User:Jaybosamiya/GSoC 2014 proposal

From SecWiki
Jump to: navigation, search

Feature Creeper and Bug Wrangler

Jay Bosamiya

Short description

This is a project to add many small features & get rid of many small bugs in Nmap, each expected to take only a few days, allowing for many to be handled over the summer. It will involve contributing to a wide variety of the Nmap code base rather than working on just one subsystem. When a high-priority bug is discovered, it will be my role to solve it. The exact tasks cannot be itemized in advance (but some are in Project Proposal). The deliverables are the bug fixes and the new features.


Basic/Contact Information

  1. Your Name: Jay Hitesh Bosamiya
  2. Email Address: jaybosamiya@gmail.com
  3. Instant messenger names and protocols (if any): jaybosamiya on IRC (#nmap)
  4. Telephone number (optional): Available to future mentor only
  5. If you have a URL for your résumé/CV, please list it here: None
  6. If you wish to list any personal/blog/LinkedIn/Twitter URLs, do so here:
  • https://www.github.com/jaybosamiya - I am in the process of converting my older projects into github repos just to keep all my projects in one place but it may take some time for me to search for and convert all the projects into properly accessible repos. I used to use my own versioning system (folders and naming schemes) till now but once I started to use git and github, I realized that I could put up everything onto github in a much nicer form and also store everything in an easy to access location for (hopefully) eternity.
  • http://jaybosamiya.blogspot.com/ - A place for me to put some thoughts once in a while. A little bit on the philosophical side, but I plan to put up anything and everything that interests me. Started it quite recently, so very few opinions and views are online (with many posts still in draft stage).

Project Selection

  1. Top Project Choice (If choosing one from the Nmap ideas page): “Feature Creepers and Bug Wranglers” (Further details in the Project Proposal section)
  2. Are you willing and able to do other projects instead? I am also interested and qualified in the “Performance/Optimization Specialist” task on the ideas page. Also, same for the "Port Nmap to MinGW" task on the community ideas page. I would be ready to discuss any of these if required.


Skills/Experience

  • Please describe in a few lines your C/C++ knowledge or experience (if any):
I have been programming in many different languages for a long time but I started C and C++ since class 7 and have developed a lot of small projects. Very few have been uploaded online since I didn’t know of places like GitHub etc. (as mentioned before). I am in the process of making it all available online, however. I code confidently in C and C++ and have always used C++ as my preferred language for any competitive programming (I was among top 20 in India twice during Indian National Olympiad in Informatics which is used as a selection test for the training camp in which the team to the International Olympiad in Informatics is selected). I am fluent with the standard libraries, and C++ and C is like second nature to me.
  • Please describe any Lua, Python, Perl, or other scripting language knowledge/experience:
I am familiar with many scripting languages, including Python, Perl, Ruby, VBScript, JavaScript, and GML etc. In doing any small or repetitive task, I have usually cooked up shell scripts too. I haven’t ever used Lua but looking at the language, it shouldn’t take me more than a short while to become almost fluent, if necessary. In fact, I recently found that it takes me a very short while to get fluent in any programming or scripting language unless it involves a complete paradigm shift (such as the language J).
One of my earliest achievements as well as large project would be that, as part of the Catch Them Young programme at Infosys, in class 8, after a 2 week training in SDLC (Software Development Life Cycle), I was one of the 2 students selected (across Bangalore) who did a 2 week internship that entailed PHP and SQL.
  • Please describe any Windows development experience:
Most of my development occurs in a very platform-independent way. I have used development environments in both Windows and Linux. I understand the basic similarities and differences between these two. This is because I have used both extensively from a young age. However, the biggest reason I understand the way Windows works is because I have tried writing shell-code for some executable files in Windows. (Purely white hat, of course).
I am very comfortable with using command line based tools, and tend to use them more often (since I find that typing is faster than moving the mouse, most of the time).
  • Please describe any UNIX development experience:
As mentioned before, I have used Linux (not UNIX as such, but *nix, nevertheless) since a very young age. In fact, every computer that I have had till now, has had Linux and Windows running for the same amount of total time, not counting the endless times I’ve run multiple Linux distros in virtual machines on Windows. (Rarely the other way around, for some reason).
In Linux, (again like Windows), I tend to use the keyboard more than mouse, so the terminal is my best weapon. I am very comfortable with using the shell and other standard facilities.
  • Please describe any Mac development experience:
None whatsoever.
  • Please describe any previous Nmap usage experience:
I have used Nmap multiple times, usually on machines at home or inside VMs, but I haven’t used any of its advanced features. Mainly, I have run it in order to find out alive hosts, the versions of services and OS detection. I have done all this in a strict white-hat way, limiting myself to machines I control or have received permission for.
  • Please describe any previous Nmap development experience:
I have compiled from source before but only recently did I decide to look into the code. I have submitted 2 patches to Nmap till now, through the mailing list. They are yet to be committed, probably because everyone is busy with SoC coming so close. They are the following
http://seclists.org/nmap-dev/2014/q1/308 I rewrote the modifications that are done to the libpcap that is shipped with nmap so that libpcap can be updated to 1.5.3 (till now, for quite a while, 1.2.1 has been used).
http://seclists.org/nmap-dev/2014/q1/311 I wrote a randomizer to the ASCII art in the configure script and added in some more ASCII art.
  • Please describe any previous Open Source development experience:
I have compiled many Open Source programs from source and have used configure flags etc. to affect installation. I have rarely looked into the source code of large projects until recently. As mentioned above, I have worked on some patches for nmap. Other than this, I have not worked on any patches for other Open Source projects. Instead, I’ve looked around in the mailing lists of many other projects whenever I’ve found bugs to see if there is any easy fix.

