Bringing the System Down

The CSE students of IIT Guwahati frequently need to bring the system (our respective servers) down. We need to do it for:

• Saving ourselves from being forced to show the assignments (“Sir, I have done the assignment and it’s there on the server. But the system…”),
• Demonstrating our technical superiority to our peers, and by implication, their technical inferiority to us (“You suckers! If I’m not showing the assignment, neither of you will. As a bonus, you won’t check your mails. Let’s play Quake!”),
• Testing our hunches on ‘What brings the server down?’ (“…and this simply brings the server down. Never thought that the system and the SysAd were SO dumb.”), and most importantly,
• For the thrill and sheer pleasure in the process and the results (“I did it. I did it again!”).

No matter what the reason, we are all IITians and whenever we put in some effort, we manage to bring the system down. We use wide range of techniques to achieve our goal. However, we prefer generic methods over those based on specific bugs (which would anyway be patched in a short while).

The first generations of our attacks were very simple; all of them were essentially fork-bombs:

while(1) fork();

This would result in exponential growth of the number of processes and since there is a finite limit to the number of processes in a system, soon the system won’t be able to create new processes resulting in quite a useless system.

While fork-bombs are elegant, the OS can easily avoid their system-wide effect. It can simply limit the maximum number of processes per user so that a fork-bomb will only be able to jam the account of the user fork-bombing. Of course, this is not what we want. We want all users affected; we want the system itself affected.

Another old approach is to hog the file-system by creating recursive directories in the file-system until all the inodes (or space) in the partition is consumed (whichever happens first). As a result, users will not be able to create new files/directories in the particular file-system. While this would render the system (mostly) unusable to some users, the system is still up and running. In fact, most users are unaffected. Further, this can easily be avoided by limiting the disk-space/inodes allocated per user. This attack is not at all in the league of perfect attacks.

Other variation of above approach targets specifically the /tmp partition (or directory) by consuming all the inodes and/or disk-space. Though this is lot more effective than the previous method, it still is no more perfect attack than the previous one.

One more approach tries to hog all of the system memory by calling malloc() (or other variants) repeatedly, decreasing memory request on every malloc() failure until a minimum (predefined) value is reached. The aim is to take away as much memory from the system as it can grant (to the last page) so that it has no more memory left to grant to other processes, resulting in a useless system. While theoretically sound, this method is not at all effective in practice. It does increase the system overhead, but the system stays up and running. The kernel shrewdly reserves a lot of space for its own operation and in desperate needs, it eventually kills our memory hogging process.

And here, finally, is my newest technique. The idea is to fool the system into granting much more virtual memory than it can physically provide (in RAM and/or in swap-space) followed to an active claim to the memory (virtually) granted by the system. This is achieved as follows:

1. Create a process (our root process) and repeatedly call malloc() to get as much memory as the system is willing to grant (to the last page).
2. Multiply by repeatedly calling fork() until the system refuses to create more copies.
3. From each copy, write one byte (or more) in each page forcing the system to translate all the virtual memory which was granted to our root process (multiplied by number all the copies) into physical memory.

The system will not be able to translate all of the virtual memory, but since it has already committed to the root process, and thus, to all of its copies, it has to provide all of them all the memory they are requesting now. Soon the system will run out of memory, resulting in a frozen system.

There is one caveat though. When a typical Linux based system is out of memory, it will try to eliminate our memory hogging processes (read: OOM Killer). We can increase the chances of survival of our processes by:

• Creating less number of child processes.
• Consuming less memory per process.
• Pretending to do some useful raw I/O. (Maybe even network access).
• NOT using nice and nohup. (I know, it’s lot to ask, but so is life.)
• Making our processes go slowly about their work.

So that’s all for now. Enjoy bringing your server down!

How to hide files on Windows

NTFS supports what is called multiple data streams. Which means that there can exist multiple, independent (in content) streams of data within a single file. Because of this feature, a file in an NTFS partition can be treated as a collection of separate data streams where each such data stream can store any arbitrary content – even the complete contents of a file. Something like archive formats (.zip, .rar, .tar etc.) – file(s) inside file.

This feature of NTFS can be used to hide files on NTFS partitions very effectively. We simply create a data stream inside some useful and innocent file (say important_report.pdf) and copy the contents of the file we want to hide (say porn_xxx.avi) in that data stream. Since there is no theoretical limit to the number of data streams inside a file, we can hide as many files as we want inside a single innocuous file.

