't have any download managers installed down there...

Here comes DownThemAll
It's a download manager for firefox!

https://addons.mozilla.org/en-US/firefox/addon/201

Panic:

Panic lets you to close all your existing tabs in firefox with a hotkey, and opens a predefined page ....

Are you looking at stuff you shouldn't be? Whether you are browsing through social networking sites while you're at work or wandering around Orkut while you're at school? Well this extension gives you the ability to close all tabs, while opening another one that will make it look like you are doing what you should be doing. Right-click to open options. Left-click in case of emergency. Alt + ` (tick) for keyboard shortcut of emergency.

https://addons.mozilla.org/en-US/firefox/addon/6367

Fast Video Download:

Wanna save Youtube videos to your hard drive in a single click..Then this addon helps you a LOT!

https://addons.mozilla.org/en-US/firefox/addon/3590

Switch Proxy:

In my college, i connect to the internet through a proxy server, but in my home it's direct connection,
It's really a pain to change the setting in the options menu each time......

This extension allowed me to switch proxy server in a click...

https://addons.mozilla.org/en-US/firefox/addon/125

FireGPG:(For advanced users)

Wanna encrypt your mails in Gmail....Then its the addon for you...To use this addon you should have a public key and the corresponding private key....

You can use PGP in your daytoday life with this addon....

Download this addon from the below link:
https://addons.mozilla.org/en-US/firefox/addon/4645

To learn more about PGP and How to use this addon,watch the video below:
http://www.irongeek.com/i.php?page=videos/using-GPG-PGP-FireGPG-to-encrypt-and-sign-email-from-gmail

TabRenamizer:

Have you noticed that everybody looks the titles of your open tabs? It has a name: Paranoia! And a solution too: TabRenamizer!

https://addons.mozilla.org/en-US/firefox/addon/2987

Other Addons:
I use some more addons other than the above..

They are IMACROS, Firebug and Extension developer...IMACROS lets you to automate firefox...Firebug is for web developers and other is obvious from the name...

If you feel your favourite addon is missing in this post, just comment me with its name...!

Monodevelop developes Monopoly in Linux ?!!?

2008-07-01T05:10:00.000-07:00

It was my C# and Dot Net class and it was the introductory class, professor Mr.Raja shekar started lecturing on C# and Dot Net frame work..Eventually he asked us the disadvantages of C# and Dot net..I eagerly replied the Microsofts licence issue as a first drawback. ;)

He added the point that "Dot net applications cannot run on linux operating system and its only ment for Microsoft's operating systems".

The next day it was my library hour (in that hour we used to go library and read something)..After 2 months gap i picked up the LFY magazine (Linux For You)..And started reading...

I felt happy that india rejected Microsofts OOXML standard..but the bad news is that Companies like infosys,wipro and TCS voted in favour of Microsoft (They do business with microsoft )...Nasscom too voted for OOXML...(I hate NASSCOM in this issue)...

“Microsoft corrupted many members of ISO in order to win approval for its phony ‘open’ document format, OOXML. This was so governments that keep their documents in a Microsoft-only format can pretend that they are using ‘open standards.’ The government of South Africa has filed an appeal against the decision, citing the irregularities in the process.”

--Richard Stallman june 2008

After roaming through some pages ,i read about Novels inclution of monodevelop in their open suse 11.0......

Monodevelope enable one to develope and deploy c# and .NET applications in linux [:o]...

May be it's a good news for .NET developers...But the FOSS community consider it as a BAD news..Most of the people in consider the interoperability deed between M$ and Novel as a killer...

They belive its an initiative to build microsofts monopoly into opensource community....

So Don't monodevelop....

:)

Understanding Password Hashes

2008-06-29T01:01:00.000-07:00

Normally in windows operating systems the password we enter is hashed(obfuscated) and stored in c:\windows\system32\config\sam

Security Accounts Manager is the abbreviation of SAM...(Don't try to open it when in windows it won't allow you to do so :P )

But people circumvent the operating system (using linux boot disk) and copy this sam..

Also don't forget to copy the file named "system" from the same directory, which contains the "syskey".

syskey is used to encrypt the sam.....

Windows XP uses two type of hashes LM hashes and NTLM hashes..LM hashes (LM stands for LAN manager) NTLM is more secure than LM hashes. However, even computers that use NTLM (i.e) windows 2000 and above also store their passwords in LM hashes. So the password is stored twice, as NTLM and as LM Hashes. This is because very often we still need to connect with machine that used LM hashes(i.e) windows 98 going back.

