12/5/15

'Ola AH' Programming Language Randezvous System.

Disclaimer.

this is a prototype attempt,

i had 'Ada Randezvous' at Uni when we learned concurrency, but no real work experience so far.

semantics might change in future, syntax will be added later.
--


Why Tasks & Randezvous' ?

in Real World, 'tasks' are 'interleaved actions', not 'objects that can be run'.

this semantics allows 'actions' to be considered in 'verb' terms, as something that occurs with time.

better 'process model' means 'better understanding' & the 'finer control' over 'concurrent program execution'.


Tasks.

a 'method object' can have one or more of 'tasks units', a 'program units' that are executed concurrently with the rest of an 'Ola AH' program.

task is similar to a thread, as for example in Java Threads.

a method can consist of many of a threads.


Randezvous.

task can have 'entries', 'points in execution' where task communicates with outside, accepts requests with input, accepts requests for output ... as in a client-server model, where server is task with an entry, client is a calling task.

if the called task is not ready to service a call on an entry immediately, the calling task waits in a (FIFO) queue associated with the entry.

this interaction between calling task and called task is known as a 'rendezvous'.


Acceptance Types.

a wait on entries can be 'selective', that is, when a task opens for many entries waiting to interact with any of these,

a wait on a selective entry can be 'guarded', when an opening state of each of these entries depends on boolean precondiction(s) that can change as the time flies,

a wait on entry can be 'conditional', after a specified delay another of instructions are executed, acceptance state is left, for a while at least.


see also, if You wish or need, ... : 'Ola AH' Programming Language, Petri Nets & Randezvous Concurrency, an Idiom.

12/3/15

'Ola AH' Programming Language's Interpreter in Java.

Current State.

... it's a pilot project, a 'proof of concept' is already done ... real work will start since April 2017, starting from scratch if neccessary.

for now i prefer to be open for ideas, for new features, etc.


Differencies from Compiler.

since it's written in java, there will be:
- garbage collection, instead of manual memory deallocation,
- lack of 'sizeof' instruction,
- perhaps more.


Overall Interpreter's Architecture.

'Ola AH' Programming Language interpreter consists of two parts:
- Parser,
- Instruction Executer.

Parser consists of two parts:
- Tokenizer,
- Abstract Syntax Tree Builder.

Probably later there will be code parts responsible for optimization.


Parser - Tokenizer.

it's incomplete, but 'a design part' done already.

i've decided to do parser manually instead of using automated tool ... code is prettier that way.

higher quality, better code understanding, easier & faster changes in future.




Ola AH interpreter's parser,

a snapshot version of 0.0.1-alpha-15.





an Expression Tree,
in simplest form,

a snapshot version of 0.0.1-alpha-38.



Code.

'Ola AH' Programming Language interpreter's unfinished code in Java,
version 0.0.1-alpha-38 is available for download.

warning: code is very ugly as i experiment with code.

to be redesigned & rewritten later.




instructions parsed & executed,

in a version of 0.0.1-alpha-21.



see also, if You wish or need, ... : 'Ola AH' Programming Language, 'Ola AH' Programming Language Syntax.

11/27/15

Brute Force & Dictionary attacks on an Internet Application.

Brute Force Attack on Password.

we have a user name, for example: admin ... then we try each of character combinations as a password using automated script.

for example:

user: admin password: 1 -- login fail
user: admin password: 2 -- login fail

... (many login attempts) ...

user: admin password: Z -- login fail
user: admin password: Z1 -- login fail
user: admin password: Z2 -- login fail

... (many login attempts) ...

user: admin password: T3h_s3cr3t -- login success.


Dictionary Attack on Password.

we have a user name, we have a dictionary of 'words' (character combinations), then we try each of the 'words' alone or concatenated into a longer password. again we use automation tool as script for example.

opinions vary whether a dictionary attack helps to crack passwords truly, but it has uses nevertheless.

often it's better to start with a dictionary, before trying brute force or other methods later.

all information we have about an individual we are trying to compromise is useful here, for forming a proper dictionary.

for a simplified example:

username: admin,
dictionary: 007, bond, eye, gold, golden, pistol, gun, beach, surf, cat, icecream, shake, martini, lemon, stir, _.

after using script we'd have following dictionary attack:

user: admin, password: 007 -- login fail
user: admin, password: bond -- login fail

... (many login attempts) ...

user: admin, password: 007007 -- login fail
user: admin, password: 007bond -- login fail
user: admin, password: 007eye -- login fail

... (many login attempts) ...

user: admin, password: 007_007 -- login fail
user: admin, password: 007_bond -- login success


Attack on an Internet Application.

The difference between logging in on a local system & logging into the Internet Application is that login information is the part of the HTTP(S) request.

We can create a HTTP(S) request manually, inserting the authentication data as proper, then connect to the attacked Internet Application using script.

Providing there's no security mechanisms as 'Captcha' for example, we'll login after a certain amount of time & tries.

HTTP(S) protocol knowledge here comes handy ... at least part(s) of it, but perhaps we can just analyze login-related traffic between our browser & the application using a tool as 'HTTP Trace' plugin for the 'Google Chrome' browser.




HTTPS Traffic.



then we can extract HTTP Request & forge a new, similar one.

there are tools as well, for example:
- THC-Hydra (Linux),
- Brutus (Windows).

... i'd use these preferably.


   


Hydra & Brutus - Online Password Cracking Tools.



11/14/15

Electromagnetic Flight ?

'Basics of Electronics'

by Elmar Dehler & others.
REA 2012. EUROPA LEHRMITTEL.

(this book has a chapter about electricity, magnetism & Lorentz force).


'Waves & Antennas'

by Jarosław Szóstka.

(this book has chapters about electromagnetism,
also about waves & about energy in electromagnetic fields).


---
'Electromagnetic propulsion (EMP), is the principle of accelerating an object by the utilization of a flowing electrical current and magnetic fields.

The electrical current is used to either create an opposing magnetic field, or to charge a fluid, which can then be repelled.

When a current flows through a conductor in a magnetic field, an electromagnetic force known as a Lorentz force, pushes the conductor in a direction perpendicular to the conductor and the magnetic field.

This repulsing force is what causes propulsion in a system designed to take advantage of the phenomenon.

The term electromagnetic propulsion (EMP) can be described by its individual components: electromagnetic- using electricity to create a magnetic field (electromagnetism), and propulsion- the process of propelling something.

One key difference between EMP and propulsion achieved by electric motors is that the electrical energy used for EMP is not used to produce rotational energy for motion; though both use magnetic fields and a flowing electrical current.'

source: Wikipedia.

Questions:

1. can this be used to propel small flying objects such as Milimetrites (Mili Electro Mechanical Systems; a milimeter is 10-3 of meter), MEMS (Micro Electro Mechanical Systems; a micrometer is 10-6 of meter) devices or perhaps even NEMS (Nano Electro Mechanical Systems; a nanometer is 10-9 of meter) devices ?
2. can the flight vector be chosen that way ?

i am not an expert yet, but i think i should answer these questions a certain day in a future.


see also, if You wish or need : 'The World's First Flying Saucer: Made Right Here on Earth' on 'Scientific American', Nanoscale.


imagining however:
- perhaps ionizing air, creating plasma, makes coordination of NEMS nanites quite a daunting task, aside from software's inherent complexity,
- because of charged air or other medium, as well as plasma, pressure on objects can be of kinetic nature (particle collisions) or of electromagnetic nature, perhaps of yet another type(s) as well,
- how to handle wireless communication between devices as well ? this also leaves space charged as the wireless signal is also an electromagnetic wave,
- perhaps precalculating 'cases' for different energy fields will be neccessary.


      
'Quantum Fields Theory part 1st'

by S. Weinberg.
'Vectors, Derivatives, Integrals'

by W.Korczak, M.Trajdos.

'Ola AH' Programming Language for Nanotech ?

