SUBSCRIBE TO UI STREET

THE DECENTRALIZED WEB

The Decentralized Web

The Decentralized Web

The Decentralized Web pictures the future world where services such as communication, currency, publishing, social networking, search, archiving and much more are provided not by centralized services owned by single organizations, but by technologies which are powered by the people.

The main idea of decentralization is that the operation of a service is not dimly trusted to any single omnipotent company. Instead of, responsibility for the service is shared by running across multiple merged servers, or possibly running across client side apps in an entirely “distributed” peer-to-peer model.

The rules that describe the decentralized service’s behaviour are designed to force participants to act fairly in order to participate in all, relying heavily on cryptographic techniques such as Merkle trees and digital signatures to allow participants to hold each other accountable.

There are major areas that the Decentralized Web victors: privacy, data portability, and security.

PRIVACY

Decentralization forces an improved focus on data privacy. Data is distributed across the network and end-to-end encryption technologies are critical for ensuring that only approved users can read and write. Accessing to the data is entirely controlled algorithmically by the network as opposed to more centralized networks where usually the owner of that network has full access to data, simplifying customer profiling, and ad targeting.

DATA PORTABILITY

Decentralization forces an improved focus on data privacy. Data is distributed across the network and end-to-end encryption technologies are critical for ensuring that only approved users can read and write. Accessing to the data is entirely controlled algorithmically by the network as opposed to more centralized networks where usually the owner of that network has full access to data, simplifying customer profiling, and ad targeting.

DATA PORTABILITY

In a decentralized environment, customers own their data and choose with whom they share the data. They hold the control of it when they leave a given service provider. For instance, if the user wants to move from General Motors to BMW today, why should not the users be able to take the driving records with them? The same applies to chat platform history or health records.

SECURITY

We are living in a world of increased security threats. In a centralized environment, the bigger the storage tower, the bigger the honeypot is to attract bad actors. Decentralized environments are safer by their common nature against being hacked, infiltrated, acquired, bankrupted or compromised as they have been built to exist under public scrutiny from the outset.

As the internet itself need a grand re-levelling, taking different unconnected local area networks and providing a new neutral common ground that linked them all, now we see the same form happening again as technology begins to provide a new neutral common ground for higher level services. And much like Web 2.0, the first wave of this Web 3.0 invasion has walked among us for several years already.

Git is successful as fully decentralized version control system – almost it is completely replacing centralised systems like Subversion. Bitcoin demonstrates how a currency can exist without any central authority, contrasting with a centralised incumbent such as PayPal.

StatusNet provides a decentralized alternative to Twitter. XMPP was built to deliver a decentralized alternative to the messaging silos of AOL Instant Messenger, ICQ, MSN, and much more.

It is hard to forecast to which final direction Web 3.0 will take us. By unlocking the web from the hands of a few players this will unavoidably enables a surge in innovation and lets services to prioritise the user’s interests.

As the Decentralized Web attracts the interest and desire of the mainstream developer community, we cannot predict what new economies will arise and what kinds of new technologies and services they will invent.

SUBSCRIBE TO UI STREET

API TESTING

API Testing

API Testing

An application programming interface, or API, works to link an application to the web and to other APIs. In order to debate API and Web services testing, we need to first understand what is an API and how it works. So, explore this article and know more about it.

An application is made of three vital parts that ideally should be able to work and communicate in a segmented way, so one could be swapped out for another:

Data Tier: Where data is retrieved from the database and file system and then stored.

Logic Tier: In this processes, the data between the layers, coordinating the application, processing commands, and takes logical decisions. This layer is made of the API.

Presentation Tier: This top layer of the app is the user interface, which converts tasks into something the user understands.

APIs allow organizations to become more agile, for things to go mobile, and everything to work together in a streamlined, integrated way.

Therefore, API testing is testing that APIs and the integrations allows work in the ideal manner. This form of testing focusses on using software to make API calls in order to receive an output before perceiving and logging the system’s response. This tests that the API returns a correct response or output under variable conditions.

However, there also could be no output at all or something completely unexpected occurs. This makes the tester’s role crucial to the application development process. As, APIs are the central hub of data for several applications, data-driven testing for APIs can helps to increase test coverage and accuracy.

In testing the API directly, specifying pass/fail circumstances is slightly more challenging. However, in comparing the API data in the response or in comparing the behaviour after the API call in another API would help the tester to setup ultimate validation scenarios.

WHY IS IT IMPORTANT?

All forms of software are essential to recognize bugs and discrepancies both when releasing a product and it continues to work when it is out in the wild. It is very clear that the risk of putting an insecure product on the market is greater than the cost to test it.

Let’s see some instances of common security tests that API could be vulnerable to

The API is what gives the value to the application. It is what makes our phones “smart” and streamlines business processes. If an API does not work successfully, it will never be adopted, irrespective if it is a free and open API or one that charges per call or group of calls. If an API breaks because errors were not spotted, it will not break a single application but also a chain of business processes joined to it.

