Do we know the world.

Indeed a very good article from Sunday Times which talks about our views of changing perception with time. How much we know and how much we have to learn. Basically, we have to see a lot more to understand.

Written by : Shobhan Saxena
[ 11 Feb, 2007 0046hrs ISTTIMES NEWS NETWORK ]

 Reality is a question of perspective. It depends on your location on the GPS. Earlier, people with yellow hair and blue eyes believed that all Indians had a tiger in their backyard and filthy men made venomous cobras dance. We hated this kind of Orientalism.

We always believed that we had too much culture here and we didn't need to learn anything from anyone, at least not from the "ignorant" West which saw us as a nation of medieval freaks. Now, with the changing times, the perceptions about us have changed.

Now the world probably thinks we all live in slums, smell of curry, speak in funny accents, work in call centres and leak customer data for money. We don't like this. We feel others do not understand us. But we seem to be more ignorant of the world than the world is of us.

That's why when two Indian hacks go to Kabul to make a film, they get into trouble with the quintessential side-kick Arshad Warsi cracking some jokes about Afghan men liking other men and the Hazaras being ruthless barbarians who kill people by "stroking long, rusted nails into their heads".

Funny, isn't it? Not for the Afghans who banned Kabul Express. Imagine going to Afghanistan, standing in a fallow land which has turned red due to an eternal war and indulging in some gay-bashing.
 Our angle is so skewed that we miss the complete picture: This land has been a crucible of global wars from the Great Game between the Tsars and the British, the Cold War, the bloody battles between the Russians and the Mujahideen and the ideological clashes between the leftists and the religious zealots.

We know nothing about their music, poetry and food. We know nothing about their customs and language. The only thing we know about them is that they like to kill each other and they love to play Buzkashi, a game where wild horsemen fight over a dead goat.

We know that much because we saw Mr Stallone playing the game in Rambo III. We understand our next-door neighbours through Hollywood.

We cry till hoarse about the world stereotyping us as "the Indians", but the fact is that we don't understand the world as it exists. Forget Paraguay and Morocco, our understanding of China is quite warped.

Ask an average Indian about China and he would probably say: chow mein. We see China, the world's biggest nation, as the land of noodles, fried cockroaches and snake soup.
 The middle classes may associate China with new age mumbo-jumbo like Feng Shui, Tai-chi and the Laughing Buddha, and a booming economy that shines in the Shanghai skyscrapers. But that's it. We dismiss Japan, the world's second biggest economy, in a few words: judo-karate, Su-Doku, haiku, sushi, sak√©, kamikazes and harakiri.

Of course, we know about their cars and electronic watches. That's it. For us, Brazil, the biggest Latin country, that's three times the size of India, is a nation of semi-nude, samba dancers and crazy footballers. In our imagination, Argentina means Maradona. That's it.

A nation is an imagined community. The world lives in our imagination. The "others" are imagined people. But, so limited is our imagination about the others that we don't think beyond certain stereotypes.

We associate the Australians with kangaroos, the Russians with vodka, the French with romance, the Italians with fashion, the Latinos with sex and the Africans with HIV. And the Middle East is all about oil and beauties behind the veil. You cannot have an imagination worse than this.

We don't know what we are missing. China's rich culture rivals ours: thoughts from Confucius to Mao Zedong, writers from Zhuang Zi to Nobel laureate Gao Xingjian, short poetry, long operas, Mandarin guitar and classical music. It's quite sickening to reduce Brazil to a carnival of hot babes on its beaches.
 It's a melting pot of cultures: from Europe, Africa, Asia and Amazon jungles. The beach is the most democratic place in Rio, where the rich and poor, homeless and intellectual, musicians and writers all meet and mix with each other.

The country has great traditions of music and arts. And politics: one entire generation grew up fighting the military dictatorship. But we don't care to know and understand all this.

In the age of globalisation, such a little understanding of the world is dangerous. Not for us, but for others: a white man straying into an Indian village is beaten to death for no reason; two Africans carrying meat in their bags are attacked for having "beef with them".

It's a dangerous way of looking at other people. At one level, people are the same everywhere. They are all trapped in their human condition: living, liking and helping each other; loving, hating and destroying each other. But if we do not know the details of their life, they don't look real. They look like freaks.

Anyone who has the power to make you believe absurdities has the power to make you commit injustices.
<b>Voltaire </b>


The 10 Commands we never use.

It takes years maybe decades to master the commands available to you at the Linux shell prompt. Here are 10 that you will have never heard of or used. They are in no particular order. My favorite is mkfifo.