With respect to starting off any projects of my own, I have done many but since not all have the code available online yet, so it isn’t “Open Source development” yet, per se. I will be making all of the code available online soon; thus making it “Open Source”. The projects that are online, are in the next section.

  • If possible, include a link to source code you've written, such as a school or personal project:
Some of my projects are available online on my github profile (https://github.com/jaybosamiya) and most have fairly descriptive READMEs.
I have summarized them here.
  • https://github.com/jaybosamiya/NxN_TicTacToe - NxN Tic Tac Toe game (generalization of the normal 3x3 Tic Tac Toe game) with Artificial Intelligence. Uses MiniMax algorithm with Alpha Beta pruning. Developed this for a contest held in college.
  • https://github.com/jaybosamiya/PronounceablePasswordGenerator - generates passwords that are memorable since they are pronounceable. This project started off as an attempt to make people not keep dictionary words as passwords. Most people I asked said that they’d kept them only because they were easy to remember. The basic idea for the technique was sparked by this project I had seen which tried to automatically decode substitution cyphers.
  • KVPY Project
  • https://github.com/jaybosamiya/VanityHashing - An idea that I had when I noticed that many files (such as png) do not care about extra bytes at the end of the file. I thought of adding extra bytes so that the final MD5 hash of the file has a nice prefix (user chosen). It is not a very efficient way to do it but it is a proof of concept. For example: The file vanity.png (generated from test.png) has the MD5 hash starting with “ACE”.
Some other projects that I’ve worked on and are online but haven’t put on GitHub yet are
  • http://is.gd/jaybosamiya_rss_manager (shortened link to file on my Google Drive) - An RSS parser, reader and storage program. Though it was way more than what was required for the school project (class 12), I decided that I’d develop it further and I was able to make it into a pretty neat application.
  • http://p0w3r5urg3.webs.com/SchoolProject/SortomaticSourceCode.zip - A graphical sorting algorithm comparison tool. Again, this was outside the scope of what was required for school project (class 11), I worked on this and made it quite good. I had to work with threading in Windows (native threading) and this was quite pain at times but turned out to be a very great learning experience. With C++11, it would’ve been much easier and better. Also, it’d have been much cleaner if I’d made it object oriented, but out teacher wanted it “without OOP”.
As for the rest of my projects, I will be uploading them as and when I can.
  • Have you participated in any previous Summer of Code projects? If so (and it wasn't Nmap), please describe your projects and experience. Be sure to mention the years involved and the name of your former mentors.
No, this is the first time I am participating.
  • Have you applied for (or intend to) any other 2014 Summer of Code projects? If so, which ones?
No. I have not and don’t intend to apply to any other 2014 Summer of Code projects.

Education

  1. What school do you attend? IIT Roorkee (Indian Institute of Technology, Roorkee)
  2. What degree are you pursuing (include the specialty/major)? B. Tech. (CSE) – Bachelor of Technology (Computer Science and Engineering)
  3. How many years have you attended there? This is my first year here (i.e. in summer 2014, I would’ve completed one year).
  4. When do you expect to graduate? In the year of 2017.
  5. What city/country will you be spending this summer in? Bangalore, India.
  6. How much time do you expect to have for this project? Please list jobs, summer classes, and/or vacations that you'll need to work around: On average, I will be able to spend 35-40 hours a week, or more if necessary. This project is my primary task. College starts again mid-July so the number of hours I can work on weekdays would decrease a little but I will be able to compensate for that lost time on weekends. In the middle, I may need to take 3 or 4 days off but I will communicate this well in advance, so that there is no problem.