... this seems to be quite advanced in time thinking, but has to start somewhere anyway.

i think that since a certain day NEMS nanites & other nanotechnologies will be well understood by many of the people,

i think that since a certain day NEMS device drivers will be part of available technologies.

programming languages for coordinating 3-dimensional nanite swarm clouds will be neccessity, 'Ola AH' Programming Language should compete against other such solutions, i think.

... this will be one of possible use cases for this a Language, not only the nanotech.

there are many use cases for 3D worlds or realities modelling, including modelling market shares that Companies own, or modelling 3D Game Worlds.

i have faith that if something dramatic & catastrophic won't happen, 'Ola AH' Programming Language will have a lot of use cases in this life.

(i am a 38 years old scientist & artist at this moment, i am mostly Proficient with computer software programming including 5-years Professional Programming experience, i've did a Parser at work as well.).


     
'Nanotechnologies'

by R.W. Kelsall,
I.W. Hamley,
M.Geoghegan.
a Post in the LinkedIn's NEMS Group.

11/13/15

Multi-State.

when thinking about hardware layer of the Stitie Processor cubes, ideas come to my mind,

how to handle limited amount of memory in a single Stitie Machine?

perhaps State can have a links (pointers or references) to other memory parts, perhaps in different Spaces.

these referenced memory parts might together form an address space, a flat,
1-dimensional, State's a part.

this 1-dimensional space can be arranged many ways, for example as classical up-down memory address list that contains instructions & data.

other possible forms are theoretically possible, but i fail to see reasons for these, perhaps future will correct me in that.

there might be method that reserves a given selection of stitie machines & produces State object that hides these links & references from user's awareness, providing simpler model as for example Hash Map to protect his or her sanity, to increase productivity as well.


---
Pseudocode might look as that:


  StitieSpace space1 = ...;
  StitieSpace space2 = ...;

  Coordinates[] coordsList = { ... };
  State smA = space2.getFlatStateFromMachinesAtCoords(coordsList);

  StitieMachineImpl machineA = space1.getStitieMachineAtCoords(...);
  machineA.setState(smA);



---
A part of Stitie Computer, consisting of many Stitie Processor cubes (shown on image below as colored spheres) might look as that:



Green Machines belong to Stitie Space #1,
Grey Machines are unassigned,
Blue Machines belong to Stitie Space #2.



(connections & infrastructure were hidden on this image for picture's clarity).


Stitie Space's Object that creates State for example would be a part of infrastructure electronics, placed in-between individual machines.


---
a warning: 'Combining State' article is not very related to what i am doing here.

10/31/15

Marketing Tricks.

does a birthdate, TAROT, Magic(k)s, Zodiac, ... have a marketing impact when promoting a product ?

i think they do, as significiant group of society uses this a kind of services.

therefore, i'll try to advertise Dragonfly Algorithm's products as Magical Software Artifacts, or something along these lines.


there can be a mention about Magic being Awakened, for Buddha means Awakened (from delusions & other distractions, i think).


with all respect to target groups, i belong to them as well ... as a Virtual Adept on Milarepa's Way, in a way at least.


i think ad's message should be subtle, the subtler Art & Magic, the better ...

... something along lines of 'Magical Moments with a Family & Entertainment'.




... click on image above to enlarge it.


... for more, feel free to look: Lucky Numbers, Karma, ... & Date of Birth.

10/29/15

'Ola AH' Programming Language Syntax.

(under construction, probably will change).

Introduction.

'Ola AH' Programming Language is targeted to Quantum Computer Architectures with the multi-core support of Advanced RISC Machines - it's designed for ARM / Quantum Architectures.

it's syntax will probably evolve as related technology advances.


Description.

what are Design Goals, what kind of language 'Ola AH' should be?
how 'Ola AH' Programming Language's Syntax should be described ?

in my opinion syntax & language's semantic should be:
* beautiful,
* elegant,
* modest,
* strict,
* mindful,
* spiritual,
* mathematical,
* philosophical,
* terse (means: a short form, but inner complexity is strictly & precisely defined; in a polish language it's translated as 'zwięzły'),
* sexy,
* short,
* nice,
* gentle, easy to read, understand & learn,
* agile,
* insightful,
* precise,
* artful,
* both esoteric & practical,
* optionally visuospatial,
* secure,
* sane,
* scientific,
* classical yet very modern,
* formal yet still casual,
* esoteric, pragmatic & practical,
* simple yet skillful, expressive & powerful,
* professional.


Data Types.

constants,

enumerations (enum),

int8 - signed 8-bit integer,
int16 - signed 16-bit integer,
int32 - signed 32-bit integer,
int64 - signed 64-bit integer,
int128 - signed 128-bit integer,
int256 - signed 256-bit integer,

bigint - signed big integer, a data structure of variable length (can be resized to hold bigger numbers).

boolean - logical boolean type, with a { true, false } values,

char - a single character, 16 bit UTF,

string - character string object data type with a proper convenience methods,

float32 - 32-bit floating point number,
float64 - 64-bit floating point number,
float128 - 128-bit floating point number,
float256 - 256-bit floating point number,

bigfloat - big floating point number, a data structure of variable length (can be resized to hold bigger, more precise numbers).


decimal32 - 32-bit floating point numbers written in a form: m * 10e, where:
  m is BCD-encoded mantissa;
  e is called exponent (BCD-noted as well).
decimal64 - 64-bit floating point numbers written in a form: m * 10e, where:
  m is BCD-encoded mantissa
  e is called exponent (BCD-noted as well).
decimal128 - 128-bit floating point numbers written in a form: m * 10e, where:
  m is BCD-encoded mantissa
  e is called exponent (BCD-noted as well).
decimal256 - 256-bit floating point numbers written in a form: m * 10e, where:
  m is BCD-encoded mantissa
  e is called exponent (BCD-noted as well).

bigdecimal - a big floating point number, a data structure that uses BCD-notation & is of a variable length (both mantissa as well as exponent are BCD-noted & can be resized to hold bigger numbers, respectively increasing the possible number magnitude range as well as the number's precision).

for details about BCD notation (encoding), about mantissa & exponent notations, feel free to look at an article: Binary-Decimal-Hexadecimal Conversions.


fractional - a potentially big & precise number represented in a Base-k arbitrary precision arithmetics with PreciseNumbers. This allows for simple basic arithmetic operations without a precision loss, at a cost of memory use & calculation speed. i think it'll have great uses in science & banking - will simplify programmers' & other scientists' life a lot.


Variables.

'variable' object type that abstracts over a primitive & object. with 'inspect' operation to discover contained data type, with a typesafe cast. probably a shorter instruction mnemonic of 'var' will be used.

example #1:

var v1 := 108;
if (inspect v1 = int8) { ... };

example #2:

var v2 := new MyClass1();
if (inspect v2 = MyClass1) { ... };

example #3:

var v3 := new MyClass2();
if (inspect v2 instanceof MyClass2) { ... };

example #4:

var v4 := 108;
int8 i1 := (int8) v4;

example #5:

var v5 := new MyClass3();
MyClass3 o1 := (MyClass3) v5;


static variables & constants (with java's semantics of the 'static' keyword),


Collections (with a proper syntax support):

collection can be 'flat' (tuples, arrays, lists or sets) or 'not flat' (maps).

collections will feature built-in sorting (with a default or user-implemented comparison method).

collections will feature built-in conversions to other collection type, using source collection's 'comparison method' as well.

collections will feature built-in transformation (with user-implemented 'transformer' method.

also there will be abstract 'predicate' method, a subtype of 'transformer' which will transform any input state to a boolean value; this has uses in the 'predicate logic' & artificial intelligence as well; there also will be 'constant predicates' : 'TruePredicate', 'FalsePredicate' - that transform 0-argument input state into a boolean value; there also will be strictly 'boolean predicates', as for example: 'NotPredicate', 'OrPredicate', 'AndPredicate', 'IffPredicate', 'NandPredicate', ... - that operate on a collection of the predicates & transform them into a boolean value. for a list of logical operators, see: 'Logical Operators' article; a part of 'boolean predicates' will use collections with a set size of 1 or 2, other 'boolean predicates' will accept collections of any size.

there will be default 'default variable comparator' as well, that can compare types & state differencies for two 'variables' of the same type.

shorter keyword will be used for a 'default variable comparator': 'dvcomparator'.

