Desicritics Author: Ganadeva Bandyopadhyay

Mumbai Terror: Basic Security Issues

Ganadeva Bandyopadhyay — Mon, 1 Dec 2008 09:44:58 EST

Three very common and basic security issues which are over-simplified in the internal security context in India

1) The absence of reliable tracking and recovery of lost/stolen mobiles. The responsibility of the handset maker seems to end with hard-coding the IMEI numbers into the handset. Assuming large operating profits in large markets like India with sale of large numbers of handsets daily, this is possibly an overlooked matter on part of the handset makers as well as network providers. Such shady mobiles can be a possible internal security loophole in the hands of an enterprising terrorist.

2) The absence of strong determination in taking cases involving known shady criminal characters through due legal processes. Frequent terrorist acts have been a grim reminder that small-time criminal networks give support to organisations with more widespread violent agendas in South Asian context.

3) The allowance of pseudo military training of the highest order in the name of moral support for self-determination in disputed areas within the frame-work of a national definition. Is it time for a competition between opposing groups for a direct communication to the gullible supporters?

Are these not just some of the points that are part of the over-simplified and hence underestimated internal security concerns?

Is it Time for a United South Asia?

Ganadeva Bandyopadhyay — Sun, 30 Nov 2008 10:51:07 EST

With the rising incidents of violent elements hiding under the cover of national definitions, is this the right time for a leap of faith towards a common entity in South Asia, a United South Asia, as it were?

One of the out-of-the-box ideas seems to be in the Nehru papers as outlined in an article in The Hindu Business Line. While this was primarily targeted towards Jammu and Kashmir, in the present times, with the splitting of Pakistan in 1971 there is one more country to consider, namely Bangladesh.

Among the significant advantages of any common political, military and economic entity would be:

1) The raison d'être of any hate-mongering organizations within the presently separate national definitions is automatically eliminated. Hence the insensitivity to target civilians and men-of-war of the 'other' national affiliation is immediately rendered meaningless and illegal.

2) People accused of crimes against humanity will come under the purview of laws of interior/home ministry which is significantly less complicated to process than the long-winding international dialogues which are subject to threat perceptions to the concept of nations.

3) The much discussed nuclear threat in South Asia is eliminated with a common military, political and economic structure. A common market gets the boost leading to generation of wealth and opportunities. Young men and women get opportunities which are qualitatively and monetarily better than careers in violence and mayhem.

4) Landlocked North-East India gets access to ports such as Chittagong and Cox's Bazaar leading to revival of lost economic and cultural links extending further towards the ASEAN countries.

5) United political and military front presented towards violent elements on the Afghanistan border leading to stabilization and improved all-round opportunities to people weary of war.

6) A downplaying of the minority-majority debate based on religion which has colored the political imagination for gaining political advantage since decades.

7) Creation of new political constituencies across the region supporting the cause of development, eradication of evils like poverty, low human development indices and a reduction in military budget due to the elimination of threat perceptions.

Are there really leaders with the foresight for implementing such an arrangement? Or maybe we need to wait for a South Asian Bismarck or a modern-day Chanakya to arise.

Book Review: Imagining India - Nandan Nilekani

Ganadeva Bandyopadhyay — Sun, 30 Nov 2008 00:49:10 EST

Among the leaders and pioneers of the much feted and praised IT company, Infosys, Nandan Nilekani has given a window into his thought processes in this book.

A reader will have to acknowledge the clarity of thoughts that have gone into covering an extraordinarily wide swath of topics. This includes, among the many others, a very intense perspective on the English language and its undeniable love-and-hate relationship with Indians since the beginning of colonial rule, the analysis of democracy and its evolution in India and a scathing critique of our universities as they degenerated into getting into the center of politics rather than being the cradle of new ideas, opportunities, and movements to rejuvenate the national life.

While reading the book, among the many impressions that the reader may get is the immense sense of hope for India, sometimes in comparison with China and other countries . This happens while describing the potential demographic advantages available currently to India, and also the challenges in converting such potential into realistic scenarios.

Mr. Nilekani could have considered giving more space to the huge challenges that were faced by leaders other than Nehru in the decades immediately after independence, a more perspective view on the growth and success of non-IT companies in the same phase as Infosys and maybe viewpoints on the various strains of violence, terrorism and insurgency affecting the Indian state.

