Code Philia

Monday, 12 December 2016

Introducing the Crystal Programming Language

It's a dream come true!

Wouldn't it be great if interpreted languages, like Ruby, could be compiled? Also, I hear many people complain that Ruby's dynamic typing makes it weak. This is exactly where Crystal literally shines!

What is Crystal?

Crystal is a compiled programming language which is syntactically very similar to Ruby. Most Ruby programs would compile fine under Crystal with minor modifications.

The advantages of using Crystal over Ruby are:

Crystal is compiled. Compiled code runs much faster than interpreted code. As a result, time-critical programs can be written in a language which is as slick as Ruby.
Crystal is statically typed, i.e., all variables have a type. Despite this, Crystal doesn't require you to assign a type to each variable; the process is automatic.
Crystal can call C code. In other words, you can embed C inside Crystal.

Why you might wanna use Ruby over Crystal:

Crystal is a newbie. Development began in the mid-2011 and was officially released in June 2014. Crystal is still in its alpha stage.
Crystal is not 100% compatible with Ruby. Any non-trivial Ruby program would require changes to become Crystal compliant.
Poor support for Windows OS. This is the usual issue with almost all open-source projects: they don't give a damn to Windows and Microsoft.

How to use Crystal?

Crystal uses The LLVM Compiler Infrastructure for producing native executable files. I will be talking more about LLVM some other day.

Installing Crystal

I mentioned already that Crystal and Windows don't go well together. In this section, I will explain how to install Crystal on different *NIXes. At the end, I will tell you what can be done on Windows.

Clear and concise installation instructions can be found here: https://crystal-lang.org/docs/installation/index.html

Windows

You can try one of the following workarounds on Windows. Neither is guaranteed to work!

Install Cygwin and try building Crystal from source.
If you just want to try Crystal, you can do it here: play.crystal-lang.org

Using Crystal

Crystal can be used from the command-line. For an introduction to command-line for beginners, see Introduction to Command-line For Complete Beginners.

To execute a program immediately without generating an executable file, run this command:

$ crystal run sourcefile.cr

To create an executable program, run the following commands:

$ crystal build sourcefile.cr
$ ./sourcefile

There are other commands as well along with numerous command-line switches. For the complete guide, look here: https://crystal-lang.org/docs/using_the_compiler/index.html

Hello, World!

Open up your favorite text editor (Vim for me) and save the file as hello.cr with the following contents:

puts "Hello, World!"

Run the following commands in the terminal:

$ crystal build hello.cr
$ ./hello

Neat, right?

Let us know what you think about Crystal in the comments. You can also suggest additional features or support, I will forward them to the Crystal development team.

Thursday, 17 November 2016

Linux Won!

Linux frags Microsoft

Microsoft is behaving oddly. Steve Ballmer, former Microsoft CEO, said that Linux is cancer. But now, Microsoft shook hands with Linux and Microsoft loves Linux became a hot topic at Microsoft Connect.

Not only Linux, Microsoft has been contributing to the open world significantly these days. Microsoft even has its own Linux distro: Azure Cloud Switch. Are the Microsoft executives on LSD?

Actually, no! The simple answer is that Linux has won. Windows is not even the most popular end user OS; it's Android. Most servers use Linux or one of the BSDs. 498 out of the 500 best supercomputers run Linux, the rest two have their own custom OS which is not even a tad bit like Windows. Even Microsoft uses its own Linux distro for clouds instead of Windows. LINUX HAS WON!

But why Microsoft loves Linux?

Microsoft doesn't; it's just pretending to. Now that Linux has taken the world by storms, Microsoft was left with two choices:

Fight with Linux: They had tried this before and the results are self-explanatory.
Shake hands with Linux: This is what they chose. Now that they have shook hands with the GNU world; they are getting support from the open world and they are making decent profits out of it.