  1. pgrep, instead of:
    # ps -ef | egrep '^root ' | awk '{print $2}'

    You can do this:

    # pgrep -u root
  2. pstree, list the processes in a tree format. This can be VERY useful when working with WebSphere or other heavy duty applications.
    # pstree
    | |-kacpid
    | |-kauditd

    | |-kblockd/0
    | |-khelper
    | |-kmirrord
    | `-2*[pdflush]


  3. bc is an arbitrary precision calculator language. Which is great. I found it useful in that it can perform square root operations in shell scripts. expr does not support square roots.
    # ./sqrt
    Usage: sqrt number
    # ./sqrt 64
    # ./sqrt 132112
    # ./sqrt 1321121321

    Here is the script:

    # cat sqrt
    if [ $# -ne 1 ]
    echo 'Usage: sqrt number'
    exit 1
    echo -e "sqrt($1)\nquit\n" | bc -q -i
  4. split, have a large file that you need to split into smaller chucks? A mysqldump maybe? split is your command. Below I split a 250MB file into 2 megabyte chunks all starting with the prefix LF_.
    # ls -lh largefile
    -rw-r--r-- 1 root root 251M Feb 19 10:27 largefile
    # split -b 2m largefile LF_
    # ls -lh LF_* | head -n 5
    -rw-r--r-- 1 root root 2.0M Feb 19 10:29 LF_aa
    -rw-r--r-- 1 root root 2.0M
    Feb 19 10:29 LF_ab
    -rw-r--r-- 1 root root 2.0M Feb 19 10:29 LF_ac
    -rw-r--r-- 1 root root 2.0M Feb 19 10:29 LF_ad
    -rw-r--r-- 1 root root 2.0M Feb 19 10:29 LF_ae
    # ls -lh LF_* | wc -l
  5. nl numbers lines. I had a script doing this for me for years until I found out about nl.
    # head wireless.h
    * This file define a set of standard wireless extensions
    * Version : 20 17.2.06
    * Authors : Jean Tourrilhes - HPL
    * Copyright (c) 1997-2006 Jean Tourrilhes, All Rights Reserved.


    #ifndef _LINUX_WIRELESS_H
    # nl wireless.h | head
    1 /*
    2 * This file define a set of standard wireless extensions
    3 *
    4 * Version : 20 17.2.06
    5 *
    6 * Authors : Jean Tourrilhes - HPL
    7 * Copyright (c) 1997-2006 Jean Tourrilhes, All Rights Reserved.
    8 */

    9 #ifndef _LINUX_WIRELESS_H
  6. mkfifo is the coolest one. Sure you know how to create a pipeline piping the output of grep to less or maybe even perl. But do you know how to make two commands communicate through a named pipe?

    First let me create the pipe and start writing to it:

    mkfifo pipe; tail file > pipe

    Then read from it:

    cat pipe

  7. ldd, want to know which Linux thread library java is linked to?
    # ldd /usr/java/jre1.5.0_11/bin/java => /lib/tls/ (0x00bd4000) => /lib/ (0x00b87000) => /lib/tls/ (0x00a5a000)

    /lib/ (0x00a3c000)
  8. col, want to save man pages as plain text?
    # PAGER=cat
    # man less | col -b > less.txt
  9. xmlwf, need to know if a XML document is well formed? (A configuration file maybe..)
    # curl -s '' > bcc.html
    # xmlwf bcc.html
    # perl -i -pe '[email protected]<br/>@<br>@g' bcc.html
    # xmlwf bcc.html
    :104:2: mismatched tag
  10. lsof lists open files. You can do all kinds of cool things with this. Like find which ports are open:
    # lsof | grep TCP
    portmap 2587 rpc 4u IPv4 5544 TCP *:sunrpc (LISTEN)
    rpc.statd 2606 root 6u IPv4 5585 TCP *:668 (LISTEN)
    sshd 2788 root 3u IPv6 5991 TCP *:ssh (LISTEN)

    sendmail 2843 root 4u IPv4 6160 TCP badhd:smtp (LISTEN)
    vsftpd 9337 root 3u IPv4 34949 TCP *:ftp (LISTEN)
    cupsd 16459 root 0u IPv4 41061 TCP badhd:ipp (LISTEN)

    sshd 16892 root 3u IPv6 61003 TCP> (ESTABLISHED)

    Or find the number of open files a user has. Very important for running big applications like Oracle, DB2, or WebSphere:

    # lsof | grep ' root ' | awk '{print $NF}' | sort | uniq | wc -l


A myth Called the Indian Software Programmer.

