Sunday, November 27, 2005

Viewing and Adjusting File Descriptor Limits in Solaris 8

Almost a week ago I got an call for problem which is related to log4j and weblogic. Due to some instruction for making an application SOX compliant one devlopment team has intigrated lots of process to be logged through a log4j .
Application is java base and deployed in weblogic. But soon after starting the application and after very few transaction application stopped responding . After a very hard diagonis to catch a real problem we get to know that the poroblem is actually is of File Descriptor. (A file descriptor is a handle created by a process when a file is opened. A new descriptor is created each time the file is opened. It is associated with a file object which includes information such as the mode in which the file was opened and the offset pointer where the next operation will begin. This information is called the context of the file. File descriptors are retired when the file is closed or the process terminates. Opens always choose the lowest-numbered file descriptor available.)

On Solaris, each user account has a certain limited number of file descriptors. Use the ulimit command to print or set resource limits. A resource limit is a pair of values that specify the current (soft) limit and the maximum (hard) limit. You can modify the hard limit in /etc/system. You must reboot your machine anytime you modify /etc/system.

Note: Do not change the default soft limit. It has the potential to affect many processes on the server and will not affect WebLogic Server.

You must have adequate permissions to use the ulimit command. Any user may lower a hard limit. Only a super-user may raise a hard limit.

To view and adjust file descriptor limits:

1. Use the ulimit command to print current resource limits.
ulimit

2. Set the hard limit value in /etc/system, according to your needs. For example:
set rlim_fd_max=4096 /* hard limit */

3. Restart WebLogic Server.
A message will appears in the startup log.

SightQuest : Computer Security - Antivirus aides, virus threats, online protection, patches, and information.

Best practices for implementing spam control

Spam-catching is a tricky game. It's a dimension more difficult than antivirus. An antivirus laboratory makes a binary decision: Is it a virus? Is it not a virus? Yes. No. And we want the lab to be right every time.

The antispam game, however, is triage. There are messages that can be clearly identified as spam, and messages that can be clearly identified as not-spam, and then there is a pile of messages left over that are neither black nor white; they are gray. What are we going to do with the gray pile? What is in it, and why is it so tricky?

"Good guys" vs. "bad guys"
There are four categories of spam:

  • No. 1: Confidence games, pornography, and unethical senders
  • No. 2: Chain letters, hoaxes, and urban legends
  • No. 3: Legitimate offers from legitimate senders
  • No. 4: "Occupational spam" from your colleagues


The job at the boundary is to sort out the good guys (No. 3 and No. 4) from the bad guys (No. 1 and No. 2). If a message is from one of the bad guys, you can request removal from their mailing list ("unsubscribe"), but your request will serve only to validate your address, and you will receive more spam. If it's from one of the good guys, they should be practicing ethical permission-based marketing: In other words, you can safely unsubscribe and the sender should politely stop sending additional messages.

Best practices for controlling spam
Tuning for the business
You can't just look for specific banned words and expect to make the right decisions every time. For example, if you have a department working on a cure for prostate cancer or designing bicycle seats, there may well be some anatomical terms that will come up in the normal course of doing business that might also be on the dirty-words list. Rules that perform some contextual analysis can help: if the word "breast" is in the same sentence or paragraph with the word "cancer," then it's okay.

Spicy language
It's one thing to ask your employees not to use spicy language when corresponding with a client, but it's hard to ask your clients not to use it. If an angry client writes a fiery message full of inappropriate language, should this be identified as spam and quarantined, or should it be handled in some other way? The answer is a business decision.

Foreign words and phrases
One group of attorneys was experiencing rejection of their messages sent to a number of clients until they finally realized it was because they had a lot of smart people on staff who had graduated magna cum laude. There's a Latin word in there that also happens to appear on the dirty-words list. Another client with offices in Sweden discovered that the word "slut" in Swedish means to complete the project. The enterprise had to adjust its filters to permit this word.

Rate of false positives
Some clients are asking what the rate of false positives is for a given product. A false positive is a message that's captured, or flagged, as spam, that was a bona fide message you don't want to lose. You should be able to tune the capture rate of a product and work with it to reduce false positives. But that will mean you will have false negatives. Because this is not a perfect science, it may well require human review to make the final determination.


Formula to calculate spam capture
The capture rate (CR) and false positive rate (FP) are related by a quotient based on the efficiency of the filter system. As CR increases, so does the FP. No product can achieve CR=100 and FP=0. If the vendor makes this claim, it does not fully understand the complexity of the game. You can approach FP=0 by tolerating a lower CR, or you can maximize CR by tolerating an elevated level of FP, but you can't have both.



The best antispam products have the highest rates of confidently identifying spam (for example, we've seen it before). No matter how elegant, systems that examine the header and body will not always be right, but they should tell you how confident they are that this is spam (for example, 85 percent sure vs. 55 percent sure that this is spam). When dealing with the "gray pile," you will need tools to tune the system for your business. Based on the point scale or confidence rating, you can participate in deciding how a given message should be handled. Through 2003, e-mail spam capture rates in excess of 85 percent will result in false positive rates of 5 percent or greater.

Developing a comfort level
When you implement any antispam product or service, you should never begin deleting flagged messages on Day 1. You should stage the implementation and enroll your users in the validation process. Keeping an open and courteous channel of communication with your employees is an essential part of any spam-control program.

Reporting
You can use reporting to help size the problem and possibly test the rules. If you were to turn on this rule set today, how many messages would have been deleted? How many would have been quarantined? How many would require human review? How many staff members would be required to do the human review?

Marking headers
The second step is to turn on the rules but only mark the headers. At this point, you can see the decision-making in action, and you can evaluate whether you agree. Again, you are not yet stopping messages but are evaluating in combination with the reporting what level of effort would be required if you were to stop these messages.

Quarantine
As a third step, quarantine the most egregious messages, those with the highest point score or confidence rating (most probably spam). For example, quarantine all messages with confidence ratings greater than 85 percent. Let that run for a week or so and validate with the users how that looks. Gradually increase the number of messages quarantined by using a lower confidence threshold: 80 percent confident, then 75 percent confident, then 70 percent confident, possibly putting the newest 5 percent into a separate pile so that you can review it closely and watch for false positives. By creating an additional rule, you may prevent the false positives you find, as in the examples above.

As you approach midrange, you need to decide what approach to use for the messages with confidence ratings of 45 percent to 65 percent. What do you do with these? Clearly, the automated system cannot make the final decision. You need to make the decision that's right for your environment. Often, our clients simply mark the header, note that there is a possibility this is spam, show the reasons for that concern, and let the end user decide. At this point, the most offensive messages should have been deleted, and the possibility that this is a legitimate message is high.

Choices for this group are:

  • Mark and pass through.
  • Mark, pass through, and send a copy to a collection for review. You may find that with some additional rules, you could change the odds.
Quarantine and review. Once you have quarantined a message, especially one with such a low probability that it is spam, you have an obligation to review it promptly and send it on its way or declare it spam. You have to be prepared to deal with the quantity of messages in this category.

Directory Add URL-Free.com

Design your Active Directory tree with security in mind

Successfully designing an Active Directory (AD) tree is no small feat. AD has many different components and concepts that can easily confuse and intimidate a new Windows 2000 administrator. When designing your tree, you must consider business needs, site locations, administrative overhead and, most importantly, security. In this Daily Drill Down, I’ll show you how to design an AD tree that takes into account all of these needs—especially security.


Why use Active Directory?

The main benefit of using AD is that you can centralize the management of your entire Windows network. AD is designed to support millions of objects within the database. With AD, you canget rid of your legacy resource domains, which will allow you to reclaim the hardware required to keep these domains active while also eliminating the administrative headaches.

You can use AD to create increased policy-based desktop security and software distribution with the tools included with Windows 2000 server. AD allows you to delegate administrative control to personnel for simplified tasks, such as DHCP and the addition of new systems to the network. You can also search for printers and other shared resources, which simplifies installation and increases usefulness to the client user.

AD integrates with other programs and features that add security and manageability. Group policies can make the management of your users and resources easier by providing policy-based administration. Exchange 2000 adds a layer of messaging to your AD setup. With the ability to add MSN Messenger and e-mail information, Exchange 2000 adds to the schema of AD.

