Entries from September 2006 ↓

I got an interesting problem to solve today! Top on a server was showing a process named “./john” under “nobody” owner and it was consuming most of the server CPU. Our server admin figured somebody broke into the server. And even started getting reports from other servers that others servers were being attached from this server. He then found the file was placed in “/var/tmp/mysql.sock\ ” folder and deleted the whole folder. That gave peace to the server for some time.

But then it was back again. When I heard about it, it seemed like some script junkie was playing around. Exploiting some known vulnerability in the web server (or another process) and launching this “john” process. I thought it would be “John The Ripper - the password cracking program” - but then thought the guy should be smart enough to change the name of the application.

Checked up the “.bash_history” to see if there were any trails. None. The log files did not show much. But the Top showed up a john process. We killed it. And I thought I should check the web logs - not recent ones, but something older. Since the server had good traffic, we reviewed the access and error logs. Found a suspicious IP address. Grep’d the log and found out something interesting.

There were GET and POST requests to a file called file.php. Some commands were being passed via the query string. We found the URL problematic. So we located the file, and the whole thing was clear.

Script kiddy it was.

The guy hijacked someone’s FTP password, and placed a php Shell application on the server. Since the server allowed executing system commands via php, this guy was able to upload a tar.gz onto a world writeable directory - /var/tmp was one. And then unzip the application (yes, John The Ripper), compile it, and run it from there. All through the web based console.

Smart. But not smart enough.

Cleaned up the account, the files, secured PHP, and we were back in business.

Good one hour exercise though!

A human being is part of the whole called by us “universe,” a part limited in time and space. We experience ourselves, our thoughts and feelings as something separate from the rest. A kind of optical delusion of consciousness. This delusion is a kind of prison for us, restricting us to our personal desires and to affection for a few persons nearest to us. Our task must be to free ourselves from the prison by widening our circle of compassion to embrace all living creatures and the whole nature in all of its beauty… We shall require a substantially new manner of thinking if humankind is to survive.

- Albert Einstein

I have been thinking about this for about three months now. One of the major problems in software industry these days is to find good programmers. (retention comes after hiring It’s easy to find people, but extremely difficult to find good people. It becomes important then, to groom candidates to become better programmers.

So how to transform someone into a good programmer? Do you want to be a good / better programmer?

I take a session about being a good programmer as part of our induction training. I am thinking there should be something more concrete on the subject. Paul Graham’s Great Hackers is a wonderful piece and so are the Pragmatic Programmer and Mythical Man Month - (and the whole pragmatic series actually.) But can we come up with something that can bring out transformational results?

Thinking…

Was looking for something to share with team leaders at office, and found an interesting excercise in Robin Sharma’s “Who will cry when you die”.

List Your Problems

Take a piece of paper and list all the problems you have in your life now. Work related, project related, people related, relationships related, personal, national, global - anything!

Then look at them.

You will realize that about one third are not really problems. So you don’t need to worry about them. Another one third will be things you can not change. So why fret?

And for the balance you can now think straight (since you have spared your mind a lot of trouble), prioritize and take action on. The technique is like sharing problems with a friend, as you share, you get free!

We tried this, and it gave very good results. Some people realized the problems were just temporary and solved them. Some got freedom from the burden. Some got new insights into solving them.

I was reading the serial novel in Chitralekha magazine this morning. The Author - Kajal Oza Vaidya has a unique writing style. She expresses feelings of various characters in the story profusely - delivering on the twists and excitement of a weekly episode at the same time.

One of the characters of the story - Vasu’ma - has deep understanding of human relations. Most of her actions and words are inspiring. Profoundly thought provoking and just too real!

One line in today’s episode was “You get something as your fortune when someone else lets it go from her fortune.”

This is so powerful! Relationships are all about people. In a relationship, when I get something, it is because the other person did not take it. S/He actually let it go. They let us have it.

In today’s world, where we get hurt on small issues and pick up a fight, how about letting the other person have it? Because what you have, is because someone else did not take it before you.

Amazing!