IdeaMonk

thoughts, ideas, code and other things...

Friday, April 24, 2009

Quality and Urgency

I have a few words to say -
Like I said, Quality and Urgency don't go hand in hand, and like MK Gandhi said, do your work on your own...
Yes, that's true! No matter how stupid I feel right now by sending very important documents by cheap courier service, I feel there's a big lesson in it for everyone -
Dude, you want to get some work done by me, for you ?? Better be specific about whether you want to get it done soon or you want me to take time and do it properly. For one can't do both at same time (for others)...
Yes, I can blame the college for that pretty well, for they don't understand that they should leave you some time of your own. So that you can assist your family when you wish to. So that you can spend some time in making yourself more diverse, maybe enjoy a nice book or maybe something else. But they don't want you to do that, for they think 6 subjects + 2 labs under the umbrella of CS is great. In that lot of 6, 2 subjects are mostly irrelevant Nanotech (its full of notes we need to cram) and Digital Signal Processing (yes computer grads from my college have to know everything). And hey, I'm talking about third year. Its very annoying to see that other 4 subjects are too 70% theory sans any fun of extending our imagination over them. It's just impossible to think out of the box in such a fscked up set-up. Doing something creative is again a pain for they suck up most of the time you have and suck harder by regular tests and assignments.
OMG yeah, we're paying them to screw around with 4 years of our youth.
Why doesn't the world listen to Sir Ken Robinson ?? Are we just supposed to watch his video in tiny little tubes of the world and post a tweet or few about it and sleep? Or just clap and cheer as if it was some stand-up comedy show ? Or just make a pessimistic comment that industrialisation has screwed up all of us and taken away our freedom? Well, maybe the problem isn't with industrialisation (you don't wanna go to caveman-age right?) but the problem is of the desire to possess and own relatively more of the resources we have. Money is a way to do that. And, we've been doing this since long time.
Think about this - "What are people really busy with?", and you would see this - nothing but slavery of money, making the most of what we have, available to, a few people in the world! Is this what everyone wished to do? To get entangled in this exchange system, to exhaust everything as fast as possible, to attach happiness to the amount of power and resources we have... to create poverty, inequality and injustice by not sharing!
Anyway, the flower called me up, and we discussed the same as I jotted some stuff here. And, after talking to her, there's hardly anything left to crib/bitch about, for I am at peace :) ... yes all this comes under 'nonsense', if you think I could do more better, you're free to write back.

BTW I was just browsing through some Linux Gazette Archives at college and have fallen with HelpDex by Shane Collinge


Its a 1000 times better than Calvin and Hobbes

checkout Archives at Redhat or the ones at sgi for more...

Labels:

Thursday, April 23, 2009

Cracking the Code - An introduction to reverse engineering!

Today I was checking out old, very very old CDs thrown here and there under my desk. Got hold of a very old backup CD from 2005, that contained some of my works.
It was the year 2005, 4 years ago... and I was known as 'keek', reverse engineering was something really cool to me. Personally I was in love with Hiew (Hacker's View) for its ability to let one quickly modify asm code of a binary. It really seemed as if learning all this would get you a great job at Symantec or McAffee etc. And there _was_ a great desire of contributing back to the ever-growing collection of hacking tutorials and guides on the net. So, I did a tutorial too - "Cracking the Code - an Introduction to Reverse Engineering". Got it up on UnderNetwork too :) Check it out -

View Online | Download it (with tools and examples) | from archive.org (UnderNetwork mirror Oct 2005)

Why did I stop when I was already into such exciting things, well 'education' came in between, as usual, you know...

Labels: , ,

Sunday, April 19, 2009

SpaceLock went to Ideamonk's beaUIty parlour...

From this,
To this!




