Friday, November 02, 2007

Benchmarking programming languages?

Or just visit: http://shootout.alioth.debian.org/ to know how they
benchmark programming languages. Its good to know if your favorite
language beats the other "alternatives".

"How can we benchmark a programming language?
We can't - we benchmark programming language implementations.

How can we benchmark language implementations?
We can't - we measure particular programs."

Sunday, October 28, 2007

40 Tips for optimizing your php Code

I'm not a PHP coder, but maybe someday I might need to code html and that, I might consider noting these tips:

  1. If a method can be static, declare it static. Speed improvement is by a factor of 4.
  2. echo is faster than print.
  3. Use echo's multiple parameters instead of string concatenation.
  4. Set the maxvalue for your for-loops before and not in the loop.
  5. Unset your variables to free memory, especially large arrays.
  6. Avoid magic like __get, __set, __autoload
  7. require_once() is expensive
  8. Use full paths in includes and requires, less time spent on resolving the OS paths.
  9. If you need to find out the time when the script started executing, $_SERVER[’REQUEST_TIME’] is preferred to time()
  10. See if you can use strncasecmp, strpbrk and stripos instead of regex
  11. str_replace is faster than preg_replace, but strtr is faster than str_replace by a factor of 4
  12. If the function, such as string replacement function, accepts both arrays and single characters as arguments, and if your argument list is not too long, consider writing a few redundant replacement statements, passing one character at a time, instead of one line of code that accepts arrays as search and replace arguments.
  13. It's better to use select statements than multi if, else if, statements.
  14. Error suppression with @ is very slow.
  15. Turn on apache's mod_deflate
  16. Close your database connections when you're done with them
  17. $row[’id’] is 7 times faster than $row[id]
  18. Error messages are expensive
  19. Do not use functions inside of for loop, such as for ($x=0; $x <>
  20. Incrementing a local variable in a method is the fastest. Nearly the same as calling a local variable in a function.
  21. Incrementing a global variable is 2 times slow than a local var.
  22. Incrementing an object property (eg. $this->prop++) is 3 times slower than a local variable.
  23. Incrementing an undefined local variable is 9-10 times slower than a pre-initialized one.
  24. Just declaring a global variable without using it in a function also slows things down (by about the same amount as incrementing a local var). PHP probably does a check to see if the global exists.
  25. Method invocation appears to be independent of the number of methods defined in the class because I added 10 more methods to the test class (before and after the test method) with no change in performance.
  26. Methods in derived classes run faster than ones defined in the base class.
  27. A function call with one parameter and an empty function body takes about the same time as doing 7-8 $localvar++ operations. A similar method call is of course about 15 $localvar++ operations.
  28. Surrounding your string by ' instead of " will make things interpret a little faster since php looks for variables inside "..." but not inside '...'. Of course you can only do this when you don't need to have variables in the string.
  29. When echoing strings it's faster to separate them by comma instead of dot. Note: This only works with echo, which is a function that can take several strings as arguments.
  30. A PHP script will be served at least 2-10 times slower than a static HTML page by Apache. Try to use more static HTML pages and fewer scripts.
  31. Your PHP scripts are recompiled every time unless the scripts are cached. Install a PHP caching product to typically increase performance by 25-100% by removing compile times.
  32. Cache as much as possible. Use memcached - memcached is a high-performance memory object caching system intended to speed up dynamic web applications by alleviating database load. OP code caches are useful so that your script does not have to be compiled on every request
  33. When working with strings and you need to check that the string is either of a certain length you'd understandably would want to use the strlen() function. This function is pretty quick since it's operation does not perform any calculation but merely return the already known length of a string available in the zval structure (internal C struct used to store variables in PHP). However because strlen() is a function it is still somewhat slow because the function call requires several operations such as lowercase & hashtable lookup followed by the execution of said function. In some instance you can improve the speed of your code by using an isset() trick.

    Ex.
    if (strlen($foo) <>
  34. When incrementing or decrementing the value of the variable $i++ happens to be a tad slower then ++$i. This is something PHP specific and does not apply to other languages, so don't go modifying your C or Java code thinking it'll suddenly become faster, it won't. ++$i happens to be faster in PHP because instead of 4 opcodes used for $i++ you only need 3. Post incrementation actually causes in the creation of a temporary var that is then incremented. While pre-incrementation increases the original value directly. This is one of the optimization that opcode optimized like Zend's PHP optimizer. It is a still a good idea to keep in mind since not all opcode optimizers perform this optimization and there are plenty of ISPs and servers running without an opcode optimizer.
  35. Not everything has to be OOP, often it is too much overhead, each method and object call consumes a lot of memory.
  36. Do not implement every data structure as a class, arrays are useful, too
  37. Don't split methods too much, think, which code you will really re-use
  38. You can always split the code of a method later, when needed
  39. Make use of the countless predefined functions
  40. If you have very time consuming functions in your code, consider writing them as C extensions
  41. Profile your code. A profiler shows you, which parts of your code consumes how many time. The Xdebug debugger already contains a profiler. Profiling shows you the bottlenecks in overview
  42. mod_gzip which is available as an Apache module compresses your data on the fly and can reduce the data to transfer up to 80%
  43. Excellent Article about optimizing php by John Lim