Although not originally included with the AD install, integrated public key infrastructure (PKI) services available from third parties allow you to use public cryptography keys for securing your infrastructure. AD is based on Kerberos, an open standard for using authentication and encryption. Adding PKI services to AD gives you that extra bit of data security.

By using AD as the core of your network management system, you’ll have the ability to scale the system, while still keeping your security concerns manageable. If you need to add further security to AD beyond what Microsoft ships with Windows 2000, Microsoft also recommends some third-party management applications that add more granular features to AD. You can find out more about these third-party applications at Microsoft’s Active Directory Deployment and Administration Web site.

AD provides a granular security model so you can dish out rights only to the people who need them. The best way to set up a secure AD is to evaluate your existing policies and create a plan to alter them based on the new AD abilities.

Start with forest planning
Creating a detailed plan for your forest schema before you begin building an AD tree will save you from having to reorganize your AD users and resources later. A forest is the top of the chain when it comes to administrative control. In total, AD consists of a schema, configuration information, a global catalog, and trusts with domains in the forest.

Your schema contains the information and attributes about everything stored in the forest. The schema is a template for which information is stored in the database. A schema in an AD installation is replicated to every domain controller in your forest.

Configuration objects are like the cells in an Excel spreadsheet. The configuration containers have data defining the infrastructure, such as domains, sites, and site links. Just like the schema, the configuration containers are also replicated throughout your network to all the domain controllers.

Because networks contain a lot of information, you don’t want queries to each database/domain controller every time someone searches for a printer. This is where the global catalog comes in. The global catalog keeps a scaled-down version of the AD information that is most often searched. This increases the speed of the system, especially if you have slow links throughout your organization. Every domain controller that is running the global catalog in the forest, regardless of the domain to which it belongs, has an exact copy of the current global catalog.

The AD database is very scalable—well into the millions of objects. Because of this scalability, there is no technical reason for you not to use a single forest. Some organizations choose to separate their forests for administrative reasons. One of the first steps in AD design is to choose which of the three acceptable models of AD you want to use:

  • Single forest design: This is the most simple of the three models. All directory objects are in a single AD database and have one root domain. With one forest, your administrative costs are lower than with multiple databases. Microsoft recommends you use the single forest design if at all possible.
  • Subscription forest design: This is a blend of the single and multiple forest design concepts. This design is sometimes used when an organization is phasing AD into multiple units within the same business. If some business units have already started adopting AD, they can begin creating their forest and then integrate it into the main corporate forest later. Then, in the exterior forests, the administrators can manage security and shared information in their own forest without being concerned with what is going on in the main forest.
  • Multiple forest design: This model is best used when the business units have their own administrators and must manage their systems and security away from the rest of the organization. This the most complex configuration, and your administrative overhead is the greatest because you need to administer each forest independently and apply security and policies on each subsystem.


If AD already exists in your organization, you have the choice of participating in the existing structure or going it alone and creating your own forest. If you have your own forest, you gain the ability to control your data in the way that your unit requires, and you aren’t limited to the greater control of a system-wide administrator. However, if you have a single administrative group, a shared forest with domains gives you the same controls.

When you use a single forest to share all your domains, managing the entire network becomes much easier. Any schema changes you make become global, affecting all domains in the forest. Configuration and security changes will affect all resources in your organization. You’ll have one global catalog for all of your users, and you won’t have to troubleshoot any issues with the systems taking affinity to another catalog. And, best of all, security trust relationships will be automatic between the domains that are in your forest.

There is only one technical reason that may limit your ability to have a single forest. If you’ve deployed a network address translation (NAT) firewall between your domain controllers, and you can’t use a VPN to connect the two sites, you must have independent forests that have trusts set up.

The problems of working with multiple forests
When you have more than one forest in the same organization, a couple of caveats can give you headaches as an administrator. Not the least of these is the fact that having multiple AD forests will greatly increase your administrative overhead and cost.

One of the key things you lose when you use multiple forests is the automatic trust relationship between servers. Domains and servers within a single forest inherently trust one another. If you want to access resources in another forest, you must manually create the trust between the two forests. Beyond trust issues, some of the other complications created by multiple forests include the following:

  • Kerberos authentication will not occur between the two forests. Each forest contains its own Kerberos encryption key for the root domain, which can’t be passed between forests.
  • Client systems can belong to only one forest at a time.
  • Multiple forests dictate multiple global catalogs, which increases complexity and the chance of failure.
  • You have to use additional applications to replicate the information across the forest boundary.

In short, to maximize security and minimize network administrative overhead, create a single forest.

Logical domain design
Within a forest, you create domains to prevent data from replicating to every point in the network, and to segment users and resources into logical groups. This allows easier administration and reduces the replication bandwidth needed for data transfer. You also gain scalability by segmenting your network into smaller slices, allowing the network to grow to an almost unlimited size.

A domain is also used for authentication of your users and the resources that they require, groups they are organized into, and computers that are allowed to log into the network. Within the domain, you can assign policies to users, groups, and even computers, and standardize the system configurations across your organization. This helps reduce the cost of managing your workstations. You can also assign some additional policies to users, such as passwords and logon policies.

Domains can also serve as a repository of information about resources, such as printers, SQL servers, and mail servers. This gives users the ability to search for resources with a simple search entry instead of having to browse through the network, thereby reducing the calls for help to add printers and other resources.

The first domain in your forest is assigned the role of the root domain. All other domains in the forest will be built upon this root domain to define the AD hierarchy. Two groups are contained in the root domain: the Enterprise Administrators and the Schema Administrators. These groups will give access to a select few superadministrators to manage your entire forest and all the domains that are contained therein.

It’s best to keep other users out of this root domain and create all of your objects in a subdomain. By having a dedicated domain, you have fewer administrators with the ability to make forest-wide changes. Since the root domain can never be changed, you can move subdomains around without affecting the root. So if a unit or your business changes its name, you don’t have to set up an entirely new forest. You just change the domain instead.

Domain name services
With AD comes a new way to search and find resources. Domain name services (DNS), adopted from the Internet DNS, replace NetBIOS names via Windows Internet Name Service (WINS). DNS is a highly scalable design that's the backbone service mapping names to IP addresses.

For security reasons, I recommend having an internal, private DNS server for use with your Active Directory. If the DNS server is compromised or becomes unavailable, the entire AD system and your network will come to a complete stop. After setting up AD, there will be a new option within the DNS control panel that activates DNS integration with AD and stores DNS objects in the AD schema. You should always have more than one DNS server, as well as a domain server for each domain. Having multiple DNS servers prevents interruptions of service in case one DNS server fails.

Organizational units in Active Directory
Organizational units (OUs) are containers within the domain that contain users, groups, computers, and other OUs. This allows you to nest OUs for management purposes.

With OUs, a department can manage its own resources within the domain. This delegation allows for distributed management of the network resources, which reduces administrative costs for the overall network. This lets the forest and domain administrators manage the directory service, while delegating smaller tasks to regional personnel.

With the OU structure, you set up delegation of administrative tasks. Place the users, systems, and other objects in an OU, and then delegate that OU to the user or other OU that you want to manage that group. Doing so will help reduce the number of administrators with high-level access, and it will provide the right amount of control to the users who need to manage a smaller number of people without full administrative control.

OUs also allow you to set up effective group policies that can help you secure your entire network. You can apply policies to an OU, thereby managing logon, password, and Kerberos policies. Group policies cannot be applied to the default Users And Computers container. Although it may appear to be an OU, it’s not.

Controlling replication with site topology
Domains allow you to control which AD data is replicated to which locations. For remote sites, you don’t want your entire directory going off-site. This is where your site topology is helpful. You can define your sites and what domains are replicated to other sites for authentication or disaster recovery purposes. Doing so can reduce the amount of network connectivity that is needed at each domain site.

Only the beginning
Defining policies, setting up domains, and creating your forests are sizable tasks. Once you get started, you’ll see that this project will take weeks to plan—if you do it correctly—but only about 30 minutes to set up. When you take time in advance to include security as a part of your AD design, you’ll end up with a more secure and easily administered network.

Reduce vulnerability by limiting your network's reach

Large blocks of networks have recently taken advantage of zero-day exploits to steal financial data. Attackers manipulated an exploit to transmit an individual's financial information to a country with a poor record of tracking and prosecuting Internet criminals.

