#header-inner {background-position: right !important; width: 100% !important;}

2/22/14

Ways to Handle Software Dependencies.

Software, when it's complex is easy to break. But large systems are complex.

Software Dependencies (code that affects other part of larger application) can ruin your work.

There are ways to isolate code from affecting too much.

I'd use either software tree structure and relying upon abstractions instead of concrections, or better yet - an event bus.

When we use event bus, software components (aside from initialization) should depend ONLY on an event bus, that is... react to events and produce events and 'side effects' only. Side effects are things that affect 'outside world', for example text on a screen, or image on a printer. Input data, such as for example keyboard or mouse input or data from other sensors should also be event-ized.

2/21/14

Stitie Virtual OS.

If we divide Stitie Space into Cubes (small or large, perhaps made of cubes as well) for each of running kernel and implement (as objects collaborates that fit in such Cubes):

- VM core,
- OS kernels,
- transmitters (for messages transmission between VM core and OS kernels, and between OS kernels and processes that run around such),

then we have architectural backbone for Stitie Virtual Operating System.


We can compose such collaborates or cubes into objects and arrange them into Stitie Space, each of such objects being a Virtual Machine on it's own that can run software and communicate with each other.

Ola AH programming language perhaps could support programming (to a certain degree), design and configuration of such VMs as well.

(TODO: paint a 3D diagram example).

See also: Stitie Virtual Machine & Ola AH language.

Virtual Machine Operating Systems.

Most modern operating systems consist of layers. Just over a hardware layer there's system kernel implementing functions that extend processor instructions functionality. User programs can use both.

There are also Virtual Machine Operating Systems, that add virtual machines layer over hardware, enabling to run multiple operating systems that share hardware resources simultaneously. Each Virtual OS uses part of available resources and runs a kernel.


 photo osstructure_zps5e8abc69.png



Source: [12].

SSL / TLS Basics.

SSL (Secure Sockets Layer) is enhanced version of TCP (Tranmission Control Protocol) with additions of confidentiality (feature that hides transmitted data from eavesdroppers), data integrity (transmitted data is hard to tamper with), and end-point authentication (we know who 'talks' with each other via the Internet or other medium; both client and server is authenticated).

TLS (Transport Layer Security) is a version of the SSL version 3 that has been standarized by the IETF (Internet Engineering Task Force) [RFC 2246]. (Request For Change 2246).

SSL is something between TCP (in Transport Layer) and Application Layer... that is, when we program Secure Socket, we configure security and handle it as an abstraction over standard TCP Socket.

SSL consists of three phases:

* Handshake

During Handshake phase, client and server negotiate encryption protocol, establish connection, server sends certificate with assymetric public key which is used to transmit Master Secret, an information that can be used for symmetric key encryption between client to server that handles secure transmission.

During encryption protocol negotiation, hackers can delete strong ciphers if weaker ones are available, so do not add weak ciphers if you do not have to. It's alluring to add more available ciphers for variety, and trust infrastructure to do rest, but computer criminals treat this as vulnerability and reduce your options so do not do it. It's best to leave default configuration if you are not expert.

* Key Derivation,

In principle Master Secret (MS), now shared by client and server (Alice and Bob) could be used as the symmetric session key for all subsequent encryption and data integrity checking. It is, however, generally considered safer for Alice and Bob to each other use different cryptographic keys, and also use different keys for encryption and integrity checking. Thus Alice and Bob use the MS to generate four keys: Alice's session encryption key, Bob's session encryption key, Alice's MAC key for checking data integrity, Bob's MAC key for checking data integrity.

* Data Transfer.

During data transfer, SSL uses simple sequence numbers to ensure correct order of records (data chunks) transferred, and Message Authentication Codes (MAC) for integrity checking of each of the records. And let's not forget about session keys for symmetric encryption of data transmitted between Alice and Bob.

Lastly, to close SSL TCP connection, we need to send proper information inside encrypted data (proper SSL record), then finalize TCP connection with a TCP FIN. Otherwise, we are susceptible to an truncation attack... now we know something 'funny' happens if data transmitted is finalized with TCP FIN before proper SSL record indicated end of secure transmission.


Source: [3].

2/19/14

Stitie Machine use in 3D Graphics.

