Skip to main content


Showing posts from 2014

Custom AdBlock

This is not something new I am writing today. AdBlocker Plus plugin for chrome, and other browsers blocks ad requests based on the request's domain name or url pattern or some css pattern. The problem with this method is Chrome has no idea of including plugin support for android and therefore ABP as it is wont work. They support a proxy method where all HTTP Requests from browser will alone be routed via the proxy. All ads will be scrubbed by the proxy before sending response to the browser. But ads that are HTTPS and ads on other apps will not be blocked. So I made a domainlist from . The domainlist is available at . Note: This might have duplicates and false positives. Now my thought was to return a servfail while the browser/app tries to resolve these domains. As I said a bunch of people has wrote blogs about it, But they were using named as their dns server. I

OAUTH and Javascript

I am surprised to see the careless implementation of OAUTH by almost all providers like Google, Facebook. I am pretty much sure that I might not be the only person who would have noticed it. By this time there could be atleast thousands of botnets which impersonate as a regular site and spam users' walls or create a social network graph as good as facebook. Probably there will be a separate Real Time Bidding auction by the impersonators. In short OAUTH+Javascript is like locking your door and leaving the key under your doormat. Lets discuss about the differences between the client based OAUTH flow and server based OAUTH flow As per Google's  documentation , the server loads the page on client(browser) with the app id(public name).  On initiating OAUTH with Google servers, the appid and redirection_uri is passed. The Google server calls the redirection_uri with a code. The app's server has to cross check the code with client_secret to get the access_token which has

Java Garbage Collection

This week we got a plenty of out of heap memory exceptions in Java. So I started looking on Java Garbage Collection, a revision of System Software Internals theory again.  Java has its heap divided into new gen and old generation. Java's garbage collection tries to take advantage of the fact that new object will be deleted sooner(objects will have smaller life time). So Java's heap is divided into 1)Young Generation(smaller in size) 2)Old Generation (larger chunk) Young Generation: Young Generation is smaller in size. Traditional Recursive Garbage collection will be faster if the size to be collected is smaller. New Objects are created in Eden part of the Heap. Garbage Collector runs frequently in this space and marks objects that are referenced.  Objects that are not not referenced are removed in the second pass and the live objects are moved to Survivor Space. Survivor Space has two regions Survivor 0 and Survivor 1 which uses an algorithm similar to Copying G

Rootconf Flash Talk

Here is my RootConf Flash Talk. Pretty much unprepared. Agreed it has an artificial slang and it is technically incorrect at few places(look out for false negative)

Rootconf 2014 Review

Bad points to start with Rootconf 2014 was filled with topics about docker. The speech selectors should have reduced the talks about docker as most of them are very much redundant Then came the highlight of all, most of the talks compared their feature on traditional virtual machines, docker and lxc. For God's sake docker and lxc are the same technology with docker being a wrapper around lxc. Docker allows remote creation of containers. I personally like aufs rootfs of docker. Docker differs from lxc by principles. Docker's Philosophy is isolation of processes as separate containers. So based on use case select any one of them. If a system runs docker it can run lxc and they aren't entirely different technologies. Good take away points are Infrastructure code has to be tested. The talk was about test-kitchen for chef. On further exploring puppet land has beaker ( ) which allows us to test puppet code During a talk about

C++ After a Long Time

We were facing a weird issue on our almost stable dns infrastructure. We use PDNS servers and our custom backend to serve DNS requests. So the PDNS server pipes the request to custom backend, the backend reads from the pipe and puts the result back in the pipe which is served back to the client by the server. This intro is not at all useful to the post. So please ignore it. The problem started since Monday where randomly our PDNS backend started using 100% CPU and the PDNS server started crashing. The backend was written in C++ and the debugging started. The backend had no debug mode to start with (!). So we attached all backend processes to strace. Strace showed a particularly crafted DNS request put the backend in infinite loop. We couldn't get the whole request in the strace as it was bigger than default 32 bytes. We started strace with -s 5000 to capture 5000 bytes. Now the dns request is found. The domain name is 312 bytes long. A full domain should not exceed 253 characters


GDB is one of the best debuggers available. GDB uses ptrace to trace the program's state.  One needs to compile the program with -g option so that the debugger can get info of the symbol table. If the program is optimized while compilation, gdb shows a lot of interesting changes than the original flow we expect. Even some variables are removed from scope during optimization, if they are not utilized. GDB in one way also helps us to understand the functioning of compilers.  GDB supports to traverse a program line by line(with/without entering into subroutines/methods). It also supports creation of breakpoints. Since it has read the symbol table, it also supports printing the value of variables, provided they are not optimized out, at any point during execution. This comes in handy when one looks into a big source code for a particular abnormality. I faced a weird issue with httpd and gdb really helped to find the handler which was responsible for the issue.