Monday, February 28, 2005

Can i define our work ?

It was a day when first time i worked alone. Since project will go for submission in 3-4 days. I can't excuse of ANYTHING. In such a period of anguish , my mind was at a low ebb. I can't even recollect the things ... HOW TO DO , WHAT TO DO, WHERE TO DO.

I already had two cup of tea. I found it galling to have one more cup. In that poignant state of mind i came near windows and saw , will the bus reached or not !!!

Yes, bus was there. I saw the time. It was 30 minutes left in 5.30 , my office day endup time. But i couldn't stop myself for more 30 minutes. I ran away and occupied 3rd seat in bus. Me, just relaxing myself. In the meantime, the Bus Conductor came near me and asked ( he asked in hindi but let me write in english) " Whats going inside this building ". As i know that this fellow didn't know the S of Software. I replied " Some Computer Work " . "Oh !!! So you guys are making computher here " he murmured.

Srivasta Sir flashed back near my eyes as he also used to say " Computher " .
" No no , we are making softwares " i shouted.

And as i expected his next question hitted my mind " Software .... what is this " he argued.
I lulled, put my hands on my head and started thinking something innovate so that i could explain him. But ....

But is always But.


It was 1 hr journey and all the way , i was thinking and thinking and thinking ....

But still i was unable to conclude ... CAN YOU HELP ME !!!!!

Tuesday, February 22, 2005

Nice days ...

So, its a happy day for me as well as for all JIITian's. Today when i was coming on bus, i saw the clear difference of weather change. It was enought light i mean so much that a cricket match can be played for 30 minutes, i was very near to my home. I was surprised. Generally it was dark when i left my bus. But today when i saw IIT gate i was surprised, i picked out my mobile as my watch, the battery was drained out :-( . It was as usual 15 left in 7.00.

So, welcome to the season of Autumn !!!

I love this season a lot ... because i don't have any skin drying problems :-)

Me, not in a mood to go office tommorow as my project partner is on leave from tommrow onwards. So, i have to work alone :-(

Last 2-3 days for me were too haptic but i learnt more.

My Mac PC running slow . One obvious reason was the bad confugration and other we ( me and jenis( my project member) ) thought that it need some refreshment. So, why not, lets have some fun with PC, anyway we were in the learning process. So, we told our senoir project member " Sir, we need Mac OS 10.3 installation CD" . He replied to post a message on HELPDESK. We did that.

After 30 min or so, a server room man came out and told us that let me install Mac OS , i never did it in my life. We were bit frusty but we told " Sure man !!! Go ahead ".

He asked " from where to put CD inside " . Actually the architecture is so good that we never see CD drive like things in front . I told " Sir put CD here, it automatically went inside "

So, he did that and restart the system. NOTHING HAPPENED. System booted out with normal way. We are happy and that person out of frustration went on from their .

Yahoooooo !!! CD was with us !!! Come on Jenis have some fun.

Jenis, a linux expert, opened the command prompt and start trying the ugly commands on that !!! I shouted " stop this, Try to find out some application, some tools,some GUI."
He started playing with Computer. Looking on Windows and try to finding out something analogus to that.

Yeah Man , i got something !!!

We have to run from here !!! .

Till one of my senoir project member joined us .

" Humm Good !!! So, how to go " he murmured

It was something written " Erase the material over the disk, before installation. "

Till that time. i was busy in reading mail. So Jenis asked "What to do sir".

He replied " Follow the instruction" .

So Mr. Jenis with senoir member erased the data over the disk.

And so the poor Mac PC erased the firmware with other data, my nice songs were
also there :-((.

Firmware : Linux bueaties are familar with firmware but for Window sicks guys i only told that it is something like bootstraper , which is required to load OS on system.

Jenis shouted " Vaibhav, you always busy in mails , see Man this is important than your mails , Look man , how installation going now "

And in the meantime, an error came " Firmware not upgraded , OS can't be load " .

I couldn't stop my laugh. And since now system was set to booted through CD , we can;t even run the system and Yes, CD was inside and like Linux , you can;t get it out at the time of insallation. No windows type button to take the CD out and even not a small hole like in Windows in which we put pin and CD comes out( Mama gave me this PIN Suggestion... but it not worked ).

Now i really can't stop my laugh.

