weblog d’un abbe

20060225

IPC using TCP/IP under Windows XP Firewall

Filed under: Hacking — abbe @ 1436

After the release of Microsoft Windows XP Service Pack 2, there is a builtin firewall. Any software, that attempts to listen on any TCP/IP port is caught by this firewall. And, for small applications which uses TCP/IP on the same computer for IPC (Interprocess Communication) also get caught by the firewall. To ensure that they won’t get stopped by firewall, change server to always listen on only local loopback address. Whereas usually, any server written will listen on all interfaces. Since, it is not required in this kind of application, for the purpose of security you should avoid this. There is a java sample code, I’ve written to illustrate this, although you can write any equivalent code in C/C++ or any language which has an interface with BSD Sockets, or Winsock.

import java.net.Socket;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.SocketAddress;
import java.net.InetSocketAddress;

import java.io.IOException;

public class FirewalledServer {
 private static int PORT = 19450;

 private static void Main() throws IOException {
  // instead of starting using traditional way:
  // ServerSocket server = new ServerSocket(PORT);
  ServerSocket server = new ServerSocket();

  // Get localhost:PORT address
  SocketAddress sockaddr = new InetSocketAddress(
       InetAddress.getLocalHost(), PORT);

  // Bind and listen to it with backlog 3 (you can have any backlog)
  server.bind(sockaddr, 3);
  Socket client = server.accept();
  System.out.printf("Connection arrived from %s\n", client.getRemoteSocketAddress());
  client.close();
  server.close();
 }

 public static void main(String[] args0) {
  try {
   Main();
   System.exit(0);
  } catch(IOException e) {
   System.err.printf("I/O Error: %s\n", e.getMessage());
   System.exit(-1);
  }
 }
}

// vim:ts=4

I’ve tested above code in JDK 5.0 update 4 and it may work on earlier releases too. For accurate information check for the availability of routines. I was using Jext and whenever I started Jext, firewall blocks. So with the help of my friend’s Unix Networking Programming by W. Richards Stevens, I got this idea.

Anyways, its a good practise to perform only what is required accurately or precisely

Advertisements

20060223

Standards and Freedom

Filed under: Personal, Thoughts — abbe @ 1800

We create standards to make our life easier, but then gradually we start breaking those standards, and inventing our own standards. And then our remaining life spends in maintaining those non-standard stuff. There are many reasons why we did so, in order to ease our pain, or to look different from others. The problem starts when interaction with external world happens.

For example, Our text files on Linux, looks horrible in Windows Notepad. Why ? Because Windows and Linux have their own standards for text files, i.e. Windows apps expects that each line in ending with \r\n (CR LF) whereas Linux assumes each line ending with \n (LF). The problem will be more when trying to sharing same set of batch scripts between both the systems.

Using proprietary closed source standards (are they really standards ;-)) are hell, because they affect freedom. You can’t use other application because all your previous work is in other properietary format and which your other application won’t understands and hence you’re screwed. You can’t expect everybody to be using same thing. If you expect whole world to be using that software, then imagine if whole world is using your rival’s products. This is where this GNU thing comes into picture. It is not there to give you another proprietary software, but it is there to assure that the software is open and free like air. So, instead of binding users with any software forcibly, you a creator of software is offering user a choice that user should use your software if he/she thinks your software is worth it. This helps in increasing growth of your software due to competition.

Also use of publicly available standards lessens burden on you, a developer. You don’t have to research on a new file format. You don’t have to write any import plugin to import public standards files into your file formats. Other software developer’s don’t have to write any import filters for your application’s file formats. Your software users won’t get screwed at least their data is in publicly available format. Imagine you’re having some critical data in a proprietary format, and then when some flaws are discovered in that software, you won’t migrate because you’re attached to that properietary thing. Binding users to their softwares in this way is common practise among proprietary application developers but what that means is that user is using your software not because it solves his problems but because, he’s trapped.

How to earn money ? This is a big question for those who’re developing free software but won’t considering it because of earning. Remember those who really going to purchase your softwares are either impressed by its features or are either expecting support for it. Remember you won’t tackle piracy ever[1]. But even if you still try to go for anti-piracy techniques, things like dongles, product keys, hardware IDs, activations are available. But anybody (who thinks your software is worth cracking) can bypass these things by patching your code, generating fake keys etc. So, if people think your software is worth cracking, due to its features, why not release it under GPL (General Public License), so that more and more users can use it (anyways they’re going to use it illegally, if you won’t release under GPL) legally and increase its proliferation, and contribute in its development. Those users who’re really happy with its features will pay for it or fund its development.

