Thursday, 25 December 2014

I've moved on!!

Hello everyone!!

I have decided to move on . My new blog is hosted at http://light94.github.io/ . I have shifted to jekyll for my blog and have hosted it using github-pages. The combo is free just like Google's Blogger. It offers an additional advantage to create your post while you are offline and when its done , just push it to github. 

Jekyll is a parsing engine, that transforms documents written in simple formats like markdown or textile to HTML pages. It uses the Liquid templating engine which would look very familiar if you have worked with templates in Django

To get a quick start, I used jekyll bootstrap . It creates the directory structure desired by jekyll and gives a default theme ( there are other themes also to choose from). So, you can just begin writing content. It is opensource and hackable.

The developers of jekyll bootstrap have made a single page document explaining jekyll and liquid here . It gives a clear picture of everything and gives you a headstart . 

In addition, jekyll gives the functionality to import blogs from other platforms. So, I imported all the blog posts I made here and ported it to github pages.

The page here https://pages.github.com/ will guide you to begin using github pages.

Cheers!!

Wednesday, 17 December 2014

Disabling Proxy on Ubuntu 14.04

It appears that disabling proxy settings is buggy on ubuntu (till atleast ubuntu 14.04). Why i say this is because when we disable proxy through GUI like this:


we would think that we have completely removed proxy settings from the system. But it does not appear to be so because in most cases apt-get still uses the proxy settings to fetch repositories and this is quite a trouble. There is a workaround if you do not want to clear the proxy settings from apt-get , and that is:
1) Download the package straight from the wesite ( you can reach there by simply naming the package name on google )
2) Open terminal, cd to that directory and run sudo dpkg -i <package_name>


I have tried the above method and it works good, but I don't prefer it. I like apt-get doing all this work for me (:P).

So, I searched a lot for solutions to my problem and implemented the solutions proposed and none seemed to work except this:

1) $ sudo gedit /etc/apt/apt.conf  (this will fire up gedit)
2) Clear the file and add the line acquire::http::proxy "false";
3) Save the file and exit.

Now, even apt-get will understand that there is no proxy between you and the internet and will connect directly.

Cheers!!

P.S: If your problem is just the opposite, i.e apt-get does not use the global network proxy settings you provided, see the solution given here .


Sunday, 14 December 2014

Daemon Process in short

I have compiled this post to give an overview of what a daemon process is.

A daemon is a background process that is designed to work without user intervention. It does not have a terminal (being background). Usually daemon names end with a 'd' but that is not a restriction. A daemon process waits for an event to occur or some condition to be met. To delve in further, it is necessary to know what a process identifier or process ID or PID is. On a Unix like operating system, a PID is a identification number is a unique, non-negative number assigned to each active process. PIDs are generally large numbers like 7732 , 4483 but this does not mean that there are so many processes running on the system. It is so because PIDs are not immediately reused for preventing possible errors. You can test it immediately, by opening shell and typing in ps. If that is a new shell, it will show only 2 processes i.e bash and ps and generally the PID will be a large number.

Now, there is one special process called init. This is always the first process to be initiated when the system boots and it remain as long as the system is on. It is assigned a PID 1. This means every process will have init in its process hierarchy. The parent process of a daemon is mostly init (PID 1) but this is not always true, specially when you launch a daemon process using terminal. You can test it when you create a daemon and use the following command to get its PPID i.e parent's PID  as given here .
ps -o ppid= <pid>

It won't necessarily be 1. 

You can know what process corresponds to a given pid by ps -j pid . So you can verify if it holds true for init.

Here is an important question that i asked regarding killing of daemon process http://codereview.stackexchange.com/questions/73613/monitor-downloads-folder-and-sort-files-as-they-are-downloaded

Compiled from
1. http://www.linfo.org/daemon.html
2. http://en.wikipedia.org/wiki/Daemon_(computing)
3. http://askubuntu.com/questions/153976/how-do-i-get-the-parent-process-id-of-a-given-child-process
4. http://www.linfo.org/pid.html


                          

Friday, 12 December 2014

A SCRIPT that makes your Downloads directory neat!!

I made a utility  for myself that will help me find downloaded files more easily than before. It is a shell scripts that analyzes the filename of the downloaded file and places it in a directory named by its extension. This means a pdf file will go to a directory named pdf as soon as it is downloaded. This works for all file extensions. I intend to make it better . It is going to help those whose Downloads directory is always cluttered (like mine :P ). You can get it at https://github.com/light94/myShellScripts/blob/master/sortDownloadedFiles

Place the script in /bin directory and Just run this script like

                     nohup sortDownloadedFiles &

and close the terminal. The script will keep running in the background and will keep looking on your Downloads directory.

And if you want to know how to stop the script. Check it here .
What you need to do in short is :

ps -aux | grep sortDownloadedFiles

killall sortDownloadedFiles inotifywait



Process, Subprocess and Python

A process is an instance of a computer program being executed.
When you run a code, an instance of the program is created. The instance contains the program code and system state like pointer to the next instruction to be executed, memory etc. When you run the same code more than once concurrently, you are actually creating multiple instances of the same program.