Arrays.

array of a given type, with a support on the syntax level:

  for example:

    int32 iarr[] = ${ 1, 2 };
    char carrarr[][] = ${ ${ 'a', 'b' }, ${ 'z' } };
    ...
    object oarr[] = ${ o1, o2 };
    ...

operations available on arrays:
- standard array get & set (for example: char ca[] = ${ 'a', 'b' }; ca[1] := 'a'; var v = ca[0];),
- length,
- inspectvals,
- amountin,
- contains (element),
- containsall ('flat' collection),
- clear // clears array, setting 'null' or '0' values ...,
- sort (comparator) // sorts elements using a passed comparator.


Tuples.

tuple aggregate ( for example: (1, 2), (1, (2,3)), ... ),

tuple differs from array in that, that tuple uses type-safety for each of it's values,

  for example:

    (int8, int8, int8)
    (object, object)
    (object, int8, float64)

tuples can be both l-values (assignable variables), as well as r-values (non-assignable expression values).


process of assignment (a,b) := (b,a); proceeds as follows:

r-value of (b,a) is copied to temporary memory, then assigned value-by-value to a l-value tuple (a,b);

in the end a variable of 'a' contains an initial value of 'b', a variable of 'b' contains an initial value of 'a';


process of assignment (a,b) := (func1(a), a); proceeds as follows:

r-value of (func1(a),a) is calculated to a value tuple (as opposed to expressions tuple), then values are copied to a temporary memory. next we assign value-by-value to a
l-value tuple (a,b);

in the end a variable of 'a' contains calculated value of a 'func1(a)' expression, a variable of 'b' contains an initial value of 'a';


assigning values from a tuple proceeds as follows:

example #1:

(char, char, char) t1 := ('a','b','c');
char a,b,c;
(a,b,c) := t1;

example #2:

(char, char, char) t2 := ('d','e','f');
char d,f;
(d,_,f) := t2;


in an example #2, the underscore: _, allows for omitting a variable during the variables assignment process.


it seems there's a conflict between tuples & conditional instruction 'if' on the syntax level.

this will be solved by evaluating a tuple to a value - first value in a tuple is r-value of a tuple.

therefore we can write:

if ( (true, 1, 3) and ( booleanVal1 or booleanVal2) ) { ... };

this will evaluate to:

if ( true and ( booleanVal1 or booleanVal2) ) { ... };

then to:

if ( booleanVal1 or booleanVal2 ) { ... };


tuple should be 'inspectable' both for it's type, the type of n-th value, as well as for the amount of values in it.

example #1:

(char, char, char) t1 := ('a', 'b', 'c');
if ( (inspect t1 = tuple) and (amountin t1 = 3) ) { ... };

example #2:

(char, int8, char) t2 := ('a', 108, 'b');
if ( (inspect t2 = tuple) and (amountin t2 = 3) and (inspectval 0 of t2 = char) { ... };


Maps.

hash maps with keys of a string type & values of a given type, with a support on the syntax level.

tree maps for more efficient search in larger data size, at greater memory storage cost.

shorter keywords will be used: 'map', 'tmap'.

default hash maps with key values of 'string' type will have following notation:

for example:

  object map om1 := %{};
  object map om2 := %{ "akey" : o1, "bkey" : o2 };
  char map cm1 := %{};
  char map cm2 := %{ "akey" : 'a', "bkey" : 'b' };
  var map vm1 := %{ "akey" : 'a', "bkey" : 'b' };
  ...

hash maps with different key values than 'string' will have following notation:

(it's also possible to write default hash maps with a 'string' key type that way).

for example:

  (object, object) map oom1 := %{};
  (object, object) map oom2 := %{ so1 : to1, so2 : to2 };
  (char, char) map ccm1 := %{ 'z' : 'a', 'b' : 'c' };
  (string, char) map scm1 := %{ "akey" : 'a', "bkey" : 'b' };
  (string, char) map scm2 := %{ "zkey" : 'z', "ukey" : 'u' };

tree maps will have following notation:

for example:

  (string, object) tmap sotm1 := %{};
  (string, object) tmap sotm2 := %{ "akey" : o1, "bkey" : o2 };
  (string, char) tmap sctm1 := %{ "akey" : 'a', "bkey" : 'c' };

internally maps will be not be stored as (key, value) tuples, because of type safety.

other operations available on maps:
- clear // clears map of any (key, value) tuples,
- inspectkeys,
- inspectvals,
- amountin // returns legth of keys list,
- insert (key, value) // inserts a (key, value) tuple into a map,
- remove (key) // returns removed (key, value) tuple,
- insertall (map) // inserts all of (key, value) tuples in a passed map,
- removeall (map) // returns map of removed (key, value) tuples,
- sortkeys (comparator) // sorts keys using a passed comparator, can't be null but can be default comparator.
- keys // returns sorted list of keys,
- getcmp // returns comparator used to sort keys.

maps will resize automatically, throwing error if not possible.

by default, construct: %{ ... } is represented as a variable hash map, that is converted to a proper type during a succesful assignment.


Lists.

either linked lists or array lists (tuples are not array lists in 'Ola AH' Programming Language, because of type safety).

shorter keywords will be used: 'list', 'alist'.

for example:

  char list cl := #{ 'a', 'b', 'c' };
  string list sl := #{ "str1", "str2" };
  object alist oal := #{ o1, o2, o3, o4 };

lists will be inspectable for contained data type as well as for amount of elements contained.

for example:

  char list cl := #{ 'a', 'b', 'c');
  if ( ( inspect cl = char ) and ( amountin cl = 3 ) { ... };

other operations available on lists:
- clear,
- amountin,
- inspectvals,
- insert (position, element),
- get (position),
- contains (element),
- remove (position),
- remove (element),
- insertall (position, 'flat' collection),
- getall (startposition, endposition),
- removeall ('flat' collection),
- removeall (startposition, endposition),
- containsall ('flat' collection),
- sort (comparator), // null value means unsorted.
- getcmp.

lists will resize automatically, throwing error if not possible.

by default, construct: #{ ... } is represented as a variable linked list, that is converted to a proper type during a succesful assignment.


Sets.

sets are unsorted, may contain a maximum of one element of a given (type, value) pair. for this case, subtypes are different than supertypes.

by default, 'Ola AH' Programming Language will use hash sets.

a keyword that will be used is: 'set'.

for example:

  char set cs1 := @{}; // initial memory asignment.
  char set cs2 := @{ 'a', 'b', 'c' }; // initial memory assignment & initialization.
  string set ss := @{ "str1", "str2" }; // initial memory assignment & initialization.

sets will be inspectable for contained data type as well as for amount of elements contained.

for example:

  char set cs := @{ 'a', 'b', 'c' };
  if ( ( inspect cs = char ) and ( amountin cs = 3 ) { ... };

other operations available on sets:
- clear,
- inspectvals,
- amountin,
- insert (element),
- remove (element),
- contains (element),
- insertall ('flat' collection) // if collection is a set, it acts as 'union' or 'add',
- removeall ('flat' collection) // if collection is a set, it acts as 'set subtraction',
- intersect ('flat' collection).

three last operations ('insertall', 'removeall' & 'intersect') will not produce a result set of more abstract type, since these operations will affect the source set's state. this might result in an exception being thrown instead.

for example:

  char set cs := new char set @{}; // initial memory asignment.
  cs insert 'z';
  cs insert 'y';
  cs insert 'x';
  char c1 := cs remove; // removes any element, then returns it or null if failed to remove.
  char c2 := cs remove 'y'; // removes element 'y', then returns it or null if failed
                                       // to remove (when set didn't contain 'y').
  cs insertall @{ 'l', 'm' }; // inserts two elements to cs.
  char set cs3 := cs removeall @{ 'x', 'm' }; // removes two elements: 'x' and 'm',
                                                               // then returns @{ 'x', 'm' } or null when failed
                                                               // to remove both (it's atomic operation).
  cs clear; // removes all of remaining elements from cs.

by default, construct: @{ ... } is represented as a variable set, that is converted to a proper type during a succesful assignment.

sets will resize automatically, throwing error if not possible.

sets are not sorted.