Credit: http://reinholdweber.com/

Friday, October 26, 2007

Setup tftp server on Ubuntu/Kubuntu

1. Install needed software

$sudo apt-get install xinetd tftpd tftp

2. vim /etc/xinetd.d/tftp and put this entry:

service tftp
{
protocol = udp
port = 69
socket_type = dgram
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
}

3. Make /tftpboot directory

$ sudo mkdir /tftpboot
$ sudo chmod -R 777 /tftpboot
$ sudo chown -R nobody /tftpboot

4. Start tftpd through xinetd

$ sudo /etc/init.d/xinetd start

5. Testing. Transfer file rex.rex from 10.10.1.1 (Client using tftp) to
192.168.1.100 (Server 10.10.1.1):

root@BIKOL:/# touch rex.rex
root@BIKOL:/# chmod 777 rex.rex
root@BIKOL:/# tftp 10.10.1.1
tftp> put test.txt
tftp> quit
root@BIKOL:/# ls /tftpboot/ -l
total 0
-rw------- 1 nobody nogroup 0 2007-10-26 13:45 rex.rex

Credits: http://www.davidsudjiman.info/?p=93

Wednesday, October 24, 2007

Basic Syslog Configuration on Linux/Ubuntu

When I was learning the basics of syslog configuration, I needed to take
a look on this page
(http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch05_:_Troubleshooting_Linux_with_syslog)
whenever my syslog is not working (ie when something is broken,
misconfigured, etc). Thats when I was learning the Fortigate device, and
testing/tuning some IPS signatures.

Tuesday, October 23, 2007

Ubuntu 7.10 (Gutsy Gibbon)

Gutsy Gibbon is the codename of the latest Ubuntu 7.10 released last October 18, 2007, but I've waited a little while before upgrading from Feisty Fawn (v7.04). Its because I was anticipating some problems during the upgrade, so better wait for others and their experiences, then probably for the solutions =)

That's right! Yesterday, I was brave enough to do the upgrade. Just clicked the update notification icon to install some (security) updates. When the update was done, the Upgrade notification flashed, ready to install.

It took some hours to finish the Ubuntu upgrade. Then, the VMware Workstation needed to be re-setup (as always) because some vmware modules need to be recompiled according to your running kernel version.

Note: To check your current kernel version, type uname -r at the console.

Whenever you need to install/re-install VMware on Linux, always remember the vmware-any-any* patch because you'll most likely need it for recompiling some vmware's components, like vmmon, etc.

And whenever you need it, just look for the updated version because its also being modified regularly. Thanks to the readily available solution to my problem:
http://ubuntu-tutorials.com/2007/09/26/how-to-install-vmware-server-on-ubuntu-710/

As I've said, its worth it for the wait ;-)

Monday, October 22, 2007

Where to go in Canada?

Are you wishing to move in Canada? Where do you wanna go and live?
Here's some info that could help you:
Canada's best places to live

Friday, October 19, 2007

Sunday, October 07, 2007

Virus infection through web surfing

Typical scenario would probably be: you visited a website and you clicked some links (either you've been teased or you really wanted to go there), then the harmful script run that caused your browser to be redirected to some malicious websites.

So if you're the bad ass hacker, where do you want to implant those malicious scripts/codes that would lead to virus infection? Good candidates would be those popular sites such as social networking sites (friendster, myspace, etc), or the likes of youtube, digg, and other very popular sites. Then that guy would do his trick to persuade you on clicking his malicious link (unless hes got new technique (i mean, new vulnerability probably, or any way to exploit some security loopholes) how to download and execute his program to user's pc automagically =)).

Take a look on this example of an entry on digg:


Its "Eva Longoria sex tape" That would be very tempting to check out isn't it? =P Now, the bad ass will post a comment specifying the link for the video. And because you're excited to see it (who wouldn't?), you clicked the link and the browser will of course drive you to the destination.
But the website (supposedly hosting the sex video) displayed some (fake) error message and would want you to install something to correct the error. Needless to say that the program it offered you to download and install is most likely a malicious software. Its usually a small program that when run, would download another (malicious) program, and the infection proceeds.