LM hashing method:

Let me explain it with an example, take the password as 123456abcde

Initially the password is converted into all upper case letter 123456ABCDE

Then the password is padded with NULL (blank) character, in order to make it 14 character long.

Now the 14 character long password is split into half like 123456A and BCDEF__.

Each string is individually encrypted and the results are concatenated:

123456A = 6BF11E04AFAB197F
BCDEF__ = F1E9FFDCC75575B15
The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15

Problems with LM hash:

If the password is greater than 14 character then LM hash is disabled and NTLM hash is used.
Can cracked easily.

Password cracking methods:

Dictionary attack
Brute force
cryptanalysis (rainbow table)

Rainbow tables:

With rainbow tables the password combinations are pre-computed and stored in disk.

This rainbow tables are searched for a particular hash, and the password can be cracked with in minutes.

In LM hash generation the password is split into two and encrypted (see LM hashing method)

This design fault leads to creation of Half LM rainbow tables which are used to crack one half

of the password ..Thus it reduces the time taken for cryptanalysis...

Prevention:

Disabling the LM hashes (In windows vista LM hashes are disabled by default)( see links section for more details on LM hash disabling methods)
Using passwords that have more than 14 characters.
Don't use dictionary words
changing the passwords frequently

There is nothing in this world that cannot be breached, all we can do is make it harder to the attacker.

Links:

See the wikipedia entry about LM hashes here

Download a simple password cracker saminside from here (however i don't use it anymore i use cain for these purposes)

Download ophcrack from here (It comes with free rainbow tables i recommend it for begginers)

Download LM hash rainbow tables from here

Download the Rainbow table generator from here

Get the instructions to disable LM hashes from here

My favourite IRC

2008-06-23T09:58:00.000-07:00

If you are a ubuntu fan, then this should be your favourite IRC.See the passion out there...Shoot your queries right now!

Install windows vista in two minutes!!!

2008-06-19T10:47:00.000-07:00

Oh my GOD! someone please send this video to $Bill Gates$......

Firefox-- another success story!!!

2008-06-19T04:44:00.000-07:00

The mozilla Team

Firefox 3 was downloaded 8,349,074 times between 2:16 p.m. ET Tuesday and 2:16 p.m. ET Wednesday.

Click here to see the Firefox downloadCounter

The Microsoft Internet Explorer Team sent a cake for the release of Firefox 2 in 2006 and now they did it again.

From redmond with love :o

"Mozilla will be eating cake as well as Internet Explorer's marketshare" writes vivek....

How i hacked into cognizant?

2008-06-17T17:34:00.000-07:00

It was 17th of june..the whole hostel woke up by 6.00 am (usually 8.00 am :P). Every one was busy preparing themselves for campus placements..I too started early in the morning..About 9 am they started the aptitude test..It consist of 3 sections and the duration was approximately an hour (the fastest hour in my life )....

Before we started the apti they gave us a sheet..where we were asked to fill up the details..
(later in the interview this sheet acted as a resume)

In that sheet i forgot to wrote my academic interests...instead i wrote my other interests.
1.open source software enthusiast..2.Security and hacking....(sounds like vague wright? :P)

After the completion of apti,we were asked to gather inside a seminar hall for PPT (pre placement talk)..

They told us about their company and every thing..(it's a 3bn$ company)...In the question answer session i asked them a question "Sir,I want to be an open source software developer..what are the opportunities to learn and do open source projects in cognizant." Mr.Thomas one of my college alumni and the senior person in the recruiting team answered my question. Also they asked some questions (like quiz) in the ppt.The first question was what is the symbol of cognizant in NASDAQ...I answered that question..It is "CTSH".(Thanks to college wi-fi which gave me opportunity to get these stuffs from the Internet).I told the answer and got a prize..Mr.Sriram the HR officer (just a guess-he worked as a placement officer in VIT before) gave me the prize with a firm handshake and asked my name.I replied "Arun" with a gr8 smile..
:)..Finally they also gave prizes to people who asked good questions in the ppt..Also i got a prize..so totally two prizes from cognizant in the ppt (LOL)....

With these prizes i was confident..After the ppt we were asked to leave for lunch and asked to come back by 1.00 am for the apti results.. I kept my fingers crossed for the apti results..

A guy started reading the people who were short listed for the interview process..I was in the 6th list..I took a my breath with great relief...

Then i was asked to stay inside a class room..(I didn't have lunch on that day)..I stayed there from 1.15 pm to 2.45 pm.....