OH MY GOD WHAT TO DO NEXT !!!!

"Hey, God created one good thing for us !!! " I grumbled.

" What Man " Jenis asked. He genrally had the habbit to use so many "MAN'S "

"GOOOOOOOOOOOOOOOOOGLE " I love you GOOGLE.

So, me and Jenis started with the search . He is bit immature in giving proper Keyword for Search. So, i told him to

put something like "Installation of MAC OS X without firmware "

He got something and me too.

He got how to entered into the command prompt of firmware. Something like pressing button combination -- Ctrl- Apple - 0 - F . And again a problem " is this zero or 'O'. Matching text we came on the conculsion its 'O' not zero.

So, after 1-2 try we entered into firmware. It means that it(OS) deleted only the upgraded part of Firmware, not whole of it !!!

A gray windows unlike to Mac OS came near us.So i smiled" What to do with this Window Mr. Jenis M Shah".

He reflected back and said " Search more man,what to do now" . Something sparked up in my mind and i change the Keyword " CD ejection in Mac OS X" ...
and i got a way ... write " cd eject" on the firmware command prompt. We tried that. Yahooo CD came out with its delighting sound " sseeeeeeeeeeeeeee ".

I replied " Man we did that " .

" But my dear, still OS was not installed " Jenis muttered. He replied suddenly " Hey we have CD of older version Mac 10.1 ... can we try this "

And so, with taking name of Hanuman Ji we started installation. IT WORKS !!!

Wowwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww !!!


"Party Sir, Party ..." We speaked out like bullet.

"So, we can't work on Mac 10.3" he queried.

"Of fo ... sir upgrade the firmware from net and then install what ever you want. Its not our business now, we are waiting in Cafeteria" . We moved on, with lots of Happy. Jenis told " Me,just coming , let me inform my friends about this great news".

We know that no one was going to ask for single glass of water. But we were internally satisfied with our work.

Just after day or two , we installed Tomcat on Mac OS , though it was not running properly but it was very similar to Linux Tomcat installation.

I was very happy that i not even orkutting for more than 2-3 minutes in these 4-5 days.

Saturday, February 12, 2005

SQL Injection - A Blind Injection

It was night, time near about 9.00.Since, i have MTNL BroadBand Connection for 24 Hrs, i preferred to sit on my computer rather than seeing TV serials. I was on Yahoo Messanger, chatting with friends. Suddenly Himanshu Rawat ( He_rawat --> Yahoo ID ), one of my good friends , pings me.

He_rawat: Vaibhav , u there. ( Font size near about 32, and font color - RED ).

I know he is a unique creature, so nothing is funny in this font-size and font color. But still i requested him to change the font color to Black and to reduce font size.Since, in college, he is famous with the name "BULL" .So, he replied :

He_rawat: Vaibhav, u know that i love this color, so i can't change color but ya i reduce font size. Come On the topic man ....

As we ( me and himanshu ) promised each other that we discuss about one new topic daliy , when we meet on Msger.

He_rawat: Go on to this site :: www.movies.keralaonline.com.

I replied that i was not interested in Kerala Songs.

He_rawat: Go Man, and try this :

User Name : abcd
Password : abcd' or 1=1;--'

So, as he was requesting , i went to that site and tried his given User Name and Password.
Yes, It really works and give me many more permissions. Mean to say, that i hacked that site:-)

So, what actually happened was something like that :-

*****************

When first time i put user name and password, some absurd value like:-

User Name : abcd
Pasword : afgaf.

it will not work...

Obviously this was not right user name and Password as well , so it returns me that ERROR MESSAGE : User Name and Password Not found in DataBase, with a SQL error.

And that is the weak point, it shows .

My mind concluded that : This site takes Login Name and Password and sends a SQL request to check the validity of that User Name and Password. If not presents, returns an error message.

So, it happens something like that

SELECT FLAG FROM DATABASE WHERE USERNAME='abcd' and PASSWORD='afgaf';

and this flag is true when it get any entry of username and Password that was in the DataBase.

Now What is unique in the

login name = abcd
password : abcd' or 1=1;--'

I think you grab the scenerio at this time , if not go ahead ...

Look how this works

SELECT FLAG FROM DATABASE WHERE USERNAME='abcd' and PASSWORD='abcd' or 1=1;--';

Oh !!! My God this is surprising ...

