A Hack of the IT Act – Sections 65 and 66

OK, you are a citizen of India. You want to be sure you are safe from evil “hackers” who wanna steal everything from your credit card numbers to your girlfriends mobile number. You are pissed. So you want the Indian government to take action, and you take solace in the fact that the majestic IT act of 2000 was instated. But do you have any idea how loosely worded the sections of the act are? Are you aware of the fact that a person can be jailed or fined up to two lakhs for as little as typing out something on a computer – leaving nothing in our hands, and leaving everything in the hands of our government. Basically, if the government wants to screw you, you’re screwed and there ain’t a thing that can be done about it.

Let me explain more explicitly.

I perused the offenses section of the IT act located at http://www.mit.gov.in/content/offences

1. Look at Section 65

Definition of “Computer Source Code” – the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

a. What the hell is “programme” ? it is “program” !!

b. What in the name of god are they trying to convey? If you can make sense of it, please mail me, I will unhesitatingly fall at your feet. To me, this covers everything from looking at a hard disk to running an “ls” command!

2. Look at Section 66

“Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend upto two lakh rupees, or with both

What is defined as “hacking”? It is mentioned nowhere! They have the time to spell out a shitty definition of ‘source code'(the target of offense), but don’t have the time to define ‘hacking’ which is the act of offense!

I really think the quaint IT act ought to be revised and given proper thought because this gives the flexibility to the government to jail a person for as much as typing out a few keys. After watching the documentary ‘Freedom Downtime’ where US feds unjustly put Kevin Mitnick in solitary confinement for 8 months just because they  felt that he could trigger off a nuclear war with just a friggin payphone( from the popular movie of old – Wargames[1983] ), I am very skeptical about these rules that “supposedly” protect us from “Hackers”.

 

Editing multiple files in Vim

Splits and multi-file editing

Perhaps one of the most limiting features of the original vi is its inability to edit more than one file at once. vim removes this limitation; it can edit many files at the same time. In typical vim fashion, it provides many ways to do this. I’ll focus on the easiest way to visualize, which uses “splits,” which are like independent windows that can each contain a text file.

Opening a file in a split

Assuming you are already editing a file in a vim session and want to split the screen and edit a second file, you can use either of these commands:

:sp filename
Splits the screen horizontally and opens filename in the new area.
:vsp filename
Splits the screen vertically and opens filename in the new area.

For most purposes, horizontal splits are easier to manage. Any split can be further split — you can edit as many files in a single instance of vim as you like.

Managing splits

Once you are editing multiple files, you will probably need to move back and forth through your files and manage the size of the splits so that you can see the relevant portions of the files you’re interested in.

The prefix for all the below commands is <C-W> — that is, hold down Ctrl and type w. Press <C-W> before typing any of the below commands.

<C-W>
Moves to the next split.
k
Moves to the split above the current split.
Up
Moves to the split above the current split.
j
Moves to the split below the current split.
Down
Moves to the split below the current split.
+
Increases the size of the current split by one line. (Try combining this with counts — e.g. 5<C-W>+ will make the split five lines bigger.)
(Minus sign) Decreases the size of the current split by one line.
_
(Underscore) Maximize the current split (that is, make it take up as much room as possible.)

Saving and quitting

Each split acts something like an individual instance of vim — so :w and :q work on the current split. If you want those commands to apply to all the splits instead of just the current one, add a to them — for instance, :wa saves all the open files, :qa quits all open files (and exits vim), and :wqa saves and then closes all open files.

Recommended mappings

I recommend adding the below files to your .vimrc file to make working with splits easier:

map <C-J> <C-W>j<C-W>_ map <C-K> <C-W>k<C-W>_ set wmh = 0

The first two lines allow you to switch between splits much more smoothly — just press <C-J> to open and maximize the split below the current one and <C-K> to open and maximize the split above the current one. I chose these mappings because they correspond to vi’s default up and down keys, you might want to use different key combinations if you’ve ever used an editor that had hotkeys for moving from one open file to another.

