AWS-Lambda-Computing

Getting started with AWS Lambda

AWS Lambda is an ingredient in amazon serverless computing. Lambda allows us to run server-side code without thinking about the server. It abstracts all of the other components i.e. servers, platforms, virtual machines, etc. that are needed to run server-side code. So we can just focus on the code and not the server. That way the time to production or deployment becomes very less. We can write a lambda function, configure it and run it in minutes.

Another great benefit of lambda is that we just pay for the compute time we consume. That means it will charge only for the time that our code is actually executed. Also, the first one million requests are free. We have to pay for request thereafter. This a very cost-effective way to run the server-side code. To get started first we need an AWS account. After creating the account we need to go to the AWS management console.

……………………………………………………………………………………………………

Create a Lambda function with Node.js

Let’s create a lambda function that picks a random number between 2 given number. First of all, login into the AWS console and then click the “Lambda”  button under the compute section. Then you can come to the “Select blueprint” section. Then, under the select runtime combo box, select the latest node.js version. Amazon gives you some basic blueprints there. We will just select the simple hello world function to start with.

Image1-Lambda

We will skip to the configure function section to create a new function. We will name our function random-number-generator. Then specify the description. Then the run time that is node 4.3. Our function is a small function so we will select to Edit code inline. The blueprint of amazon gives a very basic function.

We will change this default code to generate our random number between two given numbers.

In the beginning, just add console.log(‘Loading function’). This will help in debugging the code.’ In the default amazon function, there are some event values that are logged and in the end, it returns the first value in the callback function. Then we will add a handler function to the exports variable. And this function receives 3 variables. I.e. event, context, and callback.

 exports.handler = (event, context, callback) => {
            console.log(‘value 1 =’ , event.key1);
            console.log(‘value 2 =’ , event.key2);
            console.log(‘value 3 =’ , event.key3);
            callback(null, event.key1)
}

The callback is something we will call when our result is ready and we want to send some result back to the user. It takes 2 parameters. 1st one is the error and the second one is the success message. The variables could be string or JSON object.

We will delete all these default codes and write our own code. So, first of all, we will define and set the minimum and maximum number.

 exports.handler = (event, context, callback) => {
           let min = 0;
           let max = 10;
}

Now we will define another variable for the random number.

exports.handler = (event, context, callback) => {
            let min = 0;
            let max = 10;
            let generatedNumber = Math.floor(Math.random() *  max) + min;
}

Mmath.random() generates a random number between 0 and 1. And it’s a floating-point number, so we multiplying it by max and the round it and add the minimum. That gives us a random number between the minimum and maximum number.

Now we are done and want to return the random number. So we will call the callback function.

callback(null, generatedNumber);

 Here there is no error handler implemented so we will just return null in place of the error parameter. And the  generatedNumber.

That’s it, the code part is done.

Now scroll down. And let’s define our handler. The default is index.handler. Index refers to the filename and handler is the name of the variable that is attached to the exports. We will leave this by default.

Now, we will create a new Role and give the role name as ‘basic-lambda-execute-role’. Then under the policy template, we will select ‘Simple Microservice Permissions’.

Next is the advanced settings.

Each lambda function will run in a container & that container will have some memory allocated to it. So here we can pick how much memory should be allocated to our function. Our function is a basic function. So will select 128MB. That is more than enough for our function.

This does not only defines the memory allocated to the function but also the amount of processing power amazon uses to execute our function. If we have a more resource-intensive function then we can increase the memory usage and we will get a faster performing function. Then for the timeout, we will leave it to 3 secs that is enough. If our function does not finish within this timeout then Amazon will return an error message. We will leave the VPC to no VPS and move next. In the next page, amazon lets us review our configuration for our function. And then click the create function. There we will get the msg that our function is created. And we can see the dashboard for our function.

On the dashboard we can see our code, configuration, triggers, and also we can monitor our function as well

Let’s test it by clicking the Test button there. If we scroll down we can find that the function has executed successfully and also we can see the result random number.