Because of some security measures from web browsers, automatic download and execute are now commonly prevented. Bad hacker must find a way (some sort of new vulnerability) to do the automatic download and execute from web browser. Otherwise, all they can do is to trick the user to download and run their code. In other words, don't run any program from untrusted source!

If your antivirus software didnt catch it, just send it to online virus scanners like virustotal or virusscan. Some AV products might have already detection for it:


If you're curious what the f$%k is it doing, check their website for virus description. If no analysis for it yet, send it to sunbelt's malware analyzer. Thanks to sunbelt for its wonderful free service that would save some precious time analyzing some malware. In fact, I've sent the sample to sunbelt and the complete analysis can be found here.


Unless you have free time to dissect it by your own for curiosity, you can check my previous post on tools that could help you reverse engineer a malware.

Clearly, when you check the sunbelt's analysis for its activities, it's a malicious program that downloads another programs (could be another virus or worms) from a remote websites, executes it to the PC, modifies some registries to run everytime , drop other components and so on so forth - typical malware behavior.

Sunday, September 16, 2007

Anti-debugging paper

From time to time, we encounter old and new tricks how to defeat debugging or atleast to slow down the reversing process. And the list continues to grow until today. Some might have faded now in your memory, but a guy from SecFocus has a great job outlining most of the known anti-debugging techniques as of today. Check out this post from Secfocus.

Thursday, September 13, 2007

Some Linux shortcuts

While some of them are very common, you might still learn some, as I do.

# / - root directory
# ./ - current directory
# ./command_name - run a command in the current directory when the
current directory is not on the path
# ../ - parent directory
# ~ - home directory
# $ - typical prompt when logged in as ordinary user
# # - typical prompt when logged in as root or superuser
# ! - repeat specified command
# !! - repeat previous command
# ^^ - repeat previous command with substitution
# & - run a program in background mode
# [Tab][Tab] - prints a list of all available commands. This is just an
example of autocomplete with no restriction on the first letter.

# x[Tab][Tab] - prints a list of all available completions for a
command, where the beginning is "x''

# [Alt][Ctrl][F1] - switch to the first virtual text console

# [Alt][Ctrl][Fn] - switch to the nth virtual text console. Typically,
there are six on a Linux PC system.

# [Alt][Ctrl][F7] - switch to the first GUI console, if there is one
running. If the graphical console freezes, one can switch to a
nongraphical console, kill the process that is giving problems, and
switch back to the graphical console using this shortcut.

# [ArrowUp] - scroll through the command history (in bash)

# [Shift][PageUp] - scroll terminal output up. This also works at the
login prompt, so you can scroll through your boot messages.

# [Shift][PageDown] - scroll terminal output down

# [Ctrl][Alt][+] - switch to next X server resolution (if the server is
set up for more than one resolution)

# [Ctrl][Alt][-] - change to previous X server resolution

# [Ctrl][Alt][BkSpc] - kill the current X server. Used when normal exit
is not possible.

# [Ctrl][Alt][Del] - shut down the system and reboot

# [Ctrl]c - kill the current process

# [Ctrl]d - logout from the current terminal

# [Ctrl]s - stop transfer to current terminal

# [Ctrl]q - resume transfer to current terminal. This should be tried if
the terminal stops responding.

# [Ctrl]z - send current process to the background

# reset - restore a terminal to its default settings

# [Leftmousebutton] - Hold down left mouse button and drag to highlight
text. Releasing the button copies the region to the text buffer under X
and (if gpm is installed) in console mode.

# [Middlemousebutton] - Copies text from the text buffer and inserts it
at the cursor location. With a two-button mouse, click on both buttons
simultaneously. It is necessary for three-button emulation to be
enabled, either under gpm or in XF86Config.
---

Read more..

Tuesday, September 11, 2007

How to assign hot key to Ubuntu?


1. Press Alt-F2 to open the Run application menu bar. Type gconf-editor and press Run button.

2. The Configuration Editor will show up. Go to /apps/metacity/keybinding_commands key (similar to Windows' registry) and double-click the unused name key, for example command_1. It is usually String type to accept command string. Input the name of the executable or command in the Value text box. For example, in the screenshot, I typed Konsole for the KDE terminal console executable.


3. Then go to
/apps/metacity/global_keybindings as shown in the screenshot below. Find and double-click the binding key associated to your command key in step #2. For example, run_command_1. Assign a shortcut key by typing it to the Value text box. This will be your shortcut whenever you want to run the command/executable in step #2. In my example, I chose K to open a KDE console terminal. You may choose your own preferred short cut combination, like combination of , and a letter. Click OK's and close the Configuration Editor. You may now try your shortcut key!