Here is the step-by-step method:

1. Install UnixUtils. (for cat command; even otherwise, UnixUtils is a nice thing to have)
2. To save a file porn_xxx.avi inside a data stream (the name of which may be same as file to be saved or different altogether) open Command Prompt and issue the command:
   cat porn_xxx.avi > important_report.pdf:porn_xxx.avi
   or even:
   cat porn_xxx.avi > important_report.pdf:some_secret_name
   (the syntax to access a data stream is <filename>:<stream-name>)
3. The file porn_xxx.avi is now saved in data stream important_report.pdf:porn_xxx.avi. You can now delete porn_xxx.avi.
4. To extract the file porn_xxx.avi back from the data stream important_report.pdf:porn_xxx.avi:
   cat important_report.pdf:porn_xxx.avi > porn_xxx.avi

This method is excellent because no one can find the existence of data stream(s) in a file through any ordinary method. Of course, if one already does know of its existence, one can extract the hidden file by simply knowing the name of the data stream in which the file is hidden. But otherwise, the file porn_xxx.avi saved in important_report.pdf:porn_xxx.avi does not even increase the size of important_report.pdf. What more to ask, even Linux NTFS module supports data streams.

These are the limitations & shortcomings though:

1. The method works with NTFS only.
2. If a file with data streams is transfered to a file system other than NTFS (FAT32, HPFS, EXT2 etc.), the data streams are lost.
3. Softwares do not access data streams directly. Hence, if a file is saved in a data stream, one has to extract it to a file every time one wants to access it (and delete it afterwards).
4. The meta-data managed by OS (various time-stamps related to the file, file permissions etc.) is lost while saving a file in a data stream. (Not a big issue, I guess.)
5. A data stream, once created, can not be deleted from a file (to the best of my knowledge). However, one way to delete data stream(s) is to simply:
   cat important_report.pdf > copy_of_important_report.pdf
   followed by:
   del important_report.pdf
6. In case your file-system gets corrupted, I’m not sure how well those data recovery tools handle data streams. (I’m too lazy and irresponsible to check it out.)
7. The final issue is that of remembering the files and name of the data streams in which the (secret) files are hidden.

* This post was inspired by the lame blog entry: How to hide files and folders on a Mac on Lifehacker.

From the Eyes of a Photon

From Wikipedia:

Length contraction, according to Albert Einstein’s special theory of relativity, is the decrease in length observed in objects traveling, relative to an observer, at a substantial fraction of the speed of light. The effect is observed parallel to the direction in which the observed body is traveling.

But is this length contraction limited to the contraction of objects? What all can be / cannot be considered as an object here? What I want to ask is: do we need an object for the length contraction to happen? Can just the moving empty space not contract and we call the phenomenon as space contraction (sure, parallel to the direction of the movement of space)? But can the space be considered moving? Let's explore.

Let’s consider a photon. Since it is moving with speed c in any reference frame, it must have zero length in its direction of motion. So the photon is, at most, a two dimensional entity. Nothing great here. Now, let’s consider the inverse argument.

I am making following assumptions here:

1. Universe is finite.
2. The space is continuous (singularities can be handled).

Since a photon is moving with speed c in the reference frame of any infinitesimally small empty space, any infinitesimally small empty space is moving with speed c with respect to the reference frame of the photon. And so all the three dimensional space must be observed two dimensional by the photon. That means all Universe must be two dimensional for the photon. The photon must exist inside a two dimensional plane which extends to the directions perpendicular to the motion of the photon.

Let’s now consider two photons not moving perpendicular to each other. Each photon is moving with velocity c with respect to the other with some component in the direction perpendicular to the other’s plane of Universe. Each photon will move outside of the Universe of other in no time!

But can one photon move outside the Universe?… Where is outside of the Universe? Clearly, moving outside doesn’t make any sense. So a photon not moving perpendicular to the motion of some other photon can NOT exist in the Universe of the latter.

What about entangled photons? I mean, if two photons do not exist in the Universe of one another, can they get entangled? I can’t think of a way they can. The Universe of a photon and thus the photon itself must be unaffected by anything not existing in its Universe. This implies that one necessary (but not necessarily sufficient) condition for photon entanglement is that the entangled photons move perpendicular to each other!

And I find it quite strange to believe. Maybe the Universe is infinite or maybe I’m being stupid without knowing how.

From “Telugu” to “Gult”

I belong to IIT Guwahati, normally referred to as IITG. In IITG, if you could ever find something in conspicuous abundance, it’d be the Telugu individuals. The proportion of the Telugu population is even greater than that of native Assamese, and for that matter, much greater than that of all other regions combined. It is often rumored that there runs a dedicated train between Hyderabad and IITG before the start and after the end of every semester, but I can confirm this to be a mere hoax. After all, appearance can be deceptive!