So that’s it. We have our random number generator lambda function is running now.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Image for Habit

What is a HABIT?

The easy definition would be something that you do daily without being forced or pushed. For e.g. as simple as brushing your teeth. But do you remember how tough it was when you were a small kid and learning to develop this habit, am sure that is not even a matter of thinking today.

Another good and simple example of a HABIT is cycling. Remember when you started cycling/biking the first day! That feeling of imbalance, falling off or getting hit with no hand-eye coordination and then slowly and steadily you become the cyclist in your neighborhood doing all kinds of stunts.

There are many such examples that happen in our daily lives where the beginning looked as difficult as climbing the Everest may be, but as you start taking those steps forward, it becomes simpler and later a maybe even a “cake-walk” to perform those.

……………………………………………………………………………………………………

Why I am talking about HABIT? Because as we grow older and get into our daily chores, we forget to adapt to new habits or develop new changes or even attempt to do something new, simply because we feel that we do not have the time, there’s always too much work in the plate, professional or personal. Whenever you think of doing something new, you always push it to a later date convincing ourselves that we will do it when we have the time for it.

My friend where is that time?…the fact of the matter is NOW is the time.

Remember, everyone has 24hrs in a day and utilizing the same, some became people like the Tendulkars, the Steve Jobs and the Bill Gates to name a few, and many are still searching for that time to begin.

Here I present the new definition of H.A.B.I.T – “[H]aving [A]bility [B]uild [I]ntense [T]ricks” – obviously this is not mine, taken up from the internet, but it very well fits our bill here.

What does it take to build a habit? Answer is “decision” and then taking “action” in the form of small steps daily at the same time every day for the next 21 days (an idea introduced by Dr. Maxwell Maltz ), but I will suggest, if you can do that for 1-Day and then repeat the same for the next 30 days, trust me you will be rolling. But the trick is it has to be continuous, if you break for 1-Day then the cycle has to begin again from Day 1 🙂 that is why its Intense Tricks ;).

So, go out and pick up that Guitar which is hanging in your bedroom and staring at you or start reading that new Tech Area or Buzz Word on which you always wanted to get your hands on and just do it for 1-Day and then repeat the same cycle for next 30-Days.

The exception is, there are still no guarantees of success. It all depends from person to person and on his or her burning desire to make something work. But it is much better than not having tried at all, isn’t it? Roger Bannister was the first man to run a mile in less than 4 minutes. It was his persistence and practice that enabled him to cross what had otherwise seemed like a barrier meant to stay forever until then.

Do put your comments, if you really got into a habit 🙂

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

How Bitcoin Solves the Double-Spending Problem?

Many of us probably already have heard of Bitcoin. We know what innovation it has brought into this world – the blockchain technology. As of this writing, it has been almost a decade since its inception and it has long thrived without any central control over the network.

Bitcoin, a peer-to-peer electronic cash system, has inspired many other projects and can be seen as a pioneer of the underpinning blockchain technology. That said, it would be worth exploring how Bitcoin solves the double-spending problem. Instead of delving into theoretical exposition we will experience a transaction process in this pioneering innovation. We will be making a transaction on a real network and analyzing what a Bitcoin transaction looks like. A transaction in the Bitcoin network is a bit complex than a conventional digital transaction.

……………………………………………………………………………………………………

Comparison with Fiat Currency Transaction

In a transaction that involves currency notes, we can easily envisage two parties exchanging some goods or services in exchange for the money. One party receives the goods/services and the party pays in currency notes. Let us say the transaction was costing $50 and the payer has $100 currency note. The payer would pay $100 and would receive in change $50 (as shown below). Both the currency notes are legal tender that is supplied by a central bank. A Bitcoin transaction also involves paying and may too involve receiving back change and in this respect is quite similar to our day-to-day transaction.