Then the guy from meritrac (a company which helps placement process for cognizant!) asked me to go and wait before the interviewer's room..I waited there for 30 Min's...Finally i was called..When i tried to enter the room..He(interviewer stood up from his seat and got out for a face wash..he also asked me to wait...he just came back after 5 Min's and asked me to come in..I need to tell about him..he is tall man (about 6 feet) with french beard....I followed him..He sat down and gave me his hands i gave him a firm handshake and said "Good afternoon sir" with a gentle smile..

He asked me to sit down..He took my apti-paper and looked into my data sheet..

He:okay..tell me about yourself
me: told that

He: Hacking!!!?
He:are you interested in hacking?

me: yes sir!

He: Have you done it before?
Me: I nodded with a smile

He:what do you mean by hacking?
Me:I explained as in binrev (:))

He:Tell me some hacking techniques
Me: i told him about ARP spoofing

He:What is ARP spoofing explain it to me?
Me:I explained (Thanks to irongeeks videos)

Me:sir i also have interest's in open source software,I am using linux as my primary operating system,and i proud about that sir..

he: why you should me proud of using linux?
me: because the i am the only person who use linux in my class as a primary operating system

he:okay,whats wrong about using windows man?
me:sir,windows provide limited options to customize..and linux offers a lot..Also i like playing with linux..i also believe that a computer science engineer should use linux...its lame to use windows.

he:are you proficient in java?
me:no sir! (because i didn't prepare for java),i know only the basics sir...

(here i made a blunder)

he: okay,basic means which level of basics?
me:basic input output system sir.

he:okay,write a java program to file read and file write..
(i don't know the classes and functions :P)

so i said,
me:sir,i know only the basics,the java VM,how to define a class,packages and interfaces sir

he:then why did you say java input and output ?
(he tried to stress me..i just explained him that in our academics we concentrated more on cpp than java)

He:OK,give me your resume
Me:I gave him.

After looking at my resume:

he:how did you achieve stealth in your key logger
me: i explained about getasynckeystate() function..

He:okay,your academic interest is in computer networks ,write a c program to data transfer between two computers

i took his pen (which was on the table) and started writing i forgot all the syntax..only mentioned functions with comments...

me: i have written sir!

He:okay,man explain..
me:i explained...

he: that's all from my side man, do you have any questions?
me: yes ,sir..I again asked him about opportunities to develope open source software in cognizant...

he answered my question with great interest...(his eyes were the evidence )

also i mentioned about the prizes i got in the ppt session...

and said thanks to him and left the place...

When the results were announced i was in the list...(happy ending)
The person who interviewed me raised his hands with great smile towards me in the seminar hall (i believe i impressed him a lot..by telling things which are out from my academics)

PS: I thank folks in binrev for helping me learn about hacking..and i also thank irongeek for his nice video tutorials...

Firefox set to release on june 17th 2008

2008-06-12T09:31:00.000-07:00

Firefox version 3, the best web browser set to release on June 17th 2008 Mozilla has announced the date today.

From the developers:

After more than 34 months of active development, and with the contributions of thousands, we're proud to announce that we’re ready. It is our expectation to ship Firefox 3 this upcoming Tuesday, June 17th. Put on your party hats and get ready to download Firefox 3 — the best web browser, period.Firefox version 3, the best web browser set to release on June 17th 2008 Mozilla has announced the date today.

And this time firefox gears up for a new world record!

Sounds like a good deal, right? All you have to do is get Firefox 3 during Download Day to help set the record for most software downloads in 24 hours - it’s that easy. They're not asking you to swallow a sword or to balance 30 spoons on your face, although that would be kind of awesome.

For more information see:http://www.spreadfirefox.com/en-US/worldrecord/

Malicious Commands in Linux!

2008-06-12T04:31:00.000-07:00

The commands listed here are Dangerous..Just look it Don't try it.....

Delete all files: delete current directory, and delete visible files in current directory. It's quite obvious why these commands can be dangerous to execute.

rm -rf /
rm -rf .
rm -rf *

Reformat: Data on device mentioned after the mkfs command will be destroyed and replaced with a blank filesystem.

mkfs
mkfs.ext3
mkfs.anything

Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data

any_command > /dev/sda
dd if=something of=/dev/sda

Forkbomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
In Bourne-ish shells, like Bash:
:(){:|:&};:

There are many commands like this...if you a noob to linux and asking help on the internet then malicious people may ask you to execute these commands.. (It's like your orkut album unlocker :P) so don't do that beware!