I won't mention the name of the country, but these networks are beyond the law enforcement boundaries of most civilized nations. How do you prevent hackers from performing such an attack on your organization's network?

You can regain control of your network by answering a few questions about the purpose of your organization's network:

  • Do we have a global business?
  • Is our business local or regional?
  • Do our internal users need access to every network on the planet?

Answering these questions can greatly limit your company's exposure to attacks beyond the reach of law enforcement in your country. If your business is local or regional, you only need to worry about who else is in your area of the world.

Do your research

The Internet is a big place, and one organization runs it: the Internet Assigned Numbers Authority (IANA). It divides all public IP addresses among the Regional Internet Registries (RIRs) to distribute blocks of IP addresses.

There are four RIRs:

By performing a little bit of detective work at each site, you can determine which IP addresses originate from each country or region.

Combining this information with your answers to the questions about the purpose of your organization's network, you can begin to diminish your vulnerability to hostile networks and concentrate on serving your organization's target communities.

Limit network exposure

Let's look at an example. If a business network serves only the European community, then you could block every IP address at the network boundary that doesn't originate from this area. For example, you would block everything except the following networks:

62.0.0.0 - 62.255.255.255
80.0.0.0 - 80.255.255.255
81.0.0.0 - 81.255.255.255
82.0.0.0 - 82.255.255.255
83.0.0.0 - 83.255.255.255
84.0.0.0 - 84.255.255.255
85.0.0.0 - 85.255.255.255
86.0.0.0 - 86.255.255.255
87.0.0.0 - 87.255.255.255
88.0.0.0 - 88.255.255.255
193.0.0.0 - 193.255.255.255
194.0.0.0 - 194.255.255.255
195.0.0.0 - 195.255.255.255
196.200.0.0 - 196.207.255.255
212.0.0.0 - 212.255.255.255
213.0.0.0 - 213.255.255.255
217.0.0.0 - 217.255.255.255

Apply this block or access list to both inbound and outbound traffic. In addition, integrate this strategy into any existing blocks or filters for services you already have in place.

This simple strategy defines the business area of your network, and it reduces your organization's exposure to hostile attacks.

Thursday, October 13, 2005

Religions and God

Although this is true that religion is the integral part of our life or we can say it as human existence. But while chatting with one of my friend I got to know some thing called Taoism and then to capitalized my time over here in the project I started reading books and article related to religion apart from technical books and article (Its my Hobby). Some of the research work which I am able to explore describes different religions in term of God or Baghwan or Iswar or Allaha etc what ever u call it i will call it Almighty (Not of movie :) ) except for some of them, after all exception are every where.
Human psychology insist every human being to accept the existence of the creator, unless he has been conditioned to believe the contrary . I am ready to bet on that 97% of the human in the world believe in the existence of creator be it scientist, astronaut , doctor , computer professional or be a psycho too. Hence I can conclude that believing in god requires no reason or proofs while rejection of god does. I am also trying to do the depth study of religions one by one but here again if almighty will allow me and support to do it. :)

Some of the research papers broadly categorized the religions of this planet into two categories .
Semitic
Non-Semitic
Here Semitic word is derived from the name of one of the character of holy Bible Shem considered to be son of Prophet Noah. Descendents of Shem are known as Semites. Hence the Semitic religion are the religions that originated among Jews, Arabs, Assyrians, Phoenicians, etc. Major religion in this category are Judaism, Christianity, Islam,
Also known as prophetic religion that believe in divine guidance given by prophet of God.

Non -Semitic religions are further sub divided in to two more category
  1. Aryans
  2. Non-Aryans
Aryan Religions
Named on the community or race consist of powerful group of Indo-European speaking people that spread through Iran and Northern India in the first half of the second Millennium BC (2000 to 1500 BC). Almost all of the major Aryan religions are non-prophetic religions.
It is further divided into two major categories
  1. Vedic
  2. Non-Vedic
Vedic religion is given the misnomer of Hinduism or Brahmanism. While most popular non Vedic religions are Sikhism, Buddhism, Jainism, Zoroastrianism(Parsiism) etc

Non-Aryan
Religions have diverse origins. Like Confucianism and Taoism are of Chinese origin while Shintoism is of Japanese origin and do not have a concept of God. Some critics refer them as ethical system rather than as religions.

Confucianism moral and religious system of China is also considered to be agnostic religion and do not comment on God.

Taoism refers both to a Chinese system of thought and to one of the four major religions of China and do not have a concept of God. Tao means the way or path. Taoism has had a significant influence world-wide: in many Western societies it can be seen in acupuncture, herbalist, holistic medicine, meditation, martial arts, Feng Shui and Tai Chi .

Aryan Vedic :
Hinduism
is an assortment of religious beliefs, most of whom are based on Vedas and Upanishads. It is commonly perceived as a polytheistic religion. Some believe in the system of three Super Powers some believe in the existence of 33crore i.e. 330 million Gods. However learned Hindus who are well versed with their scriptures insist that a Hindu should believe in only one God. But then what is 330million ?

Its very simple as per the Hindu believes every thing is god (God is present in) be it tree, sun, moon, animals or even U and me . And as per believe their is 330 million creatures are in planet hence if every thing is god then 330 million gods are their.
Second believe of 3 super powers are considered to be the attributes of god; Creator, Sustainer and Destroyer (Brahma, Vishnu & Mahesh), originated from the null (sunya or Zero or Null ) called "OM" (its nothing but only a sound ) means god attributes originated from sound. ( In scientific term I can explain it with an example of nucleus of an atom. So their is different attributes of atom its an creator , its an sustainer its and destroyer too but its self existence is nill ie Zero its an totally different matter of fact, what it creates, what it sustain and what it destroy.) That's why in yoga this sound has a very special significance. I don't know how you will take it. But its an believe of millions of Hindus and mine too. Their is thousand of other believes too but most of them at last conclude in these two believes only. Hinduism believe in the doctrine of incarnation (Avtars).

Aryan Non Vedic:
Sikhism:
Its an non Vedic religion but considered to be the offshoot or branch of Hinduism founded by Guru Nanak at the end of the 15th Century originated in the area of Pakistan and northwest India called Punjab meaning the land of 5 rivers. GuruNanak was born in warrior cast of Hindu family but was very strongly influenced by Islam. Sikh word is derived from the word Sisya meaning follower. Its an religion of 10 Gurus (Teachers). The sacred book of Sikhism is Sri Guru Granth also called Adi Granth Sahib. In this religious believe their is one supreme god who is in the unmanifest form called "OM" and having several attributes. While Sikhism does not believe in incarnation means god does not incarnate himself in what is known as avatar. Also idol worship is strongly against this religion.

Buddhism is considered to be agnostic religion and do not comment on God . In the religion its neither confirm nor deny the existence of God. But I know most of the Buddhism followers believe in existence of almighty. This religion and philosophy founded in India c.525 B.C. by Siddhartha Gautama, called the Buddha. There are over 300 million Buddhists worldwide. One of the great world religions, it is divided into two main schools: the Theravada or Hinayana in Sri Lanka and SE Asia, and the Mahayana in China, Mongolia, Korea, and Japan. A third school, the Vajrayana, has a long tradition in Tibet and Japan. Buddhism has largely disappeared from its country of origin, India.

Jainism is considered to atheistic religion which do not believe in the existence of God. Being an ascetic religion of India, that teaches the immortality and transmigration of the soul and denies the existence of a perfect or supreme being. Arose in the 6th cent. B.C. as protests against the overdeveloped ritualism of Hinduism , particularly its sacrificial cults, and the authority of the Veda. Jain tradition teaches that a succession of 24 tirthankaras (saints) originated the religion. The last, Vardhamana, called Mahavira [the great hero] and Jina [the victor], seems to be historical. He preached a rigid asceticism and solicitude for all life as a means of escaping the cycle of rebirth, or the transmigration of soul. Thus released from the rule of karma, the total consequences of past acts, the soul attains nirvana , and hence salvation. Mahavira organized a brotherhood of monks, who took vows of celibacy, nudity, self-mortification, and fasting. Since the 1st cent. A.D., when a schism developed over the issue of nudity, there have been two great divisions of Jains, the Digambaras [space-clothed, i.e., naked] and the Svetambaras [white-clothed]. Jainists, then as now, accumulate merit through charity, through good works, and in occasional monastic retreat.