Comparison with Conventional Digital Transaction

A conventional digital transaction, say the online transfer of money, involves two parties and a mediator (the bank). So, there is a “From address” (A/C No.), a “To address” (A/C No.) and the amount (value transfer). There is no concept of change in a conventional digital transaction. If you want to transfer $1050 then you can transfer the exact amount and this is a mere process of debiting from sender’s account and crediting to the receiver’s account with the help of the mediator who validates the transaction. However, a Bitcoin transaction may involve multiple From addresses and multiple To addresses without any mediator. We will explore how this is possible.

As it is with any traditional transaction, ours will have the following attributes: a “From entity”, a “To entity” and the value to transfer. Let us send an amount of 0.1 BTC to a Bitcoin user as follows:

From: n2FSwa6DsMsbJgNknB64ThR3pHPUQ79bxL
To: msqdPeF7KeEqcWUNAFMm8JQijVB3cnLi4N

Amount: 0.1 BTC

The transaction has been done and the transaction details can be seen here

Bitcoin Transaction

Now, what looks legitimate is the From address (left) and the one of the To addresses with 0.1 BTC sent. However, two things look contradictory. Firstly, we sent 0.1 BTC but it says 1.0 BTC being transferred. Secondly, there is one more To address to which some amount has been sent.

Is something wrong with this transaction? Not really! You can check the above transaction in block explorer and verify yourself that it is indeed the same transaction. But this is the way Bitcoin works. Let us explore.

What is a Bitcoin Transaction made up of?

A transaction in Bitcoin consists of inputs and outputs. The input is like a “From address” which is in Bitcoin terms an unspent transaction output. When you want to make a transaction you will always spend an unspent transaction output as a whole. That said, you end up paying the entire amount. However, you receive the remaining amount in a different address called change address. This change address is your own address where you collect the change, which in turn is an unspent transaction output. This is quite common in Bitcoin transactions. For instance, someone sent you 1.0 BTC. Now you want to send 0.5 BTC to your friend. You cannot break the 1.0 BTC but you will spend the entire 1.0 BTC in a transaction and get the change in your change address.

Transaction Fee

Back to our transaction. Now, let us verify that the amount in input and outputs are balanced. So, 1 BTC – (0.1 BTC + 0.89432145 BTC) should be 0. But it turns out to be 0.00567855. So, where did this amount go?

Well, this is the transaction fee that is paid to the miner who helped you in validating the transaction, adding it into a block, mining the block, and broadcasting to the network. The miner is given this amount as a mining fee for the work he has done.

The mining fee is charged in satoshi per byte. Our transaction has a size of 225 bytes and we were charged 2523.8 satoshi per byte. So, 2523.8 x 225 = 0.00567855 BTC.

The Concept of UTXO

Note that the two outputs here are mentioned as “unspent”. This is how bitcoin keeps track of balances. The sum of all unspent transaction outputs is what constitutes your balance. Bitcoin network does not have any database or global state of balance amount rather it uses the concept of UTXO.

So, how is a UTXO represented in the bitcoin protocol? Perhaps in the bitcoin protocol, there is no concept of “From address”. Yes, there is no concept of From address in Bitcoin. The Bitcoin addresses are used to receive payments. A transaction in Bitcoin never encodes a From address but only has a reference to a previous unspent transaction output. That said, the input of a Bitcoin address is actually a previous unspent output. Bitcoin refers to a previous unspent transaction output using a combination of transaction ID (or transaction hash) and an index. Once an unspent transaction is spent you cannot spend it again and thus prevent the double spending.

A Transaction with Multiple Inputs

So, how will a Bitcoin user transact an amount for which he has no unspent transaction output equal to or above that value? Say, a user wants to transfer 5 bitcoins but none of his unspent transaction output has that much amount although the user has multiple unspent transactions that add up to a value greater than 5.  Bitcoin allows you to combine unspent transaction outputs. A transaction with multiple inputs would sound new to a person doing a conventional digital transaction. This is because a conventional digital transaction always has only one sender (or From address). Let us analyze a bitcoin transaction with multiple inputs. In this case, the Bitcoin user wants to send 1.02 bitcoins but he has no unspent transaction outputs of that value. So, the user combines two inputs and then transacts (see below).

