Older blog entries for masood (starting at number 7)

RT Memory usage

This RT(Request Tracker) is making life harder. The way it utilizes memory is awfull. I was reading about unix memory utilization and some thing which helped me alot to understand why apache unable to release memory.i.e

taken from: Guide

Note: there is usually no system call that can be used to return unused memory back to the operating system. when you free memory, the memory manager cannot return this memory back to the operating system. If this freed memory is never used again, it will eventually be paged out to disk - but won't be freed until the process exits. Thus, the ammount of virtual memory used by a process always increases - never decreases.

Now that's what clear my concept a bit. Now I'm looking few ways to force RT to use limited memory But I think it will make life harder for RT to operate properly. Few Apache directive I'm currenlty thinking to deploy ASAP.

Limiting CPU Usage | Limiting memory Usage | Limiting CPU Usage
It will be a great fun after tight deployment of these directives.

Asterisk

Currenlty working/Playing with asterisk and really enjoying it. This Telecommunication world got some charm. Thanks GOD I have done MIT (Masters In IT) due to which It wasn't hard for me to hang arround with telco world.

My major task is to deploy a module of asterisk of a simple IVR solution, offcourse in C. I'm already done with it and now looking for SIP/AIX implementation. I never thought of playing with VoIP in my life :) but thanks to my CEO, I'm in :).

DoxyGen
This project is looking excelent to me. I haven't tried it yet but after checking Asterisk Documentation, I really starting loving Doxygen.

GDB

It really awsome :), For the last 3 weekends I'm reading its features using GDB GUIDE and it's like rocking. So many feature to screw some one, offcourse program too :). I hope I can get more time in learning these awsome tools as quickly as we dream of a new girl lol. :)

Porting
Today I started reading about porting application from windows to linux, It looks exciting and hardwork but Right now I am really enjoying it.
I am in deep thinking
Why this world is after Object Oriented ?
I think I have to switch my self to OOP as It looks to me, Software Engineering is only left in OOP or World thinks only OOP is a true nature of software engineering :(. I am in so much of confussion right now and thinking what should I do next. I really love C and don't want to learn OOP, I did try to implement OOD in C but it arouse my interest in OOP so I left it alone.


Life Is so busy!

I never thought in my life, I am gona be that much busy and YES! I am really enjoying my life Thanks to GOD. So much opertunities and so many ways to get my self develop more rapaidly. Right now I am so much happy with the life I am living. Though its alone and I am still virgin lol. But really enjoying it.

Future Plans

I already customized my life a lot and still looking for more. Like Sleeping 5/6 hours a day, Working and spending my all day in front of Linux BOX, Try to gain more stuff each day. Even I fell happiness in giving my full weekend to it. May be it my true love or may be I want it more then any thing else in life. Some time Life looks cool, some time boring, some time alone, some time peaceful, some time good some time something missing. But what ever it is, I want the best out of my life. Looking to adopt all the methods of successful life. Life going two fast or I am pulling life faster. Its almost 3 am and usually its the start of my sleeping time.
Going to lay down for a bit and plan for tomorrow and then sleep In a hope of a better Plan tomorrow.

7 Jan 2006 (updated 7 Jan 2006 at 17:18 UTC) »
2005 Update
The most amazing and happy year of my life :). Amazing in a sense, I visited almost all pakistan in this year. And happy in a sense, Got good jobs one was in karachi and now in lahore.


Working with OpenSSL
I really enjoyed working with OpenSSL on few projects. Definately helped me in knowing SSL protocol fully. To call my self an expert of OpenSSL API, I have to do lots of other stuff in it as well, but not required yet. May be in near future in some free, just for the sake of getting a full knowledge I will definetly try to master it.


Distributed Application
Got a really nice document of e-donky protocol and reading it. Really helpful in understanding the concept of distributed enviroment. As I love network programming, Working on distributed and p2p application will be a great fun.

Interesting Stuff with Apache
Doing a complete research on its security and all the method of making apache more secure then its looks. though while doing a research I learned so many stuff, speacially modifying apache code for hidding some header send to clients. May be try to write an article on Apache's security soon.

OpenSSL
For the first time in my life I studied/used OpenSSL for a project of creating a remote monitoring system. It really hard in the begining but after going through all the RFC and its main idea now implementing SSL or TLS is easy. But few of the command line tool of OpenSSL is still confusing :). I wish we can have more easy and well documented documentaion of OpenSSL in near future. Yes I wish I should have contributed my part to. But its hard for me to explain to document any topic fully with a huge amount of details.