This article has been taken from sunday times – mumbai edition dt: 18/02/2006

I am posting it here as it gives a lot of meaning to the indian software industry and the boom which we had seen in the past because of this.

They are the poster boys of matrimonial classifieds. They are paid handsomely, perceived to be intelligent and travel abroad frequently. Single-handedly, they brought purpose to the otherwise sleepy city of Bangalore.

Indian software engineers are today the face of a third-world rebellion. But what exactly do they do? That’s a disturbing question. Last week, during the annual fair of the software industry’s apex body Nasscom, no one uttered a word about India’s programmers.

The event, which brought together software professionals from around the world, used up all its 29 sessions to discuss prospects to improve the performance of software companies. Panels chose to debate extensively on subjects like managing innovation, business growth and multiple geographies.

But there was nothing on programmers, who you would imagine are the driving force behind the success of the Indian software companies. Perhaps you imagined wrong. “It is an explosive truth that local software companies won’t accept.

Most software professionals in India are not programmers, they are mere coders,” says a senior executive from a global consultancy firm, who has helped Nasscom in researching its industry reports.

In industry parlance, coders are akin to smart assembly line workers as opposed to programmers who are plant engineers. Programmers are the brains, the glorious visionaries who create things. Large software programmes that often run into billions of lines are designed and developed by a handful of programmers.

Coders follow instructions to write, evaluate and test small components of the large program. As a computer science student in IIT Mumbai puts it if programming requires a post graduate level of knowledge of complex algorithms and programming methods, coding requires only high school knowledge of the subject.

Coding is also the grime job. It is repetitive and monotonous. Coders know that. They feel stuck in their jobs. They have fallen into the trap of the software hype and now realise that though their status is glorified in the society, intellectually they are stranded.
Companies do not offer them stock options anymore and their salaries are not growing at the spectacular rates at which they did a few years ago.

“There is nothing new to learn from the job I am doing in Pune. I could have done it with some training even after passing high school,” says a 25-year-old who joined Infosys after finishing his engineering course in Nagpur.

A Microsoft analyst says, “Like our manufacturing industry, the Indian software industry is largely a process driven one. That should speak for the fact that we still don’t have a domestic software product like Yahoo or Google to use in our daily lives.”

IIT graduates have consciously shunned India’s best known companies like Infosys and TCS, though they offered very attractive salaries. Last year, from IIT Powai, the top three Indian IT companies got just 10 students out of the 574 who passed out.

The best computer science students prefer to join companies like Google and Trilogy. Krishna Prasad from the College of Engineering, Guindy, Chennai, who did not bite Infosys’ offer, says, “The entrance test to join TCS is a joke compared to the one in Trilogy. That speaks of what the Indian firms are looking for.”

A senior TCS executive, who requested anonymity, admitted that the perception of coders is changing even within the company. It is a gloomy outlook. He believes it has a lot to do with business dynamics.

The executive, a programmer for two decades, says that in the late ’70s and early ’80s, software drew a motley set of professionals from all kinds of fields.

In the mid-’90s, as onsite projects increased dramatically, software companies started picking all the engineers they could as the US authorities granted visas only to graduates who had four years of education after high school.
“After Y2K, as American companies discovered India’s cheap software professionals, the demand for engineers shot up,” the executive says. Most of these engineers were coders. They were almost identical workers who sat long hours to write line after line of codes, or test a fraction of a programme.

They did not complain because their pay and perks were good. Now, the demand for coding has diminished, and there is a churning.

Over the years, due to the improved communication networks and increased reliability of Indian firms, projects that required a worker to be at a client’s site, say in America, are dwindling in number. And with it the need for engineers who have four years of education after high school.

Graduates from non-professional courses, companies know, can do the engineer’s job equally well. Also, over the years, as Indian companies have already coded for many common applications like banking, insurance and accounting, they have created libraries of code which they reuse.

Top software companies have now started recruiting science graduates who will be trained alongside engineers and deployed in the same projects. The CEO of India’s largest software company TCS, S Ramadorai, had earlier explained, “The core programming still requires technical skills.

But, there are other jobs we found that can be done by graduates.” NIIT’s Arvind Thakur says, “We have always maintained that it is the aptitude and not qualifications that is vital for programming. In fact, there are cases where graduate programmers have done better than the ones from the engineering stream.”

Software engineers, are increasingly getting dejected. Sachin Rao, one of the coders stuck in the routine of a job that does not excite him anymore, has been toying with the idea of moving out of Infosys but cannot find a different kind of “break”, given his coding experience.