Interfaces, Classes, Objects

in 'Ola AH' Programming Language objects will be represented internally as a
(state, strategy) tuple or a LightPoint but this will be hidden behind a simplified syntax.

there will be a way to extract state or strategy from an object on the syntax level; extracted state won't contain data required to choose method called inside a strategy.

... rest as in standard object oriented programming, similar to Java's syntax.

example #1:

public class MyClass {
  var a;
  public var getA() { return a; };
  public void setA(var a) { this.a = a; };
};

object o = new MyClass();
var v = o.getA();
state stt = o.getState();
strategy str = o.getStrategy();

(blog's author's note to self: for java interpreter's concurrency use Lock, use thread names with method to call as well so there's no collision when multiple threads use the same object).


Other Collections.

there will be a standard library with other collections, as neccessary.

for example: trees (trees can also be constructed using lists of lists or tuples of tuples or maps of maps, with differing leaf nodes. abstract data type (root or leaf node) might prove useful here as well.


Machine.

stitie machine, with state, with strategy, with router,

machines' state setting using either a single-setter way, or using an elegant hash map syntax,

  for example:

    m clear; // clears state, removing all of the key-value pairs.
    m put ("akey", "aval"); // adds a key-value pair to the state.
    m putmap %{ "akey" : 'a', "bkey" : 'b' }; // adds a key-value pairs to state;
                                                                                // using default hash map
                                                                                // with a 'String' key
                                                                                // is mandatory, but it's 'char' type
                                                                                // of value is not mandatory.
    m putmap myDefaultHashMap; // adds a key-value pairs to state.
    m set ("akey", "aval"); // overwrites state of a select key/value pair.
    m setmap %{ "akey" : 'a', "bkey" : 'b' }; // overwrites state with a
                                                                                // key/value pairs found in a
                                                                                // default hash map;
                                                                                // using default hash map
                                                                                // with a 'String' key
                                                                                // is mandatory, but it's 'char' type
                                                                                // of value is not mandatory.
    m setmap myDefaultHashMap; // overwrites state with a default hash map.


Space.

stitie space, with methods as a certain form invocation, mindful imaging, ...

stitie machine & stitie space are data structures.

stitie space is a three dimensional objects array (3D Object Matrix),

stitie space uses stitie machine, is a tool for modelling & transforming graphs in three dimensional space (stitie space).

stitie space has convenience methods that allow for 'Agile Transformation of Information State' in space.

stitie space & stitie machine are introduced & described mostly in two posts:
* Stitie Machine (Maszyna Stanikowa Wysockiego),
* Stitie Machine 1.1 'Sunsail'.

probably more,

...


Instructions.

any of the instructions can be dynamically created as well, will be properly typed objects that can be 'passed around' - even 'asm' instruction, after that functionality is added to interpreter or compiler, respectively.


comments,

imports,

modes (including 'AH' mode, 'machine-less' mode, 'machine-less AH' mode, ...),

assert keyword,

basic arithmetic, expression operators: +, -, *, /, pow, ceil, floor, sqr, div, modulo, =, eq, ...
logic arithmetic, expression operators: not ( ! ), and ( && ), or ( || ), xor, imp, irev, iff,
 nand,
bitwise logic,expression operators, not ( neg ), and ( & ), or ( | ), xor ( ^ ), imp ( => ),
  irev ( <= ), bitwise iff ( biff ), bitwise nand ( bnand ), shl ( << ), shr ( >> ),

assignment instruction LET ( := ),

complex instruction { ... },

empty instruction { },

conditional instruction if,

iterations & loops: while ... end, do ... while, for,

break & continue,

standarized but optional, class & method invariants & contracts
 ( assert invariant name boolean_expression , or something similar),

standarized but optional, unit tests & integration tests, based on invariants & contracts ... using invariant names & perhaps more (for example a function call can be tested by providing a mock object with assert invariant name boolean_expression in it, or something similar),

methods,

in 'Ola AH' Programming Language methods will be properly typed objects that can be 'passed around', most probably with a proper syntax support.

method objects can be statically or dynamically constructed as well, with an elegant syntax support.

static methods,

inner visibility constructs,

recursion,

class definition instructions, constructors, methods, with private, package-private, protected & public visibility (had not better idea here than a Java-Way),

class destructor methods,

automatic memory allocation for built-in primitive data types,

'new' operator for object memory allocation & object construction,

exceptions (try ... catch),

'sizeof' instruction,

'inspect' instruction,

'instanceof' instruction,

low level / asm instructions,

threads & concurrency mechanisms,

perhaps class templates, simpler form than Java Generics - in future versions,

reflection mechanisms,

'transform' instruction (takes as parameters a 'variable' & transformation function that returns 'variable' depending on a 'variable' passed to it ... then returns transformed 'variable').

example: var v1 := o1 transform ft1;

'compare' instruction (takes as parameters two 'variables' in a tuple & a comparison function that returns a value (-1, 0 or 1) depending on 'variables' passed to it ... then returns a comparison value - a primitive: -1, 0 or 1),

perhaps shorter mnemonic ('cmp') will be used,

example: int8 p1 := (108, o1) cmp fc1;

both 'compare' as well as 'transform' instructions can throw an error when appropriate.

most probably lambda calculus constructs for functional programming in future versions as well (with reflection mechanisms' use, most likely),

probably there won't be any of 'garbage collection' mechanism(s), so recources release has to be done manually using 'release' instruction - because of low level / asm instructions in 'Ola AH' Programming Language,

lazy evaluation,

... perhaps more as well,

...


see also, if You wish or need, ... : 'Ola AH' Programming Language, 'Ola AH' Programming Language's Interpreter in Java.

'Art and Dharma Teachings' with 'Ola AH'.

... seems that 'Ola AH' Programming Language interpreter (not compiler) should be a part of 'Art & Dharma Teachings' Portal Project.

interpreter is easier, java-compatible ...

(Google App Engine infrastructure on which 'Art & Dharma Teachings' is run, uses Java, so it integrates easily & seamlessly with an interpreter written in Java),

interpreter should be completed before a compiler.

interpreter is better solution for 'Art & Dharma Teachings' Project than compiler in my fairly educated opinion.

... reason for including 'Ola AH' in 'Art & Dharma Teachings' is modelling speech forms functionality.

'Ola AH' is a nice tool for modelling & transforming graph data structures in three dimensions, but there's more ...

... including 'Ola AH' Programming Language interpreter in 'Art & Dharma Teachings' Project will allow us to write 'Art & Dharma Teachings' parts in 'Ola AH' Programming Language.

parts at first, then whole, then perhaps we can switch the whole to compiler as well ... resulting in immediate very high of speed's & memory performance increases.

> 'Art & Dharma Teachings' Drawing Board a link: [ click. ];
> 'Modelling Speech Forms' a link: [ click. ];
> 'Ola AH' Programming Language a link: [ click. ];
> this article on deviantART: [ click. ];


---


10/27/15

Modelling Speech Forms.

i think that Speech Forms & Arguments used in a Speech might be analyzed, modelled as with a Graph.

i think that 'Ola AH' programming language, once created, might help with that.

elegant dedicated syntax might allow for easier thinking & better graph transformations & analysis.

perhaps this can support even real-time analysis of speech's popularity for a target group(s).

with a varied mindful imaging visualizations, as well.




a 'Graph',
a 'Graph' of Arguments' Popularity.

if we wish to say argument 9,
let's take care of supporting arguments as well,
... it's 11 & 8 in this case.

for 11 we should also take care of 5 & 7,
for 8 we should also take care of 7 & 3,
for 5 we should take care of 11 as well.

if we wish to say 10,
let's notice,
argument 10 supports itself,
perhaps we should speak it many of a time.
it's supporting arguments are 11, 10 & 3.

this 'graph' is a 'directed graph',
for there are 'arrows' at the 'ends of the lines',

there are 'cycles' in this 'graph',
11->5->11 & 10->10 in this case,
... arguments we should speak many of a time, perhaps.



see also, if You wish or need, ... : Art Talk, Integral Speech, 'Ola AH' Programming Language, Graphs, Mindful Imaging.