The last line allows splits to reduce their size to a single line (which includes the filename and position); this saves a lot of space when you have many splits open. By default, vim forces splits to include an additional line that contains the line of text the cursor was on in that file.

InCTF 2011: National Capture the flag Ethical Hacking Contest


https://i2.wp.com/inctf.in/site/wp-content/themes/Infrared/images/inCTF-website-header-2011.jpg

Amrita University & TIFAC CORE

proudly present

InCTF ’11: National Level “Capture the Flag” Ethical Hacking contest


InCTF’11 is from February to March 2011 and is focused exclusively on the student community. You can participate from your own university and no travel is required. No prior exposure or experience in cyber security needed to participate.

What you need to do?
1. Form a team (max five members from your college)
2. Approach a faculty/mentor and request him/her to mentor your team

3. Register online at http://inctf.in

Whats more? There is no registration fee this year!

Great Rewards

25K The winning team receives a cash prize of Rs. 25000/-
20K The first runner-up team receives a cash prize of Rs. 20000/-
15K The second runners-up team receives a cash prize of Rs. 15000/-

Special Prizes*

  • Teams are awarded cash prizes of up to 10K based on their performance
  • Deserving teams are well awarded. Exciting prizes to be won.

So, what are you waiting for? – It’s simple Register, Learn, Hack!

Keep up with us
Website | Email | Facebook | Twitter


*Cash prizes are subject to their performance and participation in the CTF round. Only teams who connect to the VPN server and successfully gain points in the CTF round are eligible for prizes

Change your MAC address in Linux (Ubuntu)

Relevant to your use, you can either choose to make it a permanent addition or a temporary addition. Lets take an example of changing the MAC address of interface eth0 to 11:22:33:44:44:66

Temporary Addition

$ sudo ifconfig eth0 down

$ sudo ifconfig eth0 hw ether 11:22:33:44:55:66

$ sudo ifconfig eth0 up

Permanent Addition

1. Open /etc/network/interfaces ,

$ sudo vim /etc/network/interfaces

2. Add an extra line to specify the new MAC

auto eth0

iface eth0 inet dhcp

hwaddress ether 01:02:03:04:05:06

(A simple configuration, additional configurations will require additions/alterations. E.g. static IP/different interface)

3. Restart the network service

$ /etc/init.d/networking restart

Though the the latest version of Ubuntu may require you to use the service command to start/stop/restart services

Building Amarok from scratch on Ubuntu 9.10

I was getting prepared for my GSoC project, and had to build Amarok from source. I had to refer a few tutorials(some outdated, some incomplete) and after some IRC discussions managed to build it successfully(Ubuntu 9.10).  I am enlisting the details below, more for the sake of memory.( I have short term memory loss 😛 ). Before starting off make sure the kde development packages(kde-devel) and compiler ( build-essentials) are installed.

Setting up the Environment

==============================================================================================
It is better to build it in the $HOME folder to prevent unnecessary overwriting of system files. By default, the build is system-wide and requires root privileges.

1.Create folder kde in $HOME
$ mkdir $HOME/kde
Make Seperate source and build folders
$ mkdir $HOME/kde/src
$ mkdir $HOME/kde/build/amarok

2.Append the following to $HOME/.bashrc:
export PATH=$HOME/kde/bin:$PATH

Reload your edited .bashrc:
source $HOME/.bashrc
NOTE: if you are not using the bash shell, edit your proper shell config file (~/.zshrc or ~/.tcshrc or whatever it may be)

3. Make KDE aware of Amarok’s plugin location:
$ echo ‘export KDEDIR=$HOME/kde’ >> $HOME/.kde/env/myenv.sh
$ echo ‘export KDEDIRS=$KDEDIR’ >> $HOME/.kde/env/myenv.sh