He sums up his plight by vaguely recollecting a story in which thousands of caterpillars keep climbing a wall, the height of which they don’t know. They clamber over each other, fall, start again, but keep climbing. They don’t know that they can eventually fly.

Rao cannot remember how the story ends but feels the coders of India today are like the caterpillars who plod their way through while there are more spectacular ways of reaching the various destinations of life.


Bash Tips and Tricks


Remote Logins – Telnet

An answer found from Linux Gazette for the question on Remote Logins and su.

Q. i am running red hat linux 6.1 and am encountering some problems i can login as root from the console but not from anywhere else i have to login as webmaster on all other machines on ntwk from nowhere, including the console, can i su once logged in as webmaster any help would be appreciated

Ans. :
Any of these should allow you to access your system through cryptographically secured authentication and session protocols that protect you from a variety of sniffing, spoofing, TCP hijacking and other vulnerabilties that are common using other forms of remote shell access (such as telnet, and the infamous rsh and rlogin packages).

If you really insist on eliminating these policies from your system you can edit files under /etc/pam.d that are used to configure the options and restrictions of the programs that are compiled against the PAM (pluggable authentication modules) model and libraries. Here’s an example of one of them (/etc/pam.d/login which is used by the in.telnetd service):

# The PAM configuration file for the Shadow `login' service
# NOTE: If you use a session module (such as kerberos or NIS+)
# that retains persistent credentials (like key caches, etc), you
# need to enable the `CLOSE_SESSIONS' option in /etc/login.defs
# in order for login to stay around until after logout to call
# pam_close_session() and cleanup.

# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required issue=/etc/issue

# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
auth requisite

# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth required

# This module parses /etc/environment (the standard for setting
# environ vars) and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# (Replaces the `ENVIRON_FILE' setting from login.defs)
auth required

# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
auth required nullok

# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please uncomment and edit /etc/security/group.conf if you
# wish to use this.
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
# auth optional

# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite

# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required

# Standard Un*x account and session
account required
session required

# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session required

# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional

# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session optional

# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). You
# can also enable a MAIL environment variable from here, but it
# is better handled by /etc/login.defs, since userdel also uses
# it to make sure that removing a user, also removes their mail
# spool file.
session optional standard noenv

# The standard Unix authentication modules, used with NIS (man nsswitch) as
# well as normal /etc/passwd and /etc/shadow entries. For the login service,
# this is only used when the password expires and must be changed, so make
# sure this one and the one in /etc/pam.d/passwd are the same. The "nullok"
# option allows users to change an empty password, else empty passwords are
# treated as locked accounts.
# (Add `md5' after the module name to enable MD5 passwords the same way that
# `MD5_CRYPT_ENAB' would do under login.defs).
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs. Also the "min" and "max" options enforce the length of the
# new password.

password required nullok obscure min=4 max=8

# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# password required retry=3 minlen=6 difok=3
# password required use_authtok nullok md5

This is from Debian machine ( and thus has far more comments (all those lines starting with “#” hash marks) than those that Red Hat installs. It’s good that Debian comments these files so verbosely, since that’s practically the only source of documentation for PAM files and modules.

In this case the entry that you really care about is the one for ‘’ This module checks the file /etc/securetty which is classically a list of those terminals on which your system will allow direct root logins.

You could comment out this line in /etc/pam.d/login to disable this check for those services which call the /bin/login command. You can look for similar lines in the various other /etc/pam.d files so see which other services are enforcing this policy.

This leads us to the question of why your version of ‘su’ is not working. Red Hat’s version of ‘su’ is probably also “PAMified” (almost certainly, in fact). So there should be a /etc/pam.d/su file that controls the list of policies that your copy of ‘su’ is checking. You should look through that to see why ‘su’ isn’t allowing your ‘webmaster’ account to become ‘root’.

It seems quite likely that your version of Red Hat contains a line something like:

# Uncomment this to force users to be a member of group root
# before than can use `su'. You can also add "group=foo" to
# to the end of this line if you want to use a group other
# than the default "root".
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
auth required

Classically the ‘su’ commands on most versions of UNIX required that a user be in the “wheel” group in order to attain ‘root’ The traditional GNU implementation did not enforce this restriction (since rms found it distasteful).

On my system this line was commented out (which is presumably the Debian default policy, since I never fussed with that file on my laptop). I’ve uncommented here for this exa

Note that one of the features of PAM is that it allows you to specify any group using a command line option. It defaults to “wheel” because that is an historical convention. You can also use the module on any of the PAMified services --- so you could have programs like ‘ftpd’ or ‘xdm’ enforce a policy that restricted their use to members of arbitrary groups.