In IITG, you find Telugus anywhere, and everywhere – tall, short and average height Telugus; dark, fair and wheatish Telugus; Telugus clad in shirts (which are either tucked-in or left out; latter case is almost certain) and T-shirts (colors ranging from fluorescent yellow to fluorescent green to fluorescent red to even sober colors) – all kinds and every variety of them, walking/standing/eating, sometimes alone but mostly in a flock (the flock is sometimes doped with one or two or rarely, more number of unfortunate non-Telugu person(s)), conversing in Telugu (the language), oblivious of the fact that the non-Telugu person(s) can’t make any sense of a single sound uttered by them so hastily. Certainly, it’s not their fault that the non-Telugus are dumb enough to not able to even understand Telugu sounds, especially when most of Telugus can very well understand, and accordingly reply to, all commonly used Hindi invectives. And thus, Telugus smartly make their distinct presence felt, which otherwise might have gone unnoticed.

Telugus are distinct from non-Telugus in various other ways and if not all, almost all Telugus follow same behavioral patterns. For instance, they all have same nourishment and nutritional requirements. In fact, their eating habits are also similar to a remarkable degree. Most Telugu girls require same toiletries (including, but not essentially limited to, Mysore Sandal Soap) for their beautification and skin cleansing. All Telugus share a great fascination dedicated to Tollywood music, Tollywood movies (notably Nuvve Kavalli) and even Tollywood news.

They all can produce, and they do produce 90% of the time, similar loud sound patterns to communicate. These sound patterns require demanding skills like showing-teeth-to-the-gums, to be delivered in proper style and accent. Having these skills grants them the natural ability to create many effects, like making the conversation dramatic, animated and mechanical all at the same time, which otherwise are quite impossible to achieve. These skills and the additional abilities acquired because of these are so deeply instilled into the personality of Telugu people, that these are manifested even when Telugus try to converse in languages other than Telugu itself, enriching the delivering style of such languages. With the ability acquired to produce such complex and demanding sound patterns, Telugus have the knack of ushering out any of the lesser mortals lingering around.

Not only that, when it comes to dressing-sense, Telugus share such great an understanding, which can only be hoped by any other civilized society. And when it comes to colors, they discard all petty notions like “only suitable to a particular individual”, depicting their wide thinking and excellent sense of “equal opportunity for all” ideology. A male’s wardrobe is often judged with the number of fluorescent colored T-shirts – the higher the better; and a female’s dressing-sense is judged by the stiffness of clothes in her wardrobe of casuals, again, the more the stiffness of her casuals, the higher her dressing-sense is ranked. But you can’t fool Telugus by the mere presence of such clothes in your wardrobe; such clothes must be used regularly to prove their existence.

For all of these distinctions and thousands more, which I find myself unable to write for the sheer typing effort, a Telugu individual is often referred, at least in IITG, by an equally distinct and genuine name – “Gult”.

I am not aware of the origin and the first usage of this term or of the wise person who coined it, but am however, aware of the novel concepts behind it and therefore, its simple and elegant derivation. People with good analytical skills, reasoning power and imagination would find it but natural.

Derivation of “Gult”

Okay then, we’ll start with “Telugu” itself. Let’s write down the sacred word and take all the consonants along with any following vowels. What we get is:

“telugu” = “te” + “lu” + “gu”

Let’s invert the order assuming that the ‘+’ operator is commutative (i.e., a + b = b + a):

“te” + “lu” + “gu” = “gu” + “lu” + “te”

Get rid of any redundant alphabets (redundancy elimination):

“gu” + “lu” + “te” ≈ “gu” + “l” + “te”

Now, we join the result of previous operations, in order (string concatenation):

“gu” + “l” + “te” = “gulte”

And here comes the trickiest part: try saying “GULTE” loud. Does it sound good? Nopes, it doesn’t. In fact, it wasn't meant to. But we can make it sound a bit better. So, where's the problem in it? If you try some variations of articulation possibilities, you’ll find that dropping the ‘E’ would be most rewarding. So we drop the ‘E’ and get the result:

“gulte” ≈ “gult”

Summing it all together:

“telugu”

= “te” + “lu” + “gu”

= “gu” + “lu” + “te”

≈ “gu” + “l” + “te”

= “gulte”

≈ “gult”

DISCLAIMER: These words are relevant only to the gults of IITG. Any other Telugu person offended by my words should consider it only a poor joke.