10/11/15

Assembler Optimization.

it's a low-level optimization.

it's done as that:
- many things can be done in many ways,
- every assembler mnemonic execution costs different amount of resources as processor cycles, registers, memory on various levels, ...
- often it's better to consider a many of possible options & select most optimal by given resources ... counting the costs as processor cycles & memory use in process,
- different processors have different parameters, the same operation costs different amount of resources ... has different electronics as blitter chip or a different amount of registers. optimal code for a given processor will use skilfully & wisely these features.

---
but let's remember that often it's better to write code in higher level programming language as C, then recompile for newer processor as it appears.

few of commands & we have a fairly optimal code for a new architecture.

low cost of operation & we have faster system thanks to newer hardware & higher level compiler.

we can use assembler inserts for bottlenecks still.


see also, if You wish or need, ... : Optimization Triad.

A Cloud Service.

in a context of this blog,

A Cloud Service is:
- Shared Service: possibly many services available on a shared infrastructure, at the same time for many of users,
- Service Available 24h/day,
- Fast & Secure Service.

still learning what it's truly, however.

... so this might change with time.

Clusters.

Clusters, like Grids are Distributed Systems.

Distributed Applications differ from Parallel Applications in that they are run on a many of computers, instead of in a single computer's memory.

what is a computer in this context?

basicly processor with memory.

while Grids are about task diversification at different computers, Clusters run the same application on each of computers for a service reliability & speed.

there's a Load Balancer software that queries Cluster parts for resources use, then dispatches a service requests according to it's strategy.

a strategy can send a request according to lightest load, or there can be priorities associated with IP address, or do something else.

load balancers can be replicated as well - for robustness, client can choose which load balancer to contact on his own.

clustered applications use the same database, often replicated as well.

database's copies are synchronized using Transactions.


see also, if You wish or need, ... : Kacper Cluster.

Worker Service Pool Grid.

Service Pool pattern.

it's idea in my mind since a while.

there are various sources, including Apache River & other.

we can have a naming/directory service that when asked for an utility service with interface name, answers with ip addresses, ports & other data describing available services.

we can choose which service suits best our needs, and connect with it.

---


Leader-Worker pattern.

it's also an idea in my mind since a while, it's realized in a Stitie Grid article, for example.

we have a worker service with a worker interface ... that accepts .class file(s) & object(s) then executes the code at worker machine without restarting computer or application.

after finishing it's work, worker machine(s) can send results to Leader machine.

during their work, worker machine(s) can communicate with other services including Leader machine.

worker can also be leader, by having sub-workers.

---


Worker Service Pool Grid pattern.

it's a combination of two above patterns,

we have a worker pool with addresses, we contact naming/directory service with interface name & get details on how to contact worker service(s),

we connect & send the code forming a grid,

execute code at worker machines.

when work is done, we release worker machines from service.


it's also called: 'Dynamic Grid Construction & Release'.


i can imagine that 'Dynamic Grid Construction & Release' has uses in a Cloud Services.


---

Grid as an Object Graph.

Grid can be seen as an Object Graph, each computer being an object with methods (available via ports at ip address) & state (data in computer memory).

Objects can communicate, talk with each other, do it's common task.

Object Graph can be seen as a model of a Program, can be run.


---

Reserve Components & Tiering.

in case of a component(s) failure(s), other reserve component(s) can be used.

component here is a Computer System plus application software that runs on it.

best if reserve components are a part of the Design, possibly Clusters.

but also they can be dynamically created, their Client can contact Leader in case of a non-answering Server for a new ip address & port of a reserve component - stateless application design allows for that, state can be transferred as well.

there's also a possibility of functionality tiering.

details: Conditional Software Tiering.


---

Service Leasing.

i think that way computing power can be leased for a time at a given price,

it's convenient that way in my opinion.

10/10/15

Unit Tests.

i think that Unit Tests should be added to Dragonfly Project's code.

avoiding to notice error does not make this error disappear.

it's like hiding head in sand, pretending there's no problem.

Unit Tests help to face reality better & help to detect code errors earlier.

there's little of work overhead with that methodology, but this time is regained later because there's less time spent on fixing errors.

it's easier to fix one error at time than two or more at once.

we can also sleep better, being more secure that code works correctly more often.

less delusions better sleep.


see also, if You wish or need, ... : Conditions, Security Harness, Software Complexity.

Quantum Energy Forms.

one of add-on features to Stitie Space 1.1 'Sunsail' will be energy forms modelling functionality.

will look for it's name later.

it will be just a few classes with code & examples to include (copy-paste will do fine) in Stitie Space's code.

it will include:
- Quantum model of Particle,
- Model or notation that describe Quantum Forms (shapes, but also their behavior) and name them (for MATEN invocation for example),
- Description & Notes for each of Quantum Forms,
- Rotation attributes for a Quantum Form at coordinates ... for OX, OY & OZ axis (with 0 poit at Form's Center), stored in a double precision floating point numbers,
- Translation before Rotation attributes for a Quantum Form at coordinates ... by X coord, by Y coord & by Z coord ... applies to a data within Form, stored in integer numbers,
- Translation after Rotation attributes for a Quantum Form at coordinates ... by X coord, by Y coord & by Z coord ... applies to a data within Form, stored in integer numbers,
- Intermediary Forms (that will use recursion & subforms, probably with MATEN Form Invocation),
- State implementation that will contain Forms with (inner, more fine-grained, precise) coordinates at given coordinates (outer, coarse, less detailed),
- State implementation will also contain a misc data space (probably Object array[15]), including a method call names for associated Strategies (probably String fields),
- Strategy will consist of three steps: before Particle Events handler (such as particle movement or collision), Particle Events handler, after Particle Events handler ... these will have access to State, including Forms & misc data to use as these need,
- Machine for modelling (one representing space, another one or more that will contain forms for a lookup),
- Sorting Forms by name, or by coordinates,
- Grouping coordinates to a Form (for duplicate Form representations),
- Perhaps Mindful Imaging Module that will visualize each of Spaces, including Intermediary Form Imager(s),
- Perhaps more.


Quantum Nature of Particles is probabilistic, if i remember well ... this means that we can have probability of a Particle occuring at given coords at given time.

when particles are at the same coordinates there's probability for collision at each moment in time.

when moving particles, perhaps there's mathematical model that will allow to move them in sequence (not at the same time) and have that included in calculations. moving a very many of ultra-small particles at the same time would require a very large amount of processor cores or processors.


will need to learn more about Quantum Physics, looking for this eagerly.


see also if You wish or need, ... : Particle Interactions on Quantum Level, perhaps more.

9/22/15

Binary-Decimal-Hexadecimal Conversions.

Understanding various number notations (mostly it's Decimal, Binary & Hexadecimal; Octal occasionally as well) for numbers is important when learning or using low-level programming.

Single number can be written using different notations, each of them representing that a number differently.


Decimal Notation.

in decimal system we use 10 digits: from 0 to 9, we base them on consecutively following powers of ten.

for example, number 1984 we can write as:

1984d = 1 * 103 + 9 * 102 + 8 * 101 + 4 * 100.

number 1984.75 we can write as:

1984.75d = 1 * 103 + 9 * 102 + 8 * 101 + 4 * 100 + 7 * 10-1 + 5 * 10-2.


Binary Notation.

similarly, in decimal system we use two digits: from 0 to 1, we base them on consecutively following powers of two.

11111000000b = 1 * 210 + 1 * 29 + 1 * 28 + 1 * 27 + 1 * 26 + 0 * 25 + 0 * 24 + 0 * 23 + 0 * 22 + 0 * 21 + 0 * 20 = 1024 + 512 + 256 + 128 + 64 + 0 + 0 + 0 + 0 + 0 + 0 = 1984d.