Bitcoin Transaction

The above transaction (ac194c19201a20cdd26bbb8d696588370c06261148fd20a96b3330b0bcb03207 ) has two inputs and two outputs and it is absolutely a valid transaction in Bitcoin. The total amount of BTC of these two inputs, which is 1.04997424 BTC, is sufficient to send a transaction of 1.02 BTC. And the remaining value has been collected in a change address with 0.02997013 BTC.

……………………………………………………………………………………………………

How are transactions validated in Bitcoin?

Let us take an example of a transaction that involves one input and one output (as below). Here,  the input is a reference to a previous unspent transaction at index 0. The previous transaction is referred by a transaction hash: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6
The output sends 50 bitcoins to a bitcoin address. When the recipient wants to spend this 50 bitcoin he will reference output 0 of this transaction as an input of his own transaction.

Input:

Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6
Index: 0
scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446618c4571d10

90db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6cc8d25c6b241501

Output:

Value: 5000000000

scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d

OP_EQUALVERIFY OP_CHECKSIG

Bitcoin uses a scripting system to verify a transaction. There are two script components that can be seen in the above transaction: scriptPubKey and scriptSig. So, the scriptSig refers to the sender’s signature and the public key. The scriptPubKey is the script that will be evaluated using bitcoin protocol and if the execution of the script returns true then the transaction is valid.

scriptSig: <sig> <pubKey>
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

Let us see how this script is executed on the stack:

Step 1: Combine scriptSig and scriptPubKey in that order
Step 2: Push <sig> and <pubKey> to stack
Step 3: Execute the operation OP_DUP which will duplicate top item, which is <pubKey>
Step 4: Execute the operation OP_HASH160 which will create hash of the <pubKey> and this hash will be pushed to the stack.
Step 5: Execute the operation OP_EQUALVERIFY to ensure the hash generated matches with the <pubKeyHash>
Step 6: Execute the operation OP_CHECKSIG for the two hashes on the stack.

In summary, a Bitcoin transaction involves one or more inputs and one or more outputs, has no concept of From addresses in its protocol, uses a concept of unspent transaction output, and verifies the transaction using a scripting architecture.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Image-Accounting Software Tools Information Exchange

Integrating Multiple Accounting Tools for Information Exchange

This article will be helpful for those developers who are trying to integrate multiple accounting tools with a custom web or desktop application; with the accounting tool database exposed either using ODBC/JDBC or APIs.

The solution was explored when I worked in a project where there was a need to automate the data transmission (bi-directional) between different accounting tools (like Adagio, QB Desktop and Online version, etc.) interfacing with a central database. And make it possible for devices (like iPhone) to transmit data to the central database and subsequently to the accounting tools. In a nutshell, the main application, devices and multiple accounting tools needed to be in sync all the time/whenever required.

……………………………………………………………………………………………………
The Solution

The major features that were provided/implemented:

  • Connector: it acts as a bridge between web API and desktop/online accounting tool.
  • Data transmission between different entities using customized XML
  • Logging request and response on each event with a different status
  • The parser in the background (it basically parses the data from XML and maps it with the database)
  • Common database structure to handle request and response for different tools

Following diagram shows the flow and integrations process-:

 

Here, the user has the freedom to use different custom applications based on need. For e.g. in some cases where the API is exposed to the outside world for web accounting tools, we can merge the request-and-response processes in one place along with the parsing of data.

#1 Window Service

It is being used for parsing data coming internally from accounting tool in a specified format. Here, the approach can change as per need because sometimes the customer doesn’t want to put extra load on the server; then we can do it at the same level (i.e. in the request-and-response process).

#2 Web Service/Web API

It is used for running the connector. Actually, the connector will act as a bridge between the accounting tools and the central database.

#3 Main web or window application-

Here we need to have one page which will facilitate the user to generate requests in specified formats (XML or JSON) for required entities (like retrieving customer data or adding a new customer in the Accounting tool).

#4 Accounting tool

Accounting tool which exposes database/API to the outside world. Nowadays most of the applications have shared API or database to the outside world for integration with other applications.