The First Post

Finally, I have managed to write my first post. I’ve delayed it enough – for more than 2 years! “How could it be?” Let me think for a while. My user profile on Blogger says that I joined on October, 2003. Cool. At least, not any later. Certainly, it's been more than two years. When I joined, I wanted to start a blog of my own. “Then why didn’t you ever start blogging in last two years?” “Why? You know, exams… busy schedule… projects… IIT… blah, blah, blah…”

The Story before the Time

First, I started to think about the topic. In case, the gravity of the problem goes unappreciated, I’d repeat that – “the topic”. What must be the topic that I’d love to talk about? That I’d have the right to talk about? Many things came to my mind: my life, IIT Guwahati, my batch-mates etc. But I couldn’t convince myself that I can do justice to any of these. And there were good reasons to think that way: I cannot be too frank and neutral about my own life (believe me, I can’t be); there are people better than me to write about IIT Guwahati; I don’t know all of my batch-mates so well that I can write about all of them and so on.

There was no reason for me to make such a fuss about the topic even before I started posting (responsibly) but I had to have some title and it goes without saying that title must be compatible with the topic in some way. They must make sense together. But no great thought came to my rescue and finally, I let the blog title to be “Arvind Singh’s Rants and Ramblings”, a popular default for unimaginative, unclear blog titles at that time. “Let it stink for a while; I can change it later!”

And related was the problem of domain name. For some whimsical reason, I wanted the domain name to resemble the blog title^* and I didn’t want to change it later on. For the title I chose at that time, it could simply have been arvind-singh.blogspot.com (other variations of my name were already taken) but the title wasn’t meant to be permanent! “I’ll have all things set to my liking just within a few posts; let’s just begin!”

The last problem was the biggest hurdle: writing an entry, the very first post! “It mustn’t be ‘bad’.” I was thinking of an issue worth writing, and kept thinking. There came many things which were worth writing, and I was lazy enough to discard them without thought and let them go stale and then – “What a foolish thing it’d be to write on a stale issue?” I dug up many blogs to find their first posts but couldn’t make myself follow any of them. Finally, I got fed up with 0 posts, and I wrote my first entry: a typical “Hello World!”. “Many people do that; and who says I’ll have to keep it forever? I won’t even count it as my first post!” Though the problem of 0 posts was solved, the problem of first post persisted.

Meanwhile, other things came to distract me. Okay, I am a perfectionist – a painfully extremist one. With that, I don’t mean that the output of my work is perfect always. I can leave the output sub-standard and still not be guilty. But when I work, I want my effort to be perfect, whatever be the output (karmic thinking?). And did I mention that I am a techie too? And this really makes a dangerous combination for oneself, especially while handling powerful stuff.

Blogger is powerful, very powerful indeed. And there are so many options. So many things can be customized and to such a great extent; particularly for a techie with “Why not?” attitude. And most fascinating are the templates. One can customize just the CSS or the whole template. It is very tempting when they provide an excellent help to do it on your own. Not just that, you can find help on many other sites.

There were no limits for me. I wanted it all – everything. I studied a lot. I customized every option carefully. I changed the CSS to get a flexible 3-column layout. I wrote a personalized template (though not a very presentable one). I created a Google account for AdSense. I hated it that blogspot didn’t store photos, so I created Flickr account for storing photos. I studied blogger API. I learnt everything that I came across, I tried customizing everything that I could and I'd never stop. I hope everyone can anticipate the outcome when someone with an exhaustive approach attacks the myriad of diverging technologies – terrific learning experience and utter frustration!

And so I was, totally frustrated. Did I feel any bitterness? No, I am an IITian. Those trained in an IIT never feel bitter over such experiences. When technology seems insurmountable, they don’t feel bitter, they just get frustrated and just that. Eventually, they procrastinate. I pushed all about blogging out of my mind. “I’d rather do it later!”

The Time Crystallized and the Laws of Physics Held

Yes, today is the day. Fiddling with options was a good learning experience, but now I'm starting with the defaults. Things can be customized as and when required – purely utilitarian way to go. And what were the problems?

The Topic: I’d write about anything, whatever comes to my mind.

The Title: “Brownian Motion” to start with. It is relevant to me. Once, Prof. Gautam Barua addressed me as “random number”. Some other time, someone from my batch described me as “undirected force”. In a way, this title encompasses both descriptions. Further, it's well thought. It doesn’t restrict me anywhere and allows me to write about anything – the life, the universe and everything. Finally, it does save a few shocks if I keep changing it abruptly.

The Domain Name: I can’t afford to buy and maintain my own domain name and arvind1.blogspot.com^* isn’t bad either!

The First Post: It is before you and it's neither “Hello World!” nor essentially “bad”!

* Now I believe that domain name of my personal blog is as much part of my digital identity as my email and IM IDs are. So it must resemble my actual name.