Thursday, November 30, 2006

10 Immutable Laws of Security

Rediscovered 10 Immutable Laws of Security. When designing secure software/systems, it's important to know where to draw the line. For example, it's useless to try to secure a system against an attack which required physical access in the first place. If the attacker has physical access to your system, he can always use a big enough sledgehammer to break any other security you have applied.

Things to consider before switching job...

Software engineers in India are hot commodities in job market (at least till now), and keep getting new job offers. I framed the classical dilemma of whether to switch job as a question to a good friend as a question, and the clarity of the answer simply amazed me. I'm putting it as such (with some grammatical remodeling) for the benefit of others :-)

You generally like your present job and are getting a salary X (which is ok) and generally work Y (which is comfortable) hours a day. At another company, you are being offerered a salary 1.2-1.3 times X, but you will need to work lot more hours a week.

1) If money is one of my priorities in life or if I need to raise some money in little time, then I would take up the job.

2) If I'm not staying with my family and whatever extra time I get each day after leaving from office and on weekends, I find it difficult to spend that time, then I would take the new job.

3) But in case money... or rather extra money... doesn't figure anywhere in my priority list... and also the time I get off the office... I've many things 2 do in that time... then I won't take the new job.

4) Finally, if I'm passionate about doing the work I've been offered to do in the new job... If my heart and soul lies in that work... Then even if it would pay me the same amount but allow me to work extra hours... I'll take up the job...!!!

Wednesday, November 29, 2006

Security cannot be added as an afterthought!!!

Earlier this week, I attended a training on software security. In university days, security concerns in programs were non existent for me, and reflected in programs I designed. This training brought back memories of a first person shooter multi player game (loosely inspired from quake) I created as assignment for Advanced Graphics course. It had a maze like 2 dimensional world, and though players were represented with nice graphics, they were internally represented as spheres, for purpose of calculating damages when they got hit. So if you would shoot at the head of a player in game, nothing would happen to him, since each player's sphere (hitting which damaged it) was centered roughly at it's chest :-).

As stated earlier, no consideration was given to security aspects at all. The clients broad casted the starting location and direction of each bullet fired by them, each client calculated how much damage they had taken from other's bullets, and transmitted this info to the server. Server's main role was to maintain a point count, and deciding where to re-spawn a player when it got killed. Everything worked amazingly well for a week long project.

But as I learnt later, it was a security nightmare. Even if one client is breached, the whole game will go down. A compromised client shooting bullets all over the game world would result in all other players being killed instantaneously, and the compromised client may choose not to report any hits to itself to the server, and hence become invulnerable. My only excuse is, that it was one of the 3 assignments, for one of the 5 courses, in one of the 2 semesters in that year. Later, while learning about software security in professional life, this example immediately came to mind. And the lesson is, security cannot be applied as an afterthought in a software. It has to be taken into account right from the design phase of any project. The security hole I left in the game was a design mistake which could not have been modified without rewriting essentially the whole game, except possibly the graphics engine. In this particular case, one client having being compromised should not have had such adverse effects on all others. If there was a foolproof client authentication scheme, or critical decisions were left to the server, the attackers would need to breach the fiercely protected server to bring down the game, instead of finding and compromising one of the unsuspecting clients.

Friday, November 17, 2006

An incomplete man?

Belgium abolished conscription in 1994. How do I know this, and of what use is this information to anyone? As it turns out, the event had side effects, some of which were entirely unexpected. In my last post, I mentioned conversing with a young Belgian man about European life, on my way from Berlin to Paris (in July 2001). I started talking to him as I was getting bored after listening to songs for hours in bus from Berlin to Paris, and asked him about places to see in Paris. Soon, the conversation moved on to songs we were listening. We exchanged Walkmans, and listened to each other's song for some time, and tried to translate the songs for each other. He was listening to German songs, and me to old Hindi songs.

After some time, the topic of conversation moved to friendship, and I asked him whether he had many friends. This simple question triggered something, and he started crying. I was taken aback for a while, but consoled him, and prompted him to tell me about his problems. Turned out that Belgium abolished conscription in 1994, and this guy was amongst the first ones to benefit i.e., to avoid military training. He was amongst the youngest in his college batch, and most of his peers had started their conscription when the orders to abolish conscription came in. So he was amongst the very few who did not have military training among his peers, and this made him the odd person out. Either his peers avoided him, or if not, most of their conversations were centered about cool things which happened during the military training. Some even suggested that he was an incomplete man without military training, and was not macho enough to remain in their group. Then onwards, he became an introvert, and had very few friends.