What You Need to Know to Start API Testing

The first part of API testing contains setting up a testing environment, with the required set of parameters around the API. This involves configuring the database and server for the application’s requirements. Once the user sets up his/her API testing environment, make an API call right away to make sure nothing is broken before the user starts more thorough testing.

The user can also start combining the application data with their API tests to ensure that the API performs as likely against possible known input configurations.

SUBSCRIBE TO UI STREET

RELATIONAL DATABASE VS NON-RELATIONAL DATABASE

Relational Database Vs Non-Relational Database

Relational Database

From the past few years NoSQL or Non-relational database tools have gained much popularity in terms of storing vast amount of data and scaling them easily. There are debates on whether non-relational databases will replace relational databases in future. With the growing number of social data and other unstructured data, the following are some of the questions raised on relational databases.

Are relational databases skilled of handling big data?
Are relational databases able to scale out enormous amount of data?
Are relational databases suited for the modern age data?

Well, before getting answers to those questions, let us dive deep-in and know some basics of both Relational and Non-Relational databases.

RELATIONAL DATABASE

The theory of Relational Database was developed in 1970s. The most important feature of all relational databases is its support of ACID (Automicity, Consistency, Isolation, and Durability) properties which promises that all the transactions are reliably processed.

Automicity: Each transaction is unique and make sure that if one logical part of a transaction fails everything is roll backed so that data is unchanged.

Consistency: All data written in the database are subjected to the rules defined.

Isolation: Changes made in a transaction are not noticeable to other transactions until they are committed.

Durability: Changes committed in a transaction are stored and available in the database even if there is power failure or the database goes offline suddenly.

The objects in the relational databases are structurally structured. The data in the table are stowed as rows and columns. Each column has a datatype. The Structured Query Language (SQL) is suitable to relational databases to store and recover the data in a structured way. There are always fixed number of columns although additional columns can be added later. Most of the tables are related to each other with primary and foreign keys thus providing “Referential Integrity” among the objects. The key vendors are ORACLE, SQL Server, MySQL, PostgreSQL, and much more.

NON-RELATIONAL DATABASES

The idea of non-relational databases came into representation to handle rapid growth of unstructured data and scale them out effortlessly. This offers flexible schema so there is no such thing called “Referential Integrity” as we have seen in Relational databases. The data is highly de-normalised and do not require JOIN’s between objects. This reduces ACID property of relational databases and supports CAP (Consistency, Availability and Partitioning). As it is opposed by ACID, it will only support BASE (Basically Available Soft state, Eventual consistency). The initial databases created based on the following concepts, BigTable by Google, HBase by Yahoo, Cassandra by Facebook, etc.

Categories of Non-relational databases: The non-relational databases can be categorized into four major types such as Key-values database, column database, document database, and graph database.

Key-values database: This is the easiest form of NoSQL database where each value is associated with unique keys.

Column database: This database is proficient of storing and processing large amount of data using a pointer that points to many columns that are dispersed over a cluster.

Document database: This database might contain many key-value documents with many nested levels. Efficient Querying is possible with this database. The documents are stored in JSON format.

Graph database: Instead of traditional rows and columns, this database uses nodes and edges to signify graph structures and store data.

Non-Relational Database

 

SUBSCRIBE TO UI STREET

WHY IS CHAR[] PREFERRED OVER STRING FOR PASSWORDS?

Why is char[] preferred over String for passwords?

Strings are immutable. That means once you have created the String, if another process can dump memory, there is no way (aside from reflection) you can get rid of the data before garbage collection kicks in.

With an array, you can explicitly wipe the data after you are done with it. You can overwrite the array with anything you like, and the password won’t be present anywhere in the system, even before garbage collection.

So yes, this is a security concern – but even using char[ ] only reduces the window of opportunity for an attacker, and it’s only for this specific type of attack.

As noted in comments, it’s possible that arrays being moved by the garbage collector will leave stray copies of the data in memory. I believe this is implementation-specific – the garbage collector may clear all memory as it goes, to avoid this sort of thing. Even if it does, there is still time during which the char[ ] contains the actual characters as an attack window.

SUBSCRIBE TO UI STREET

HOW DO I FIND ALL FILES CONTAINING SPECIFIC TEXT ON LINUX?

How do I find all files containing specific text on Linux?

grep -rnw ‘/path/to/somewhere/’ -e ‘pattern’
-r or -R is recursive,
-n is line number, and
-w stands for match the whole word.
-l (lower-case L) can be added to just give the file name of matching files.

Along with these, –exclude, –include, –exclude-dir flags could be used for efficient searching:
This will only search through those files which have .c or .h extensions:
grep –include=\*.{c,h} -rnw ‘/path/to/somewhere/’ -e “pattern”
This will exclude searching all the files ending with .o extension:
grep –exclude=*.o -rnw ‘/path/to/somewhere/’ -e “pattern”
For directories it’s possible to exclude a particular directory(ies) through–exclude-dirparameter.
For example, this will exclude the dirs dir1/, dir2/ and all of them matching *.dst/:
grep –exclude-dir={dir1,dir2,*.dst} -rnw ‘/path/to/somewhere/’ -e “pattern”

SUBSCRIBE TO UI STREET

HOW TO COPY FILES FROM HOST TO DOCKER CONTAINER?