Readers would come to understand the big challenges that come with big numbers, which are more the norm than the rarity in our national space. As a people, we are frequently accustomed to hearing about a large population, large contradictions in terms of empowerment by education, and empowerment by political means or even the wide variations in wealth distribution. One of the realizations that this book will definitely give to its readers is the enormity of challenges that have been faced by leaders and politicians and the immense hard work and faith in a national concept that has kept converting such challenges into windows of opportunity.

The narrative gives much hope to readers by the end of the book and especially for the Indian readers that corporate leaders of the calibre of Nandan Nilekani have their head and heart in the right place and salso provide the inspiration for similar successes to be actually replicated across all fields of national life.

Mumbai Terror: Musings of a Desicritic

Ganadeva Bandyopadhyay — Fri, 28 Nov 2008 14:16:25 EST

As we look helplessly at a rising body count of innocent civilians, police and men of war converted into peace-time martyrs, there is a an even more sense of urgency in the quality of leadership options presented to global democracies.

What would be the philosophies and indoctrination that force people in their young twenties and thirties to go against all accepted norms of decency to take to arms and kill humans of the same flesh and blood, having the similar emotions, born in similar biologically defined processes, makes one wonder.

Even as more and more scientific achievements make our heads held high, our hearts touch the depths of the soul to find the cause of the mindless violence. Is there any invention, any discovery, any prayer that is the antidote to the hatred sown in young minds?

Is there really a gap of leaders who can inspire young men and women to abhor violence and use more human methods of communication?

Or is the unending battle of good against evil getting played out in our hearts and minds as we tend to stick to old loyalties and reinforcing the borders of nations drawn over history and sometimes with blood of innocents such as with the victims of the largest transmigration in recorded history.

What if ever is the lesson in history that is missing from our text-books? Or what is that lesson from history that was present and we have overlooked?

Book Review: Hacking VoIP

Ganadeva Bandyopadhyay — Sun, 23 Nov 2008 12:37:48 EST

In a concise two hundred and eleven pages the author has attempted to cover the protocols, security threats and their countermeasures, audit issues related to Voice over Internet Protocol(VoIP). As outlined in the beginning of the book, the audience is the VoIP administrators and other related IT personnel tackling the nitty-gritties of implementation and day-to-day functioning VoIP in an enterprise network.

With a clear primary goal of discussing security exposures and their possible solutions, the book does a good job as it takes through a security specific discussion and labs on signaling via SIP(Session Initiation Protocol) and H.323. There are also discussions on security issues related to media layer as implemented via Real-time transport protocol and security issues for both signaling and media in Inter-Asterix eXchange(IAX).

Some of the interesting topics in the book also include exploiting weaknesses in SNMP utilizing a tool such as GetIf and making free calls using VoIPBuster. The book ends with the topics on countermeasures and audit portions. Major approach presented is the ability to provide security at both the session and media layer.

With a focused audience and a clear goal, the book does justice for a technology moving towards maturity even as it finds a growing acceptance in the enterprise. Only one suggestion can be to include some more developments, solutions and techniques still not implemented in enterprise networks but having good scope.

Book Review: Head First Statistics

Ganadeva Bandyopadhyay — Sat, 15 Nov 2008 01:29:26 EST

Head First Statistics is more a study guide covering basic topics of most statistics courses or even parts of statistical topics in application areas such as analog and digital communication, noise theory. Measuring central tendency, measuring variability and spread, calculating probabilities, using various distributions for solving problems, correlation and regression are some of the topics covered across fifteen chapters.

While the discussion is paced to be reader friendly, there seems to be an emphasis on distributions with entire chapters dedicated to some of them. The quality of the examples can do with some upgrading for a consistency within the book. Maybe lesser number of useful examples such as the one bringing out the various statistical concepts related to measuring central tendency in improving a health club could be continued across multiple chapters. This could ensure the continuity as the concepts build on one another.

To summarize, a good statistics study book with an emphasis on distributions. It would be good to see some of the other statistical concepts to be given more coverage in future editions. At least one other book which can be an additional read to this book would be Statistics in a Nutshell.

Book Review: Nagios - 2nd Edition

Ganadeva Bandyopadhyay — Fri, 14 Nov 2008 02:52:39 EST

The book comes across as a wonderful companion for utilizing Nagios- an open source system and network monitoring tool. There are twenty six chapters covering a lot of depth and variety with respect to Nagios.

