Happy Pi Day

Yes, "Pi" is the same number you read about in your math textbooks at school. For those who can't remember what on earth it was, let me refresh their memories. Ahem Ahem... The ratio of the circumference of a circle to its diameter is constant for all circles, and the constant is called Pi which approximates to 3.14, if we consider two decimal places.

Pi Day is a fun and unofficial holiday celebrated on March 14 by math lovers around the world. Why March 14? March corresponds to 3 (third month) of course, and so 14th March can be thought of as 3.14. Well actually, the story goes further than this. People usually convey their wishes at 1:59 pm on 14th March, as the decimal representation of Pi is like 3.14159...

Math lovers (mostly in universities) celebrate this day by getting together and discussing about the history of the "loved" number, having contests to see how many digits of Pi one has memorized, and eating pies, of course.

Now shifting to a serious mathematical note, the number "Pi" has been shown to have multiple interesting properties. Two of those are as follows :

• It is an irrational number, which means it cannot be written as a ratio of two integers (a close approximation is 22/7).

• It is a transcendental number too, which means there does not exist a non-zero polynomial with rational coefficients that has Pi as a root.

A widely believed conjecture related to Pi is that it is a normal number. A normal number is a real number whose representation in any base has digits (or whatever they are called in some base) in a uniform distribution. In other words, any substring of digits is equally likely to occur in the representation of Pi. If you think more about this, then you can surely arrive at this hilarious conclusion.

So folks, here's to you wishing a Happy Pi Day !!!

PS :
(1) July 22 is celebrated as Pi Approximation Day (Think 22/7).
(2) Not sure if its a coincidence :), but March 14 is Einstein's birthday.

Cool navigation feature in Konqueror

Why does one use mouse while browsing? Primarily to click on hyperlinks, of course. Recently, I came across this cool feature in Konqueror which allows you to browse around using keyboard only.

Try this. Go to some web page using Konqueror, and press the Control key on your keyboard.
Konqueror would provide you with tooltips on the webpage, that associate a key with each link on the webpage. Pressing the correct key would take you to the associated link, in the same manner as would have happened if you had clicked on the link with the mouse. This feature is probably called Access Keys Control.

The screenshot shown here is what it looks like. Notice that the "A" key is assigned to two links in the screenshot. This is because both the hyperlinks point to the same location. Hmm, smart, real smart... :)

FYI, the version of Konqueror on my system shows "Konqueror 3.5.5 (using KDE 3.5.5)". I ain't sure if the older versions have this feature.

However I think there is a problem here. As far as I know, Konqueror uses the alphanumeric keys (A-Z,0-9) for labelling links on a web page. Now what happens once the number of links on the web page exceeds the total number of alphanumeric characters (which is 26+10=36)? I found out that only the first 36 links are alloted keys for navigation, while the rest of the links are not. This looks like a shortcoming to me, unless there is some other way to label all the links on a webpage, however many there are. A better solution would be, IMHO, to label only the links on the webpage that are visible at a time in the browser window. In this manner, once the user scrolls down the webpage and finds more links, the keys can be reassigned. In other words, the assignment should be dynamic. Although one could argue that this method would fail if the number of links visible at a time exceeds the total number of alphanumeric characters, the proposed method is still better than statically assigning keys only to the first 36 links.

Anti-matter therapy for cancer

Well who could have thought of this!!! Anti-matter, that has been at the core of volumes of recent research in physics, has found its way into medical science and therapy. Recent announcements by CERN lab in Geneva have hinted at the idea of using anti-matter to target cancer cells resulting in intense biological damage of the cancerous cells leading to their death.

In fact, particle physics is already playing a role in cancer treatment today. Radiotherapy for cancer results in exposure of some non-cancerous parts of the body to harmful radiation. Applications from particle physics help reduce this collateral radiation by a significant amount.

Cisco aims at "social networking" for customers

Cisco systems (yes, the networking giant!!!) has made two acquisitions recently - Five Across, Inc. and Utah Street Networks, Inc.