Zoroastrianism (Parsiism) is an ancient Aryan religion originated in Persia more that 2500 years ago. Though it has relatively few adherents, less that one hundred and thirty thousand in the whole world, The Iranian prophet Zoroaster was the founder of Zoroastrianism. The scared scripture of parsis is the Dasatir and Avesta.

Semitic
Judaism is one of the major Semitic religions. Its followers are known as Jews and they believe in the prophetic mission of Prophet Moses. That's what I am able to explore so far.

Christianity and Islam: They are almost same only way of seeing things different . Both religion believe in the one supreme power . Both of the religions believes in the existence of Jesus. Difference is that in Islam its believed that Jesus was one of the mightiest messenger of god while Christian believes in divinity of Jesus. In Islam it is a believe that Holy Quran has word of God revealed to Prophet Mohammed. Also Idiol worship is strictly prohibated. As per islamic belives every thing is of god's be it tree, animals, human, sun, and moon.

Monday, October 10, 2005

Configure a Win2K DNS server to forward external requests

Jun 13, 2002
This experience is very interesting for me with my first real time encounter for Win2000 Network That’s why I like to share my this experience with all of you . Firstly I Introduce the concept & Then describe how to do this. You know how DNS is supposed to work. You type http://www.keekar.com into your browser, your DNS server resolves the name into an IP address, and then your browser connects to the Web page at that address and displays it. However, after you set up Windows 2000 domain controllers, Active Directory, and a Windows 2000 DNS server, you may find that your systems are unable to resolve any Web addresses for resources outside your local network.

This problem occurs because Windows 2000 can sometimes configure its DNS server to act as a root server. As a root server, the DNS server will resolve only addresses that it has DNS records for (usually only local resources). I’m going to show you why this happens and how to fix it.

What's the problem?

In a Windows 2000 environment, DNS fills two roles. First, Windows 2000’s DNS can provide traditional Internet name resolution for clients on your network that need to access Internet resources. Second, Windows 2000’s DNS can provide access to Active Directory and local network resources.

When you first install DNS and Active Directory on your network, Windows 2000’s Setup program can cause these two roles to come into conflict with each other. Setup can accidentally configure DNS to resolve Active Directory resources but not allow clients to access Internet-based DNS servers.

When Setup runs, it checks your network for other DNS servers. If it doesn't’t find any, Setup assumes that it’s the only DNS server on the planet and sets itself up as a root server. By definition, root servers are authoritative. Basically, they are DNS know-it-alls that don’t require help from other DNS servers.

In a network that’s not connected to the Internet, having your main DNS server configured as a root server isn’t a problem. Because there aren’t any external addresses to worry about, the root server indeed knows all there is to know about addresses on your network. However, things become complicated when you connect your network to the Internet. At that point, your internal DNS server can’t know the address for every Internet resource, so it requires help from external DNS servers.

If Setup has configured your DNS server as a root server, the DNS server won’t look for help from external DNS servers. As a matter of fact, if you try to configure forwarders or root hints on a Windows 2000 DNS root server, it will refuse to accept the information.

Tearing it out by the root
So what do you do to allow your internal Windows 2000 DNS server to forward queries to external DNS servers for addresses it doesn’t know? You manually administer an attitude adjustment to your DNS server to make it realize that there are other DNS servers it should refer to, essentially removing the DNS server’s root server configuration.

To do so, click Start | Programs | Administrative Tools | DNS. This will start the DNS Management Console. Expand DNS Server object in the left pane. Expand the Forward Lookup Zones folder. Select the zone folder that is marked with a period, right-click on it, and select Delete. Delete ting the root "." forward zone, to convince your DNS server that there are at least 13 more knowledgeable name servers than itself. In addition, you will need to provide your machine with a list of those wise root name servers. This can be accomplished in two ways:
· By adding forwarders (usually your ISP's name servers);
· By adding root hints, or both. You do this in the mmc (Right-click your machine name>Properties>Forwarders: Check "enable forwarders" & enter their IP addresses (You can usually get a list of your ISP's name servers by using whois).


If you’re using Active Directory Integrated Zones, the DNS MMC will display a dialog box informing you that when you delete the zone, the MMC will also delete the zone from Active Directory and any DNS server that references Active Directory. Click Yes to remove the zone from both Active Directory and the DNS server.

Setting up forwarders
After you restart your Windows server, you can configure DNS to forward to other DNS servers. Start the DNS MMC again, right-click on your DNS server, and select Properties. When the Properties window for the server appears, click the Forwarders tab. Select the Enable Forwarders check box.

If this check box is grayed out, your DNS server is still configured as a root server. Check to make sure that you’ve selected the right DNS server and properly removed the root zone folder as mentioned above.

In the IP address field, enter the DNS servers you want to forward to. You’ll need to enter the IP address of each server one at a time, clicking Add after each one. When you have finished, click OK.

Going forward
Once you remove the DNS server’s root capability and configure forwarders on your DNS server, your workstations will be able to access both internal and external network resources. By doing this, you can save yourself the headache of entering multiple DNS addresses on client workstations (or setting them up in DHCP). Simply direct client requests to your Windows 2000 DNS server, and it will handle the requests that it can and forward all other requests to the external DNS servers.


Sunday, October 02, 2005

Using ssh in place of rsh.

Before we could start on this first take a look how authentication is worked in ssh . Authentication varies depending upon the version of protocol.

SSH protocol version 1
The first authentication method is the rhosts or hosts.equiv method combined with RSA-based host authentication. If the machine the user logs in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote machine, and the user names are the same on both sides, or if the files ~/.rhosts or ~/.shosts exist in the user's home directory on the remote machine and contain a line containing the name of the client machine and the name of the user on that machine, the user is considered for log in. Additionally, if the server can verify the client's host key (see /etc/ssh_known_hosts and ~/.ssh/known_hosts in the FILES section), only then is login permitted. This authentication method closes security holes due to IP spoofing, DNS spoofing and routing spoofing. [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are inherently insecure and should be disabled if security is desired.] I am call this mechanishm as server authentication mechanism.

As a second authentication method, ssh supports RSA based authenticationThe scheme is based on public-key cryptography: there are cryptosystems.

SSH protocol version 2
When a user connects using protocol version 2, similar authenticationmethods are available. Using the default values for PreferredAuthentications, the client will try to authenticate first using the hostbased method; if this method fails, public key authentication is attempted, and finally if this method fails, keyboard-interactive and password authentication are tried.

The public key method is similar to RSA authentication described in the previous section and allows the RSA or DSA algorithm to be used: The client uses his private key ~/.ssh/id_dsa or ~/.ssh/id_rsa, to sign the session identifier and sends the result to the server. The server checks whether the matching public key is listed in ~/.ssh/authorized_keys and grants access if both the key is found and the signature is correct. The session identifier is derived from a shared Diffie-Hellman value and is only known to the client and the server.

If public key authentication fails or is not available, a password can be sent encrypted to the remote host to prove the user's identity.

Lets go little bit more depth on Server authentication because I am using this.

ssh automatically maintains and checks a database containing identifications for all hosts it has ever been used with. Host keys are stored in ~/.ssh/known_hosts in the user's home directory. Additionally, the file /etc/ssh_known_hosts is automatically checked for known hosts. Any new hosts are automatically added to the user's file. If a host's identification ever changes, ssh warns about this and disables password authentication to prevent a trojan horse from getting the user's password. Another purpose of this mechanism is to prevent man-in-the-middle attacks which could otherwise be used to circumvent the encryption.The StrictHostKeyChecking option can be used to prevent logins to machines whose host key is not known or has changed.

So once every thing is set use following command.

# ssh -t \server\ \command
Ex.
# ssh -t server2.keekar.com ls -ltr

Output will come on the calling screen not on remote screen. Also their is no login shell is allocated means once the command finished it itself colsed.

IT export of India


One of my college always state that the India software export is only 2% of its all export and crib that Indian government is not doing any thing for its other export (agriculture according to him) which are the core of export. His cribbing and criticism enforced me to collect some vital statistics and know the truth. Why in country so much hype for software export sorry its better to say IT export . This small research help me to collect some of the information which are mind blowing . Like to share some of these information with u people so that some misconceptions and elegation will be removed. I agree the statistics are not every thing but still it is some thing. Proof is below.