To find out more commands like this
Visit:http://ubuntuforums.org/announcement.php?a=54

New Ransom Ware Targets Windows!

2008-06-10T07:12:00.001-07:00

A new malware named Virus.win32.Gpcode.ak targets users running windows operating systems...

It's not that usual virus which spreads using your pen-Drive or locking your taskmanager or just opening new pop ups and ads...

It targets particular type of files (File extensions) and encrypts them using strong RSA-1024 bit encryption (:P)...

Files encrypted using this type of encryption system will require 5 million modern computers to crack....(:D)

To see the list of files get encrypted just click http://www.viruslist.com/en/viruses/encyclopedia?virusid=313444

Many antivirus companies are working on cracking the key..its a huge cryptanalysis problem..

If you are affected by this virus you will see files like !Readme.txt!, Filename.ext.Crypt inside your system and in the readme file will see some thing like this

"Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com»"

If the anything matches above just send a mail to stopgpcode@kaspersky.com and tell them exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected:

• which programs you have executed,
• which websites you have visited, etc.

They'll try and help you recover any data that has been encrypted.

To prevent this type of infection:

Update your anti-virus periodically.
Just dismiss windows operating systems and switch to linux (:P)

More Information can be found on this weblog:http://www.viruslist.com/en/weblog?weblogid=208187524

Replacing LPG Cylinder --SAGA style

2008-06-09T21:34:00.000-07:00

I used to spent most of the time infront of my laptop..It was 5.00pm..."Arun come here" it was my mom called me inside the kitchen..I said "A computer science engineer don't have job inside the kitchen mom"....she said instinctly "so the computer engineer won't get coffee today.." I took a deep breath and moved towards the kitchen.."What happened mom?" I asked..."Arun you need to replace the empty LPG cylinder with the newone"....

Seems to be a little job for me...I never replaced a LPG cylinder before (:P)
I just locked the regulator...and tried hard to pull the whole setup out of the empty cylinder...After some struggle finally i figured out an elastic like structure beneath..i just pulled it up and pulled the whole setup WOW its done....

Now it's time to mess with the new cylinder..I tried to pull the white seal on the top of the cylinder...Even after 10 minutes i couldn't get that seal off....
So i made a phone call to my Dad asking him how to do that...My dad started laughing at me [:D] ...and he said a technique...he asked me to pull the thread towards me...i did so and finally i removed the seal and i replaced the cylinder..

This post is an experience of me...Nowadays people mingled with their profession doesn't know simple things like this.....As these things can help us in day to day life we need to learn them first!!

Windows vista-A gaint step backward for your Freedoms!

2008-06-09T08:31:00.000-07:00

Usually, new software enables you to do more with your computer. Vista, though, is designed to restrict what you can do.[lines from badvista.fsf.org]

Yes its true...

There are three features reported to be built in Windows vista which 'can' restrict us all from doing things...

1.DRM-->Digital rights Management can be called as Digital restriction management

They decide which programs you can and can't use on your computer
They Decide which feature of the software you can use at a given moment.
They ask for new players and softwares to be installed in your system even though you don't like it.
They restrict certain files to be used in your computer,they even restrict access to your data .

Fsf claims that these type of restrictions cannot be enforced using simple programs,this requires each and every activity of your computer needs to be monitored...They also mention this is the reason why windows vista needs more sophisticated hardware..

Truth:

When people tried to record the recent edition of "Gladiators" which was telecasted in NBC..they where restricted by microsoft's operating system..Microsoft too confirmed it!!

Read more here:
http://badvista.fsf.org/blog

2.The Licence

Even you buy windows vista of your own..you don't own it..(LOL)

Microsoft says

The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights.

For more Details visit:

http://www.microsoft.com/about/legal/useterms/default.aspx

You are licensed to use the operating system only in one computer in a time,if you want to use it in another machine you need to delete it from the previous machine!!

3. The Defender

You give microsoft the "Right" to delete any program that they feel it as "unwanted" unless you change the default action..(the default action is Delete)

4. The Kill Switch

Microsoft ships it operating system with a tool called "Windows Geniune Advantage" Which reportedly can send information about your machine and you to microsoft..And it also reportedly include a "Kill switch"..This switch can disable any machine and will ask you to contact microsoft to access your files.
Microsoft already disabled 500,000 cases(deliberately or accidently) using this kill switch..