4.You can add more shortcut key for all your frequently used programs.










Monday, September 10, 2007

Sohanad!

I'm using Yahoo! Messenger most of the time as my instant messenger to contact with my friends. From time to time I would see other's YM status to something very familiar to me. And until this time, I still receive messages from someone with the similar below:



Its an indication that she/he is infected by a variant of Sohanad worm, most probably WORM_SOHANAD.AF. Once the worm is active, it will send out some built in messages to all your contacts without your knowledge and consent. This is one of many interesting Internet worms due to its agility and power to stay in the wild for quiet some time now. This is an evolving worm from a lame being to some exploit usage that made it always on the radar. If you're interested how its evolved, here's the blog from Trendmicro.

It modifies IE's default home page, disables Task Manager and Registry editor, disables the Run option in the command menu, modifies some YM's settings, and may terminate some security programs (ie antivitus, firewall, etc) running in the infected PC. These payloads needs some proper restoration process, otherwise, you might not be able to edit your registry or execute command from Run menu anymore =).
To clean .AF variant, you can follow the manual instructions.
If you're not sure of which variant got hit you, you might consider Trendmicro's free online scanner. It will execute its famous DCT (Damage Cleanup Template) technology to scan and clean your computer from most internet worms.

Tuesday, September 04, 2007

Show me the World, Windows!

I've encountered some Windows nuances which attributed to some registry
corruption error. For some reason, I couldn't view the tabs of my
Display Properties and the Network Properties.

Thanks to google for being so helpful as always! :)

In the first error, I've found this link as the solution, and it worked!
http://www.winhelponline.com/articles/38/1/

The next day, I've noticed that I can't connect from the remote machine to access
my shared folder in WinXP machine. When I was about to check the network setting, the
tabs in the Network properties are gone too! Thanks to this link for the solution:
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=5281

I used to take note troubleshooting experience because it can be handy
in the future when needed. So this not some-sort-of
superb-troubleshooting-technique-or-whatever. I just post it as a
post-it! :)

Saturday, August 25, 2007

"Patsam" time!

Patsam, short for "Patsambahan" =)

Sinigang na Baboy



Nilagang baka. Sarap to sa patis na me kalamansi =)

Tuesday, August 14, 2007

Other look of OSI model

Guys from Erratasec are always dishing out crisp informations about network security..
Another informative knowledge was instilled on this post about OSI model.
Hmmm ganun pala yun??! =)

Saturday, August 04, 2007

Immunity Debugger is out!!

I've waited this for quiet awhile.. finally, the Immunity debugger is out fresh from the oven!!
Download it from immunity website: http://www.immunitysec.com/products-immdbg.shtml

From its website:

A debugger with functionality designed specifically for the security industry
Cuts exploit development time by 50%
Simple, understandable interfaces
Robust and powerful scripting language for automating intelligent debugging
Lightweight and fast debugging to prevent corruption during complex analysis
Connectivity to fuzzers and exploit development tools

It combines the functionalities of the WinDbg and OllyDbg and a lot more. It supports the command-line shortcuts for WinDbg and the GUI of OllyDbg. It also allows remote debugging and can show some functions graph if you want to visually check the codes. Above all, it was designed for vulnerability analysis and exploit development with emphasis on heap exploitation.

Tuesday, July 17, 2007

MS Security Summit 2007

Some pictures during our "journey" going to Redmond, WA to attend "Microsoft Security Summit 2007" on June 11-13, 2007. From Vancouver, Canada, we (me and Rodel) traveled by his car going to Microsoft's campus. It was my first time crossing the border by land, so I have to secure clearance from the border security. I was interviewed by the security personnel, who is a retired US Navy. But to my surprise, the security person was a pure bicolano! (Bicolano refers to a person who comes (or originated) from Bicol Province in the Philippines). So the interview went very much casual, in fact we were talking in bicolano dialect. Cool! =)

US Border sign

After the border, our travel was smooth, until we reached the Seatle's Premium Outlets. Of course, it nice to check some branded items in a cheaper prices. I got a pair of Diesel shoes, for casual wear.
Premium Outlets in Seatle

Then, when we saw the sign below, we knew we're there inside Microsoft's campus already. If I heard it right, there are 116 buildings in Redmond campus of 3.1 million square feet (288,000 square meters) Oh yeah, thats huge right?
Anyway, we we're actually late when we arrived Monday afternoon, so we just hanged out with Trender people, like Jong, Joe, Jamez, etc, and waited for the shuttle bus going to Seatle's Needle Space. Actually its one of the reasons why I waited for this chance to attend the summit. The main reason is of course to experience the Microsoft's environment and to meet those guys from AV industry, and people from MS like Michael Howard, Mark Russinovich, and among others; and to have reason for my US B1/B2 visa application. Lolz!