Microsoft is a for-profit company; it's got nothing against Linux, as long as it gets what it wants. But the objective of Linux is to completely frag Microsoft. Microsoft tried its best to stop Linux but failed completely. How would have they won, when they were wrong?

What should the Linux committee do?

We should welcome Microsoft whole heartily. Linux is an open source software; more the contributors, the better. Of course, Linux doesn't need Microsoft, but Microsoft can make Linux better. For example, most Linux users find that Microsoft's open project, Visual Studio Code, is much better than Atom. I see many golden possibilities if Microsoft helps Linux sincerely (I, like everyone else, believe that it won't), better marketing, better hardware support, better firmware support, more users, etc.

Since Microsoft will never help Linux sincerely (in my honest opinion), no one can say exactly how much Linux will benefit from all this. But one thing is clear, working in the open environment, Microsoft may realize the worth of openness; like IBM did.

Share your thoughts in the comments; whether Linux should accept Microsoft (further) or not.

Saturday, 5 November 2016

How to Become a Hacker

How to Become a Hacker

I have written this post in response to the many who keep posting on programming and Linux groups asking how to become a hacker. If you are one of those, let me tell you straight, this post may be offensive, but it will tell you the truth, it gives you the red pill. After reading this guide, hopefully, you will know how to become a hacker.

What is a Hacker?

Here is the correct definition:

A person who learns the details of a programmable system and stretches its capacities.

As you can see, many people wanting to become a hacker don't even know what a hacker is! Today, the media have painted a hacker like this:

A bad guy was illegally breaks into a system with malicious thoughts.

If you see properly, the second definition is just an special case of the first. For someone to break into a system, s/he must know how the system has been created, moreover he must discover what others could not.

The person who studied the system and failed is a hacker; the person who successfully finds a problem in the system is a hacker; the person who writes a program to fix or exploit the insecure system is a hacker. But the person who uses the program written by the other person is not a hacker, s/he is a script-kiddie. And let me tell you, the people who post in on my beloved groups and dirties my news feed are script-kiddie. This term has, in fact, been deviced to insult such people.

The creators of a system try their best to make it as secure as possible. They heir professional hackers to check and fix their systems. But sometimes a more intelligent (bad) hacker finds something they couldn't; often releases a program which script-kiddies use.

But as soon as a defect is discovered, all good-willed people try to fix it. And the script-kiddie is left with a program that, presently, doesn't work. He must create a time machine and go back 20 years to hack the system.

Unless, lady luck is inclined towards you, or your target is an ignorant who doesn't care about security, you are gonna get nowhere if you are just a "script-kiddie."

This was the first part of the post for people who had all those misconception about hacking. In the next part I will cover what you can do if you really want to become a hacker. Please don't continue if you don't agree with the first part.

How to become a Hacker (the bad one)?

Becoming a hacker is not easy, you must be more intelligent and more educated than all those professional hackers who worked hard to secure the system. You must have all the skills which was required to build the system. If the system was written in a programming language you don't know, you must learn the language.

Eventually, you will realize, like I did, that being a bad guy is not a good idea. It is 100 * 100 times better to become a good guy; a hacker who helps. You will be respected, no one will doubt your knowledge, you will be more successful and be 200 times more happy.

Here is a general set of steps to become a good hacker:

Learn to program well; aim to become the best programmer.
Learn some common techniques employed by hackers.
Write a lot of code.
Try out what you learned.

Anyone following these steps sincerely will take at least 10 years to become a hacker. If that seems like a long time, you may continue what you have done till now: go around asking non-hackers, who pretend to be hackers, how to hack and at the end of the day decide to read this post again and start over. This is an infinite process and you will get nowhere!

See also:
Which Programming Language Should I Learn First
How To Hack Linux Using Dirty COW Exploit

Please point your friends here if they ask you how to hack. :-)

Wednesday, 2 November 2016

Introducing Fortunes

A cowsay + fortune output on a computer

A fortune cookie is a quote which is supposed to enlighten the reader. A very popular command on Linux, called fortune, displays a random fortune. It is often combined with the cowsay command to produce results similar to the picture above. This post talks about a new kind of fortune. Read ahead to know more about it!