Converting Decimal Number to Binary Number.

for whole numbers, integers, we have a method:

to convert a decimal number to binary number we divide it until quotient reaches 0, each time writing remainder of division.

1984/2 = 992 rem 0,
992/2 = 496 rem 0,
496/2 = 248 rem 0,
248/2 = 124 rem 0,
124/2 = 62 rem 0,
62/2 = 31 rem 0,
31/2 = 15 rem 1,
15/2 = 7 rem 1,
7/2 = 3 rem 1,
3/2 = 1 rem 1,
1/2 = 0 rem 1.

we have, reading from bottom-upwards: 11111000000b = 1984d.


for fractions (less than 1), we have a method:

having a number less than one, we multiply it by 2 amount of times equal to number of bits in which we wish to represent that a fraction.

after multiplication, if result is more or equal 1, we subtract 1 from it, taking following result as a base for following calculations (multiplications).

let's write number 0.8125d in binary notation using 5 bits. we'll use 5 multiplications.

0.8125 * 2 = 1.625,
0.625 * 2 = 1.25,
0.25 * 2 = 0.5,
0.5 * 2 = 1.0,
0.0 * 2 = 0.0.

reading from top-downwards whole parts of resulting calculations we write:

0.8125d = 0.11010b.


as another example, let's write number 0.625d in binary notation using 5 bits. we'll use 5 multiplications.

0.625 * 2 = 1.25,
0.25 * 2 = 0.5,
0.5 * 2 = 1.0,
0.0 * 2 = 0.0,
0.0 * 2 = 0.0.

reading from top-downwards whole parts of resulting calculations we write:

0.625d = 0.10100b.


not every number, for example 0.1d = 0.00011001100110011...., can be represented using a finite binary representation.

let's note that decimal notation is converted to binary notation separately for integer & fraction parts.


Negative Binary Numbers.

this notation is called U2 (U-two's complement).

to represent -45d in an 8-bit byte, we take 45d written in binary form using 8 bits, negate it, then add 1.

1. we have: 45d = 00101101b,
2. we negate 00101101b, then we have: 11010010b,
3. we add 1 to 11010010b, then we have: 11010011b = -45d.

let's note that depending on interpretation of this number, either as U2 or as an unsigned integer, we have either:

11010011b (U2) = -45d.

or

11010011b (ui) = 211d.


Basic Binary Number Arithmetics.

Addition.

binary number addition is almost same as decimal addition, except that we carry after reaching two, not ten.

for better understanding we'll use addition table.

 +  0  1  
 0  0  1  
 1  1  10 


let's note that in binary notation 1 + 1 = 10 (two), but 1 + 1 + 1 = 11 (three).


let's try an example with 243d + 178d = 421d using above table.

1111  1   <- carry bits
 11110011 = 243d
+10110010 = 178d
110100101 = 421d


adding positive number to negative number written in U2 notation is performed in exactly the same way.

let's add 3d + (-3)d = 00000011b (ui) + 11111101b (U2).

11111111  <- carry bits
 00000011 = 3d
+11111101 = (-3)d
100000000 = 0d


when adding U2 (when at least one of factors is in U2), we cut off most important (leftmost) bit of a result.

result of above operation is 0d not 256d.


Subtraction.

we'll use subtraction table for a better understanding.

  a  0  0  1   1  
  b  0  1  0   1  
 a-b  0  1*  1   0  

* let's note that when we subtract 1 from 0 we must borrow (as in a decimal system), so in above table we got 1.


let's try to calculate 243d - 178d = 65d using above table:

 11110011 = 243d
-10110010 = 178d
 01000001 = 65d


Multiplication.

we'll use also a multiplication table for a better understanding.

 *  0  1 
 0  0  0 
 1  0  1 


let's try to calculate 9d * 243d = 2187d using above table.

        1001 = 9d
   *11110011 = 243d
    11110011
   00000000
  00000000
 11110011
100010001011 = 2187d


it's noteworthy to mention about method of division & multiplication by 2.

these operations are performed by moving accordingly to right (division) or left (multiplication) a given binary number.

this is only valid for positive numbers.

for negative numbers results of that a bit-shift operation are not correct.


BCD Code (Binary Coded Decimal).

Packed BCD code.

it's a method of writing unsigned decimal integer numbers.

it allows for storing of two decimal digits in a single 8-bit byte.

more important number (leftmost) takes four more important bits of a byte, while less important number (rightmost) takes four less important bits of a byte.

a notation of 00100111 (BCD) means a number 27d (2 = 0010, 7=0111).


let's note that not every number is a valid notation in BCD.

for example: 11001000 is not a valid BCD notation, because more important (leftmost) half-byte contains a number 12, not a valid decimal digit.


Unpacked BCD code.

occasionally one can find so called 'unpacked BCD code', where one digit is coded using whole byte.

for example: 0000000100000010 = 12d.


Hexadecimal Notation.

it's a notation where base is number 16.

this means that every value in this system is measured using a sum of consecutively following powers of 16, multiplied by appropriate 'digits' in this system.

these are: 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F; where A=10, B=11, C=12, D=13, E=14, F=15.

for example: 0A3Fh = A * 162 + 3 * 161 + F * 160 = 10 * 162 + 3 * 161 + 15 * 160 = 10 * 256 + 3 * 16 + 15 = 2623d.

why it's useful notation?

disadvantage of a binary notation is a big length of numbers.

hexadecimal number takes a little of space & can be easily converted to binary & other way around as well.


Converting Binary to Hexadecimal.

to convert binary number that way, we divide binary number (starting from right side) into fours of bits, that are then exchanged for their equivalents in the hexadecimal system.

for example:

110000111101010111101111
 C 3 D 5 E F

then we have: 0C3D5EFh = 110000111101010111101111b.

we can convert hexadecimal number to binary the same way ... exchanging each of hexadecimal system digits to fours of bits, then presenting them in a coherent form.


Floating Point Numbers.

this notation allows for writing a Real numbers with a degree of correctness.

number of bits determines how close to a desired number the written one can be.

there are four main types of floating point numbers, differing with size measured in bits.

they are named: single, real, extended, double.

single uses 4 8-bit bytes, extended uses 10 8-bit bytes.

basicly, number is written in a form: m * 10e, where m is called mantissa & e is called exponent (integer).

analogously, any number can be written in form: m * 2e, where e is a whole integer number again.

in practice, a 'single' number is written as:

 s (1 bit)  exponent (8 bits)  mantissa (23 bits) 

where:

s - sign, either 0 (+) or 1 (-),
e - exponent (we don't use U2, we add 127 to a value to determine sign & a value),
m - mantissa (unsigned binary; we skip initial 1, as every number starts with this).

value of a 'single' number is determined as follows:

if 0 < e < 255  then value = (-1)*s*2e-127*1.m,
if e = 0 & m <> 0  then value = (-1)*s*2-126*0.m,
if e = 0 & m = 0  then value = 0,
if e = 255 & m = 0  then value = (-1)*s*Inf.
if e = 255 & m <> 0  then value = NaN.


where:
- Inf means Infinity,
- NaN means Not a Number.


Source: [31].

see also, if You wish or need, ... : Abstraction Levels in Programming.

8/30/15

'Heap Overflow' Hacking Attack.

Processes & Memory Allocation.

'process' is a running computer program.

for this to happen, a certain amount of computer's memory must be reserved (allocated) for the process. both for code as well as for data.

memory reserved for process is split into 'segments'.

in x86 processor machines, there are following segments:
- 'text segment' is also called 'code segment'. in this segment all of instructions written by programmer are stored in a 'machine language form'. nothing can be written there, segment's size cannot be changed after loading program into memory.
- 'data segment' contains both global variables, as well as declared constants, for example: 'character strings'.
- 'bss segment' contains static variables, as well as uninitialized global variables.
- 'heap segment' has dynamic size - can be resized during program's run; it's used for storing dynamic variables that are created & destroyed by user as programmer allowed.
- 'stack segment' is automatically used by local variables of called functions, storing for example call's arguments. it's similar to 'heap segment' in that it can be resized.