Near Microsoft's gateway


Microsoft prepared the dinner at the Needle Space. You have the food and the view, woah! Awesome! :)

Seatle Space Needle

View from Space Needle
Vince (former Trender too like us, now working in MS) roamed us a bit more around downtown with his Mazda 3 :). The famous Starbucks coffee is one of many reasons why Seattle is popular. The picture below is the first and original Starbucks store:
The original Starbucks Coffee!

After more strolling around the downtown area, we went home and stayed at Vince's pad.

The next morning, we woke up earlier to catch for breakfast! One interesting topic is Mark Russinovich's talk about Vista securities and features. He discussed the security architecture of the Vista and some tweaks to make Vista more effective and efficient as they say. Another topic which caught my interest was Mike Howard's talk about Security Development Life Cycle (SDL). Also one presenter, discussed the IPv6 on Vista and its abundant feature list! And a bunch of evangelical preaches about Vista were discussed by other presenters. No doubt, they wanted to sell Vista to the audience! Other topics were for management people and a bit boring =)

Overall the summit was good enough. The foods were great. The experience of meeting AV guys was satisfying. And above all, the freebies (below) were..well..not bad! =P


Freebies:
- Windows Vista Security Guide (Book)
- The Security Development Life Cycle (Book)
- Writing Secure Code for Windows Vista (Book)
- Wireless Laser Mouse 5000
- Windows Vista Operating System
- Black Notebook
- USB flash disk

WinDbg Commands

WinDbg is a combination of User-Mode and Kernel-Mode debugger from M$, and a good alternative to OllyDbg and IDA Pro, especially when debugging Windows services.

I'm actually new to WinDbg, but it looks promising enough, it has lots of commands to get familiar with.

To start with WinDbg, download it for free from Microsoft website:
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

Browse its Help file to get started with the commands, or you can check the ff links for some of the most commonly used commands:
http://www.tonyschr.net/debugging.htm
http://www.codeproject.com/debug/windbg_part1.asp#_Toc64133680

Monday, June 25, 2007

eEye Blink Personal Edition - FREE!!

Just noticed that eEye offered their Blink Personal Edition to public for free..So I gave it a try..why not? Having a good reputation in security must be showing something different.
So I grabbed a copy and a 1-year license key and immediately installed it.
The GUI is different from other of its kind - it mimics as Windows XP's Control Panel applet, including its icons are very much Windowshish.

Immediately after the installation, you can update with its latest malware definition file:


Based from its website, it offers a complete Internet Security solution for home and desktop users, posing as a well-rounded security software compared to its competitors.

Its security features are fully customizable too! You can modify the default settings of its components (ie. Application Firewall, Host-based Intrusion Prevention, etc) to your liking.
Basically it combines the common Anti malware technologies (ie. anti-virus, anti-spyware, anti-phising, etc) and the security or vulnerability technologies (ie. buffer overflow protection, application execution protection, 0-day protection, etc). Its almost perfect, feature wise! What seems to lack is a rootkit detection? Hoping that it would catch the rootkit prior or during its installation, otherwise it wont detect existence of a rootkit ( I guess) in a compromise PC.

Download it from eEye site.

Hmm..sounds good eh?

Sunday, June 24, 2007

Awesome artwork!

Woah!! incredible, truly awesome piece of art work indeed!
http://gryf.feathers.net/

Wednesday, June 20, 2007

VMware's vmmon is broken under Ubuntu Feisty (7.04)

You can install the VMware Workstation on Ubuntu Feisty Fawn (7.04) like this:

rplantado@rexubuntu:~/Installers/vmware-distrib$ sudo ./vmware-config.pl


Then, just follow the wizard and accept the default values. But along with the installation process, it halted with the following error when compiling the vmmon module:


What is the location of the directory of C header files that match your running
kernel? [/usr/src/linux-headers-2.6.20-16-386/include]

Extracting the sources of the vmmon module.

Building the vmmon module.

Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-config4/vmmon-only'
make -C /usr/src/linux-headers-2.6.20-16-386/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-386'
CC [M] /tmp/vmware-config4/vmmon-only/linux/driver.o
In file included from /tmp/vmware-config4/vmmon-only/linux/driver.c:80:
/tmp/vmware-config4/vmmon-only/./include/compat_kernel.h:21: error: expected declaration specifiers or ‘...’ before ‘compat_exit’
/tmp/vmware-config4/vmmon-only/./include/compat_kernel.h:21: error: expected declaration specifiers or ‘...’ before ‘exit_code’
/tmp/vmware-config4/vmmon-only/./include/compat_kernel.h:21: warning: type defaults to ‘int’ in declaration of ‘_syscall1’
make[2]: *** [/tmp/vmware-config4/vmmon-only/linux/driver.o] Error 1
make[1]: *** [_module_/tmp/vmware-config4/vmmon-only] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-386'
make: *** [vmmon.ko] Error 2
make: Leaving directory `/tmp/vmware-config4/vmmon-only'
Unable to build the vmmon module.