(The informations provided in this post is an essence of http://fsf.badvista.org
for more details please visit the above link)

Bill Gates’ High School Speech

2008-06-09T07:50:00.000-07:00

Bill Gates recently gave a speech at a High School about 11 things they did not and will not learn in school.

Rule 1 : Life is not fair - get used to it!

Rule 2: The world won’t care about your self-esteem. The world will expect you to accomplish something BEFORE you feel good about yourself.

Rule 3 : You will NOT make $60,000 a year right out of high school. You won’t be a vice-president with a car phone until you earn both.

Rule 4 : If you think your teacher is tough, wait till you get a boss.

Rule 5 : Flipping burgers is not beneath your dignity. Your Grandparents had a different word for burger flipping: they called it opportunity.

Rule 6 : If you mess up, it’s not your parents’ fault, so don’t whine about your mistakes, learn from them.

Rule 7: Before you were born, your parents weren’t as boring as they are now. They got that way from paying your bills, cleaning your clothes and listening to you talk about how cool you thought you were. So before you save the rain forest from the parasites of your parent’s generation, try delousing the closet in your own room.

Rule 8 : Your school may have done away with winners and losers, but life HAS NOT. In some schools, they have abolished failing grades and they’ll give you as MANY TIMES as you want to get the right answer. This doesn’t bear the slightest resemblance to ANYTHING in real life.

Rule 9 : Life is not divided into semesters. You don’t get summers off and very few employers are interested in helping you FIND YOURSELF. Do that on your own time.

Rule 10: Television is NOT real life. In real life people actually have to leave the coffee shop and go to jobs.

Rule 11 : Be nice to nerds. Chances are you’ll end up working for one.

Nice rule's isn't it? :)

Airtel Gprs the Linux way!

2008-06-09T01:52:00.000-07:00

In windows operating systems,to use GPRS there are two ways...these two ways are defined based on the connection between the mobile phone and your computer/laptop

1.Using Bluetooth
2.Using a data cable

Unfortunately this proprietary operating operating system doesn't have this support..we need to install bluetooth drivers for bluetooth connection and Nokia Pc suit (My mobile phone is Nokia) for getting internet through your datacable...

What ubuntu offered me:

When I reinstalled windows vista (i don't like the inbuilt software they provided and there was only one partition :P)
It doesn't recognized most of my drivers..(remember the vista operating system is a DVD worth more than 3 GB i guess)
I manually installed most of the drivers (starting from display,audio,ethernet,wi-fi,webcam...etc)....

But when i installed ubuntu (which is a single 700MB cd) it detected all of my Devices and installed all of the Drivers...Amazing isn't it??

Ok lets come to the topic

Whenever a device is connected a file corresponding to the device is created in /dev folder
(Devices are managed using files in linux simple isn't it? :) )
It's time to connect my phone with laptop using data cable...The phone asked me which mode to connect "i selected nokia mode"
Let us find that Device file...
just type wvdialconf in terminal window

"arun@zer0c00l:~$ sudo wvdialconf"

The above command will display lot of things on the terminal...you will find a line "Found an USB modem on /dev/ttyACM0."
woot our modem!!!
And also notice the line "Modem configuration written to /etc/wvdial.conf" wvdial.conf is the file where our modem configuration is stored...
Lets have a look at the wvdial.conf file

arun@zer0c00l:~$ cat /etc/wvdial.conf

[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Modem Type = USB Modem
ISDN = 0
New PPPD = yes
Phone = *99#
Modem = /dev/ttyACM0
Username = 99949898xx
Password = 99949898xx
Baud = 460800
arun@zer0c00l:~$

I have already modified the contents..just give phone=*99# its the dialing number for airtel,usernale is your phone number and password is the same....

save the file.....

Now let us connect to the internet

just type wvdial in your terminal

arun@zer0c00l:~$ wvdial

If everything is ok and you are subscribed to the internet (:P)...you can browse using the new firefox webbrowser!!!!

Linux is a platform we can play a lot...where windows operating system provides us limited options...

In my next post we will see how to connect using bluetooth..and other GUI based tools available for Dialing....