How to Copy files from host to Docker container?

The cp command can be used to copy files. One specific file can be copied like:
docker cp foo.txt mycontainer:/foo.txt
docker cp mycontainer:/foo.txt foo.txt

Multiple files contained by the folder src can be copied into the target folder using:
docker cp src/. mycontainer:/target
docker cp mycontainer:/src/. target

In order to copy a file from a container to the host, you can use the command
docker cp :/file/path/within/container /host/path/target

SUBSCRIBE TO UI STREET

HOW TO MERGE TWO DICTIONARIES IN A SINGLE EXPRESSION?

How to merge two dictionaries in a single expression?

For dictionaries x and y, z becomes a merged dictionary with values from y replacing those from x.
In Python 3.5 or greater, :
z = {**x, **y}
In Python 2, (or 3.4 or lower) write a function:
def merge_two_dicts(x, y):
z = x.copy() # start with x’s keys and values
z.update(y) # modifies z with y’s keys and values & returns None
return z
and
z = merge_two_dicts(x, y)

SUBSCRIBE TO UI STREET

HOW TO SPECIFY A SUDO PASSWORD FOR ANSIBLE IN NON-INTERACTIVE WAY?

How to specify a sudo password for Ansible in non-interactive way?

We can pass variable on the command line via–extra-vars “name=value”.
Sudo password variable is ansible_sudo_pass.
So your command would look like:
ansible-playbook playbook.yml -i inventory.ini –user=username \
–extra-vars “ansible_sudo_pass=yourPassword”
 
 
 
 
 
 
 
 
 
 
 

SUBSCRIBE TO UI STREET

DATA BREACHES – WHAT YOU NEED TO KNOW

Data Breaches – What you need to know

Data Breaches

It might look like stories of huge data breaches are popping up in the newsflash frequently these days. Unfortunately, this is not shocking. As technology advances, all of our information moves to the digital world, and, as a result, cyber-attacks are becoming the new wave of crime. Companies and small industries are exceptionally attractive targets to cybercriminals, simply due to the large payday of data that can be stolen in one swoop. So, explore this article and know more about data breaches.

WHAT IS A DATA BREACH AND HOW AND WHY DO THEY HAPPEN?

The main reason that cybercriminals are thieving personal information is for use in identity theft. Last year more companies chosen not to reveal the full extent of their data breaches.

The targeted attacks from cybercriminals are generally carried out in four different ways: misusing system vulnerabilities such as out of date software, people using weak passwords such as their pet’s name without numbers and symbols, SQL injections, and targeted malware attacks. When systems do not have the latest software updates it can create a hole that an attacker can use to snitch malware onto the computer that can steal data. Weak and unsecure user passwords can make it easy for an attacker to crash, particularly if the passwords contain complete words or phrases. SQL injections allows for drive-by downloads that will inoculate spyware or malware onto the computer without the user doing anything to contract the malware. The targeted malware attacks happen when attackers use junk and spear phishing procedures to try and trick the user into revealing user credentials, downloading malware attachments or directing users to susceptible websites.

HOW CAN YOU PROTECT YOUR INFORMATION?

Being active about your accounts is the finest security measure that you can take to do your part to prevent data breaches.

Make sure that you use tough, secure passwords for each account you access, and be sure not to use the same password across various sites. Keeping track of various passwords can seem like an impossible feat.

To keep your personal identity safe and secure, it is always important to be alert on your
information.

Monitor your bank and financial accounts on a regular basis for suspicious activity. If the companies you do business with offer activity alerts via text or email, sign up for them.

Take action as soon as possible if you do see suspicious activity. Contact the bank or institution the suspicious activity originated from. Notify them of the suspicious transaction and inform them that your information was stolen in a data breach.

  • Close all online banking applications on your phone whenever you are not using them, and give your phone a password if you do not have one. Having to enter a password every time you use your phone is dreary, but it also provides a solid line of defence if your device is stolen.
  • Use secure URLs that begin with https:// on well-known sites when entering credit card or debit card information. You may also request to use disposable credit cards when doing online purchases.
  • Implement high-quality security software that includes malware and virus protection. Keep it updated.
  • Use a removable flash drive to store financial and other sensitive information.
    Avoid oversharing on social media. Never post anything relating to sensitive information, making your profiles private, etc.

Conclusion

Data breaches are here to stay, and the best defence against them is a good offense. Edify yourself and stay conscientious about monitoring your online life. Luckily, there are laws in place to safeguard you, but it is up to you to report any suspicious activity and fight back against cybercrime or not.

Data Breaches – What you need to know

  1. Pages:
  3. 1
  4. ...
  5. 9
  6. 10
  7. 11
  8. 12
  9. 13
  10. ...
  11. 56