The diagram below describes the data flow between different applications in a stepwise manner:

 

 

……………………………………………………………………………………………………
Error handling and Logs

Since accounting tools are being used here, it means there are bound to be information pertaining to the flow of money involving different vendors and stakeholders. This section thus holds a lot of relevance. The provision for logging is done either in the database or somewhere else on the disk. Since there different levels and sublevels like web service/API for connector  has 4 important  sublevels (Authenticate(), SendRequest(), ReceivedResponse() and CloseConnection() ), it is highly relevant to know at every step exactly what data got processed. Also, the availability of results opens up the provision for performing analyses later, whenever needed. Logging makes it possible to handle internal errors as well.

Security Handling 

The whole solution should follow the security rules as per the industry norms like SSL implementations for all web-based calls, Cryptographic methodology (wherever required), AntiForgery checks once session established, etc.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
User Interface Design

The Trick of Designing User Interfaces that Slay!

Very often at work, I used to get bombarded with user-interface related questions. Some of those would be ones I would be hunting tangible answers for myself. Typical ones would be:

“Does this website look good?”
“Which interface looks better?”
“Should I place the button to the left or to the right?”
“Do I keep the logo Green or Red?”

Now, the problem every time was the expectation to offer perfect answers, along with supporting reasons. Although my intuition helped me get through on a few, the part I would struggle most was in offering convincing reasons to support my answers. I felt my supposed intuition had some underlying logic and concepts but I needed to reify those. I needed to have constructs that  I could use to easily judge any Design, be it a web page, mobile application UI or even a poster.

What followed was a lot of google search, expert advice seeking and directionless research. Finally, I came across a course based on Design Thinking which paved the way to a whole new perspective of looking at any design.

I now use a personal knowledge kit, heuristics of sorts, that I have been able to develop, courtesy this course, which helps me analyze any User Interface. If you are facing similar problems, this blog should be of help. So here are the points: 

……………………………………………………………………………………………………

1. Evaluate your Work

Before making an Interface public, make an evaluation yourself by asking these questions:

How easily can someone

  • Determine the function of the system and possibilities?
  • Determine the mapping from the intention of the user to actual operation?
  • Perform the action?
  • Tell the state of the system? Tell if the desired action has been completed or not?
  • Determine the mapping from the state in which the system is into what the user understands?

If all the questions have already been addressed in your design, then you’re good to go. If not, then you need to enhance one or some of the aspects listed below to make the User Interface better i.e. providing

  • Visibility and Feedback
  • Consistency
  • Non-destructive operations (undo)
  • Discoverability (menus)
  • Reliability
  • And events should not happen randomly

All these points sum up to nothing but an implementation of the following statement
Immediate feedback on actions AND Continuous representations of objects” – This is what lies at the core of the best designs that are made.

2. Understanding Mental Models

Even before a user starts performing an action, a mental image is formed in the user’s mind which depicts the user’s understanding of the Interface, which is called the Mental model. Very often a user thinks something and the system does something else, which leads to this gap between the mental model of the user and the designer.

This can be overcome by experimenting with multiple beta users and analyzing how your interface performs. Additionally, through our Interface, we can provide a good idea of how each object works and how to control it leading to the Interface itself disclosing how it is used.

3. Representation Matters

This lays emphasis on just one thing –  What to show and What not to.
Representation plays a significant role in simplifying or complicating matters, and so, a Good Representation shows all of the relevant information, and nothing else.

Use pictures where words seem monotonous. As the saying goes, ‘A picture is worth a 1000 words’, the same principle can be used to build great interfaces. It takes time for the user to read and make a mental image and then process the information. This time can be cut out be using images directly and where ever they can be in the UI. Icons facilitate visual recognition and come handy when you know what something looks like but not what it’s called.

Some other factors that are often ignored are Whitespaces and Contrasts. Important information can be delineated by smart use of spaces and contrasts.