Starting from Union budget 2003-2004 section 1.44 India continues to make progress on export-oriented production in electronics and computer technology. Software exports have grown at a compound growth rate of over 50 percent per year for the last five years. (unfortunatly our gov is not able to understand that its not software export but its and combined IT export hopefully they are able to correct it in next budget) So if government is concentrating more in this sector whats the harm . It doesnt mean that putting so much efforts in this sector makes them sleep for other sector.

As per the report published on 4th July 2005 India's merchandise exports have almost doubled in the last three years to $80 billion, and exports of software/IT-enabled services have almost tripled to $17.2 billion. which shows that the software/IT-enabled export is not 2% while its approx 21%. Might be he has some wrong data or some calculation mistake. It might be 2% once upon a time. Some other statistics which I am able to consolidate are as.

As per one of the prediction report published by McKinsey
India started exporting software in 1983 is expected to touch an envious $ 50 billion figure in 2008. India whose export earnings from all sources totalled $ 36 billion till recently will be able to boost its total exports to $ 260 billion in 2008, 35 per cent of it from the IT related exports.

Other key findings of this report are:

  1. Software & Services will contribute over 7.5 % of the overall GDP growth of India
  2. Total annual turnover of IT Industry is $ 87 Billion (Internal + export)
  3. IT Exports will account for 35% of the total exports from India
  4. Potential for 2.2 million jobs in IT by 2008
  5. IT industry will attract Foreign Direct Investment (FDI) of U.S. $ 4-5 billion
  6. Market capitalization of IT shares will be around U.S. $ 225 billion

India started IT related exports as early as 1984, the Indian IT industry remained in red till 1993. The first and only one multinational company, Texas Instruments, came to India in 1986. The year 1993 could be called a turning point for the Indian IT industry when the software exports crossed the $ 330 million figure, over six-fold that of $ 52 million in 1987. It was also the year when the US MNCs flocked to India in gangs to reap the profit.

A very interesting statistics is present in BREAK-UP OF PROJECTED $ 87 BILLION IT INDUSTRY

  • IT Services -$ 39 Billion- 45%
  • Software Products -$20 Billion- 23%
  • IT Enabled Services (BPO) -$ 19 Billion- 21%
  • e-Business -$ 10 Billion -11%

So what would you think so called software developers and software consultants. 80% of us who is working in software usually see IT Enabled Services (BPO) with some other angle which is competeting while IT Services (Support centers or maintenance project ) will be the leading the export economy.

This is the fact that fastest-growing export sector is the outsourcing of business services called BPO (business process outsourcing) or ITES (information technology enabled services). These span a huge range of services from simple call-centres to engineering and R&D services. They are growing so rapidly that one day they will surely overhaul software exports. In 2004-05, computer software exports rose 30.4 %, but service outsourcing exports rose even faster by 44.4 %.

Indian software giants like TCS, Infosys and Wipro are India's biggest exporters. Yet, foreign companies now account for 30 per cent to 35 per cent of software exports. Every big name in the world has opened an Indian unit, from Microsoft to Oracle to SAP. Here again, what look like Indian exports are also the internal trade of MNCs.

What is not so well known is that two-thirds of our outsourcing exports come from captive Indian units of multinational corporations. The entire industry was kick-started by General Electric, and others followed. So, India's most dynamic export sector is not Indian at all but foreign-owned. In official economic terms, such service exports are Indian exports. But in pure business terms, they are the internal trade of MNCs.

This shows that globalisation is not a zero sum game, in which the gains of one side are the losses of the other side. Both sides gain. There are some short-term losers in the US whose jobs travel to India. But US living standards rise only because workers are constantly forced out of lower-productivity jobs into higher-productivity ones. Every year, the US destroys 32 million jobs and creates 32.5 million jobs. The net result is a richer, more productive USA.

Friday, September 23, 2005

SSH On Cisco Router

Last week we had and very peculiar requirement and requirement is like that in our Indian datacenter some engineers are trying to enable HDV (High density voice module) for voice call routing with our existing EPBAX. I am helping them too from different continent itself. But unfortunately I am not able to access that router on our dedicated MPLS circuit. But from my hotel room I am able to access that router because one of its interface is also connected to internet. And its my requirement to access router till time its not get configured properly because I am also doing lots or R&D on that . Suddenly after one day some one raised an security concern because I am accessing that router through telnet session (Means clear text password transfer on internet) Very dangerous man. And then research started to enable the SSH on router too ASAP. Although with small effort its started working . Enclosed steps evolved.

Configure Host Name

Router(config)# hostname Keekar-Router
Keekar-Router(config)#

Configure a domain name on your router using the ip domain-name command.

Keekar-Router(config)# ip domain-name keekar.com
Keekar-Router(config)#

Then, create an RSA encryption key pair for the router to use for authentication and encryption of the SSH data.

Keekar-Router(config)# crypto key generate rsa
The name for the keys will be: Keekar-Router.keekar.com

Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [512]: 768
% Generating 768 bit RSA keys ...[OK]

Keekar-Router(config)#
*Mar 1 00:17:13.337: %SSH-5-ENABLED: SSH 1.5 has been enabled
Keekar-Router(config)#

As you can see from this example, after the system generates the key, you'll receive a message that it has automatically enabled SSH 1.5 on the router.
What is this SSH 1.5 ? (We are wondering)
Then got to know CISCO call SSH1 --> SSH 1.5. Its quite funny Yes I know . :) Imagine 1.5 Man, In palce of Willian-2 , William-1.5 . OK thats enough concentrate.
If the system has enabled support for both SSH1 and SSH2, this message would say SSH 1.99. :)) (Sorry buddy I am not able to control my self.
If the system has only enabled support for SSH2, the message would say SSH 2.0.

You can also configure SSH settings if you choose. To do so, use the ip ssh command with which ever parameters you choose to set. (Different IOS versions have different
options because they support different versions of SSH.) Here's an example:

Keekar-Router(config)# ip ssh ?
authentication-retries Specify number of authentication retries
Port Starting (or only) port number to listen
on
Rsa Configure RSA keypair name for SSH
source-interface Specify interface for source address in SSH
connections
time-out Specify SSH time-out interval

Keekar-Router(config)# ip ssh

Configuring optional SSH settings completes the process of configuring SSH on the router. Now, let's take a look at showing the SSH status.
To view the status of SSH, you can use the following commands:

* Use show ip ssh to view SSH settings.
* Use show ssh to view SSH connections.

Here's an example:

Keekar-Router# show ip ssh
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 3
Keekar-Router# show ssh
%No SSH server connections running.
Keekar-Router#

SSH debug commands are also available by using the debug ip ssh command.

You can use a device's built-in SSH client to connect to other SSH servers. The Privileged Mode command is ssh. Here's an example:

Keekar-Router# ssh ?
-c Select encryption algorithm
-l Log in using this username
-o Specify options
-p Connect to this port
WORD IP address or hostname of a remote system

Keekar-Router# ssh




Saturday, September 17, 2005

Indians are terrible at prevention, but terrific in crisis management

Although below mentioned words are not of mine its of Anita (columnist for Outlook) . But I am highly impressed what she captured, Its reallay a marvelous. I am reading some articles abt the political, social and economics of India and this article came across. Enclosed same for u because I know if I add URL u might hesitate to read.

Starting From Politics :
In fact, nationalism is one of the biggest growth industries in India, one that is guaranteed to stymie, if not wreck, genuine economic progress. In the last decade, the rise of Hindu nationalism has become a growing nightmare for India's Muslims and Christians. At the heart of this ideology is the belief that today's Muslims should be punished for historical wrongs perpetrated by medieval Muslim invaders and conquerors. The worst Hindu-Muslim rioting and looting happened in the western state of Gujarat in 2002, when Hindu mobs killed and maimed thousands of innocent Muslim civilians, including pregnant women and children, avenging another ghastly incident in which Muslim criminals roasted alive 58 Hindu pilgrims in a train. If unchecked, nationalism will also take its toll on the dangerous Kashmir dispute that bedevils relations between the nuclear-capable neighbors India and Pakistan. The two countries have fought two of their three wars over Kashmir, engaged in another low-level conflict in 1998, and come to the brink of another in 2002, prevented mainly through diplomatic intervention by the U.S. The situation is exacerbated by politicians who polarize Hindus and Muslims before elections in order to garner Hindu or Muslim votes -- with Hindus constituting 82% of the population, Hindu nationalism clearly has a better chance of winning the electoral stakes. The battle for votes may be won through this diabolical strategy of dividing communities, but the opportunity for India to achieve her true destiny as a stable, prosperous giant in the 21st century will be lost.