Ah, major work in SpaceLock's UI got over this weekend. No wonder everyone has buried their heads into books, lab reports and other things these days. But, I can't leave it just like that, there is loads to be done to make it user friendly, there are no tool tips to hint the user, no documentation to guide them. Given the very less amount of time we've got (end sem starts next monday!) I guess we won't be able to do all that, including the testing.
The code still looks horrible, things can be organized properly, redundant pieces here and there can be packed into functions, variable names can be changed to make some sense, name of the controls too can be changed to make some sense. But, again no time for that too.
So, finally planning an Alpha version, not so user friendly, neither developer friendly, so no code for now!
I guess I was born to be an artist of some sort...
I think contributing open source projects would give one a good experience in writing understandable code.

Final Shot


Loads to do, adios!

Labels: ,

Friday, April 10, 2009

FOSS Spreading its wings #2

We never know when a comment can become a blog post. A lot of times, reading posts from other bloggers, we get energized so much that some really good ideas come out of our keytaps :)
In continuation to l0nwlf's post, I would like to archive some of the comments I wrote...
Over past few days, I have come across some funny posts like "Why Open Source sucks ?", the flame-wars fought without flame-guns and debates over what is better - Windows or Linux ? My question is whats the point?
The greater question is what benefits more people and how good are you at what you love to do?
One of those entries is "Why Open Source Sucks ?" by a Sri Lankan friend of mine. Here the author believes that Open Source may really crash the closed source, buy-a-license kind of business model. He completely ignores that fact that Open Source does not necessarily translate to "Free Software". I believe that FOSS would bring about changes in market, but it doesn't aim to really wipe off anyone else from surface of Software Industry. The point to be noted is that FOSS was started by the people who wanted freedom, for themselves and for those who shared the same views. So, if FOSS isn't as great as proprietary software, if FOSS doesn't let you play games easily & smoothly, well that isn't the main purpose of FOSS right?, pure comfort isn't the aim here, the aim is freedom for those who want it, in form of alternative free OS like Linux and other free software like Firefox, Apache, MySQL, a lot more, etc. FOSS is about transparency, FOSS is about taking back control of our hardware with our own OS.
Anyways that apart, there has also been evolution of jackasses who think FOSS is all about hating Windows. Zubin has written a great deal about the kind of frustrations these people create with their screwed-up beliefs and talks... all in name of FOSS/Linux/etc... by clearly misunderstanding FOSS, and comparing two worlds that are apart.
Well, I did spend time writing these comments over useless debates, so would not like to leave these over their blogs which might or might not exist in future.
Here are some of my views over the "Why Open Source Sucks?" article -

April 5, 2009 9:43 PM ideamonk said:
----------------------------------------

"The best way to sustain the development of the industry is to reduce the price of commercial software, not to give it free. The best example is Google. They have developed a way to offer lots of free services while earning considerable amount of money for future researches and developments."

Don't you think Google has been able to do all that using Free OSS rather than proprietary softwares by companies like Microsoft etc.

And about UI, okay forget UI, talk about User Experience (UX), I'm sure you'll agree that no one beats FireFox in that. Again which is a free open source software.

Well, take a look at server segment, many people run on Apache instead of IIS. Apache has enabled so many people to start their businesses without having to pay to a company.

Its now that IIS and other things have been made free, but what the heck, to use a computer, do I need to pay to a company?
It's OSS that makes the answer "NO" to that question. OSS is what you would look for when you don't have enough cash to buy that proprietary OS. And OSS is what would enable you dream and start a business if you got very little money.

Then come to security...
in OSS fixing security holes is pretty easy, one doesnt need to disassemble binaries and look for flaws at assembly level. You just take a look at the source code, if you feel you can fix it, you are welcome to submit a patch. You really don't need to wait for an organization to take actions as in case of closed source proprietary softwares.

Loads of more points in favor of OSS,
but I don't think that Microsoft is evil or something, and neither is OSS trying to disrupt software market or something...
In fact Windows is a great OS, but you see the FREEDOM ain't there, the openness ain't there.
It's now that Express editions for visual studio has come, but earlier it was the pirated visual studio which ran all over india ;), no one had Rs 80,000 to pay, not even me - a kid who wanted to play with some DirectX, so I just grabbed a CD from a friend.