From today onwards, there is a page on our blog called "Fortune Of The Day" which gets updated daily with a new fortune. This advantage is that many times the fortune cookie produced by fortune is not interesting, but the fortunes appearing on the page are hand picked.

I hope you will enjoy this initiative we have taken. If you want to share a fortune with us, drop an email at abhishek.kr200802@gmail.com.

P.S.: Here's the page.

Tuesday, 1 November 2016

Ditch Google, Date DuckDuckGo

My Favorite Search Engine

Privacy under attack! The Data Science job has become the "sexiest job" of 2016 (as announced by Harvard University). Do you know the reason? The reason is that companies, like Google, are collecting huge amounts of information from you and to figure out the meaning of that much data, they need Data Scientists. This article is not about the most lucrative job of 2016, it's about protecting your privacy. Must read, if you value your privacy.

Google, the most used search engine. May be you love it so much that whenever you need a solution you just ask Google Uncle. All that is completely fine. But do you know that Google is putting your privacy on risk? Everything you search is being stored? What can be the consequence if Google gets hacked? Although chances are less, but is Google more secure than NSA?

What Actually Google Is Doing?

To improve your search experience and to make their services better Google collects a large amount of data about its users. From your searching habits to your messages, everything is being watched over.

What is bad about it? The bad thing is that Google is a for-profit company. It will use that data as it likes. Even staying within the laws of most country, Google can do things you may not like. And what happens if a malicious Google employee, concerned with the data collection processes, knows you and uses your data against you? The possibilities are quiet large. Let alone that it would a pride for any hacker to hack into Google.

If you still think you don't care about your privacy, I will just classify you as one of those ignorant people!

What Can You Do About It?

From Google Search to Google Allo, and everything in between, all services offered by Google collect data; Google is one of the largest employers of Data Scientists. Go and search Google for the last time about "Google Flu Trends".

The society today is highly dependent on Google. The best you can do is use Google as less as possible and recommend your friends to do the same. Use alternatives like DuckDuckGo!

What is DuckDuckGo?

DuckDuckGo is a search engine just like Google Search except some differences. The first and the most important one being that it doesn't collect data. The second which I like, but don't use, is that you can disable ads. The reason I don't disable ads is to support DuckDuckGo.

P.S.: Please don't disable ads on DuckDuckGo. They are not as rich as Google, plus are sweet hearted enough to give you the option of disabling ads.

Main Features of DuckDuckGo

Here I will try to list some of the main features of DuckDuckGo which makes it the best search engine in my eyes:

It has all the features Google has, plus some more. Web searches, Images, Videos, News, Maps and Places, Definitions, Answers and a lot more.
It respects our privacy.
One really nice feature is Instant Answers. You can find all your answers without letting that cute Duck Go.
Highly customizable. From search locations to themes, and did I tell you that you can even customize the theme colors. My favorite theme is Terminal; makes me feel like a computer wizard.
One feature that beats Google is bangs. Bangs allow you to directly search other websites like Wikipedia, Amazon, YouTube, etc. from within DuckDuckGo.
It's soooo good that people start liking it instantly.

Cons of DuckDuckGo

Only one, and that too very small. DuckDuckGo indexes the web itself, plus with the help of Bing, Yahoo! and over four hundred other partners. So, DuckDuckGo is sufficiently complete. However, many blogs created using Google's Blogger service are registered only to Google. In those cases DuckDuckGo won't find them. Fortunately, most bloggers are aware of DuckDuckGo and are submitting their blogs to DuckDuckGo as well.

DuckDuckGo is ready to take on the world. All it needs is our support. It's my humble request that you share this post as much as possible and become a part of this Revolution.