What free software has to do with standards ? Since no one wants to reinvent wheel (reinvent a new standard) unless current wheel (standard) works for them. And even if somebody invents his standard XYZ, it’ll be publicly available. Others can use XYZ standard, if they think it works for them.

The standards are invented in order to make our life easy, not hell. The single way to design best software is to just implement specifications (or standards). This practise will make your applications secure, bug-free. As philosphy of software toolbox goes it is better to write, debug, maintain small programs than to a large. I recommend reading the doc pointed by previous link as I was unable to describe that philosphy better. If you’re writing new applications and want to know if what you’re going to do and can be persisted in a standard format, few places worth looking at are WWW Consortium, IETF, Unicode, ISO, IEEE, IUPAC and other standards organizations you can think of.

[1]The only way to tackle piracy to change user’s mindset. If you know any other way, please definitely contact me… ;-)

20060211

My PGP keys

Filed under: Personal — abbe @ 1348

My PGP Key ID is: 0xA03F4261

My PGP finger print is: BBA9 AD7D BA71 61EB BE46 8CF5 E44A C663 A03F 4261

My PGP Public key is here.

If you don’t understand a word of above, read more about PGP (Pretty Good Privacy) at http://www.pgpi.org/doc/. To give you a brief idea, it is something like digital signatures, encryption/decryption. This is free. If you’re in US, please go to http://www.pgp.com/.

20060207

When GUI fails…

Filed under: Experiences — abbe @ 1922

I was burning a CD on Ubuntu Linux @ my dad’s office. I started GnomeBaker (I’ve never used it earlier since I’m using K3B at my place). After dragging all files into the directory tree, a clicked on "Create Data CD" button, and then a dialog popped-up with options like label, boot image etc. I decided to go with default options. And pressing OK, the application crashed. I then tried X-CD Roast, but it hasn’t detected my CD recorder, and asking for enabling SCSI emulation. ooops. Finally, the last option to me was go with cdrecord. But cdrecord, needs an ISO image not files. So, I’ve to built an ISO image for it. To build ISO image, I’ve used mkisofs. I’ve never tried these tools. So it was a pain for me because their manpages comes with tons of options. I know that giving tons of options means providing flexibility but sometimes these works as catalyst in increasing doubts. But to ease the pain, these manpages shipped with the examples. So for building iso image and burning to my CD recorder I executed following commands.

wahjava@server ~$ mkisofs -o cd.iso cdroot
wahjava@server ~$ cdrecord -dao dev=/dev/hdb speed=32 cd.iso

That’s all I was done. I can customize the disc recording more but I was in hurry (or scared ;-)). So moral of the story is always try to know what is happening in the behind the scenes because all (I mean most or some) of these GUI tools used these command-line tools. It is also better to learn these command line tools, because they provide a flexibility which these GUI tools can’t provide you.

I haven’t installed K3B, because I don’t have time to do so and more over I want to restrict this server installation to GNOME only.

Tricky TFTP

Filed under: Experiences — abbe @ 1212

Yesterday, I was setting up firewall for my dad’s office’s server, I came to know about TFTP details (see RFC 1350). In short TFTP (read request) works as follows:

  1. Client connects (oops. it is UDP so no connects but sends datagram) to port 69 (i.e. TFTP port) of server requesting the file.
  2. Server replies to the client from other port (randomly chosen, so that the probability that the same number is chosen twice in immediate succession is very low), let’s call it φ.
  3. After then all communications with server from that client happen over port φ.

So, it’s very hard to decide what ports should remain open in firewall. One solution to start server with a fixed port range to be used for TFTP. Anyways, if u know what I want, please post it here… ;-).

20060204

Don’t trust IndiaTimes.com Poll results

Filed under: Experiments — abbe @ 1931

The indiatimes.com poll (see in the bottom of the site, which used to publish daily in The Times of India newspaper) is not a genuine poll. Never trust this poll. I’ve tried biasing it and I’m successful. I’ve tried it in Linux. You can try it any OS, you just have to create a bot ;-). Following is my linux bot script using lynx web browser (one of my favorite web browsers):

cmd
lynx --post_data http://timesofindia.indiatimes.com/vote.cms <post
post
txtPolliD=1400703&PRadio=1&submit=submit
---
Don't ignore above hyphens '---'
Command for posting 301 times. Tested on bash
wahjava@pc ~$  for (( i = 0; i /dev/null; echo $i; done;

I hope they’ll repair their poll soon. They’ve not added any human verification schemes. So I think poll is targeted for machines. i.e. What they think of the situation ? But humans are also given chance to participate. ;-)

Blog at WordPress.com.