4. Typography

Typography is defined as “The art and technique of arranging type to make written language legible, readable, and appealing when displayed”

Something to be aware of when working with text-based applications is the Serif Hypothesis, which states that “Serif is easier to read as the letters contain anchors and tails which provide comfort to human eyes while reading texts for extended duration of time”

So, if you have a lot of written content on your webpage, you now know which text format to consider.

5. Layout

Every UI is designed with Grids in Mind. For example, have a look at the pictures below :

Paytm Home Page
Paytm Home Page

Yahoo Home PageYahoo Home Page

Things to be kept in mind are :

  • Alignment guides the eye and so we should avoid glitches there.
  • We automatically and unconsciously notice patterns/deviations that fall out of place.
  • That is why it is very important that we stick to mathematically accurate patterns.
  • In case we decide to deviate from a pattern, it has to be strategical.
  • Use visual proximity and scale to convey semantic information

6. Color

Effective use of colors can enhance the user experience to a great level. Colors can be used to highlight essential elements on the screen or to direct user attention.

Now, each color is associated with a certain meaning that has been proven over the years in various studies. The emotions that various colors invoke are as follows:

  • Red — Symbolizes lust, power, excitement or love
  • Yellow – Competence and happiness
  • Green – Good taste, envy
  • Blue – Masculine, high competence, high quality corporate
  • Pink – Sophistication, sincerity, feminine
  • Purple – Royalty, authority, sophistication, power
  • Brown – Ruggedness, earthiness, toughness
  • Black – Grief, sophistication, expensive, fear, evil
  • White – Happiness, sincerity, purity

These are widely agreed notions that will not change anytime soon.

7. Positioning

Users automatically pay attention to certain elements basing on their position on the webpage. More often than not, they seem to define a trend in which a webpage is viewed.

Neilsen Norman Group came out with a heatmap after conducting research on human eye tracking on webpages.

The highly colored area shows the highest density of the user eye views. That is where most users looked at most of the time. This just means one thing to us: put the more important content in that high-density area.

Now let’s look at the simplified pattern for a web page: This image shows the optimum positioning of information on a webpage based on the level of importance.

Important stuff needs to be in Priority 1 blocks followed by others.
Credit: Poynter Institute www.poynter.org/extra/eyetrack2004

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
WordPress Malware Infection

What is WordPress Malware Infection? How do you deal with it?

WordPress is the most popular content management system on the web. Besides the popularity, it has many advantages. But unfortunately, it comes with certain downsides as well. if you go by statistics, more than 70% of WordPress installations are vulnerable to hacker attacks.

In WordPress websites, we generally install third-party plugins/themes for integrating additional features. But most of the time, we are not aware of the inherent security vulnerabilities of these plugins/themes which act as critical loopholes that are targeted by hackers/malware botnets, etc. Some plugins provide regular updates for patching those issues. But if we fail to do them, it leads to the exploitation of the vulnerabilities and severe malware infection.

……………………………………………………………………………………………………
Why secure WordPress websites before enabling SEO?

We know that bots crawl websites. But nowadays, bots make more visits to websites than human traffic. Malware Bots attack by trying a set of tentative URLs on websites. If a website has a vulnerability, and it gets figured out by the malware through this approach,  the website becomes a candidate for exploitation. So, before enabling SEO on a website, we need to make sure that the website is secure; otherwise, you are at the mercy of bad bots which will take advantage of it. In some cases, malware can damage a site’s relationship with leading search engines by injecting malicious contents.