Getting the source

==============================================================================================
1. Go the the source folder
$ cd $HOME/src
2. Clone the git repository on gitorious
$ git clone git://gitorious.org/amarok/amarok.git
(OR)
If your proxy does not support it,
$ git clone  http://git.gitorious.org/amarok/amarok.git

Building

===============================================================================================

Resolving Dependencies

$ sudo apt-get build-dep amarok
Install the OpenSSL and qtscript libraries and
$ sudo apt-get install libssl-dev qtscript-tools
Build Google Mock
http://code.google.com/p/googlemock/downloads/list
$ ./configure && make && sudo make install

Building

$ cd $HOME/kde/build/amarok
$ cmake -DCMAKE_INSTALL_PREFIX=$HOME/kde  -DCMAKE_BUILD_TYPE=debugfull -DKDE4_BUILD_TESTS=ON $HOME/kde/src/amarok && make && make install

Updating KDE Config

$ kbuildsycoca4 –noincremental

Run Amarok

$ amarok

References

==============================================================================================
http://amarok.kde.org/wiki/2.0_Development_HowTo
http://amarok.kde.org/blog/archives/833-Installing-Amarok-2-from-SVN-in-your-home-directory.html
http://amarok.kde.org/blog/archives/1087-How-to-install-2.2-git-in-your-home-an-update.html

GSoC: Distributed Collections : Amarok

As part of Google Summer of Code, Ive recently applied for the KDE project(Amarok) for an idea which i had really wanted to implement for a long time. I have put a lot of effort into the proposal.Lets hope everything turns out for the best. Here is what the proposal looks like:-

Greetings!

The distributed collections project aims at implementing the capability in Amarok to browse/search/play music over Amarok instances on a LAN/Internet. Once implemented it will :-

  • Allow automatic discovery of Amarok Instances over a LAN
  • Provide Amarok the ability to query remote Collections
  • Provide an API to expose Amarok Collections to 3rd party applications
  • Allow creation of Master Collections distributed over a number of remote collections
  • Provide feature for playback of remote music

NOTE:  It is a common API to serve the needs of querying remote Amarok collections and Ampache Servers. Also, servers like Magnatune.com can also use it to expose their music collections.

Motivation

Lets say, my friend working at the office or lab (somewhere remotely) has a collection of music that interests me. I would naturally love to go through his collection and copy to my collection, the music that I like. Rather than manually sharing it or physically copying it, the most convenient solution is to provide a feature in the media player to access his music collection in single click. Doing so provides transparency as he can access remote collections as if local to him. Amarok currently does not have support to query remote collections and such a feature is not offered within any media player currently. Addition of such a cool feature would definitely increase the popularity of Amarok dramatically. Though the Ampache API offers a similar functionality with Amarok as a front end to access music from its servers, the API is limited in functionality right now. Thus, a new API with extended functionalities would be beneficial to the Ampache community as well. In exposing the collection of Amarok, third parties applications offering music services can use this information understand the music tastes of the user, and provide better services. I strongly believe that implementing this feature could open up new avenues and revolutionalize the way music is shared.

Implementation Details

  1. The Avahi framework can be used for the auto discovery of Amarok Services. I have gone though the code samples in the repo. There are two major tasks:-
    • Implement a Avahi Server to publish the service over the LAN
    • Implement a Avahi Client to browse for services over a LAN
  2. Implement a REST API to access Amarok Collections. The Request is in the form a HTTP(GET/POST) request and the response is an XML document. This can be modeled on the lines of the existing Ampache(ampache.org) XML API with a few extensions:-
    • Use libmicrohttpd as a lightweight HTTP Server to handle GET/POST requests. It provides support for SSL/TLS using libgcrypt
    • Extend the Ampache API to handle multi-level queries. Right now the Ampache API is able to filter only one field at a time. Example of a multi-level query isALBUM is of GENRE:rock
      OR
      ALBUM contains ARTIST:bloom
      AND ARTIST starts with “foo”
      AND song name contains “bar”
    • Implement a Client taking in search parameters from the user(from front end), encode the query and pass query to the remote server. The response can be obtained asynchronously using the KIO framework, and parsing the XML files be done by the XML parsing libraries present in Qt.
  3. Create the front end with Qt
    • Add an extra option for “Remote Collections” in the media sources of the Collection Browser
      • When Clicked, the browser shows the list of available hosts to connect to. (using Step 1 as back end)
      • Clicking on a host allows the user to query(search) its remote Collection using the Query Maker. The Queries have to be encoded into HTTP requests.
      • Clicking on a Song enables local playback over http
      • Add a “Import into local collection” option