You see OSS is actually helping Microsoft, people use Linux instead of stealing anything from Microsoft.

I still don't have enough money for Vista ;P I hope it comes down to prices like Rs. 500 or 600

April 5, 2009 10:05 PM ideamonk said:
-----------------------------------------

Hey another thing, the Society is greed(profit/money) based, and Recession is what you witness in such society,
the economics of greed is bound to create rich and the poor.
I hope such money based society fails.
Watch some Zeitgeist documentaries.
Anyways the article was a nice read.

April 6, 2009 8:38 AM Times Eye said...
------------------------------------

You have a good point..totally free software is not the answer...there should be value to any product..just think what will happen to the world if a company start giving cars for free?

April 10, 2009 9:38 PM ideamonk said...
---------------------------------------

well, if a company starts selling cars for free? hmm i guess an economist would be able to answer that very well. It would definitely change the market, or maybe destroy the market to some extent.
one possibility - the way some people collect money for charity, some collect for jihad, some for other purposes,
maybe a big group of people would be able to raise such a support capital, which would help them make free cars...
woah! with physical material things, its tough to imagine. but if you carefully look at it, the partition of land into countries, regions, is all man-made. Money is man-made and so is ownership of material used to make cars.
We didn't own the iron, the minerals etc when we spread across the globe, we arbitrarily decided that okay, one guy gets to be the king for example, and he would distribute resources to us. The king is the government now.
So, actually if you remove this flawed system of ownership and money from this greed based economy, I think "free" cars would be possible, and then the evolution of cars would go at a higher pace.
Now, I'm sure there are loads of innovations in cellphone sector, but for example Nokia won't like to release these features as N100 for eg, unless it has sold N75 to the sales target it set.
So, you see this is how money sometimes slows down development and puts restrictions.
If you compare the timeperiod it took to evolve from DOS to Windows Vista, and if you see how much time linux took to evolve from classic CLI to Compiz fusion, I'm sure you would appreciate the time difference. Though windows would always seem more rocksolid and robust, but linux too did evolve at a rapid rate without "money" coming into picture.
anyways gota class test tomorrow :P

.
.
.

and now, linux debuts inside a gaming console too - http://digg.com/d1nnEK
Now here what you can observe is that a free operating system (Linux here) has enabled these electronics geeks, to turn their hobby into a real product. That's how FOSS comes up as a disruptive force to the profit based economy but, also as an empowering force for the ones who wish to rise up without having to pay for costly software to get their work done.

Wisdom from Zubin's entry -

ideamonk: And if you went to a FOSS conf where people debated and did hate talks over Windows and Linux, you need to forget wasting time with such people. You went to really wrong kind of FOSS confs organized by all wrong kind of people who I’m sure are talkers & haters and have nothing to do either with linux dev or windows dev.
I think such useless discussions don’t occur in good FOSS confs like FOSS.in, etc
Have a look at this conference for a look at *real* FOSS conferences -
FOSDEM 09 - http://www.youtube.com/watch?v=sH6d6U0EsAM

another one @ FOSDEM 09 - http://www.youtube.com/watch?v=fk41vmJcCZo

A superb documentary on OSS - http://www.youtube.com/watch?v=4cqdqKhLIAQ

and yet another energizing one from FOSS.IN http://www.youtube.com/watch?v=sfx8upiFlbY

Do educate those people who love hatetalks to leave it and do something productive instead :)

ideamonk: well, there’s gonna be a linux gaming console soon :) http://ostatic.com/blog/linux-gaming-console-coming-in-november

Linux has become serious about gaming too :)