Now OpenSSL is added in my power tool implementaion in my CV. Looking forward to implement some thing more advance using OpenSSL.

Time In Lahore
Living alone in lahore is hard as I have to do all of my work my self. But its a good experience though same hard as living alone in any place in the world alone. One thing which I realize while living alone is that for coders its best to live alone in a single room because no one will disturb you and thats what I want when I m busy in any research or any project. I usually go late in office about 12 pm aprox and prefer doing coding when no one in the office.

Linux New Worm
Another new worm but based on already exposed tricks. Linux worm My comments:

This worms is a wakeup call for the lazy administrator and Developers around us. Its been a long time since XMP-RPC,AWStat vulnerabilities discovered and still, If its the fast spreading and elegant worm then the problem is totally belong to Administrator and some how Developers too.

According to Symantec Security Responce paper, It also opens a UDP port 7222 for an unauthorized acces which is only possible if any one of us is not even fit in the First Dumbest idea of Marcus Ranum. And YES you are right, The problem is totally in the awareness of update not the Worm itself.

Thanks Daniel Hanson.

Time to sleep now its 2:00 AM :: SP ::
I am back

After a long long time I again started writting my blogs. :). Today is saturday and its more like funday in which I can do my own work.

Naseeb Networks
Joining Naseeb Networks inc, was the best decission I have ever made. Before joining Naseeb Networks it looked to me there is no development going on in Linux in pakistan. but Thanks to my this new job I am now able to do coding in linux as well as do some security implementation stuff as well.

Coding for Naseeb

When I joined Naseeb, The first project I have to do was, code a Load Balancer for HTTP traffic. I started using netfilter Library in a hope of achieving the task but the task was to redirect the trafic to the least loaded server. Then Using the idea of ABBAS, I modified the code of TUX ( Redhat implemenatation of Webserver in kernel module or in simple words kernel memory) and created a load balancer for http.

How it works? I actually created client server application which get load average from all the servers and then check the least load average. After getting 2 least loaded server it communicates with the TUX using ioctl. TUX, which can work as REDIRECTOR, Redirects the requests to the other server on the bases of the value it gets from its device file.

TUX documentation says its a kernel module base webserver and its much faster but unfortunately I was unable to impress my CEO using this. Its not the fault of my included code in tux but for the TUX the requirement of my CEO was high.

Then CEO gave me an idea of creating a DNS based load balancer which I created In a day or so, as all of the client/server work was done. I just have to do some enteries changed which I created successfully. Now Thats DNS based Load Balancer is working quite awsome now.

Security Audit As I am good in security and got some good security background in hacking and cracking :), I was given a task of auditing all the LAMP base applications of Naseeb Networks and truely speaking I love auditing LAMP applications. And when you have the source code then its not that much boring LOL.

12 Sep 2004 (updated 12 Sep 2004 at 21:12 UTC) »

hohoho another happiest day comes to an end. i got my first vulnerabilities listing on securityfocus wowowo

http://securityfocus.com/bid/11132 http://securityfocus.com/bid/11133 http://securityfocus.com/bid/11134

and the second thing i did today is to make a mini MAC Controler today and launch it. That was also excellent work i did today documentation available at http://www.aosp.net/projects/maccontroler.pdf

But didnt get time to work on sendmail security article although it will take time as I wana include all security stuff. One thing i noticed today in another article on Port Scanning is that they all miss one very important step and that is what happen when a port is block .. I will probably write article of my own on Port Scanning with proof of what going when we get rejection from server and diffrence in replies.

Today I am so so so happy, My article on REGULUS EXPOSED is submited to most of the hacking sites including astalavista, hackerscenter and linuxpakistan and other little hacking website and now I submited it to securityfocus and securitydoc, Although I got there confirmation of adding my tutorial on their <<vulnerabilities added link >> and soon they will mail me that added link, I am so hope full but lets see what they do now.

I am also recieving emails on EXPOSING Pakistan's Mobile SMS protocol with appriciation and I am just loving it.

My next step is to write article on SENDMAIL security and want to EXPOSE some serious threads which other dont even notice. This guide will be completed in one week or so because of my busy schedule. Ok now its time to go in BED.

I hope next day will be more brighter and full of learning. INSHALLAH GOD will help me in achieving what I am looking for.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!