Heap Overflow.

let's look at a following screenshot with code.



Heap Overflow.



to overwrite buf2 we need 16 bytes ... we can see that a 'malloc' function allocates additional 8 bytes, beside what we requested for our variable.

putting 16 'B' characters inside argument passed to a program passess in fact 17 characters - 16 'B' characters & one 'NULL' character, a string's terminator.

next we passed 20 bytes to program ... 19 'B' characters & one 'NULL' byte, a string's terminator.

we can see that we can overwrite a heap variable that way.

if we read this after a 'Buffer Overflow' Hacking Attack article, we can also notice that heap's addressing rises in opposite direction to stack's.


Function Pointer Overwrite.

let's look at a following screenshot with code.



Code with a static function pointer variable.


this code uses static variables, they are put on a .bss segment, just beyond heap segment.

we can see that 'atoi' function converts character strings to a '0' value,

we can also see that too many of 'a' symbols (done using a perl one-liner script) causes memory protection error (Segmentation fault), with a core dump.

let's look at that dump file using gnu debugger gdb.




Code debugged ... yet attack failure happened.


we passed memory address of a 'dv' function to jump to in a little-endian notation, using a perl one-liner.

we got result of '10', while we expected 8 / 2 = '4'.

it seems attack failed, more of debugging neccessary.




Code debugged for an attack ...


it seems that due to hardware-software configuration of my machine, variables are stored in reverse order when compared to looking at source code only.

it seems not much we can do here other than reversing order of the two first 'main' function's lines (with variables declaration) & adjusting attack accordingly.




Succesful attack on modified code.

Function Pointer Overwrite Buffer Overflow Attack.


we did put '000' before '8', to enforce proper length of passed parameter - this way perl one liner that passess memory address to jump to won't be mistaken for a part of '8' number, a parameter to 'dv' function we jump to.


see also if You wish or need ... : Heap Overflow type Attacks, 'Buffer Overflow' Hacking Attack, 'Format String' Hacking Attack.

8/27/15

Stitie Grid.

(article still under construction, it's a scrapbook to be edited & corrected for usability & style).

Grid computing is the collection of computer resources from multiple locations to reach a common goal.

Grid computing differs from cluster computing with that grid computers can have different nodes performing different task(s).

--
code files of an experiment with Stitie Machine/Space & Grid Computing are available (both client & server - in grid package's comments it's written which files are needed where):

these files allow for code transfer between machines, with execution at target machine.

(a resource folder, 'classdump folder' has to be added to classpath for this to work).

just wrote 'EndpointServer' class, a service that can receive & run a 'LightPoint', or in other words (State, Strategy) pair, an object equivalent.

multiple files can be transferred via network, if neccessary.

'EndpointServer' has a 'router' in a 'Sunsail' component available via getter method, so it can communicate with nearby machines without a neccessity of engaging 'Coordinator' with a 'Stitie Space' model of network. for this to work though, need use 'Sunsail Awareness' code part of a 'Sunsail' & 'Endpoint Server'.


after a little more of work, we can experiment with a 'Stitie Grid' idea.


see also, if You wish or need ... : Stitie Machine (Maszyna Stanikowa Wysockiego), Stitie Machine 1.1 'Sunsail'.


-= Server & Client. =-

8/26/15

Transactions.

1. Introduction.

Certain services require that operations with these adhere to a few of principles.

Atomicity,
Consistency,
Isolation,
Durability,

details in an article named ACID.

to fulfill requirements of 'atomicity' & 'durability' despite failure, data objects have to be 'recoverable'.

when server stops due to hardware or software failure, all of transaction-related data has to be available in a persistent memory, so the data can be 'recovered', preserving effects of 'all or nothing'.

to provide 'isolation', data should be processed in either serial way (one operation after another, without concurrency) or when this is not an option (most services require concurrent processing of multiple operations at once), in a serially-equivalent way.

'consistency' is an issue of transactional service's user, mostly.

transactional services in practice are operations that are contained within a construct called 'transaction', that is, between brackets of 'Open Transaction' operation & 'Close Transaction' operation. 'Close Transaction' can be either 'Commit' (keep changes, all of them) or 'Rollback' (abort changes, all of them).

each of transaction has identifier TID, that allows operation to be associated with transaction with that an identifier.

transactional services might allow for a certain amount of time before 'commit', after that time operation is 'aborted', 'rolled back'.


2. Issues of Concurrency.


2.1. Lost updates.

'Lost updates' is an issue, that can be shown using example with bank-alike operations on accounts A, B & C.

Transaction TTransaction U
accountBalance = A.read();$100
A.write(accountBalance - 4); $96
accountBalance = C.read();$300
C.write(accountBalance - 3);$297
accountBalance = B.read();$200
accountBalance = B.read()$200
B.write(accountBalance + 3)$203
B.write(accountBalance + 4)$204


'Transaction T' & 'Transaction U' use different threads, each of these use private variables & state.

there's issue with coordinating the concurrency of 'conversations' between a 'bank server' & 'clients'.


2.2. Inconsistent reads.

'Inconsistent reads' is also an issue, that can be shown using example with bank-alike operations on accounts A, B & C.

Transaction TTransaction U
accountBalance = A.read();$200
A.write(accountBalance - 100); $100
accountBalance = A.read();$100
accountBalance = accountBalance + B.read();$300
accountBalance = accountBalance + C.read();$300
accountBalance = B.read();$200
B.write(accountBalance + 100)$300


again,

'Transaction T' & 'Transaction U' use different threads, each of these use private variables & state.

there's issue with coordinating the concurrency of 'conversations' between a 'bank server' & 'clients'.


2.3. Serial equivalence.

if all known transactions executed serially give correct result(s), then if there are orderings in which they also give correct result(s), then these orderings are 'serially equivalent'.


2.4. Possible approaches to handling concurrency.


2.4.1. Locking.

Every data object is locked (taken) by a transaction reaching for it.

No other transaction can use that object until first transaction either 'commits' or 'rolls back'.


2.4.2. Optimistic concurrency management.

it's about 'hope' ... in that there won't be any 'conflicts' with data access.

if there's conflict, transaction needs to be aborted & repeated again, probably.


2.4.3. Timestamps.

with this approach, each of transactions has a timestamp.

data objects get these timestamps with each contact.

transaction rollback & recovery happens when they are too late to perform operation on a given object.


3. Recoverability.

transactional services must persist results of all 'committed' transactions & remove traces of 'rolled back' transactions.

there are two issues of 'dirty reads' & 'premature writes', both possible even with 'serially equivalent transaction execution'.


3.1. Dirty reads.

'isolation' property of a transaction requires that transactions won't read 'uncommitted states' of other transactions.

a case of a 'dirty read' is when this undesired occurance happens nevertheless.


'reproductibility' of a transaction occurs when we delay 'committing' a transaction that did a 'dirty read' from other transaction(s).


'cascade aborts' occur when one 'rollback' causes a serie of 'rollbacks' in 'waiting transactions', due to a 'dirty read' & 'delaying commits' as in a case mentioned above.


3.2. Premature writes.

'premature write' occurs when we write in a data object changed by another transaction, before its 'commit' or 'rollback'.

to prevent data inconsistency, to ensure correct results, write operations must be delayed until previous transactions that updated 'same' data objects either 'commit' or 'rollback'.


3.3. Strict transaction execution.

generally speaking, we can say that its neccessary to delay transactions' read & write operations to avoid 'dirty read' & 'premature write' issues.

transaction execution is called 'strict' when services delay both 'read' & 'write' operations on 'data objects' until all of transactions that wrote in that 'data object' are either 'committed' or 'rolled back'.

'strict' transaction execution enforces needed property of 'isolation'.


3.4. Temporary versions.

transactional services should be designed the way that it is possible to delete any of the updates in data objects, when changes are aborted.

to enable this, many of implementations use temporary values' collections, with each of data objects & it's updates stored in a volatile (non-permanent) memory.

when transactions commit changes, state changes are moved into 'data objects', 'persisted' in one step, during which other transactions cannot interact with these 'data objects'.