Zubin:
um… can`t really agree with the “november” deadline. but this could definitely be a start though. there are games which are just too popular on windows boxes, and their *nix imitations have been released. i don`t have any experience playing the *nix version of counterstrike but the reviews say that they are bad(big time). but this is just an instance. there must be fine open source game engines which are based on python(i`m not sure); however, i don`t really expect gaming to be popular on linux that soon. gamers never seem to settle for the second best; so it`ll take time to rise above the competition(hope it does).

ideamonk:
Yeah I agree performance is a key factor in gaming and a gamer who spends so much moolah over high end graphics equipments, wont like drops in FPS due to the OS.
Things take time to evolve, OSS shook server market by Apache, it shook browser market by Firefox, I hope it shakes OS and Gaming market one day too :)
All, I would like to see, is a massive game getting developed by hackers world over, that would be an exciting scene to watch, as if David beat Goliath.
Till then Consoles and a Windows PC are the majors of gaming :)


So what can I conclude... hmm... a lot -
  1. There is a great scope for a Web 2.0 App, to let the hate-talkers come face to face and debate socially and openly rather than putting up comments over places.
  2. In performance sometimes Windows wins, in some cases Linux wins, but all this is useless to talk about as everything evolves around us, we, hardware, windows and linux as well.
  3. The ones who do hate-talk seem to have seen the future of OS market.
  4. I think I think too much.
  5. I wish, for once, in my lifetime, the concept of money/profit vanishes for sometime.
  6. When I write comments, there is a spontaneous energy that drives me.
  7. Maybe all this is there because the blogosphere is all about economics of attention.
  8. I should've spent time preparing for maths class test tomorrow instead of writing all this X(
  9. I hope you too appreciate idea of a Developer's Freedom as shown over - http://www.youtube.com/watch?v=sH6d6U0EsAM and you realize what would've happened with the mess of ActiveX etc if Firefox would've not come to rescue.
  10. We love alternatives, when we love to have alternatives in every part of life, why not in Software.
  11. Open Source would really push proprietary software makers to make even better products to beat the shit out of OSS. Who benefits from all this - we, the users :)
  12. So, be happy and don't worry, everything's fine. Take a chill pill, choose a road to walk, and do walk :)
  13. I make a lot of grammatical and spelling mistakes.
  14. Should one use a closed source proprietary software in mission critical situations like NASA's space-shuttle launch? Would one like to run to a company to get things fixed by them in such situations? or would it be better if the scientists sitting in NASA could checkout the source code, find the bug, eliminate and save a lot of time and money? You decide...

Goodnight :)

Labels: , ,

Back then, the year 2003!