Effects of Malware Infection:
  • WP-admin will not be accessible due to unwanted 302 redirects to third-party malicious websites.
  • .htaccess file content will be changed even though it has proper file permission.
  • Files with extension .php.suspected will be created along with many duplicates of stylewpp.php.
  • Random posts will be created in WP DB.
  • Unknown admin users may have been created.
Steps to prevent Malware Infection :
  1. Take a regular backup of codebase and database.
  2. Restore content of .htaccess file and set proper file permission.
  3. Check crontab for any suspicious entries.
  4. Kill suspicious processes on the server.
  5. Check the access log and find suspicious HTTP calls.
  6. Block suspicious IPs which are making malicious attacks.
  7. Most core WordPress files should never be modified. You need to check for file integrity issues in the wp-admin, wp-includes, and root folders. Remove unknown files & folder with cascade delete [Suspected from access log]
  8. Analyze malicious PHP code which is injected into WP folders. It would be great if you can analyze malicious PHP script and decode their intention which will help you to remove infection easily.
  9. Prevent random article creation. We found “content-main.php” file to be executed by malware botnet from access log. It was injected in path “/wp-content/content-main.php”.
  10. Remove suspicious admin users
  11. Update WordPress to the latest version
  12. Change all credentials of cpanel , FTP and DB.
  13. Stop the brute force attack. Even if you will remove all files, folders, kill all malware processes & change passwords, malware will never sit idle. Because it has already entered your site domain name, IP & malware file locations in its database. So it will try to make continuous HTTP calls to malicious PHP script locations which will return 404 error which is fine. You also cannot block all IPs of malware botnet because it keeps on changing IPs.
    It tries the bruteforce login page with breached admin user names against a global database of pawned passwords.
  14. Block xmlrpc
  15. Prevent bad bots
    Modify the robots.txt file to prevent crawling core directories along with themes/plugin directories. Also, identify bad bots and prevent them from crawling website pages.
  16. Use SFTP instead of FTP
  17. Change default wp-login, wp-admin, wp-content urls. Below are some of the WP plugins which you can use for changing url of wp-login, wp-admin, wp-content, plugin urls.
    WPS Hide Login
    Protect Admin
  18. Install any of blow WP security plugins.
    Securi
    Quttera Web Malware Scanner
    Wordfence
  19. Add proper file & folder permissions.
  20. Check for known vulnerabilities in existing installed plugins.
    https://wpvulndb.com/
……………………………………………………………………………………………………
Conclusion

Nowadays, malwares are getting injected by botnets instead of humans. They crawl for vulnerable urls and exploit them one by one.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. Lakin enjoys sharing his thoughts on computing and technology in his personal blog.
To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Banner Universal link

Adding a Universal link to iOS Apps- Challenges & Solution

In this blog, I am going to explain how to, without considerable effort, add Universal link and Deep linking capabilities to an iOS app 

We are going to cover this in 3 sections

  • Understanding deep link, URL scheme, and Universal link
  • The issues with a universal link and the difficulty in incorporating it
  • A nice workaround to get rid of the complexity of universal links.

If you are aware of the universal link and the challenges in having it up and running, feel free to jump to the 3rd section straight away.

Understanding deep link, URL scheme, and Universal link

– As opposed to a common belief, a URL scheme is not the same as a deep link.

Then what exactly is a deep link?

Well, the term “deep link” is the route to a specific spot on a website or a native app. So, for a mobile app, “deep link” is a link that contains all the information required to navigate the user deep into a section of the app instead of just launching the app.

What is a URL scheme and how it works?

A URL scheme can be treated as a specially designed URL just to open a particular app.
For instance, any iOS app can open WhatsApp with “WhatsApp://” URI using the URL scheme. This is possible because WhatsApp has registered itself with the app store with “WhatsApp” as a URL scheme.

However, to send a “Hello” to a particular number in Whatsapp, the URI needs to be like “WhatsApp://send?phone=(actual phone number)&text=Hello”. This, in turn, will open chat for the given number with the supplied text pre-filled. This is an example of a deep link in action.

So, what exactly is a Universal link? and why at all so we need it?

The URL scheme works just fine as long as the app is installed on the user’s phone. In the above example for instance, if WhatsApp is not available, then “whatsapp://” URI will just not work and so as the deep link to send a message to a user.

In this case, a nice solution would have been to

  • Send the user to the website on the mobile browser, then, either redirect to the app, if available or show a prompt to download it from the app store if not.
  • A more elegant way is to directly open the app, if available on phone, without redirecting through the website or in case the app is not installed, open the website with a prompt to get it downloaded from the store. This is exactly how the universal link works.

