Monday, March 27, 2006

Getting the feel of the groove

Junior year’s over. New daily schedule has emerged. In a day there must be at least 2 hours of bass exercises which include music bass theory, scales, funky bass lines, and jamming sessions. 6 hours of programming (right after this sissy FoxPro RDBMS project). In weekends, there must be at least 2 jamming sessions with my band for compositions and reviews. Play at different bars at night, for pleasure and income. My top priority for this summer break is to code some modules for our final project ahead. Of course, schedule is subject to change due to unpredictable and uncontrollable forces such as heavy household chores, family affairs, family business, or anything that concerns morality.

Sunday, March 26, 2006

Palindrome syndrome

I really do not enjoy coding in MS Visual FoxPro but I have no choice. Damn! I swear not to use it any longer after this RDBMS project.


I was asked by a friend to code a simple program to check if a string is a palindrome. I miss coding in C and assembly a lot! So to satisfy my urge, I tried to do it in a different manner. A timed coding session!



#include<stdio.h>
#include<string.h>

#define MAXSTRING 50

int main(void)
{
int i;
int ctr = 0;
char c;
char string[MAXSTRING] = "\0";
char temp[MAXSTRING] = "\0";

printf("Enter a string: ");
for (i = 0; (c = getchar()) != '\n'; ++i)
string[i] = c;
string[i] = '\0';

for (--i; i >= 0; --i){
temp[ctr] = putchar(string[i]);
++ctr;
}
if (!strcmp(string, temp))
printf("\nString is a palindrome!\n");
else
printf("\nNot a palindrome!\n");
return 0;
}

I finished coding in 4 minutes and 37 seconds. Not a good record though. So sad.

Tuesday, March 14, 2006

LPT1 stepper motor control

Last Sunday, I was coding some modules for our RDBMS project and playing Dungeon Siege: Legend of Aranna (quite old but it would be a waste of time if I did not) in parallel. I received a phone call asking a favor to write a program for sending signals through the parallel port. It sounds a little scary at first because I did not have any idea on parallel port interfacing.


Let me explain the project.


The project is a Car Control System. They have 2 bipolar stepper motors. One is responsible for the forward-reverse function and the other one is for the left-right function.


Signals recognized by the floppy drive stepper motor:


Clockwise 18-degree turn


1001      or      0x9
0110 or 0x6

Counterclockwise 18-degree turn


0110      or      0x6
1001 or 0x9

Now, how is it possible to send these signals using the parallel port? Not all 25 pins are needed. For this project, only the data pins are needed.


Pin         Function
2 D0
3 D1
4 D2
5 D3
6 D4
7 D5
8 D6

LPT1 is usually 0x378; having this knowledge, everything comes in trivial.


In file lptcontrol.c


#include <conio.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main(int argc, char* argv[])
{
short data;

if(argc<2) {
printf("Usage\n\n");
printf("lptcontrol.exe [option] [data]\n\n");
return 0;
}

/* a read function is not necessary for this project
included for additional info */

if(!strcmp(argv[1],"read")) {
data = _inp(0x378);
printf("Data from parallel port: ");
printf("%d",data);
}

if(!strcmp(argv[1],"write")) {
_outp(0x378,atoi(argv[2]));
printf("Data written to parallel port: ");
printf("%s",argv[2]);
}
return 0;
}

If you want a constant turn you can achieve it through a loop.



while(1) {
_outp(0x378, 0x9);
_outp(0x378, 0x6);
}

This will result to a motor spinning clockwise. C program above is written for Windows OS.

Wednesday, March 08, 2006

Ethical hacking, a glimpse of my Philo paper

Is hacking ethical? It is if viewed within the context of the three definitions offered: hacktivist, hobbyist and researcher. We have the right in this country to protest, and if our activism takes a digital or electronic form, we have the right to do so. But don’t take my word for it.


Who are ethical hackers? These early efforts provide good examples of ethical hackers. Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. While testing the security of a client’s systems, the ethical hacker may discover information about the client that should remain secret. In many cases, this information, if publicized, could lead to real intruders breaking into the systems, possibly leading to financial losses. During an evaluation, the ethical hacker often holds the “keys to the company,” and therefore must be trusted to exercise tight control over any information about a target that could be misused. The sensitivity of the information gathered during an evaluation requires that strong measures be taken to ensure the security of the systems being employed by the ethical hackers themselves: limited-access labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold paper documentation from clients, strong cryptography to protect electronic results, and isolated networks for testing.


Ethical hackers typically have very strong programming and computer networking skills and have been in the computer and networking business for several years. They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., GNU Linux, BSD Unix or Windows NT) used on target systems. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors. It should be noted that an additional specialization in security is not always necessary, as strong skills in the other areas imply a very good understanding of how the security on various systems is maintained. These systems management skills are necessary for the actual vulnerability testing, but are equally important when preparing the report for the client after the test.


Finally, good candidates for ethical hacking have more drive and patience than most people. Unlike the way someone breaks into a computer in the movies, the work that ethical hackers do demands a lot of time and persistence. This is a critical trait, since criminal hackers are known to be extremely patient and willing to monitor systems for days or weeks while waiting for an opportunity. A typical evaluation may require several days of tedious work that is difficult to automate. Some portions of the evaluations must be done outside of normal working hours to avoid interfering with production at “live” targets or to simulate the timing of a real attack. When they encounter a system with which they are unfamiliar, ethical hackers will spend the time to learn about the system and try to find its weaknesses. Finally, keeping up with the ever-changing world of computer and network security requires continuous education and review.


One might observe that the skills we have described could just as easily belong to a criminal hacker as to an ethical hacker. Just as in sports or warfare, knowledge of the skills and techniques of your opponent is vital to your success. In the computer security realm, the ethical hacker’s task is the harder one. With traditional crime anyone can become a shoplifter, graffiti artist, or a mugger. Their potential targets are usually easy to identify and tend to be localized. The local law enforcement agents must know how the criminals ply their trade and how to stop them. On the Internet anyone can download criminal hacker tools and use them to attempt to break into computers anywhere in the world. Ethical hackers have to know the techniques of the criminal hackers, how their activities might be detected, and how to stop them.


Given these qualifications, how does one go about finding such individuals?


The best ethical hacker candidates will have successfully published research papers or released popular open-source security software. The computer security community is strongly self-policing, given the importance of its work. Most ethical hackers, and many of the better computer and network security experts, did not set out to focus on these issues. Most of them were computer users from various disciplines, such as astronomy and physics, mathematics, computer science, philosophy, or liberal arts, who took it personally when someone disrupted their work with a hack.


One rule that IBM’s ethical hacking effort had from the very beginning was that we would not hire ex-hackers. While some will argue that only a “real hacker” would have the skill to actually do the work, we feel that the requirement for absolute trust eliminated such candidates. We likened the decision to that of hiring a fire marshal for a school district: while a gifted ex-arsonist might indeed know everything about setting and putting out fires, would the parents of the students really feel comfortable with such a choice? This decision was further justified when the service was initially offered: the customers themselves asked that such a restriction be observed. Since IBM’s ethical hacking group was formed, there have been numerous ex-hackers who have become security consultants and spokespersons for the news media. While they may very well have turned away from the “dark side,” there will always be a doubt.


I believe hackers have a lot to offer. They provide a balance of power by virtue of their creativity and technical skills. I think we need to protect and recognize them and find ways of working together.


Yes, I do believe that hacking — when properly defined — is an ethical activity. And yes, I do believe that understanding our freedom and rights and protecting all that’s good in our society while preventing all that’s bad is the right approach.