Which Programming Language Should I Learn First

Popular Programming Languages

The Ideal First Programming Language

Our society runs on software and programming is how those softwares are created. Today, programming is being used in a wide range of different fields; from scientific research to commercial softwares. There are many different programming languages, each of which is used in a different domain of its own. There are also many different types of programmers. Still, searching the web reveals that most articles discussing the topic of an ideal first programming language don't take these facts into account!

In this article, I will discuss, taking all the current factors into account, what programming language should you start with. In my opinion, the choice of the first programming language depends not on its difficulty but on what type of programmer you want to become. In fact, many non-programmers, like scientists and statisticians, often have to program.

Why Learn Programming?

Other than being a high paying job, programming helps you become a better mathematician and problem solver. Programming works like magic for non-programmers; a scientist can perform better with the knowledge of programming, a statistician can visualize his data and find secrets buried inside the data by coding.

Even if you never intend to program, learning the basics of programming can help you understand the myriad of tech surrounding you better. You would know the truth behind what others believe is magic.

Most, if not all, high paying jobs require knowledge of computer science.

How Should One Learn Programming?

Programming is an art, just like music, painting, swimming, etc. And just like those fields of art, programming demands your complete devotion. If you try to learn programming in 21 days, you will miss a lot of vital experience which you could have gained had you learned programming in 21 months. Do you expect a musician with 21 days of experience to perform well, let alone perform presentably? A 21 days programmer is synonymous to it.

One thing that distinguishes programming from other forms of art is its interactiveness. You code and get the result. It requires less time to get started with compared to music. A 21 days programming book may get you started but doesn't teach you programming.

Which Programming Language Should I Learn?

Consider this question for a minute: If you were a professional traveler, which language would you learn? Probably, you will need to learn most of the popular and important languages. On the other hand, if you are not a traveler and have to go to Italy, learning Chinese will not be very helpful.

In the same manner, if you are a professional programmer, learning a single programming language is not enough. And if all you want to do is to visualize your data and perform some simulations, learning Assembly won't help you.

Coming to the main question, so which programming language should YOU learn? Here is a short account.

Professional Programmer

A professional programmer needs to stay updated with latest technologies. A new programming language appears every year with the aim of improving the life of a programmer. Again there are many types of programmers. In general here is a list of programming languages every programming language should know. The ones with * are more important presently:

Java*: It is the most popular programming language.
C*: The granddad of most modern programming language.
C++: Used by computer scientists and game programmers.
Python*: If you work with non-programmers, this is the language of choice.
Go: Google's Go is a new player with lucrative promises.
Swift: Go's brother, from Apple.
HTML*: The programming language of the Web.
Bash: If you are into *NIX.
PHP: Old but gold.
JavaScript: Has taken rebirth.
Perl: Was popular, today Python has taken its place. Nevertheless, it is faster than Python in some cases.
Ruby: Very much like Python. Used mostly in Web development.
C#: Java's ugly sister, from Microsoft.
Lisp: On the list, because it is my favorite.
Prolog: Used mainly for AI, but has become unpopular these days.

Hacker

A hacker is a person, who takes thing beyond limit. So, the fully correct answer to this question would be to learn as much as possible. But for pen testers, the list is quiet small:

HTML, PHP, JavaScript, SQL****: These are some of the language used in the development of Web and server side programming.
Java: I hate it but it was and still is used in server side programming.
Python, Ruby, Perl****: The preferred choice of a hacker when it comes to code something.
Assembly, C, C++: These are the languages in which you will find most softwares. Assembly is the last resort though. They are helpful in reverse engineering.

Researcher and Scientists

They have the easiest life, at least when it comes to the number of programming languages they need to learn. Although, learning at least two programming languages is recommended, some have done well with just one programming language. I highly recommend you learn all on this list:

Python*: One of the easiest programming languages.
GNU R: Heaven for those who are messing with numbers.
MATLAB: For numerical and image processing.
Spark: R alternative. It is better in my opinion, but is not as much supported as GNU R.