Tentative Timeline

Until May 1st
Since there is still time before the chosen student applications are announced, I would like to use this time to write simple KDE applications in C++ using Qt and submit a quality patch to the Amarok codebase. This would enable me to use the “getting up to speed” time better.
 May 1st - 10th
The Community Bonding Period. I would like to get a hang of the Amarok code base, hang around the IRC to know the community better and discuss with the mentors – Nikolaj and Karl about scheduling weekly code reviews and discussions.
 May 10th - 20th
I would like to start working on the design of the new API and finalize it through reviews and discussion with Karl Vollmer(lead dev of Ampache)
May 21st- 31st
Get the support for the HTTP server(libmicrohttpd) up and running, implement a few main methods of the API and test it out.
 June 1st- 15th
Complete the implementation of the new API.
June 15th-30th
Implement the client to access remote collections(Step 2 part 3). Complete the documentation of the API, and write tutorials on accessing remote Amarok collections. Get existing code and documentation ready for the midterm review.
July 1st - 10th
Check out the documentation on the avahi-client API and write the Avahi Client/Server backend to publish/browse services. Also, integrate it with the front end using the avahi-qt adapter for Qt/KDE.
July 11th-30th
Make the Remote Collections front end:- Add the appropriate GUI elements wherever necessary(as described in Step 3). Integrate the front end and back end, returning results of the query on remote collection in the collection browser. Ensure playback of media over http.
 August
Pencil down date approaches. Clean up the code, do a through testing of modules for bugs and fix them. Complete pending documentation and get the code ready for integration with the repository.

About Me

I am a final year student pursuing my bachelors in Computer Science at Amrita University, India. I have 3 years experience working with GNU/Linux and KDE and have been a FOSS supporter ever since. As a way to apply theory through practice, I wish to apply my programming skills and contribute to an open source project. Amarok, being my favourite music player was my obvious choice. My past open source experience involves contributing small patches to the Open Solaris and Haiku code base. I have given a talk at a national FOSS conference, FOSSTER ’09 on “Customizing a GNU/Linux distro”. I am also the core member of the LUG at the campus, foss@amrita and also part of the Indian Linux Users group, Chennai (ilugc). My experience with programming contests such as ACM-ICPC have given me good problem solving skills and the ability to learn and adapt quickly to different programming languages. I also believe in good coding practices and conventions and it can be seen by my projects hosted at Github.

I have a sound knowledge of C++, but limited experience with Qt. Hence, I am working on a Qt tutorial and submission of a patch, which i am confident of completing soon. I am a fast learner, and am confident of picking up the necessary skills quickly. I would like to continue to contribute to Amarok and the KDE project even after Summer of code and undertake responsibility for the maintainence of any code contributed by me.

InCTF – India’s first CTF style Ethical Hacking contest

InCTF

InCTF

Amrita University & TIFAC CORE in association with VeriSign proudly present InCTF’10, India’s First National “Capture the Flag” Style Ethical HACKING contest.

InCTF’10 is from February to March 2010 and is focused exclusively on promoting Cyber Security among the student community. You can participate from your own university and no travel is required. No prior exposure or experience in cyber security needed to participate.