1=1 always be true and hence, flag value is 1, no doubt!!!
So, i hacks that site !!!

*********************************

This all knowlege i got that day by Himanshu...

So, next question that immediately comes in my mind :: It is the generic case, anywhere login and password is validated by this way. So, that it mean !!! we can hack any of the site ....

NO WAY ... BECAUSE

This is what actually happened in many cases :-

To secure an application against SQL injection, devlopers must never allow client-supplied data to modify the syntax of SQL statement. In fact, the best protection is to isloate the web application from SQL altogether. All SQL statements required by the application should execute the stored procedure using a safe interface such as JDBC's CallableStatement or ADO's Command Object.

If arbitrary statements must be use, use PreparedStatement . Both PreparedStatements and stored procedures compile the SQL statement before the user input is added, making it impossible foruser input to modify the actual SQL statement.


Just understand that ... there is a webmaster sitting in between user input and DataBase. Its the responsibity of Webmaster to first scan the input ... check the validity .

I tried a lot and have some good example ...

First check that the site is vulnerable or not !!!

Assume that we have to check this ....
http://www.interraIT.com/pressRelease.jsp/pressReleaseID=10 ( this is ficticious :-) )

so on the top of URL , type this
http://www.interraIT.com/pressRelease.jsp/pressReleaseID=10 AND 1=1

and if it returns the same page ..... Yahoooooooooooooooooooooo we can crack it !!!!

or if say " Type Mismatch error" ... :-(( Sorry Man go on your work .

I think , its enough for this BLOG .... if you want more examples ... Tell me .



Friend's Blogs


Thursday, February 10, 2005

Me and My Mom

15 Sep, 1982 ... nothing so suprising happened , i was just borned. Just after 6 days of birth, i was very near to death.Yes, that was a attack of Malariya ... on a 6 day small child, but GOD, my Mom, and Medical Science saved my life.
I still have a blur image in my mind of those days when i was in LKG class (below Class 1) . That time i was in mumbai ( that time it was bombay ) . My school was just 20-30 meter away from my home, but still i had to cross a road. I generally went school with my dad ( i call 'papa' ) . Upto the inside Gate , everything of that school was visible from my home. And, till i not entered into that Gate, my mom was looking at me from the window, a window that just faced towards my school building. I got 2nd prize in that class, after that i never got any rank prize in my life :-( .

After somedays, when i was in class 1, papa got transferred to Bihar, my native place. There, in Patna, i was admissioned in Kendriya Vidayala in Class 1 ... i don't remembered too much ... but yes , still i have the clear picture of my life from class V onwards... actually in Patna, we took a building on rent, and that was 3-4 kms from my school. Hardly any vechile available at 5.00 ... my school schedule was morning time ,quater in 6.00. We don't have any vechile like scooter that time ... so only way to go was by 11 no. ki gaddi.

My dad, really can't afford to first drop me in school and then came back and then went to office. So, my mom decided to drop me school everyday . It was a travel of 30 min ... one side . So, she just dropped me there and came back and then made breakfast and tiffin too, for papa.
And no matter if she was fine or not , she did it everyday till saturday.

Those day, i was suffered by a viral dieseases. White pus ( the wound with water) grewed up on my legs and suddenly brust out when became larger in size and it increaese in number day by day .... i can't expain you the pain of that wound . It was winter , about 5-6 degree temperature,still due to that diseases i went to college in Half-Pant... that time exam went on .. so i can't afford to take leave for some day. The best way a small mind can hide himself from that pain of cold, was to hide himself in mom's saaul, and so the small vaibhav did the same , all days.

Hell with the study, i can't even sit on chair or bed. That time , what my mom did was, she put a pillow just on my back and told me to put the legs on her body , so that legs was not touching anywhere and i felt comfort. .... and like that she sat near me whole night not 1 or 2 night ... 10 nights.
First time, i felt sorry !!! why these fellows gave gaps in between exams.... Lastly exams ended up ... i guess i secured 60-65 percentage ... that what i generally have . Me, finally took rest and again thanx to medical science that it cured my disease, but that spreaded on my mom's body.
But, a small child can't do anything so me too.