One thing to wonder is, this stigma was attached only to the minority who escaped conscription in a year where most people could not avoid it, and not to people in later years, where a vast majority chose not to go for military training. If doing military training is symbol of being a complete man, why don't most people voluntarily go for it? One learns new things every day!!!

Thursday, November 16, 2006

Fall of a tyrant

If you are thinking that I'm going to bore you with any political events, please relax. I have no such intentions. I just happen to remember an amusing incident, where it took just one bold girl to end a tyranny, where many others (including yours truly) had failed, and want to pen it down. This happened long back (in July 2001), when I was a summer intern at a software product company in Berlin. Many fellow interns took a week off the work, and planned to go to Italy. As I love to plan my own itinerary, I was reluctant to join them, and started planning a trip of my own.

Few good friends were interning in Paris at the same time, and I decided to go for a 4 day Paris trip instead of 8 day Italy trip. The only catch was that I was to go alone to Paris. Being a student on budget, I booked a return bus ticket from Berlin to Paris. Our story starts when I boarded the bus from Berlin at about 6 pm on a Friday evening in early July. The bus driver was a jolly fellow, but the conductor was an old woman reminding me immediately of Lalita Pawar. She made it very clear that no soft drinks or eatables would be allowed in bus. Some people, including me tried to convince her about letting us carry soft drinks and snacks with us, but she made everyone put all eatables in hand luggage, with stern instructions not to take them out inside the bus.

The bus started towards Paris, but everyone was unusually silent, as the conductor had rebuffed few people about talking what she considered noisily. The ride was very comfortable, and I passed time listening to my Sony Walkman. At dinner break, I started talking to fellow travelers in general, and eventually found a young man from Belgium to converse with, initially about things to see in Paris, and later about European Life. We resumed journey, and eventually I fell asleep. Early next morning, there was some commotion in the front rows of the bus. Turned out that the conductor had caught a young couple kissing, and was rebuffing the young man, who looked terrified, and was trying to apologize.

It was at that point, that the girl accompanying the boy stood up, and took matters into her hands. She argued with conductor for about 5 minutes, mostly in German, but I could make out that both were pretty angry. By then, all eyeballs were glued on those two. Suddenly the girl thundered (first in English, and then repeated in German): "Does anyone have any problem with me"? No one uttered a word, and the girl, emboldened, bellowed to the conductor lady: "Seems like you are the only one having a problem. Why don't you go and relax"? The conductor looked defeated, went to her seat, and the couple resumed kissing after some hesitation from the boy's side. And that's not the end of story!!! Within 5 minutes, I heard people conversing in louder voices. Few pulled out pastries/snacks from their bags, and several opened soft drink/beer cans. It was as if they had been liberated from a tyrant and wanted to celebrate. I won't debate about who was right and who was wrong here, but the point is, it proved that it only takes 1 person to instill courage in others, and to begin the fall of a tyrant.

PS: My decision not to go to Italy in 2001 turned out to be a good one, and I toured Italy for over a week in summer of 2002, with responsibility of handling most of travel and budgeting plans for the group, which I enjoyed a lot. That trip instilled in me an amazing sense of self confidence, and will be dealt with in a separate longish post.

Wednesday, November 15, 2006

Unstoppable force vs Immovable object

The following dialogue are from British romantic comedy Imagine Me & You. It's the story of a girl (Rachel) who falls in love on her wedding day (to complicate the matters, with another girl (Luce)). Our hero (Hector) had no idea what hit him till almost the very end.

Scene 1:

Rachel's sister: What happens when an unstoppable force meets a immovable object?
Hector: I haven't got a clue, I'm afraid.
Luce: It never happens.
If there's a thing that can't be stopped...
it's not possible for there to be something else which can't be moved, and vice versa.
They can't both exist. You see, "it's a trick question..." is the answer.

Scene 2: (Rachel: on her wedding day with Hector)

They say fairy tales have happy endings, even though the passage can be rough.
But Heck and I were mates and then lovers. And it's been smooth all the way.
Maybe that's a better kind of fairytale.

Scene 3: (Hector letting Rachel go to pursue her true love)

I want you to be happy, but more than anything, I wanted to be the cause of happiness in you. But if I'm not, then I can't stand in the way. What you're feeling, Rachel, is the unstoppable force, which means that I've got to move.

Scene 4: (Hector to Rachel's sister in a crying tone, after she is gone)

I'm trying to do the right thing...
and now I think I should have not...
if she'd stayed with me out of guilt,
that would have been fine, wouldn't it?
I mean, wouldn't it?

The manner in which our hero said "I mean, wouldn't it?", made me feel really sorry for him.

Why write this up? Firstly, I liked the movie. Secondly, though the dialogue are very simple, they inter-relate beautifully to convey the following: Love is an unstoppable force, which can move any object, even those considering themselves immovable.