Experience the Innovation

2008-06-08T11:59:00.000-07:00

When i was singing in the bathroom it was 11.00 clock (LOL)(I am a bathroom singer)....
I heard a sound "Sir Post...." I called my Brother "Kavin Go and see it might me the postman"
After a minute..He said "Arun,Its for you they have sent you the parcel"...After 30 mins,With enthusiasm and thrill i opened the parcel,There i saw 4 CD's (2 ubuntu and 2 kubuntu and a dozen of Labels) which i have requested from canonical...I called my friend Ramnish by phone and told "Hey I recieved HARDY"..Immediately he said "I will be in your home with in 30 mins"..
I recently brought a Laptop its Dell Inspiron 1525...(Thanks to my DAD :) )They have (DELL) shipped Windows Vista Along with it [:(]...
I boot into vista and logged in as "arun" and inserted the live CD (Ubuntu) in my CD-Rom...It was WUBI the windows based linux Installer popped up and asked me to install Linux..
It resembled an ordinary Application software installation..I selected the language and selected my D drive (NTFS partition :P) and allowed linux to occupy 10 GB....It asked me the username and password..and i gave the same...
And clicked next..It copied something (i guess the whole data ) for five minutes..and prompted me to reboot..I just gave "ok" for a reboot....
WOW..I saw Both Windows vista and Ubuntu on by boot menu (LOL)..I just selected ubuntu....It continued the installation,It showed me a world map and asked me to select the location as a proud indian i selected "INDIA" and clicked next and kept my fist's crossed to see whats new in Hardy..(Already WUBI was a surprise)..
The ubuntu logon screen popped up and asked me to login..i gave arun as user name and *********** as passoword (:P)
WOW i heard the welcome sound through my headphone..It was 1240X800 (i guess the resolution of my laptop).the Light brown welcome screen..It was really nice..With enthusiasm i clicked the Applications Menu..WOW under the Internet section it was mozilla firefox b5.....when i minimize,maximize,and closed the windows flipped exquisitely.....
Ok it was time to connect to the internet....I use GPRS (Airtel) to connect....
How i did that? lets see on my next post................[:)]

I am Back!

2008-06-08T11:49:00.000-07:00

Hi Guys and Gals,
I just created this blog a year back..But left it with out any content..Now i am back..
You will see things on Linux,Free and open source softwares,Hacking,Security related things here...

Buffer over flow Attacks!

2007-07-14T00:42:00.000-07:00

Buffer overflow problems always have been associated with security vulnerabilities. In the past, lots of security breaches have occurred due to buffer overflow. This article attempts to explain what buffer overflow is, how it can be exploited and what countermeasures can be taken to avoid it.

Knowledge of C or any other high level language is essential to this discussion. Basic knowledge of process memory layout is useful, but not necessary. Also, all the discussions are based on Linux running on x86 platform. The basic concepts of buffer overflow, however, are the same no matter what platform and operating system is used.

The Basics:

A buffer is a contiguous allocated chunk of memory, such as an array or a pointer in C. In C and C++, there are no automatic bounds checking on the buffer, which means a user can write past a buffer. For example:

int main () {
   int buffer[10];
   buffer[20] = 10;
}

The above C program is a valid program, and every compiler can compile it without any errors. However, the program attempts to write beyond the allocated memory for the buffer, which might result in unexpected behavior. Over the years, some bright people have used only this concept to create havoc in the computer industry.

The Stack:
A stack is a contiguous block of memory containing data. A stack pointer (SP) points to the top of the stack. Whenever a function call is made, the function parameters are pushed onto the stack from right to left. Then the return address (address to be executed after the function returns), followed by a frame pointer (FP), is pushed on the stack. A frame pointer is used to reference the local variables and the function parameters, because they are at a constant distance from the FP. Local automatic variables are pushed after the FP. In most implementations, stacks grow from higher memory addresses to the lower ones.

This figure depicts a typical stack region as it looks when a function call is being executed. Notice the FP between the local and the return addresses. For this C example,

void function (int a, int b, int c) {
  char buffer1[5];
  char buffer2[10];
}
int main() {
 function(1,2,3);
}

http://sagarun.googlepages.com/6701f3.inline.png

As you can see, buffer1 takes eight bytes and buffer2 takes 12 bytes, as memory can be addressed only in multiples of word size (four bytes). In addition, an FP is needed to access a, b, c, buffer1 and buffer2 variables. All these variables are cleaned up from the stack as the function terminates. These variables take no space in the executable disk copy.

Overwriting Function's Return Addresses

Because we know it is easy to overwrite a function's return address, an intelligent hacker might want to spawn a shell (with root permissions) by jumping the execution path to such code. But, what if there is no such code in the program to be exploited? The answer is to place the code we are trying to execute in the buffer's overflowing area. We then overwrite the return address so it points back to the buffer and executes the intended code. Such code can be inserted into the program using environment variables or program input parameters.