Out of all the worms that have come up, I'm very fond of MSBLASTER. No matter how huge the Storm Worm was or how well the Conficker worm comes into media, it was MSBLASTER that really kicked me into Computer Security.
Back then, I was just another 15 year old school boy, trying to find ways to get into friends' mail accounts, trying to access things which we are not supposed to. And, yes! I too tried to contribute to the quest of knowing how this worm works. So, I wrote a small description of whatever I could uncover from the worms executables and put it up on Astalavista. Boy-o-Boy things were so open those days and newbs like me were so welcome to do all this.
Soon after that, I received comments from more knowlegeable beings, about how the worm actually exploits RPC-DCOM vulnerabilities in Windows. Thats where the fun began - exploits. Though, I haven't ever found/written any vulnerabilities/exploits yet, but using them was great fun. You felt as if you're a god in a windows NT/XP network. School was the best place to try it out. And things like updates & patches were not so automated back then, even on a dial-up in Delhi, you could find loads of Windows XP and 2000 systems that would be vulnerable to RPC-DCOM exploits. KaHT2 has a right to be mentioned here. What's that... hmm its the best a script kiddie could have had... a multithreaded scanner for RPC-DCOM exploits :) [ Psst.. it works even now on old Win 2000 systems at ASE Bangalore :P ]
Hmm so back then,
Astalavista used to be the best place to look for the latest in Hacking/Computer Security. Phrack used to be for gods in this field. SecurityFocus used to be a nice place to get yourself pumped up. milw0rm wasn't that famous, irc.gigachat.net was popular, #whackerz was exciting. K-OTIK (French IT database) was a great place to look for exploits, it was something that milw0rm is now.
K-OTIK evolved into FrSIRT in 2005, and now we get to read news titles like - "FrSIRT puts up exploits for sale" and it is called VUPEN Security these days. Astalavista doesn't excite you anymore. But Dancho Danchev is still upto the good work on Malwares and Crimewares. He still writes a great deal of indepth analysis on malwares these days. The last issue of Phrack was released in April 2008, there has been a great slowdown and lifelessness on Phrack's side. The Underground Myth from issue 0x41 is a nice read on changes that took place. 2600 doesn't bring anything to the mind apart from "the frequency of John Draper's whistle" and "oh yeah there is a zine called 2600, but I'm not gonna purchase it", which is damn good.
So where have all these Hacker's gone ? I believe this short article puts some points to explain it. As far as I see it, the cowboys of computer security are either gone into making money with botnets and malwares OR most of them have become security professionals working for corporations. The ones that remained must've become one of those people who run computer security training programs to survive. Yeah, some of the wrote books too - Ankit Fadia. And, Indian media propelled him to heights, which is something to be sad about. Even his first book had a copy pasted windows 98 password cracking tutorial. The day I read that chapter, I just came back to my PC and looked for the tutorial, and there it was, posted by an anonymous hacker on internet, copy pasted into a book by Fadia. Have fun reading Attrition.org's page dedicated to Ankit. some more...
But all that they teach you is old garbage that gives you an overview and idea on how things work in the world of Computer Security. You don't see the BUZZ now, you don't get the adrenaline rush anymore. All because things have become less open. Add to that, the everlasting contest between Black Hats and White Hats have made the systems more and more secure. To be able to write a new exploit of your own, you would be spending much more time now compared to back then. That's why we hear about commercialization of exploits these days.
DDoS, worms and botnets are still hot topics. Defacements too continue to happen almost everyday. Zone-H still inspires people by letting black hats show off their defacements :)
Dancho Danchev's blog still gives an interesting look into what happens these days.
But, the meaning of the word Hacking has changed for me a lot. Back then the picture of Kevin Mitnick would come upto my mind... back in 2006 I would swear by the words in Jon Erickson in "Hacking - the art of exploitation", which described a hacker as the one who finds unconventional ways to do things and in turn creates technology that changes the world.
These days, I see definitions of a Hacker, as the one projected over Hacker News. I see a Hacker as someone who creates something new, who uses the knowledge and skills to benefit people from the power of technology. I see the Open Source movement to be full of people I can call Hackers. I see a founder of a start up as someone I can call a hacker. I find Wozniak style creative people as Hackers :)
Well, I would like to say that "Hacking" associated with Computer Security, is not yet dead, for malicious intent is still alive. The Security Industry would too survive as long as malwares and worms like Storm worm and Conficker keep making the news.
People hear about how insecure Windows is, and how Linux doesn't have virii and worm issues, but as Linux becomes more and more popular, this might create enough reasons for some people to write virii/worm for Linux. That would be a nice scenario to look at. I believe due to its open-ness Linux doesn't leave any chances for an Anti-Virus Industry to mushroom over it.
Well, all that I wished to say.
Thanks to VX-CHAOS file server for still keeping the article I wrote on MSBLASTER.
You can get aonther copy of it here - mirror. Have fun reading, kind of things I wrote 6 years back (which was a not so accurate :P )
So, how was my ride into Hacking, well, I had great fun using some good exploits, took keyloggers a step further with Project Keynet (never released in public :( ), well its nothing but a Keylogger communicating with PHP based control server, much more like a botnet, so that I get to see live keyboard activity of any computer around the world.
And, this summer I get back to developing some interesting security apps and offensive tools , as my internship ;)
.