Monday, November 13, 2006

Jim Corbett Trip : A fun filled weekend

On the weekend of 4th and 5th November, I went to Jim Corbett National Park with office colleagues, which turned out to be one of the best weekend trips, with unlimited fun and enjoyment. We were a group of 19 people, 5 couples and 9 bachelors. Only 3 of the original 9 members of leech band were present on this trip, and hence it was dormant. We hired a bus for the whole trip and started at about 12:30 am on 4th November from Noida. Everyone was in great spirits and we talked and joked for two hours after which gradually everyone fell asleep. The bus stopped at Gajraula Bharat Petroleum Company owned Petrol Pump at about 3:30 am, and we saw probably the best maintained highway rest area. The place had nicely maintained landscapes and a nice restaurant, and everything was spanking clean. We had tea and snacks there, and then boarded and fell back to sleep. Finally, we reached Wild Crest Resort near RamNagar at about 8 am. The resort is really good, and I would recommend it to everyone going to Jim Corbett Park.

After breakfast, we played cricket for about 2 hours, and then played some team building games like tug of war. It was during this time that few fellows convinced me to fall from a table backwards during one such team building exercise, with a promise to catch me midway. Needless to say, they had no intention of catching me; I fell, and hurt my back most convincingly. I was out of breath for next 1-2 hours, but fortunately did not sustain any lasting injury (did I tell you that my Guardian Angel has a full time job?), and have learnt an important lesson. I've promised myself to be more careful in trusting people in future. We went to Kosi River near resort sometime after noon time. The water there looked amazing and I had almost fully recovered by then. So I convinced a friend to jump in water with me. The current was quite rapid and cool, but it was not deep, and hence not dangerous. Within 10 minutes, 2 more friends joined, and 4 of us frolicked and enjoyed in river for long.

We had a sumptuous lunch after coming back to resort, and then sprawled in the resort lawn for about an hour. Then few of us went to trekking inside forest with a guide from resort, and had an enjoyable trek in the forest for more than 2 hours. Our guide explained that animals don't attack group of people, and hence it was pretty safe. We saw tiger footprints at several places during the trek, and some other animals, but no tiger. We also overlooked a water hole where animals frequent from a ridge. The original plan was to rest for some time after returning from walk, but what actually happened was that 3 of us went to my cottage, and somehow we started a discussion about latest movies. The discussion moved on to sports, world politics, Indian politics and we do not know how time flew and it was time for bonfire. At about 8 pm, we joined the bonfire, but 5 of the most enthusiastic ones (including yours truly) slipped for open jeep ride at about 8:30 pm. It was a cold full moon night, and we enjoyed an hour long ride standing in an open jeep. We returned at about 9:30, danced for about half hour, had a nice dinner, and went to cottage. Again started discussions about everything under the sun, but I fell asleep at about 11:15 pm, after which, the meeting dispersed, and woke up when my friend shook me at quarter to four on the morning of 5th November. We ran about, woke up everyone, and prodded everyone to get ready ASAP.

We started for the safari to Jim Corbett Park at 4:45 am, as early morning is the best time to see animals in the open, and the Jim Corbett entry gate was about at an hour's drive. We were in open jeeps, and the wind was extremely cold. So unlike the previous night's jeep ride, everyone sat from their standing positions within 5 minutes. We reached Jim Corbett park gate at about 5:45 am, and entered the park near 6 am. Had a nice jeep ride with good natural views, and saw deers, elephants, peacocks, wild boars etc. There was a big watch tower in the forest. It provided a great view of forest all around us, and we saw a pack of deers from the tower. Forest safari in open jeep is a nice experience, with beautiful view of forest. Near a resting place in the forest, there were few deers who have almost become domesticated, and everyone fed them leaves and grass. Returned to resort at 9:15 am, and had a nice breakfast.

After breakfast, we spent some time in our cottages, and then gossiped in lawn till noon (basically waiting for people to assemble), and then went to an old suspension bridge on river Kosi. Had a great time with adventure sports like rappelling and river crossing on rope. I was very excited by rappelling, and did it twice. After this, we prepared a raft from tyre tubes and wooden planks, using bamboo sticks as oars. Had a lot of fun crossing Kosi River in that raft, 2 people at a time. Everyone who tried got wet thoroughly, and it’s an experience worth cherishing. We returned to resort at about 4:15 pm, had a late lunch and started back for Noida at 5:30pm. As soon as the bus started, we started Antakshari, where the bachelor group held the couple's juggernaut for 3 hours, after which everyone settled to their seats. Road to Gajraula was blocked due to some festive occasion, and the bus had to stop at many police check posts, but there were few resourceful people on board, and we kept moving ahead, albeit a bit slowly. We reached Gajraula at 11 pm, had a late dinner, and started for Noida at midnight. Finally, we arrived back at 2:30 am on the morning of 6th November.