For more information on how to troubleshoot module-related problems, please
visit our Web site at "http://www.vmware.com/download/modules/modules.html" and
"http://www.vmware.com/support/reference/linux/prebuilt_modules_linux.html".

Execution aborted.

Solution: Edit compat_kernel.h in vmmon.tar:
Steps:
Go to the vmmon folder:

rplantado@rexubuntu:~/cd /usr/lib/modules/source/

Create backup copy of vmmon.tar:
rplantado@rexubuntu:/usr/lib/modules/source/$ cp vmmon.tar vmmon.tar.backup

Extract the tar file to its folder vmmon-only:
rplantado@rexubuntu:/usr/lib/modules/source/$ tar -xvf vmmon.tar

Open the include file compat_kernel.h:
rplantado@rexubuntu:/usr/lib/modules/source/$ vim vmmon-only/include/compat_kernel.h

Search and comment out the line:
static inline _syscall1(int, compat_exit, int, exit_code);

So it should look like:
/* static inline _syscall1(int, compat_exit, int, exit_code); */

Put back the files into vmmon.tar again:
rplantado@rexubuntu:/usr/lib/modules/source/$ chmod 755 vmmon.tar
rplantado@rexubuntu:/usr/lib/modules/source/$ tar -cvf vmmon.tar vmmon-only


Then repeat the installation process and it should be smooth now..

rplantado@rexubuntu:~/Installers/vmware-distrib$ sudo ./vmware-config.pl


:
:
Building the vmnet module.

Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-config5/vmnet-only'
make -C /usr/src/linux-headers-2.6.20-16-386/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-386'
CC [M] /tmp/vmware-config5/vmnet-only/driver.o
CC [M] /tmp/vmware-config5/vmnet-only/hub.o
CC [M] /tmp/vmware-config5/vmnet-only/userif.o
CC [M] /tmp/vmware-config5/vmnet-only/netif.o
CC [M] /tmp/vmware-config5/vmnet-only/bridge.o
CC [M] /tmp/vmware-config5/vmnet-only/procfs.o
CC [M] /tmp/vmware-config5/vmnet-only/smac_compat.o
SHIPPED /tmp/vmware-config5/vmnet-only/smac_linux.x386.o
LD [M] /tmp/vmware-config5/vmnet-only/vmnet.o
Building modules, stage 2.
MODPOST 1 modules
WARNING: could not find /tmp/vmware-config5/vmnet-only/.smac_linux.x386.o.cmd for /tmp/vmware-config5/vmnet-only/smac_linux.x386.o
CC /tmp/vmware-config5/vmnet-only/vmnet.mod.o
LD [M] /tmp/vmware-config5/vmnet-only/vmnet.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-386'
cp -f vmnet.ko ./../vmnet.o
make: Leaving directory `/tmp/vmware-config5/vmnet-only'
The module loads perfectly in the running kernel.

Starting VMware services:
Virtual machine monitor done
Virtual ethernet done
Bridged networking on /dev/vmnet0 done
Host-only networking on /dev/vmnet1 (background) done
Host-only networking on /dev/vmnet8 (background) done
NAT service on /dev/vmnet8 done

The configuration of VMware Workstation 5.5.4 build-44386 for Linux for this
running kernel completed successfully.

You can now run VMware Workstation by invoking the following command:
"/usr/bin/vmware".

Enjoy,

--the VMware team

Monday, May 28, 2007

Hot!! ti-98 titanium virus!! Hot!!

Piotr Bania created the world's first ti-98 Titanium virus!
Take note, its an EPO virus.

Here's the link: http://piotrbania.com/all/ti89/

For educational purposes only!!

Cheers!

Saturday, May 19, 2007

Are you pretty?

----------------Girls---------------
-----------are like apples-----------
-------on trees. The best ones------
-----are at the top of the tree.------
---The boys dont want to reach----
--for the good ones because they---
-r afraid of falling and getting hurt.-
-Instead, they get the rotten apples-
from the ground that arent as good,
but easy. So the apples up top think
something wrong with them when in
-reality they're amazing. They just--
---have to wait for the right boy to-
---- come along, the one who's-----
----------- brave enough to--------
---------------climb all------------
---------------the way------------
---------------to the top-- --------

Wednesday, April 25, 2007

[Tip 0.3] ln: do you like it soft or hard?

ln is a linux command to create a symbolic link to a file. The link could be hard or soft.