Prerequisites

  • Familiarity with any programming language.
  • Working knowledge of any GNU/Linux OS is highly desirable but not necessary

Learn essential skills as you participate!!

What you need to do?

(a) Form a team (max five members from your college)
(b) Approach a faculty/mentor and request him/her to mentor your team
(c) Register online at http://inctf.amrita.ac.in/register.php
(d) Send a demand draft for and amount of Rs. 150/- per team to the address mentioned.

Hurry! You can participate as soon as your complete the registration. LAST DATE Feb 28th!
Exciting prizes to be won:
1st Prize Rs. 40000/-
2nd Prize Rs. 30,000/-
3rd Prize Rs. 20,000/-

Special Prizes

(a) Top 30 teams get CASH prize and Certificates of merit
(b) Faculty mentors of top 5 teams get special prizes
(c) College with the winning team will be awarded a “Champion University” award

(d) Winning teams will be considered to participate in an internship program at VeriSign for the next cycle which starts in July 2010
Here is your chance to win bragging rights to be called “India’s No.1 Ethical Hacking Team!!

It’s simple Register, Learn, Hack!

More details visit us online at http://inctf.amrita.ac.in

Follow us on Twitter @inctf | Facebook
Event Sponsor : Verisign | Media Partner: InfoSecurity | Publicity: Event Poster

Beginning with LaTeX on GNU/Linux

Recently, due to some project work i had the need to learn to use LaTeX to create my documentation. But as i was googling around for it i found a plethora of stuff that utterly confused me. Hence, This document gives an overview of LaTeX and how get started with it on GNU/Linux

Introduction to TeX

TeX is a typesetting program created by Donald Knuth of Stanford University with the aim of composing quality content that contains a lot of mathematical and technical expressions. It is also suitable for producing all sorts of other documents, from simple letters to complete books. TeX provides Device Independent output(dvi) which contains details only regarding references to fonts and positions of characters on the screen. This output can be used by various printers to convert it to their desired format like pdf, postscript etc.

What is Typesetting?

A type is a way characters look usually called a font. Type-setting is the process of putting characters (of a certain type) in their correct place (layout) on paper or screen.

What is LaTeX then?

TeX by itself is a macro compiler i.e it maps a higher level instruction into a sequence of device independent instructions. LaTeX provides a set of useful macros, which uses TeX underneath to produce the device independent output. LaTeX was introduced by Leslie Lamport, a researcher i admire for his innovation. Similar distributions of TeX include ConTeXt, AMS-TeX etc.

Getting Started

There are 3 main things you ought to be aware of to get started with LaTeX

Writing TeX files

The TeX files is the ASCII specification i.e which is written in characters available on the keyboard. You can use any text editor of your choice to write it – vim, emacs etc..

Here are some good areas to get started on learning to write tex files.

An Example LaTeX specification

The (Not So) Short Introduction to LaTeX2e
This document by Tobias Oetiker is good for beginners

The LaTeX Cheat Sheet

Setting up LaTeX

Usually most distros of GNU/Linux come with latex pre-installed. If not please check your software sources for a TeX package or install TeX Live directly.
For Ubuntu you can install it by
$ sudo apt-get install texlive

Once done you have a plethora of options available to you

Converting TeX files

Convert the tex to dvi
$ latex program_to_convert.tex
Convert dvi to postscript
$ dvips -Pcmz your_dvi_file.dvi -o output_file.ps
Convert tex to pdf directly
$ pdflatex program_to_convert.tex
Convert postscript to pdf
$ pdf2ps your_file.ps your_file.pdf
Convert pdf to postscript
$ pdf2ps your_file.pdf output_file.ps
Note: This article is only to get you *familiar* with LaTeX only. For advanced use, you may refer the following