There are five main sections in the book, viz. Source code to a running installation, In more detail,The web interface and other ways to visualize Nagios data, Special applications and Development. Some of the more unusual topics worth mentioning is the configuration for external notification via SMS and via email, monitoring room temperature and humidity, monitoring SAP systems via plug-in check_sap.sh and via SAP's own monitoring system CCMS and monitoring oracle database with oracle instant client.

The chapters are very concise and readable especially for the system, network or other infrastructure administrator already hard-pressed for time. One of the important facets of this book is that although there is an attempt to present the useful information, it also motivates the reader to go further and explore based on the suggestions and hints that is provided in the book.

To summarize, a highly recommended book for interesting and very useful topics in present-day IT infrastructure.

Book Review: Head First Physics

Ganadeva Bandyopadhyay — Thu, 13 Nov 2008 10:18:58 EST

Here is a refreshing approach to the subject of Physics which is one of the elementary science subjects in any high school. Emphasizing a “reader as part of the problem” approach among the many innovations in this book, it is a delightful read.

The book covers almost all the topics of algebra-based mechanics and practical physics in its eight ninety four pages, including an index. In spite of being such a huge book, the book makes for a consistent pace of understanding and comprehension as it starts from guidelines to think like a physicist, units and measurement more advanced topics such as gravitation and orbits, oscillations and finally coming back to applying the algebra and physics formulae to having a new understanding to thinking like a physicist.

With memorable examples and various innovations of the Head First series on full exhibition, the book is one of the must reads taking away from drab text-books and learning by memory approaches to learning physics. One of the outstanding aspects of this book is the continuity of the topics as they connect with each other while interpreting the examples.

Python for Unix and Linux System Administration

Ganadeva Bandyopadhyay — Wed, 12 Nov 2008 09:54:02 EST

In addition to a very noticeable acknowledgments section, here is a book for system administrators trying out a new language to reduce their difficult and sometimes repetitive tasks. In fourteen chapters the authors have tried to do a commendable job for presenting Python as a language that could be used with little bit of learning.

Among the system administration tasks that are tackled via Python in this book, there are chapters dedicated to documentation and reporting, networking, handling data, SNMP, package management and building GUI s among others. One of the important additional tasks i.e. backup and restore seems to have not got the attention it deserves from the system administration perspective. This is true in spite of the newer scenarios where there is separate role of storage administrator as a specialist within system administration is coming up in most organizations and setup handling the massive growth in data storage and maintenance requirements.

While the examples presented are useful, there are some variations that could have made the book a more useful read. For example, in the example 5-9 about connecting to an SSH server and remotely executing a command, the password seems to be required in clear text. One variation could be an answer to the question “Would it be possible to use encrypted password so the script can be read and run by any less privileged user?” Another thing about the discussions is a frequent reference to books for further reading within the text. While it is a good idea, sometimes the list of books of further reading could have been given at the end of each chapter.

All in all, the book is giving a clear idea for using Python as a tool for system administration. Further reading and experimentation is definitely recommended to the readers after going through this book. Absence of major discussion on backup and recovery scripting is a big gap within the book of this nature.

Book Review: Refactoring SQL Applications

Ganadeva Bandyopadhyay — Mon, 27 Oct 2008 01:26:28 EDT

Refactoring SQL Applications is a book on a useful subject for database and tuning specialists and other IT personnel frequently tasked with unruly SQL applications hogging precious resources which can be better utilized.

Besides discussing and providing tips and techniques to improve SQL application re-engineering on all important fronts, the utility of book would is in that most of the exercises have MySQL, Oracle and SQL Server approaches. The discussion does allude to specific examples for one of the three databases as per the concept being sought to clarify.

The topics discussed include possible implications of the auto-commit mode in JDBC, appropriate use of joins and indexes, detecting and correcting parsing issues and transaction management and basic tips to run trace on queries and analyzing them among others.

One of the possibly advanced concepts for this subject is in refactoring flows and databases using effective parallelism and physical and logical database changes to improve the performance. The must read portion of this book undoubtedly would be the eight chapter which compacts and distills the wisdom of the discussions into a set of tasks that can be performed when a SQL application is coming up for refactoring.

One of the undeniably useful tips that the author concludes by, is to avoid an over-reliance on wizards and advisors and be ready for the frequently iterative nature of performance improvement techniques.

To summarize, the book is a must have for the database practitioners and IT specialists working in this field. It would have been interesting to know what tips and techniques that the author would have suggested for improving the performance on the critical Oracle RAC clustered setups.