We did not see any tiger, but Adventure sports, open jeep travel at night, jungle trekking, frolicking in river, rafting with self made rafts from tyre tubes and wooden planks, bonfire and Antakshari more than made up for that. Another positive aspect is since many of my friends (leech band members :-) ) were not able to make it to the trip, I got a chance to interact more with other people in the office team, and forged some new friendships.

Thursday, November 09, 2006


I have been addicted to Age of Empires since 1999, and have enjoyed each and every release of this magnificent game, starting from original Age of Empires (AOE), Rome expansion to AOE, AOE2, Age of Kings expansion, Rise of Nations, Age of Mythology, Titans expansion to AOM and finally AOE3. I've spent countless nights playing each of these with friends in multi player mode as this has been my major pastime for many years. Winning a game gave us the ultimate high, and losing a game felt worse than slipping assignment/project deadline.

But suddenly, playing AOE lost it's charm in beginning of this year. Since then, I have been playing lesser and lesser, and now I've not played a single game in last 3 months. Today, I discovered that The WarChiefs Expansion to Age of Empires 3 have been released, few weeks back. The very fact that I did not know of of this release is proof that I'm outgrowing AOE. And even after knowing it, I'm not having any desire to try it out. Finally, I'm unaddicted of AOE. Hurray!!!

Friday, November 03, 2006

Very Touching

I've copied the following from a friend's blog, and know that he too has copied it from somewhere :-). I am more than willing to acknowledge the author, but I don't know who s/he is.

10th Grade

As I sat there in English class,
I stared at the girl next to me.
She was my so called 'best friend'.
I stared at her long, silky hair,
and wished she was mine.
But she didn't notice me like that,
and I knew it. After class,
she walked up to me and asked me for
the notes she had missed the day before.
I handed them to her.
She said 'thanks' and gave me a kiss on the cheek.
I want to tell her, I want her to know
that I don't want to be just friends,
I love her but I'm just too shy,
and I don't know why.

11th grade

The phone rang. On the other end,
it was her. She was in tears,
mumbling on and on about how her
love had broke her heart.
She asked me to come over because
she didn't want to be alone, So I did.
As I sat next to her on the sofa,
I stared at her soft eyes, wishing she was mine.
After 2 hours, one Drew Barrymore movie,
and three bags of chips, she decided to go home.
She looked at me, said 'thanks' and gave me a kiss
on the cheek..
I want to tell her, I want her to know that
I don't want to be just friends,
I love her but I'm just too shy,
and I don't know why.

Senior year

One fine day she walked to my locker.
"My date is sick" she said, "hes not gonna go" well,
I didn't have a date, and in 7th grade,
we made a promise that if neither of us had dates,
we would go together just as 'best friends'.
So we did. That night, after everything was over,
I was standing at her front door step.
I stared at her as She smiled at me
and stared at me with her crystal eyes.
Then she said- "I had the best time, thanks!"
and gave me a kiss on the cheek.
I want to tell her,
I want her to know
that I don't want to be just friends,
I love her but I'm just too shy,
and I don't know why.


A day passed, then a week, then a month.
Before I could blink, it was graduation day.
I watched as her perfect body floated like an angel
up on stage to get her diploma.
I wanted her to be mine-but
she didn't notice me like that, and I knew it.
Before everyone went home,
she came to me in her smock and hat,
and cried as I hugged her.
Then she lifted her head from my shoulder
and said- 'you're my best friend, thanks' and
gave me a kiss on the cheek.
I want to tell her, I want her to know
that I don't want to be just friends,
I love her but I'm just too shy,
and I don't know why.


Now I sit in the pews of the church.
That girl is getting married now.
and drive off to her new life,
married to another man.
I wanted her to be mine,
but she didn't see me like that,
and I knew it.
But before she drove away,
she came to me and said 'you came !'.
She said 'thanks' and kissed me on the cheek.
I want her to know that
I don't want to be just friends,
I love her but I'm just too shy,
and I don't know why.


Years passed, I looked down at the coffin
of a girl who used to be my 'best friend'.
At the service, they read a diary entry
she had wrote in her high school years.
This is what it read:
"I stare at him wishing he was mine;
but he doesn't notice me like that,
and I know it. I want to tell him,
I want him to know that
I don't want to be just friends,
I love him but I'm just too shy,
and I don't know why.
I wish he would tell me he loved me !
...'I wish I did too...'
I thought to my self, and I cried.

Wednesday, November 01, 2006

Dilbert's digs at IITians