Till i was in class 8th or 9th , it was my mom's duty to teach me everything and as she was MA pass she did it brilliantly, but i wasted 5-6 hrs in playing football, never secured such a good marks that i could create smile on anys face in home. Who cares, i was happy with my foolball and the classes of games,yoga and science classes, in all these classes we played football , and 15 min of the next class also :-) ( indian timing gives us flexibilty to come inside the class 15 minute late ).

I joined college. First time i left the hands of my mom. Took flat in Shipra , my mom never told me to stay in home because she know that there is a challenging world outside.


Now after 4 years, i am back in my home with a fear that i have to leave this home again somewhere in future ....







Monday, February 07, 2005

Destiny ...

To run on the road,
you need to know the path.
To run on the life,
you need to know the destiny.
Life sometime so lucky,
that you slides all the way.
Sometime so unlucky,
that you have to fix the pace.
Sometime so real,
you become confident.
Sometime so unreal,
that everything looks incident.
Wind when blow,
it show me the path.
Mind when glow,
it show me the destiny.
One day i became tired,
taking rest on the track.
I heard a voice, come on
run with me, i am your friend.
Words enlighten me,
i was not even wait for a second.

I keep on running & running ...


-- V --

Thursday, February 03, 2005

Grid Computing - Last Medicine For AIDS

Long wide roads of Delhi ... looking so nice and Radio City - incredible. And yes after coming from office,getting nice things to eat at home. After a long time of 4 years,getting opportunity to fight with bhaiya.... Life is very bueatiful.Only missing friends :-(.

The heading looks absurd, but believe me it's not !!!

Can you ever think why AIDS is uncurbed (laa-ilaaz) ??

First, I tell you the current time its 11.25 AM IST , 04-02-2005, might be after an hour or so, we will get the news that someone found out the vaccine for AIDS.

HIV - Human Immunodeficiency Virus ( i really had to spent 2 hours to have right pronunciation, that's why intellegent people made acronyms) presents a complex knot for scientists to unravel. After initial contact and attachment to a cell of the immune system , there is a cascade of intracellular events. The end result of these events is the production of massive numbers of new viral particles, death of the infected cells, and ultimately devastation of the immune system.

Its not the HIV virus which killa... but ya HIV gives other virus friends full opportunity to destroy the cells.So, even small viral infections like cough,which we don't care about, have the capabily to kill us.

"Massive numbers of new viral particles" and mind this massive is not even lakhs and crores .... something which can't be processed even by our supercomputers.
Unlock genetic codes that underlie diseases like AIDS .... needs some processing which is fast .. fast like human imaginations :-).

Can our processors have such capablity ....look on these figures :-

Let me combine three laws/improvement : moore's law + storage improvement law + optical improvement law. Results are really surprising ...

Computer Speed doubles every 18 months.
Network Speed doubles every 9 months.
Difference = order of magnitude per 5 years.

Year 2005 --> Year 2014
Computer : Present X 60.
Network : Present X 400.

So, the only solution to save the humanity from AIDS is GRID COMPUTING. Defiining Grid Computing, i can say that "Grid computing is based on the idea that the unused computational power of desktop computers can be harnessed to create an aggregate computational resource greater than the largest clusters and the most powerful supercomputers available. Computer grids are appealing because of their ability to provide more than enough computing power to solve previously unsolvable problems."

Research ( not me :-) ) tells us over 95% of today's computer power is wasted; between mouse-clicks, keystrokes, and spikes of routine application program activity, the average computer sits idle. Distributed computing technology provides the means to harness these valuable unused CPU cycles to create an aggregate computational resource known as a computer grid.


IBM, along with representatives of the world's leading science, education and philanthropic organizations, launched World Community Grid, a global humanitarian effort that will harness the vast and unused computational power of the world's computers and direct it at research designed to help unlock genetic codes that underlie diseases like AIDS and HIV, and support studies that can protect the world’s food and water supply. Anyone can volunteer to donate the idle and unused time on a computer to the Grid.

Fastest, connected through internet and through 10 million of people. We can also contribute ourselves, I mean our computer's idle CPU usages in this great journey... and believe me that's why, I told you the time of the article. Anyday, anytime ... we can have the good news: MANKIND WINS OVER AIDS.


Friend's Blogs





Wednesday, February 02, 2005


sometime i think also :-) Posted by Hello