Labels: , ,

Tuesday, April 07, 2009

Nincompoop is on Allegro.cc :)

I had almost forgotten what I submitted on Allegro.cc 2 months back!
Just got a mail today from Depot Manager on Allegro.cc saying the "Paint Daubs effect in Allegro" and "Nincompoop - The Unfinished Quest" has been added to Projects :)
Checkout http://www.allegro.cc/depot/Nincompoop-TheUnfinishedQuest/

I wish they have another PWNED! (game-dev) contest this year @ Shaastra 2009. Would love to play around some physics engines and XNA this time nopes Pyglet and Pymunk (python port of chipmunk) would be more satisfactory personally. Wish to get into another hacking contest too, just for some faltooo cash :)

Yippeeee!

Labels: , ,

Monday, April 06, 2009

Installing Mooshak on Ubuntu (finally)

By reading the older posts under this topic, you must've realized that I'm a total n00b at linux :P. But this n00b finally figured out the way to get Mooshak running over his Ubuntu...
Messing around with Artur's tutorial didn't help. Playing around with Mooshak-1.5a4 didn't help. What helped was setting up cgi-bin the Apache way and giving permissions to files under /home/mooshak . Thanks to myprasanna for some insights.
So, here's how you can too go about getting mooshak up over Ubuntu Desktop Edition -
  1. Install Apache2 and get it up and running, read this or just paste this into your terminal -
    $ sudo apt-get install apache2 apache2-suexec
  2. There are some Apache mods you need to enable -
    # a2enmod userdir
    # a2enmod suexec
  3. Configurations for suexec and userdir are available in mooshak-version/source/lib/apache/ , extract the source.tgz file to get it.
    $ cd mooshak-version
    $ tar xvf source.tgz
    $ cd source/lib/apache/
    $ sudo cp 67* /etc/apache2/mods-enabled/userdir.conf
    $ sudo cp 69* /etc/apache2/mods-enabled/suexec.conf
    $ sudo cp /etc/apache2/mods-enabled/userdir.conf /etc/apache2/mods-available/userdir.conf
    $ sudo cp /etc/apache2/mods-enabled/suexec.conf /etc/apache2/mods-available/suexec.conf
  4. Configure your httpd.conf, just hit your favorite editor under su, add these -
    <directory /home/*/cgi-bin>
    Options +ExecCGI
    </directory>

    AddHandler cgi-script cgi pl
    The last line is just to test cgi scripts. Get to your home folder, make a path - /home//public_html/cgi-bin
    Get into it and write a small hello.pl to test -
    #!/usr/bin/perl
    # hello.pl -- my first perl script!
    print "Content-type: text/html\n\n";
    print "Hello, world!\n";
    Do a chmod of 755 over it. and test it - http://127.0.0.1/~mooshak/cgi-bin/hello.pl , You should have a Hello World! in your browser by now.
  5. The Requirements - get these to setup the base for mooshak
    $ sudo apt-get install tcl xsltproc lpr rsync gcc libxml2-utils
  6. Get a stable copy of Mooshak, in my case I tried 1.4.3
  7. Edit the install script
    Line 148 of the 'install' script becomes -
    set fd [ open "| /usr/bin/lsof" ]

    from
    set fd [ open "| /usr/sbin/lsof" ]
  8. Extract you tarball and run the install script -
    $ tar xzf mooshak-*.tgz
    $ cd mooshak-*
    $ su
    # ./install --config-suexec
    # ./install
  9. Now wait for a few seconds till it finishes. On Ubuntu 8.10 this won't give you any errors at all if you're using the 1.4.3 version
  10. Smile :D
And that's all I guess. http://127.0.0.1/~mooshak/ would land you to the following -
Anything I missed, forgot to explain, do let me know. The system works fine, apart from tcl warnings on Balloons and Pending sections of judge's view.

Also, visit these links for more informantion -
.

Labels: , ,