Hard Link:
- create another file (or entry to directory file) that reference to the same inode number (or disk block/s).
- attributes/permissions are carried out when the file has been changed/removed
- apply for files only (not directory)
- can not span hard drives (ie. hard link in /dev/hda/ that points to a file from /dev/hdb)

Example:
How to create a hard link 'tlink' that points to test (must be file only, NOT directory):
rex@rexubuntu:~$ ln test tlink

How to create another hard link 'tlink'2 that points to test (must be file only, NOT directory):
rex@rexubuntu:~$ ln test tlink2

How to identify hard links? Issue the command below and check for the same inode numbers:
rex@rexubuntu:~$ ls -il
8437999 -rw-r--r-- 2 rex rex 0 2007-04-25 15:02 test
8437999 -rw-r--r-- 2 rex rex 0 2007-04-25 15:02 tlink
8437999 -rw-r--r-- 2 rex rex 0 2007-04-25 15:02 tlink2

Having the same inode numbers means that the files: test, tlink and tlink2 are three files pointing to the same inode/s or disk blocks. Just think of them as 2 copies of test.

Soft Link:
- analogous to Windows shortcut file. It contains the path of the target file, and when the target file has been removed/deleted, the soft link is broken.
- file that contains the path of another file

Example:
How to create a soft symbolic link named 'slink' that points to file 'test' (could be a file or directory):
rex@rexubuntu:~$ ln -s test slink
rex@rexubuntu:~$ ls -il
8438031 lrwxrwxrwx 1 rex rex 4 2007-04-25 15:18 slink -> test

Note: test file should be existing

How to display soft links? Symlinks end with @ when you use the command:
$ ls -F
slink@

or

$ ls -l
lrwxrwxrwx 1 rex rex 4 2007-04-25 15:18 slink -> test

What if..a malicious software (malware) creates multiple (random) hard links to itself to avoid being completely deleted from the system. How would you completely clean the infection? Ok, lets say you were able to spot the file and terminate the process and delete the file. Then the next morning, you see another instance/copy of the malware. You suspect that there could be more other copies of itself that are still lurking in your system. So in order to remove all the copied files of the malware in your system you gotta be able to find all of its copies. So the next question would be: how would you know all of its instances or copies when you got one of its hard links or copies manually?

Well, first lets define inode. inode is the data structure that stores information about a file in Unix file system. Its number uniquely identifies the file. Its a basic building block of the file. So a file must have atleast one inode that also contains info about the data, permission,etc of the file. A file contains the (a) data and (b) filename parts. The data part is associated with inode structure and the filename is associated to name of the file and the inode number.

How to identify all hard links pointing to the same inode? There's no single command that would do this. It requires a little scripting and filtering. So its your choice. But basically, you have to search from the root directory and checking their inode number with the inode you identified as your input. I've found a simple solution from googling and it worked:

find <location> -samefile foobar
where foobar is a found link(whether original or not) and <location> is where you want to search. (ie. / to get all of them).

Another approach is:

find <location> -inum nnnnnn
where nnnnnn is the inode number of the known file that you established with "ls -li".

How to remove a link:
$ rm <linkname>
Remember that in *NIX world, everything is a file or directory. So rm would work.


Friday, April 20, 2007

pcap owl unleashed!

coming very soon...abangan!
,_,
)v(
\_/
="=

Thursday, April 19, 2007

Linux here is everywhere

My company doesnt love Windows, or maybe they just love free software thats why they dont use Windows that much. Its evident with the desktop and application they're using. I think 90% are using non-windows systems here. Meaning time for me to learn and migrate to *nix desktop too! Its kind of hard for someone using the Windows systems for more than 6 years. Have to re-learn how to install, rebuild from source, vi/vim editor, setup/install/upgrade via command shell, remote access using ssh, forget about Visual Studio and use GEdit/KDevelop/etc instead, and many more things. Its cool, but it takes a little time..hehe!

But I wanna try Gentoo..of the most powerful and yet trickiest distros on earth!

Ubuntu 7.04 (Fiesty Fawn) released!

Yes, today is the scheduled released of the much awaited Fiesty Fawn!

More info below:

http://www.debianadmin.com/ubuntu-704-feisty-fawn-release-dates.html

http://distrowatch.com/?newsid=04178


Now, its time to update my Ubuntu 6.10 (Edgy Eft) to Fiesty Fawn!!
Note: Ubuntu requires an incremental upgrade. If you're using Ubuntu 5.10, upgrade to 6.10 first before you can go to 7.04.