Be assured that anything you learn about programming will not be wasted. For millenniums to come, programming is going to be the most important skill. Everyone should learn how to code.

Share you opinion with us in the comments. Have a G'Day all!

Saturday, 29 October 2016

Dirty COW: Halloween Special

The Official Dirty COW Logo

Halloween Special: The Dirty COW

It's more than likely that you have already heard about the Dirty COW vulnerability. In this post, I will give you complete information about this topic you won't find anywhere. This is Halloween Special!!!

Dirty COW is a serious computer security vulnerability in the Linux kernel. The GNU/Linux operating system is considered to be the most secure operating system, and indeed it is. But the Dirty COW vulnerability can kill all that security in about 5 seconds. It can be used to gain root access to the computer by just running a single line, non-interactive, and a very small program.

Bonus: Dirty COW can be used to easily root all Android devices up to Android 7.

History of Dirty COW

Dirty COW has been around for around a decade; it has been lurking in the Linux kernel since version 2.6.22 which was released about nine years ago (September 2007). Fortunately, it became popular only in the late 2016 and has been under active exploitation since October. Unfortunately, all major distros have patched the bug (ah, I mean fortunately).

There is some sort of evidence which suggests that the bug was known to Linus Torvalds, the creator of Linux, but fixing the problem broke something else and the very serious problem was ignored.

By the way, it is called Dirty because it really is dirty and COW because it has to do with the kernel's copy-on-write mechanism. See below to understand it completely even if you are a Windows user.

How it works?

To understand Dirty COW, you first need to understand how the Linux kernel manages memory. (Relax, it is very simple).

The kernel doesn't manipulate the physical memory directly, instead it manipulates what is called virtual memory (for efficiency reasons).

Every program is alloted its own memory by the operating system. Suppose in memory cell A a program, P, has stored the bits 111 and another program, Q, wants to store the same data (111). Instead of providing the other program (Q) with another cell of memory, the Linux kernel gives it the same cell as used by the first program (memory cell A). Now, suppose if Q wants to change 111 to 100. The kernel will make a copy of memory cell A, call it B, and will make Q point to B with data 100. Now P and Q have different data in different memory cells. This technique is known as Copy-on-Write or COW for short.

Another thing you need to understand is the race condition. A race condition is an abnormal condition which is caused because two or more processes of a program which are supposed to behave properly mutually don't behave properly, like the last one happens before the first one, etc.

One last thing you need to understand is actually the Dirty COW bug. This bug shows up when a program with multiple processes causes a race condition over and over again.

In this paragraph, I will finally explain how the Dirty COW exploit works. A process opens a read-only root file, the filed gets loaded in the virtual memory. Another process opens the same file. The first process advices the kernel that the file is no longer needed while the other process tries to write to a copy of it (not the original one, as it can't). This occurs very rapidly and repeats in a loop till the bug has been exploited. The kernel, due to the bug, writes to the original file on the disk. The file written could be an executable which could be modified to give root access to a normal user. This can be very, very dirty!

How to protect yourself?

1. Disconnect from all the networks, as there are some exploits which can allow any user on the same network to run non-root commands on your node.

2. Update the kernel.

3. If everything else fails, get the latest kernel from kernel.org and compile it manually.

How to exploit it?

You cannot exploit it much as the news spread faster than fire and everyone patched up. Still if you find a vulnerable kernel, you can do the following.

Note: This post is intended to be used for educational purpose only. Be sure that you have the permission of the owner of the computer you will be trying to exploit. I highly discourage the use of this post in criminal activity.

cowroot is the name of the program which let's you do it. Just click on the link and see if you can get anything done. Again, I demand that this information may not be used for malicious purpose.

I hope that you liked the post. Please drop a line to encourage the author to write more. If you have any advice, suggestions, questions, just tell me in the comments.