Bill Clinton once said: "India remains a battleground for every single conflict the world has to win." Certainly India copes with massive problems -- mounting corruption, joblessness, judicial bottlenecks with few convictions and delays of up to 20 years for delivering justice, AIDS, acute water shortages, poverty, disease, environmental degradation, unbearable overcrowding in metropolitan cities, crises of governance, sectarian violence, and terrorism. India adds one Australia to itself every year -- 18 million people. The rural poor (who form the majority) see children as an economic resource, the only security net for old age, and high child-mortality rates necessitate the need for more than one or two. Apart from India's huge natural growth rate, an estimated one to two million poor Bangladeshis slip into India every year in search of work.

Besides all the problem it is really a miracle that India has not collapsed, but this is a country of remarkable stamina. The trouble is, India does not act until a crisis is full-blown. Indians are terrible at prevention, but terrific in crisis management. (Comparable example is of Bombay flood and Switizerland flood and katrina in US) As it looms closer -- like the imminent judicial collapse -- it is exasperating and frightening to see citizens and authorities insouciantly lurch towards the abyss. But once they reach the precipice, Indians are adept at pulling back quickly and effectively. They don't descend into chaos because they are adaptable and resilient. For if disparity is India's weakness, diversity and courage are her strengths. India has a strong network of grass-roots-level institutions, NGOs, and activists that form a kind of coral reef, erecting little barriers on which political and economic onslaughts falter, such as the recent attempts to build an industrial belt around the Taj Mahal that, once exposed in the media, were shelved. These onslaughts come from an array of "threats" -- from local politicians to multinational corporations. Nobody can ride roughshod over India. Nobody can fool Indians. Foreigners may be smooth-talking, willing to bribe, have fancy degrees, and speak English with a beautiful accent. But they can neither arm-twist nor hoodwink Indians. The shenanigans of Enron were exposed first in India. India stood firm amid the Enron-orchestrated swirl of accusations of being difficult, corrupt, untrustworthy. All of which is true. But it was equally true of Enron. Eventually, it was Enron that went bust.

When they cannot do it their way and according to their schedule, politicians rail against the bureaucrats, trade unionists, judges, journalists, and NGOs. But this defensive "coral reef" is what has saved India from sliding precipitously to economic ruin. The pace of Indian economic reforms was widely attacked as too slow by the IMF and World Bank. And yet Joseph Stiglitz, winner of the Nobel Prize for Economics in 2001 and a former chief economist for the World Bank, now admits that India's caution and slow, deliberate steps are precisely what saved the nation from the catastrophic meltdowns and flights of capital that befell Asian and Latin American countries.

India has always been a giant and will continue to be a giant. But she will move at her own pace. She is not an Asian tiger. She is more like a stately Indian elephant. No one can whip or crack her into a run. If you try, the stubborn elephant will dig in her heels and refuse to budge. No power on earth can then force her to move. The desire for change and movement must come from within. India will move, but she will be slow, ponderous, circuitous. Progress will come, but it will come in measured steps, not in leaps and bounds. There is no point arguing whether this is good or bad. It is good and bad. And it is many things in between.

After all, this is India. And we are Indians. :)

Monday, September 12, 2005

Does India need dictator ?


Does India need dictator ?

Its a very long time after which I enclosing my writeup . But yes like to get ur comments to present my views in much more creative way.

Last thrusday I met an Srilankan guy on road. I am actually going as usual but suddenly I hear some words of my familiar language . Its not very clear to me because I had an ear buds of my portable music box on my ears. I stoped and removed my ear buds: just shocked that that guy is taking to me only and important to mind that he is taking to me in Hindi. Then we chat for a while and in that small introduction he said to me can u speak in Hindi because he is taking to me in Hindi and I am replying to him in English . Its not like that I didn't speak or like to talk in Hindi but its long time and now I have shortage of word in my vocabulary that's why I am not able to speak conveniently in Hindi. He started parsing India for so many things.

Thats amazing experience and analysis which I did on my self and realized that the environment help u alot for command over any language . When I am in India I had same feeling when I tried to speak to any one in English but here I had same feeling in my own language. Might be I got diverted to the point . This chap has his mouth totally red like most of the people in India due to Gutka or PAAN . He described that he finished some part of his formal education in india and here also he is studying and part time worked in restorant .Thing to notice for me is that this fellow is almost of 35 years and still a student .

Friday again I had an lunch with one of my colleague at McDonald. Their again we had discussion abt our country . He is elder to me but his views about country is completely negative and he said that our leaders fought for independences unnecessarily. According to his views bruisers has done great job and we are developed nation if we are ruled by them . Unnecessarily our leaders( named one ) demanded for independence and they got it too without vision. Even though he is not ready to accept that India is country prior to Independence. Its very bad that what ever he studied and where ever he studied does not tell him that India is country since from Mahabarata age although that is known as BHARAT VARSH (Named on the name of ruler Bharath) After that great Ashoka tried to make it united and this phenomenon is followed by some to mugal emperors too.

According to him we had poverty and illiteracy today because of independence . I am not aware weather he is right or I am right . I only learned and heard that the ancient Indian greatness . Neither I have seen the Britsh rule. Although I agree that the railways and some big bridges are created by Britsh but for such small thing how much heavy amount we paid . If India is so much backward then why till 1800 century world is fascinated abt India. Take example of Alexender, Mohammad Tuglaq or any other invaders. I am not aware abt the facts but I received one presentation which state that .

India was the richest country on Earth until the time of the British in the early 17th Century

Robert Clove’s personal wealth amassed from the blunder of Bengal during 1750’s was estimated at around £401,102.
It has been estimated that the total amount of treasure that the British looted from India had already reached £1,000,000,000 (£billion) by 1901. Taking into consideration interest rates and inflation this would be worth close to $1,000,000,000,000 ($trillion) in real-terms today.

On the top of all these britishers killed our knowledge society. Why I am saying this because its proved that scientifically we are much more advance till 1700 BC some of the examples are
  • India invented the Number System. Zero was invented by Aryabhatta. The place value system, the decimal system was developed in India in 100 BC.
  • Aryabhatta was the first to explain spherical shape, size ,diameter, rotation and correct speed of Earth in 499 AD.
  • The World's first university was established in Takshila in 700 BC. Students from all over the World studied more than 60 subjects.
  • The University of Nalanda built in the 4th century was one of the greatest achievements of ancient India in the field of education.
  • Sanskrit is considered the mother of all higher languages. Sanskrit is the most precise, and therefore suitable language for computer software - a report in Forbes magazine, July 1987.
  • Ayurveda is the earliest school of medicine known to humans. Charaka, the father of medicine consolidated Ayurveda 2500 years ago.
  • Today Ayurveda is fast regaining its rightful place in civilization.
  • Christopher Columbus was attracted India's wealth and was looking for route to India when he discovered the American continent by mistake.
  • The art of Navigation was born in the river Sindh 6000 years ago. The word ‘Navigation’ is derived from the Sanskrit word NAVGATIH. The word navy is also derived from Sanskrit 'Nou'.
  • In Siddhanta Siromani (Bhuvanakosam 6) Bhaskaracharya II described about gravity of earth about 400 years before Sir Isaac Newton. He also had some clear notions on differential calculus, and the Theory of Continued Fraction.

Can u not think that for such a small things we paid a very heavy amount to British. Ultimately our discussion closed on the point that currently Indian does not deserve the democracy and country should be ruled by some dictators to stablise our country. I am also agreed on that part and if am dictator I will try to find people having such views and through away from the our country. Our country need a cleaning now. Every thing has to be cleaned its politics , corruption , thoughts or such personalities who are what they are because of country itself and not ready to accept it.

And I am not able to understand why such people are not ready to accept what we achived so far, but only crib abt what we are not able to do till date. And if some foregin national like our country then why not our country mens. Does some day will come when I can see that our own country men feel proud to be Indian like me (but yes facts and stats are essential).

Friday, August 26, 2005

Be careful while using Internet banking on IE.

Do u use Internet Explorer ?

Do u use interbet banking ?