If we store initial state of each pixel and only add transformation strategies without affecting pixel's state to each of pixels, we can selectively 'undo' and 'redo' any action on each of pixels, not needing to rely on undoing from last to first.

We can store transformations and select which are performed and in which order.

2/15/14

Attack types on Internet Applications.

There are many types of attacks on Internet Applications.

These include:

* Deep Hide : 'Protecting' resources by hiding them in a virtually unaccessible place, relying on unknown location instead of other protections. It's not attack per se, but it can be used as a part of larger attack. It's also a vulnerability to exploit.

Examples:

- we've internet resource file deeply hidden,
- we have internet resource web page deeply hidden,
- we have REST-ful Web Service internet resource deeply hidden.

Notes:

When served by a dynamic application, such resources can activate and appear as needed, for example on a signal or at a given time for a short duration or moment.

* Attack on Internet Application Form : Brute Force or Dictionary Attack, it's about trying large amount of user / password combinations in a short time.

Defenses to consider:

- Smarter or not, it can be defended with restricting user to maximum amount of login attempts per given time, or with use of security tool such as CAPTCHA that requires some kind of confirmation that user is human being, not a script that sends 'requests' to Internet Application.
- Let's not forget about at least informing about the danger of using password easy to guess.
- Further security measures such as storing user's IP address can give clues for investigating sources of such hack attempts. SSL/TLS and IPSec can also tighten security here, for user is either unanonymous (Secure Connection is established), or paid for account and/or misdirections, or has to rely on very powerful and often attracting attention hacking methods.

* Account Lockout Attack : Attack that results in locking out user's account after multiple failed login attempts.

Defenses to consider:

- Appropriate amount of login attempts allowed,
- Appropriate lockout duration,
- CAPTCHA use,
- Locking account by user's IP address, instead of global account lockout (this is problematic since there are dynamically assigned IP addresses),
- Consider Proxy Servers when locking by IP address (this is problematic since there are dynamically assigned IP addresses).

* Web Parameter Tampering : Sometimes Internet Application state is (unskillfully) stored on a client. Such data is considered unsafe, being prone to tampering by users.

Defenses to consider:

- Do not store Internet Application state on client if you do not have to.
- If You store such data on client, encrypt it, at least with MD5 cryptographic hash function.

* Path & Information Disclosure : Causing execution error in an Internet Application can lead to obtaining information about directory structure, file locations or other information that can be used in preparation for an attack on Internet Application.

Defenses to consider:

- Turn off error reporting to user in production environment,
- Check border cases.


(TODO: finish).

Source: [22].

2/14/14

Enlightened Love, Antiterror, Dragonfly & Rootkit.

Rootkit is program used to intrude into other computer. It can be used to obtain information against Terror, and to turn it off.

It will be part of Dragonfly offensive version.

It is almost pointless to buy premade rootkit, much better to buy training and build your own.... for You can only trust tools made by Yourself.

example.

without Ansi C & Assembler this does not make sense.

without Enlightened Love even less.

2/11/14

How to implement Capturing Groups in Regular Expressions.

Capturing groups are noted using parentheses as in example:

'regular ((abab)?cdab(ac)+)* expression'

We take first group, by starting grouped character string from leftmost bracket, and ending it with rightmost bracket. If number of brackets is not even, or they do not match, regular expression does not compile.

In above example, first group would be character string:

'(abab)?cdab(ac)+'

We can name it as 'group 1', please note that this is also grouped regular expression.

We create finite state automaton that we'll use to match character strings that are defined by this language (regular expression) to be accepted by finite state automaton.

once we have 'machine' that accepts such strings we can use it in constructing more complex automaton that uses such.

we reduced first regular expression to (nonformal example):

'regular ((abab)?cdab(ac)+)* expression' =
  'regular "group 1"* expression'
  where "group 1" is '(abab)?cdab(ac)+'
    and asterisk (*) applies to 'group 1'.

then we can process the 'group 1' the same way, building a tree of finite state automatons that delegate group matching subtasks to their children.

group number is determined by number of opening bracket starting from the left.

See also: Data Search & Dragonfly.

2/6/14

Software Architecture (according with Rational Unified Process).

Let's define what is 'Architecture' in software context.

Architecture is a dyscipline and kind of Art, but it's also 'thing', certain quality of all systems. But also that, on which architect's work is focused.