But its as easy as running the System->Administration->Package Manager. It should prompt you to install any available updates including upgrades.


If not, you can manually click the Check update button to check and get the updates! If you click the Install Updates button, it first will install some application updates. Clicking the Upgrade button will start the upgrade process. Then the release note is displayed. Click Upgrade button and you're on your way to upgrade your Edgy to Fiesty.

You'll be asked for the password since its a system-wide change.

Then it will prepare the distribution upgrade before prompting to proceed the real upgrade.

Depends on your internet speed, the upgrade could take hours or even days to complete. After the upgrade you can check if it indeed has been upgraded. Some of ways to check your Ubuntu version are like:

cat /etc/issue

or

lsb_release -a


or

cat /etc/lsb_release

That's how you upgrade using the GUI. Smooth. :)

If you're a CLI guru, then you can upgade using apt-get command (not advisable). If you want some pain in the ass, try it the hard way, check how here or there .

So whats up with this upgrade foo??!

Shuttleworth said “the main themes for development in this release will be improvements to hardware support in the laptop, desktop and high-end server market, and an aggressive adoption of emerging desktop technologies.”Ubuntu’s Feisty release will put the spotlight on multimedia enablement and desktop effects. We expect this to be a very gratifying release for both users and developers”.

“Edgy has been a wild ride, with some remarkable achievements (nothing like re-inventing and substantially improving on init!). Feisty will be a little more focused on features that are very visible to end-users,”

Tip 0.2: /usr/include/net/bpf.h header doesnt exist

BPF (Berkeley Packet Filter) is not supported by default by non-BSD systems, (ie. Ubuntu and other Linux).
So whenever you'll code something (especially libpcap -based ones) on these platforms, all you can do is to install libpcap library because it has the compatible header file bpf.h. Just copy the pcap-bpf.h from libpcap and rename it as bpf.h , and your good to go:

It is useful when you get progy written from BSD systems that includes the header /usr/include/net/bpf.h file and build it in a non-BSD system that doesnt support bpf by default.

Solution:
1. Install the libpcap library
Download the latest libpcap from here and extract to your own folder.
Note: Read the INSTALL.txt for instruction:
a) ./configure
By default, there is no flex/bison installed, so use the Synaptic Manager (easier way) to get and install flex/bison. They're required in building the libpcap.

Or by using the apt-get:
sudo apt-get install flex
sudo apt-get install bison

b) make
c) make install

2. copy the file: cp /usr/include/pcap-bpf.h /usr/include/net/bpf.h
Change the path accordingly if needed.

3. you can now build your libpcap progy.

Note: If this is the first time you would compile/build libpcap or any C/C++ program in Ubuntu, you probably need to setup/install most of the needed stuff in development, like include files, compiler,etc. Heres how:

Install Linux source:
~$ sudo apt-get install linux-tree

Install Linux headers:
~$ sudo apt-get install linux-headers-'uname -r'

Install C/C++ builder:
~$ sudo apt-get install build-essential

Install Kernel source:
~$ sudo apt-get install linux-source

You can also install your favorite IDE, like GEdit,KDevelop, or the old school vi/vim.

Cheers!

Saturday, April 07, 2007

Canada - a new destination!

Im here at last! New page of another chapter in my life..Hopefully, I would like it here and stay for good. The place looks very nice and exciting.

Zandro and Gilou picked me up from the Vancouver airport going to Rodel's house at New Westminster, BC, where I would be staying temporarily. After unloading all my luggages, we headed to Thai's restaurant near the office place to lunch. Then, Gilou left us and I asked help from bud Zandro to pick some grocery enough for the weekend. Then I went home (Rodel's flat) and fixed my internet connection to check mails and contact my family and friends in the Philippines.
I've watched the LA Lakers and SuperSonics game at 7:30PM, while eating my left over from Thai's restaurant when my eyes started to fall. I even cant remember if I was able to finish the game lolz! So I went up, with my eyes about to give up, I rested my exhausted body and drained eyes.
I woke up around 3AM and felt a little bit hungry. My body clock is still adjusting, and I couldnt sleep after the snacks. So I just surfed the net and started blogging. Its now 6:30 AM and I want to go back to bed to rest again =) Bye for now and see you around!

Friday, March 23, 2007

Fuzzled - Perl fuzzing framework

This summary is not available. Please click here to view the post.

Saturday, March 03, 2007

Im back!!

I've been in hiatus for a long while..
A crucial decision making in my career (duh meron ba?? =)) made me step back for a while.
It seems a turning point came into my life..need to sit down and take a deep breath, then relax.
But in the end, I'm still lucky, coz everything in me now has some reasons towards a better path.

So lets continue sailing going to the Blue Ocean... ;-)