Do u use some time Ctrl+C on ur banking account ?

Stop take a look and think .

We copy various data by Ctrl+C for pasting elsewhere. This copied data is stored in clipboard and is accessible from the net by a combination of Javascripts and ASP. So Do not keep sensitive data (like passwords, creditcard numbers, PIN etc.) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.

Not ready to belive :- (Yes I know)
Here is POC (Proof of Concept)
Just try this:

1) Copy any text by Ctrl+C
2) Click the Link : Show POC
3) You will see the text you copied on the Screen which was
accessed by this web page.


Worried thinking what to do ?

One Solution for this problem is here. Forgot past, past is past. Or use FireFox. No No its not a Firefox advertisiment its just a suggesation. I know nothing is 100% secure but hidden flaws are not considered as flaws. Remember who got caugth is theif (simple). Some thing we have to trust. Or leave every thing write ur own browser. :)

Do the following . Dont be cynic on me , I am just helping U.

1. Go to internet options (of Internet Explorer) -> security
2. Press custom level
3. In the security settings, select disable under scripting head "Allow paste operations via script" If not able to find it out scroll down till end and go slowly to up.

Now the contents of your clipboard are safe. U can check it . How ?
Just click Show POC again simple.

:)

Tuesday, July 19, 2005

Different View Points.

Here is lots of words to say. I am in a very sad mood. Since from yesterday I am not able to decide weather its my right decision to join this organization or not. Slowly its making me sence that I am in wrong position and also on wrong place. People call this place a heaven on earth but slowly its becoming a hell for me.

But suddenly I received an very good mail from one of mine best friend. I am enclosing those words here too. Seems that I am not able to coup up with the changing environment or other thing is that the changed environment is not good. It might be right from both the perspective. Its much more like the discussion of half filled glass betweens two drinker. Both of them are right at their place. One is saying that its half empty because he does not want to share any more. Another is saying that its half filled because he wants to take sip from that glass. Now its difficult to say who is right. Both are correct at their point of view.

In more depth Imagine you're in London's Heathrow Airport. While you're waiting for your flight, you notice a kiosk selling shortbread cookies. You buy a box, put them in your traveling bag and then you patiently search for an available seat so you can sit down and enjoy your cookies.Finally you find a seat next to a gentleman. You reach down into your traveling bag and pull out your box of shortbread cookies.

As you do so, you notice that the gentleman starts watching you intensely. He stares as you open the box and his eyes follow your hand as you pick up the cookie and bring it to your mouth. Just then he reaches over and takes one of your cookies from the box, and eats it! You're more than a little surprised at this. Actually, you're at a loss for words. Not only does he take one cookie, but he alternates with you. For every one cookie you take, he takes one.

Now, what's your immediate impression of this guy? Crazy? Greedy? He's got some nerve?! Can you imagine the words you might use to describe this man to your associates back at the office? Meanwhile, you both continue eating the cookies until there's just one left. To your surprise, the man reaches over and takes it. But then he does something unexpected. He breaks it in half, and gives half to you. After he's finished with his half he gets up, and without a word, he leaves. You think to yourself, "Did this really happen?" You're left sitting there dumbfounded and still hungry. So you go back to the kiosk and buy another box of cookies. You then return to your seat and begin opening your new box of cookies when you glance down into your traveling bag. Sitting there in your bag is your original box of ookies -- still unopened.

Only then do you realize that when you reached down earlier, you had reached into the other man's bag, and grabbed his box of cookies by mistake. Now what do you think of the man? Generous? Tolerant? You've just experienced a profound paradigm shift. You're seeing things from a new point of view. Is it time to change your point of view?

Now, think of this story as it relates to your life . Seeing things from a new point of view can be very enlightening. Think outside the box. Don't settle for the status quo. Be open to suggestions. Things may not be what they seem.

Tuesday, July 12, 2005

Secure Connectivity through SSH

First Two Para for only those who know what kind of work we are doing currently other people may not be able to understand what I am saying. If it so please leave first two para.
Since from when I am working in this project I am searching some appropriate solution for establishing the secure connection on internet. From very first day I am not able to understand the solution which looks totally ugly and stupid for me (file transfer over https connection). Ultimately I am able to do the thing which I wanted to do. This happened because on of my friend as me for some thing through the news group and I analyzed that its good for me.
Because when ever I suggest some thing good the question always comes we can not go against the clients sec policy. And in that term its seems good solution. Although I am still not able to use this solution (Because we can not go against the client sec policies where ssh is allowed still ....)but might be it help u people.

SSH is an extremely useful tool in that it allows you to do many things in a secure fashion that you might not otherwise be able to do. One of the things SSH allows you to do is to set up a reverse encrypted tunnel for data transfer. Typically, when you initiate an SSH tunnel, you forward a port on the local machine to a remote machine which can allow you to connect to an insecure service in a secure way, such as POP3 or IMAP. However, you can also do the reverse. You can forward a port on the remote machine to the local machine while still initiating the tunnel from the local machine.

This is useful if you have a service on the remote end that you want to have connected to something on the local machine, but you don't wish to open up your firewall or have SSH private keys stored on the remote machine. By using a reverse tunnel, you maintain all of the control on the local machine. An example which I took is for forwarding logging messages; by setting up a reverse SSH tunnel, you can have a logger on the remote system send logs to the local system (i.e., syslog-ng).

To set up the reverse tunnel, use:

$ ssh -nNT -R 1100:local.keekar.com:1100 remote.keekar.com


Let me explain what this does. Is initiate a connection to remote.keekar.com and forwards TCP port 1100 on remote.keekar.com to TCP port 1100 on local.keekar.com.
The "-n" option tells ssh to associate standard input with /dev/null,
"-N" tells ssh to just set up the tunnel and not to prepare a command stream, and "-T" tells ssh not to allocate a pseudo-tty on the remote system.

These options are useful because all that is desired is the tunnel and no actual commands will be sent through the tunnel, unlike a normal SSH login session.

The "-R" option tells ssh to set up the tunnel as a reverse tunnel.

Now, if anything connects to port 1100 on the remote system, it will be transparently forwarded to port 1100 on the local system.

Please dont forgot to send me ur views abt this approach.

Sunday, July 03, 2005

Automated FTP File Transfer from Unix

Hi KK,

You can use this document to script an FTP file transfer. The basic idea is shown here.
ftp -i -v -n ftp.keekar.com  (redirector} end_ftp

user keekar mypassword
binary
lcd /scripts/download
cd /scripts
get auto_ftp_xfer.ksh
bye

END_FTP

Friday, July 01, 2005

Scheduling FTP to FTP Server in Windows

This example will use built-in features of Windows, so no additional software is needed. One feature is the "Scheduled Tasks" Control Panel and the other is the executable program FTP.EXE.

Part I - Creating the FTP script
FTP scripts automate the process of using FTP servers like ftp.keekar.com. The script file is just a list of FTP commands saved in a standard text file.

1. Open Notepad
2. Copy and paste this template script into the new Notepad document:

open ftp.keekar.com
username
password
prompt
passive
cd files/backup_directory_name/
lcd "C:\Path of local directory to backup"
mput *.*
bye

3. Replace username on line 2 with your ftp server username.
4. Replace password on line 3 with your ftp server password.
5. Replace backup_directory_name in line 6 with the name of directory in your ftp server to which you wish to your files.
6. Replace "C:\Path of local directory to backup" in line 7 with the path to the directory on your local computer that contains the files you wish to backup. As shown in the example, you will need to enclose the entire directory path in quotes if it contains any spaces. A typical path may look like:
"C:\Documents and Settings\JohnDoe\My Documents"
7. Replace *.* in line 7 with a list of files you wish to backup (within the directory you just specified in step 6). If you leave line 7 unchanged, all files contained in the directory will be uploaded. Please note that the contents of any further subdirectories will not be included.
8. Save the FTP script and exit Notepad. A good name and location for it might be:
C:\keekar_backup_script.txt
9. If you are interested to do binary transfer then introduce bin prior to mput.