Software Architecture consists of set of decisions regarding structure of software systems, such as:

* system's structural elements choice, and their interfaces,
* behavior of such element's collaboration and cooperation,
* organization of such structural and behavioral elements into larger subsystems,
* architectonic style, that affects this structure's shape.

(TODO: learn and elaborate following)

Software architecture also regards:

* use,
* 'functionality',
* 'effectiveness',
* robustness,
* reuse,
* understandability,
* limits and compromises regarding economical and technical restrictions,
* aesthetics.

Source: [10].

2/5/14

Four phases in Rational Unified Process iteration.

Each RUP iteration (cycle) consists of four phases: Inception, Elaboration, Construction, Transition.

Each phase has a goal to reach certain milestone in the project's development.

Inception: milestone is reached when we have project's goals researched and defined.
Elaboration: milestone is reached when we have project's Architecture (what is considered 'Architecture' depends on project, including project's size).
Construction: milestone is reached when we have first working version.
Transition: milestone is reached when we deliver the product to our customer.

As part of each phase there's one or more iterations within that phase as well.

Source: [10].

See also: 'Talking Objects' Solutions' for initial Inception & Elaboration tools.

2/4/14

Reverse Bonsai Tree Data Structure.

(place holder for article, need to prepare more).

(in honor of Reverse Polish Notation, Odwrotna Notacja Polska).

(anecdote: in Computer Sciences, trees grow with root upwards).

Design:

* Adaptable Data Structure, with operations that do not overuse resources,
* Minimalistic,
* For storing Arithmetic Expressions, accepts input in Reverse Polish Notation.

it should 'cut out' unneccessary subtrees as needed, for example if multiplied by 0. for that it should store subexpression result values at proper subtree nodes.

TODO: implementations (in Ansi C language and in Stitie Space, Java, Google Go, perhaps more.... in this order.).

Downloads:

* Ansi C implementation, without concurrency support, unfinished.

Adaptable Software.

Adaptable software does not use too many resources.

Using too many resources can cause system to behave slowly, unpleasantly to user, or even crash it.

With adaptable software, we are 'nice' to other programs and user at cost of our software's performance, slower, erratic animations and such.


-- 'Tree that bends is not easily taken by the Storm.'

Dynamic Cache of Treasures.

Stitie Machine can be used as Dynamic Cache.

We can proceed with computations, store partly calculated results and use them for further computations as neccessary and needed.... that his, dynamically build up tools for computing final result.


It is also 'adaptable software'.

See: Dynamic Programming and Optimal Substructure, How Stitie Machine can help to code Dynamically?, Adaptable Software.

2/3/14

Counting Integrals.

Follow the white rabbit (algorithmic steps):

1. Decompose function into simple functions (simple functions counting is easier to optimize).
2. Count individual values of simple functions (integral values are numbers, values of the areas under curves).
3. Count result.

Riemann's Integral.

Riemann's Integral. photo riemann_zpsf8bd1453.png


Source: Wikipedia.

Complex function.

Complex function's value at point x can be constructed from simple function values at point x.

For example:

fs1(x) = x => fs1(3) = 3.
fs2(x) = 2 => fs1(3) = 2.
fc(x) = fs1(x) * fs2(x) => fc(3) = 3 * 2 = 6 <= fc(x) = 2 * x where: x = 3.


See also: Base-k arbitrary precision arithmetics implementation.

Dynamic Programming and Optimal Substructure.

First step in dynamic algorithm design is defining optimal solution structure.

We'll say that problem shows optimal substructure, if it's optimal solution is optimal subsolutions function.

Common subproblem optimalization occurs when the same subproblem solution is used many times.

For example:

Let's compute: f(2) = (2*2) + (3*2) + (2*2).

We can lazily count (2*2) only once instead of twice.


We can find optimal substructure for this problem by constructing mathematical expression tree, where leaves are numbers and other nodes are mathematical operators.

Substructure would be structure of nodes in this tree, or order of computations.

Optimal solution for laziness (least number of computations) would be to count most common subproblems, (2*2) in this case, first.

in other examples, where 0 appears, laziness can be optimized even more, by 'cutting' subtrees that are multiplied by 0... and so on.


Source: [4].

See also: Dynamic Programming, How Stitie Machine can help to code Dynamically?.