Project Proposal

  1. Please describe your proposed project in detail, including deliverables and expected timeline with milestones (this is the long answer):

    As stated in the description of the “Feature Creeper/Bug Wrangler” project on the project ideas page, the exact tasks will not be itemized in advance. Hence, I cannot give an exact timeline or description of the project. However, a general guideline of how I’d like it to go is as follows:
    The project will take part in many small parts/subprojects. For each bug/feature, a timeline or rough deadline will be discussed and decided between me and the mentor. Each of these subprojects will be a deliverable in itself and will need to be documented according to the project’s conventions. If, for any reason, a subproject is taking too long or cannot be completed, I will contact the mentor and after discussing the reason and explanation, suitable action will be taken (i.e. it will be decided whether it is fruitful to continue to work on that subproject or it would be more beneficial to Nmap for me to take on a different feature/bug). Hopefully, there will be no need to abandon any subprojects.
    I have looked into https://svn.nmap.org/nmap/todo/nmap.txt and https://secwiki.org/w/GSoC_community_ideas and have identified that I find the could start working on the “Ncat without OpenSSL, --ssl argument” for starters. Another task I could possible start working on is "an option to send a comment in scan packet data for target network" (from the todo list). I have identified other tasks too; however, I would like to discuss this with the mentor and then finalize a proper list.
    The mailing list (http://seclists.org/nmap-dev/) has many patches waiting for review or in need of small change. Throughout the project and even before the coding period starts, I will be looking into the list and helping out in making these come closer to merging. In addition to this, I have also started looking into the files which have “fixme” or “todo” in the comments so as to be able to find other tasks that I can work on. I will be discussing these too with the mentor.

    As for the general timeline for the project:
    Until May 17th (During Community Bonding Period): I will read through existing bugs and feature requests. I will analyse the necessary parts of the codebase and make a list of bugs and features that I’d like to work on for the rest of the project. I will also prepare my machines with any additional software that any specific bugs/features may require.
    By May 18th (Before Official Coding Period): I will submit a report containing which bugs and features I can begin work on immediately. I will also include a list of bugs/features that require more discussion/clarification. These will be candidates for later subprojects.
    Until 23rd June (Midterm evaluation period start): I will work on the subprojects, submitting regular reports and documenting as I go along and finish each subproject. I will also be discussing the bugs/features for the later subprojects. If any new high-priority bug comes up, I will discuss and then take it up.
    By 23rd June (Midterm evaluation period start): I will start working on the bugs/features that are larger/require more familiarity with the code. Also, I’ll finalize the list of bugs/features that I’ll work on till the end of the summer.
    By 27th June (Midterm evaluation period end): I will submit the mid-term report as well as a final list of bugs/features to complete.
    Until 8th August: I will work on the subprojects (the ones that are larger/require more familiarity).
    By 11th August (Suggested ‘pencils down’ date): I will have completed working on the subprojects and would have started to finish up any small work that got postponed to the end (if any).
    By 18th August (Firm ‘pencils down’ date): I will have completed all the small work and details too.
    By 22nd August (Final evaluation deadline): Submit the final report and take a short break.
    After a short break: Start again with new features/bugs, outside of SoC.

    As for each individual subproject, the timeline will be discussed with the mentor and will be adhered to.

  2. Why are you well suited to perform this project? (This can be a long answer too if you don't have a résumé/CV link.)

    In my experience, I have always been fast at grasping, understanding and figuring things out, especially when it comes to code, programs or algorithms. I am an expert programmer and have the necessary technical qualifications. I can work very well in a team and am good at expressing myself. I have the necessary skills to take decisions myself as well as know when to ask for guidance and help.
    I am enthusiastic to become part of such a widely used open source project. With this project, I will be able to thank and help the thousands of Hackers out there who have helped me become who I am today. I would be proud to say that I have worked on Nmap.
    More than all that, however, I feel that Nmap would be benefitted by my skillset and that SoC at Nmap would be the best use of my time.
Retrieved from "https://secwiki.org/mediawiki/index.php?title=User:Jaybosamiya/GSoC_2014_proposal&oldid=1626"