A SubProcess is a set of activities that have a logical sequence that meet a clear purpose. A SubProcess is a process in itself, whose functionality is part of a larger process. A new process that a program creates is called a subprocess.

Straight from the python docs .:

The subprocess module allows you to spawn new processes, connect to their input/output/error pipes, and obtain their return codes.

As earlier said that a subprocess carries with it its own system state, so we note in the above definition that every subprocess has its own defined input/ouput/error pipe.

 Subprocess spawns new processes, but aside from stdin/stdout and whatever other APIs the other program may implement you have no means to communicate with them. Its main purpose is to launch processes that are completely separate from your own program. 

In python, the subprocess module lets you run programs that are different from your program. For example, you wrote a python installer to install the package you made. Now, your package has certain dependencies. So, you can either tell the user to install them manually or you could install it by creating a subprocess like:

import subprocess
subprocess.call(["sudo","apt-get","install","<package-name>"]) 

Note that the argument can be a single string or a sequence, but the string implementation is platform independent. So, i think it is better to use the arguments in a sequence.
The call , check_call , check_output are all convenience functions that are based on the Popen interface. call() returns the exit code of the program and you need to check if there was an error or not. However, check_call raises an exception if there was an error. check_output also raises an exception if there is an error and additionally returns output in the form of byte string.

Now, when to use these convenience function and when to use the basic Popen ? Here it is. Let me summarize, the convenience functions are wrappers around the Popen interface with the default functionality that they wait for the subprocess to get finished i.e they block further execution of main process until the subprocess has either finished or timedout. You can look at the implementation of subprocess.py here. 

Thursday, 11 December 2014

XSS and Same Origin Policy

To understand XSS we first need to understand what is Same Origin Policy.

Same Origin Policy is a web security related guideline,implemented by web browsers(i.e on the client side) that allows scripts running on pages that belong to the same website access each other's DOM but not pages that are a part of other websites. This also means that all scripts that come from the same website will be trusted alike and will be granted the same permissions, in general: access the cookies etc.

So, is it possible that you host a website and when a client is viewing it, certain scripts are running without you knowing about it?


YES, and this is what XSS is. What actually happens is that the attacker causes additional scripts to run on the clients machine in order to access the authorization cookies for that website. The website was not designed keeping in mind url sanitization in mind. Say for example, you have an online account on a website. The website is vulnerable to XSS, so the attacker provides the client malicious urls of the form http://www.mysite.com?q=mysearch<script>//access user cookie for this particular site and mail it to me</script>. This url could be provided in various forms like an advertising mail delivered to your inbox, or the recently popular form, as in facebook, where some people convince to tell you who had visited your profile by pasting some "magical" url in your console.

Now, what happens is the part after the ? is searched for in the website. If the input is not sanitized, i.e you output the input as it is, you are also outputting the script. Now, you see,that you are not violating the same origin policy, because the script has been delivered by www.mysite.com (ultimately). So, the script has the same access as the other scripts. It accesses the authorization cookies and mails it off to the attacker. Now, the attacker imports that cookie to his own browser and so to mysite.com both the client and attacker are the same. This access can lead to undesirable consequences (You could go bankrupt from a millionaire in one day).

This is only one form of an XSS attack. Proper sanitization should be performed before processing inputs to help avoid XSS attacks.

  

Thursday, 4 December 2014

Tata Photon+ and Ubuntu

This was the first time I was going to use Tata Photon + on my Ubuntu installation.  I was worried if Tata Photon offered a Linux installer. I searched google using a variety of combinations and found a pdf that offered an method of using Tata Indicom usb modem on Linux!!



However, the installation required a package called wvdialconf which was not installed on my system and I had no way to install it without internet!!

So, hopelessly, i just inserted the usb modem in my laptop hoping for some magic to happen.
I went to network options and found this!!

This is however a step further when you are actually connected to the internet.  You need to click on the dropdown and you will get an option to Add a New Connection. Click on it and you will get an option for Tata Photon+. Click on it and you will get a screen as the pic above( if ofcourse you have balance in your photon account :P ). The next time onwards, ubuntu will remember it and you don't have to do it again. Just go to list of available networks and you will find Tata Photon+ listed there.!! 



Monday, 1 December 2014

On my way to install memcached

Installing memcached on my laptop has really been a pain till now. Nothing seems to work as expected. Although memcached is installed , which i see by testing it on the console, it doesn't show up in  phpinfo()  .

While installing memcached , i changed some defaults( unintentionally) , which included apache to run on system startup, so lampp would not start. Here is the solution

when debian7 start,it will start apache2. so you should stop it first,than try to start lampp.

/etc/init.d/apache2 stop
/opt/lampp/lampp restart


This is however a one time solution. No worries!! 

Change the defaults, use this:(ubuntu >11.04)


echo "manual" >> /etc/init/mysql.override
update-rc.d -f apache2 remove


Will update this post when memcached is installed!!


UPDATE!!

After numerous attempts at installing memcached, i uninstalled lampp and installed it again, I didn't uninstall memcached however, and somehow when i restarted wamp, I could see memcached in the phpinfo() !!

This might not work in every situation, but it offers a possibility in case all other methods fail.