References

http://en.wikipedia.org/wiki/TeX
http://www.google.co.in/search?q=Latex
http://www.latex-project.org
http://en.wikipedia.org/wiki/LaTeX
http://selinap.com/2009/03/how-to-compile-latex-file/
http://www.tug.org/begin.html
http://en.wikipedia.org/wiki/Macro_(computer_science)
http://www-cs-faculty.stanford.edu/~knuth/index.html
LATEX

Vim : Things you thought you could never do Part I

When i first started out programming using Vim, my first reaction was “What a boring editor, ancient piece of crap” . So i started using gedit regularly. It was only recently that i was enlightened about the Awesome features of Vim!! So i thought i need to enlighten some of the vim critics out there.
*

Vim Modes

There are 2 main modes in Vim
a. Normal mode: The one when you open it initially in Vim
b. Editing Mode: When you press one of the following keys when in normal mode
i   –  insert at current position
a  –  insert AFTER current position
o  – open (create) a new line below current line
I  – insert AT START of current line
A – insert AFTER end of current line
O – open (create) a new line ABOVE current line
Here, as you can see they key ‘o‘ would turn out to be pretty useful.
Note: The following tips are useful in normal mode. The quotes are given only for understanding that they are strings. You dont need them while entering them in normal mode.

*

Navigation

To make navigation easier i.e to make use of the main keys on the keypad h , j , k , l are used. To remember better
a. h is on far left -> so stands for left
b. l is on far right -> so stands for right
c. Since j looks like it is somewhat pointing down -> stands for down
d. Obv -> k stands for up

*

Use of combos to achieve magic !

d- delete
c- change
w- word
b- word before
a. So type “wwwwww” (and) “bbbbbbbbbb” and see what happens. Cool right!
b. Similarly place the cursor before a word and type “dw” -> a word is deleted!
c. So now, you can make combo’s of the above letters to make super things happen
i. d6w – delete 6 words after cursor posn
ii. d6j – delete 6 lines down
iii. d4b – delete 4 words before cursor posn
iv.  cw – change current word
etc. etc…. All this just in a few keystrokes !!

*

Auto-complete Feature

Lets say i am typing a document/program and i repeat the use of many words/keywords. The auto-complete feature shows me a list of complete options allowing me to fill in the word of my choice
Ctrl – P – Search previous
Ctrl – N – Search Next
Once the a drop-down of possible options(for multiple fills) is shown, go down to the appropriate one and press <enter >
Try it out!

*

Visual Mode

Now, we are always faced with the stigma as to
“How do i select multiple lines without a mouse? How do i copy/paste/delete multiple lines”.
Vim has the solution in the form of the “Visual Mode”
*
1. Type “v” – allows you to select multiple characters
2. Type “V”(Shift-v) : allows you to select multiple lines
*
Once youve selected the lines, you can  use
*
a. “d” – to delete
b. “y” – copy (short for yank)
c. “p” – paste (once you have copied)
d. Use “<“ and “>” to indent left and right
e.  “o” moves to start and of select
*
Other useful shortcuts
“dd”-delete current line
“d2d” – delete 2 lines
“yy” – yank current line
LOOK OUT FOR PART 2 !! Coming up soon!

Modelling Automata using Graphwiz API

An automata can be implemented in 2 ways.

1. Linked List representation

2. Matrix representation

I implemented a program in JAVA to model an automata(deterministic) in a Matrix structure and represent it graphically as shown to the left. The graphical representation was done by using the Graphviz JAVA api.

Eg. The Automata shown can be represented in matrix form as

  a    b   
S0 S3 S1
S1     S2 S1
S2    S3 S1
S3    S0 S3

I have uploaded the code at github, you can download it here

STEPS TO RUN

1. First compile the source files

$ javac FiniteStateMachine.java

$ javac GraphViz.java

2. If both compile  successfully, run

$ java FiniteStateMachine –filename <input_file>

3. By default, if you have evince reader, the gif file should pop up instantly, else edit the code and remove the System command being executed.

4. For more help run

$ java FiniteStateMachine –help