Part II - Scheduling the script to run at certain times

1. Open the "Scheduled Tasks" Control Panel.
2. Chose "New > Scheduled Task" from the "File" menu.
3. Type a name for the task. A good name might be: Keekar Backup
4. Double-click the new task.
5. In the field labeled "Run:" type:
C:\WINNT\system32\FTP.EXE –s:C:\keekar_backup_script.txt
(If you choose a different name or location for your FTP script is step 8 of Part I, you'll need to replace C:\keekar_backup_script.txt with the full path to the script.)
6. In the field labeled "Start in:" type:
C:\WINNT\system32
7. Click the "Schedule" tab.
8. To schedule the backup to occur every day at midnight, you would set the drop-down menu labeled "Schedule Task:" to Daily, and the field labeled "Start Time:" to 12:00 AM.
9. Once you have choosen your schedule, click the "Okay" button.
10. Close the "Scheduled Tasks" Control Panel.

If you know little bit about the batch scripting then u can perform lots of other things too. Like checks for files availability, monitoring the time taken by each transfer etc.

Monday, June 13, 2005

Serial Device Administration in Solaris


Terms
DCE – Data communications equipment: modems
DTE – Data terminal equipment: the serial ports on terminals & computers
Note: In RS-232 standard, DTE uses pin 2 to transmit data & pin 3 to receive, DCE does the reverse.
RS-232 standard – a standard for the function of the (up to) 25 pins found on serial connections.
serial port – a port that uses RS-232 standard (Solaris 7 systems have serial ports a & b [/dev/term/a & /dev/term/b])
modem – converts digital data to & from electrical analog signals
null modem cable – allows two DTE devices to communicate via serial ports
data carrier detect – connection established (RS-232 pin 8)
port monitor program – monitors RS-232 circuits on it’s serial ports and provides info to applications

Modem Access Modes - Three Configurations

  • Inbound – answers incoming calls
  • Oubound – makes outgoing calls
  • Bidirectional – both answers incoming and makes outgoing calls
Service Access Facility - SAF

SAF provides services for serial ports & network connections. Under the SAF, systems may access services using a variety of port monitors, including ttymon, the listener, and port monitors written expressly for a user's application.

SAF consists of two levels: the top administrative level is concerned with port monitor administration, the lower level with service administration.

SAF Terms:

service- a service is a process that is started, these processes monitor & setup connections using serial ports & network interfaces.

port - an externally seen access point on a system, a port may be an incoming phone line, serial port, etc.

Service Access Controller – sacthe controlling process (the upper-level program of SAF), starts & controls the lower-level SAF programs (port monitors)
  • sac daemon is started in /etc/inittab (system levels 2, 3 & 4)
  • reads: /etc/saf/_sysconfig the sac configuration file
  • reads: /etc/saf/_sactab lists port monitors to start

Port Monitorsmanage & monitor ports (lower-level SAF program), port monitors are processes that are responsible for monitoring a set of incoming ports on a machine.

  • A port monitor's major purpose is to detect incoming service requests and to dispatch them appropriately.
  • Some examples of port management are setting the line speed on incoming phone connections, binding an appropriate network address, reinitializing the port when the service terminates, outputting a prompt, etc.
  • A port monitor's administrative file is named /var/saf/pmtag/_pmtab (where pmtag is the tag of the port monitor); _pmtab is maintained by the pmadm command in conjunction with a port monitor specific administrative command (ie ttyadm for ttymon, nlsadmin for listen)
Port Monitors:
  • ttymon – monitors serial ports, connects a specified service to a port, uses /etc/ttydefs for communications settings (baud rate, etc.). {Default tag is zsmon}
  • listen – network listener daemon, this process ``listens'' to a network for service requests, accepts requests when they arrive, and invokes servers in response to those service requests. {Default tag is tcp}
SAF Commands
  • sacadm – admin command for the SAC (add, remove, start, stop port monitors)·
  • pmadm –admin command for the Port Monitors (add, remove, enable, disable services) (modifies _pmtab file)
  • ttyadm – formats ttymon data for the pmadm & sacadm commands
  • nlsadmin – formats listener data for the pmadm & sacadm commands

Admintool

  1. Select Browse -> Serial Ports
  2. Click on the port
  3. Select Edit -> Modify
  4. For Template select Terminal – Hardwired
  5. Select the baud rate
  6. Modify the name in the Terminal Type field if desired (terminfo entry)
  7. Click on OK
Adding Bidirectional Modem
  1. Select Browse -> Serial Ports
  2. Click on the port
  3. Select Edit -> Modify
  4. For Template select Modem – Bidirectional
  5. Select the baud rate
  6. Modify the name in the Terminal Type field if desired (terminfo entry)

Tip Commands

  • The tip utility establishes a full-duplex terminal connection to a remote host.Once the connection is established, a remote session using tip behaves like an interactivesession on a local terminal.
  • Typed characters are normally transmitted directly to the remote machine (which does the echoing as well).
  • Escape commands starting with a tilde (~) can be used to perform some functions (like drop connection, file copy, BREAK, etc.)
  • Uses /etc/remote file which contains entries describing remote systems & line speeds used by tip.
  • Configured by the .tiprc file in the user’s home directory which is read when tip command is used.
Examples:

Using device: tip /dev/term/b
Using hostname: tip dbserver
Using phone #: tip 703-855-5555

/etc/remote has descriptions of remote hosts such as serial port to use, baud rate, modem settings,& phone number.
/etc/phones if the phone number in the /etc/remote file is an @ symbol, tip uses the /etc/phones file which associates hostnames with a phone number. Each phone number found for a system is tried until either a connection is established, or an end of file is reached

Format of lines:
system-name phone-number

Friday, June 10, 2005

Zuerich-2005

This article I am publishing very late. Although I tried to publish earlier. But because of some problem I am not able to do so. This is related to my travel to Switzerland. Zurich an important journey of my life might be a milestone. I will keep on incrementing some of my thoughts in this article.

I started my Journey on 12 th of April 2005 for Zurich my flight is scheduled for Munich at early morning I am not able to recall the exact time for the same. So we all decided (me my brother and one of my friend Rajesh Jain) that we will spend some time at theater and we all watch Movie at center stage (Its in Noida Atta Market) because its very difficult for me to get waked up so early so its better that we will not sleep to catch my flight. Hence we all watched movie so called LUCKY- No time for Love. Movie is very beautifully picturised all the locations where its pictures is also quite attractive. But unfortunately we r able to manage last three tickets of that movie. (Ah how lucky I am). And it’s on first row J. This is the first time I am experiencing the Cinema from front Row. Jain and me laughed that what a movie because at the startup (Text on screen) when we tried to cover right hand left hand is skipped and when we tried to cover right hand left hand is skipped. The complete movie costs us approx 250 bugs per person. Hence I am thinking at that moment what a stupidity is that because after spending almost 1000 bugs still we have watch movie like tennis play (By keep on rotating my head left and right.). What a co incidence that at my earlier visit to US again we three watched movie at that time its Rajesh Jain his wife and of course me it’s quite a heavy rainy day and we went to watch movie because we already purchased an tickets for that so decided that we will go to movie by Riksha (Man driven Three tire cycle having sitting capacity of two person excluding rikshaw driver).

After movie we went back to my home and a light chat between us. Then we all reached at airport. That’s the first time when I have seen water in my younger brother eyes due to emotions. I don’t know what’s in his mind at that time but it’s really an ever-memorable time for me.

Most of the things I forgot till date but still trying to recollect all the beautiful observations that I am able to made. There is one instance in COOP (an retail chain in Switzerland) after collecting all of the e items, which I needed for a week I was in a queue. Suddenly I observer some lady having trouble in both legs is also standing in a queue. Queue is of almost 3 to 4 people, I thought that I should give her a preference because might be she is in pain (I am able to feel that pain because just three months before I also had an accident). I am not able to understand their language neither able to explain any thing to them .So I requested her that she can go first (all facial and body expressions), But suddenly what I observed that she says “NO NO OK”, and after a short interval “MERCY” that’s what I am able to understand. So that’s the sprit in her. Initially I thought that she is telling me “don’t get mercy on me” because her voice is very loud.

I feel that I am doing some thing wrong. But later on get to know that mercy means thanks in French. In that small conversation I understood with her facial expression that “I am ok in how and where I am” Its Ur kindness but I didn’t need Ur help? Don’t feel pretty abt me. That’s a really courageous effort. Then after that instance I thought why our people r always looking for help, why we cant do our things our self’s.

There is another instance that I had today i.e. on 9th June 2005 and I recollected it too. But currently I forgot. I will let u know about this later on.