4. Nested transactions.

transaction can consist of a set of 'nested transactions'.

each of these 'nested transactions' can consist of a similar set of 'nested transactions' & so on ...

for example, there can be 'moneyTransfer' transaction that consists of 'withdraw' & 'deposit' nested transactions.



'nested transactions' are useful because of:

- transactions nested on the same level can be performed concurrently (at the same time) with other nested transaction(s),
- nested transaction may be 'committed' or 'rolled back' independently. a 'rollback' of one or few of 'nested transactions' might not be a cause of parent transaction's 'rollback' yet,
- nested transactions are especially useful in 'distributed systems', because children nested transactions can be performed concurrently on different servers. this should be elaborated in another article.

Source: [13].

See also if You wish or need ... : Parallel & Distributed Systems, Stitie Space.

8/17/15

'Buffer Overflow' Hacking Attack.

Processes & Memory Allocation.

'process' is a running computer program.

for this to happen, a certain amount of computer's memory must be reserved (allocated) for the process. both for code as well as for data.

memory reserved for process is split into 'segments'.

in x86 processor machines, there are following segments:
- 'text segment' is also called 'code segment'. in this segment all of instructions written by programmer are stored in a 'machine language form'. nothing can be written there, segment's size cannot be changed after loading program into memory.
- 'data segment' contains both global variables, as well as declared constants, for example: 'character strings'.
- 'bss segment' contains static variables, as well as uninitialized global variables.
- 'heap segment' has dynamic size - can be resized during program's run; it's used for storing dynamic variables that are created & destroyed by user as programmer allowed.
- 'stack segment' is automatically used by local variables of called functions, storing for example call's arguments. it's similar to 'heap segment' in that it can be resized.


Buffer Overflow.

it's that a 'buffer overflow' is often called a 'stack overflow'.

often 'buffer overflow' affects stack, that's why we'll examine 'stack segment' properly.

'stack' can be imagined as 'tower of blocks', with a constant base, with variables being put on it's top. each of tiers makes this tower higher & higher. both stack & tower have a given size. after reaching critical maximum size tower can be toppled, stack can overflow memory. when we reach for variable on stack, we take topmost one.

operating on stack is possible with two basic commands:

PUSH - is: 'put a value on stack',
POP - is: 'get a value from stack'.

of course system must know a current address of stack's top, to remove variables one by one. processor uses ESP register for that (Extended Stack Pointer).


let's look at a following code, on an image:



code with 'stack' used in a function call.


stack after a call of func(argc) should look as on following image:


stack.


when program starts, it stores program's arguments on stack first. we have: 'int argc' & 'char *argv[]' on stack.

then main function is called, next tier (position) on stack is filled with copies of register values of EIP & EBP.

EIP is called 'instruction pointer', it points at next instruction to process during program's run. when we store that register value, we know where to return after completing called function's run.

EBP is 'Extended Base Pointer' stores last stack's top address.

next step in this program's run is calling a function func(argc). we put on stack argument(s) passed to a function, in this case: number of arguments that user passed to program as it was run. next we put EIP & EBP register values - this time they are associated with returning from function func.


Buffer.

a buffer is memory fragment reserved for storing a given amount of data. if programmer won't take care of controlling amount of data, it's easy to overflow a buffer ... leaving an opening for a hacking attack.

if amount of data is more than buffer's maximum size, rest of data is written in another memory area, nearby.


'Buffer overflow' attack.

let's look at another image with another program.



a program vulnerable to a 'buffer overflow' attack.


writing 1 or 10 of '32-bit byte long' characters did not overflow buffer, as buffer is of a size of 10.

'strcpy' function copies character strings without copying an 'end of string' character.

adding one more character did overflow buffer, however ... overwriting variable 'a' with a value of '0x41' of 'A' character.




more exercises,

'Segmentation fault' error as well.


adding too many of characters, however, will result in an 'Segmentation fault' error, meaning that program attempted to write to memory area that was not assigned to it.


how many is enough ?

this depends on a hardware-software configuration, we'll show that with an example.


depending on a 'hardware-software configuration' we can have C language compiler that allocates different amount of 'stack bytes' ... different depending on a mentioned 'hardware-software configuration'.


on used operating system (SSO v2.0) we have a gcc compiler with a preferred-stack-boundary variable, that determines amount of allocated stack bytes.

it's power of 2, so the programs will have stack space allocated equal to n-th power of 2.

by default it's assigned a value of 4, so stack will have 24 = 16 bytes allocated.


we'll show this using a gdb debugger.



stack size is 16 dec = 10 hex.


we can see we have 16 bytes allocated on stack,

a value of 'ceiling' of 24 = 16 & of size of a 'buffer' variable, 10.


lets see another image & lets compare results.



stack size is 16 dec = 10 hex, again.


we can see that assembler code is same as before, with 16 bytes allocated on stack again,

a value of 'ceiling' of 24 = 16 & of size of 'a' variable, 1.


lets change value of preferred-stack-boundary variable to 2, so we have 22 = 4 bytes of stack.



stack size is 4 dec = 4 hex.


we can see we have 4 bytes allocated on stack,

a value of 'ceiling' of 22 = 4 & of size of 'a', 1.


Attack on a 'protected application'.

we'll exploit 'scanf' function's use without checking read string's size.

let's look on image:



a buffer overflow.


we've overwritten an 'ok' variable with non-zero, a truth value.

what if there's no 'ok' variable? let's look at image with a more difficult example.



debugger's use.


we've passed 32 of 'A' characters to first argument of an application.

this resulted in a memory protection error (Segmentation fault).

why?

because EIP & EBP register values were overwritten with 0x41414141 bytes, as a result of putting there 'AAAA' string (0x41 is 'A').

when we call a function, in preparation, there are EIP & EBP register values put on stack. as we did stack overflow, we've overwritten these register values as they were stored on stack. during a return from check_login function, we retrieve these values & use stored EIP to determine where to 'jump' next with software's execution. we were trying to 'jump' to an address 0x41414141, somewhere where we do not have access to - therefore we got an error message, Segmentation fault.

how to use this situation to our advantage ?

let's check where we can actually jump to.

let's disassemble 'main' function.



'main' function disassembled.


conditional instruction if is realized in assembler using using 'test' & 'je' or 'jne' instructions.

in this case, 'je' instruction jumps in a case of 'false' tested value, when an instruction is not executed due to wrong credentials.

we're interrested in jumping to a point after 'je' instruction, where we have a 'case' for 'right credentials'.

it's 0x08048556, but we have to present it in a 'little-endian' form.



a stack overflow with a 'jump to case'.


... but why we did have to pass 32 byte-long characters to program ?

let's examine check_login function body.



'check_login' function disassembled.


we can see there three 'register push' instructions, plus there's EIP register pushed when we call a function.



a Stack.


... so it's 4x four-byte-long registers, plus 16-byte-long login variable, totalling 32 bytes.


'Buffer overflow' with a 'shellcode injection'.

let's look at code on a following image.



Buffer overflow with a core dump displayed in a debugger.


EIP was filled with 0x41414141 value, as in a previous example.

This time, however we do not have any interresting code part to 'jump' to, as application does not use 'execl'.

We have to provide that a code part, with a 'shellcode'.



a shellcode, written in assembler ... displayed with an object file's dump.


this shellcode is explained with details in this post.

looking at dump at right side of the image, we see result of command 'objdump -d shell2' where 'shell2' is name of the program to be dumped.

based on that a dump, we can write shellcode in 'more machine language form', which looks like that:



shellcode, hexadecimal notation form.


now we can write 'exploit' program that 'injects shellcode' into vulnerable application, then overwrites EIP to 'jump to shellcode'.



'exploit' program that 'injects shellcode' into to a program that is vulnerable to a 'buffer overflow'.



see also, if You wish or need ... : Buffer Overflow Attack, 'Heap Overflow' Hacking Attack, 'Format String' Hacking Attack.

source: [14].