Now why is this such a big news? Coz both the acquired companies are related to social networking.

In their own words, Five Across, Inc. is "a leading provider of social networking and community building technology that helps organizations ranging from small businesses to large enterprises connect to their community constituents and customer base". On the other hand, Utah Street Networks, Inc. is the operator of the social networking site Tribe.net, a San Francisco company that allows people to network online and build communities(tribes).

So what is Cisco doing in "social networking"?
Well, until now, there is no news of Cisco entering the Web 2.0 or social networking arena for common people. It sure wants to use the technology bought to build social networks, but for its own clients so that big and small consumers of Cisco products can network online.

However, there seems to be another interesting reason behind Cisco's decision.
An online article says this :
"The move is understandable, though. Based on conversations with three or four different Cisco executives in recent months, it is clear Cisco sees social networking and the wider Web 2.0 phenomenon as ways to drive Internet traffic, and thus traffic over their routers and other networking gear — and, it follows, more revenue for Cisco."

For direct news announcements from Cisco Networks, read this and this.

Worm attempts to exploit Solaris telnet vulnerability

Yesterday, I blogged about the Solaris Zero-Day Telnet Vulnerability discovered a couple of days back. Now, security firm Sophos is warning Solaris users of a new worm that is trying to exploit the vulnerability in the in.telnetd(1M) binary in Solaris.

The Unix/Froot-A worm (also known as Wanuk) tries to gain access to Solaris machines. Machines running Solaris that have not been patched with the recent fix for the bug and which have telnet access enabled could be infected by this worm. Under certain conditions, the worm sends system broadcast messages that could appear as a text message or as an ASCII art.

Users of Solaris are advised to disable telnet access and patch their systems with the recently released fix. Read this and this for news coverage of this issue.

Solaris Zero-Day Telnet Exploit

The incident happened around two weeks back. But for one reason or the other, I have not been able to post about it. Pardon me, readers, for this negligence!!!

Recently, a zero-day exploit in the in.telnetd(1M) binary shipped with Solaris came to light.

For readers who are not aware of what a zero-day exploit is, let me first take a step back and explain what a zero-day exploit is. When a vulnerability is found in a piece of software, the announcement of the vulnerability goes online for the benefit of the vendor as well as people using the software. The vendor rushes to fix the vulnerability and release a patch to the software before the exploit (piece of software that exploits the vulnerability) is released to the public. The term "zero-day exploit" refers to an exploit which is released to the public (by the people/group who/that finds it) on the same day as the vulnerability or vendor patch.

The exploit for in.telnetd(1M) on Solaris was quite simple. If a Solaris machine had telnet access enabled, then anyone having network access to the machine could login to the machine as any user, without any password, using simply telnet.

Really, the exploit was as simple as issuing:
telnet -l "-froot" hostname/address ----> for root access

Actually, one can configure the Solaris machine to disallow remote login by root. If thats the case, one could give any username instead of "root" and login as a valid user.
Its easy to see how one could wreak havoc in such a case.

As soon as the news broke out on online forums, Sun engineers got to work on it. In fact, since the code was open, the poster actually pointed at the code that was messing up, and that speeded up the patch process. For a really good and interesting account of the patch process followed by Sun for the bug, read this blog posting by Alan Hargreaves, one of the Sun engineers working on the patch.

Now there were concerns as to how could such an exploit be overlooked in Solaris, especially since the same bug was identified on Unix in 1994. Sun engineer Casper Dik gives a really good explanation.

Anyway, Sun released the patch for the bug really fast, and I presume people around the world using Solaris would have installed it soon enough. One good point to notice is the fact that since OpenSolaris was open source, the exploit was found and then fixed really fast. One could argue that the open code could have contributed to the discovery of the exploit, but I would stress on the fact that the open code helped to find the fix fast as well. Bugs are present in software all the time, but fixing them and making them more robust is what counts more. So, making Solaris open source surely helped everyone!!!

For more details, read this.