Finally note that most recent versions of SSH have PAM support enabled when they are compiled for Linux systems. Thus you may find, after you install any version of SSH, that you have an /etc/pam.d/ssh file. You may have to edit that to set some of your preferred SSH policies. There is also an sshd_config file (mine’s in /etc/ssh/sshd_config) that will allow you to control other ssh options).

In generall the process of using ssh works something like this:

  1. Install the sshd (daemon) package on your servers (the systems that you want to access)
  2. Install the ssh client package on your clients (the systems from which you’d like to initiate your connections).
  3. Generate Host keys on all of these systems (normally done for you by the installation).

…. you could stop at this point, and just start using the ssh and slogin commands to access your remote accounts using their passwords. However, for more effective and convenient use you’d also:

  1. Generate personal key pairs for your accounts.
  2. Copy/append the (public) keys from each of your client accounts into the ~/.ssh/authorized_keys files on each of the servers.

This allows you to access those remote accounts without using your passwords on them. (Actually sshd can be configured to require the passwords AND/OR the identity keys, but the default is to allow access without a password if the keys work).

Another element you should be aware of is the “passphrases” and the ssh-agent. Basically it is normal to protect your private key with a passphrase. This is sort of like a password --- but it is used to decrypt or “unlock” your private key. Obviously there isn’t much added convenience if you protect your private key with a passphrase so that you have to type that every time you use an ssh/slogin or scp (secure remote copy) command.

ssh-agent allows you to start a shell or other program, unlock your identity key (or keys), and have all of the ssh commands you run from any of the descendents of that shell or program automatically use any of those unlocked keys. (The advantage of this is that the agent automatically dies when you exit the shell program that you started. That automatically “locks” the identity --- sort of.

There are alot of other aspects to ssh. It can be used to create tunnels, through which one can use all sorts of traffic. People have created PPP/TCP/IP tunnels that run through ssh tunnels to support custom VPNs (virtual private networks). When run under X, ssh automatically performs “X11 forwarding” through one of the these tunnels. This is particularly handy for running X clients on remote systems beyond a NAT (IP Masquerading) router or through a proxying firewall.

In other words ssh is a very useful package quite apart from its support for cryptographic authentication and encryption.

In fairness I should point out that there are a number of alternatives to ssh. Kerberos is a complex and mature suite of protocols for performing authentication and encryption. STEL is a simple daemon/client package which functions just like telnetd/telnet --- but with support for encrypted sessions. And there are SSL enabled versions telnet and ftp daemons and clients.


How do I lock out a user after a set number of login attempts?

The PAM (Pluggable Authentication Module) module pam_tally keeps track of unsuccessful login attempts then disables user accounts when a preset limit is reached. This is often referred to as account lockout.

To lock out a user after 4 attempts, two entries need to be added in the /etc/pam.d/system-auth file:

auth        required        /lib/security/$ISA/ onerr=fail no_magic_root
account required /lib/security/$ISA/ deny=3 no_magic_root reset

The options used above are described below:

  • onerr=fail
    If something strange happens, such as unable to open the file, this determines how the module should react.
  • no_magic_root
    This is used to indicate that if the module is invoked by a user with uid=0, then the counter is incremented. The sys-admin should use this for daemon-launched services, like telnet/rsh/login.
  • deny=3The deny=3 option is used to deny access if tally for this user exceeds 3.
  • reset
    The reset option instructs the module to reset count to 0 on successful entry.

See below for a complete example of implementing this type of policy:

auth        required      /lib/security/$ISA/
auth required /lib/security/$ISA/ onerr=fail
auth sufficient /lib/security/$ISA/ likeauth nullok
auth required /lib/security/$ISA/
account required /lib/security/$ISA/
account required /lib/security/$ISA/ deny=5
no_magic_root reset
password requisite /lib/security/$ISA/$ISA/ retry=3
password sufficient /lib/security/$ISA/$ISA/ nullok use_authtok md5 shadow password
required /lib/security/$ISA/$ISA/ session
required /lib/security/$ISA/$ISA/ session
required /lib/security/$ISA/$ISA/

For more detailed information on the PAM system please see the documentation contained under /usr/share/doc/pam-

For information on how to unlock a user that has expired their deny tally see additional Knowledgebase articles regarding unlocking a user account and seeing failed logins with the faillog command.

contributed by David Robinson


Good Morning.

Well. Today is Monday. the most painful day of the week and fortunatley it rained today. i don’t know why and for what good reason this happened but it made it worst day today.