The same universal link can be used to open the Android app as well.

……………………………………………………………………………………………………

The issues with Universal link and the difficulty in incorporating it.

Is Universal link difficult to incorporate?

The elegance and ease that universal link provides to your users come at the cost of having to deal with the complexity of implementing it.

Implementation of a universal link requires a guided approach. If you want to learn about the process in details, click here.

Unfortunately, there are a whole bunch of issues and bugs you will encounter after implementing it. As it deals with iOS, Android and the Web, there needs to be a great deal of coordination and support between them all.

Even for iOS itself, there are multiple ways and factors which are likely to affect how a user interacts with the link. Measures have to be taken to address them. To name a few, you are going to need to support previous versions of iOS, it should be possible for the link to open in SafariViewController for some apps like Skype and Facebook, the user may get redirected to the link instead of reaching there by clicking it, there may be a tracking need on the link. Given the default behavior of the universal link, which is to either open the app, if available or the web if not, it is going to break at some point for one of the above cases.

Unless you are hell-bent on having the universal link with all its properties and willing to put all the resources and time it needs to address the accompanying issues, you should consider the alternate, and the more basic solution available, to get the task done.

……………………………………………………………………………………………………

So, what is the hidden solution that can be used as a workaround?

The idea here is that the web URL, the actual HTTP link of the website, will work as a universal link.

But, how?

For Android, it’s easier to connect an HTTP link to the app, with the assumption that the user will be taken to your app on tapping the link if it’s available or fallback to the website if not. At most, you will need to verify the domain ownership. More on this is available here.

For iOS, unfortunately, you can’t use an HTTP link i.e. link to a real website to open the app without using Universal link.

Smart Banners in iOS is the workaround we have been looking for.

Safari has a “Smart App Banner” feature to promote app from the website. Your website can include a meta tag containing the app id of the app, and the Safari mobile browser will show a smart banner. On being tapped, it will open the app if it’s installed or take the user to the app store if the app is not there in the phone.

Here is how smart banner looks for the LinkedIn website.

 

LinkedIn Image1

When the app is not installed on the phone.

 

When the app is installed

 

The meta tag format is :
<meta name=”apple-itunes-app” content=”app-id=myAppStoreID, affiliate-data=myAffiliateData, app-argument=myURL”>

Both “affiliate-data” and “app-argument” are optional.

For more information on adding a smart banner to your app, click here.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author.
To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
ISO 8583

Why does ISO-8583 Score Over Other Standards

Of course, it is one of the many financial transaction standards describing how to pack certain data fields such that it could reliably be unpacked as well. However, the distinguishing factors that the standard possesses are :

  • It uses web sockets for communication which is very efficient.
  • This standard helps the electronic system which reads the card number, the transaction amount and other relevant data fields to pack it all up so that it could be transmitted electronically to a transaction processing system where it could then be unpacked back into individual data components and then processed.
……………………………………………………………………………………………………

Where do the Others Lack?

There exist numerous methods for packing and unpacking data. It could be as simple as comma separated fields. Eg: I could choose to send the transaction information as simple comma separated values as:

“1234123412341234,1000, INR,987” (Card Number, Amount, Currency, Merchant ID).

The issue with such a simplistic model of data packing is that it lacks meta information i.e. the message itself does not contain any information on what exactly is being packed in it. Not that it could not have been overcome even with a comma-separated version- just that it could get cumbersome

……………………………………………………………………………………………………

Principles that drive this Standard

The ISO 8583 message is based on the principles that:

– In a transaction message, you only get to pick the number of fields from a predefined set of fields. So, if you need a field called ‘My girlfriend’s phone number’, sorry, ain’t possible.

– The meta information of which fields are present in the message is also a part of the message payload in a data structure called the ‘bitmap’.

Structure

– Most implementations contain a few bytes dedicated to a fixed header (eg: ^A^TISO016000010) after which the actual ISO 8583 message starts.

– In one of our projects, the header we used was of 14 bytes

MTI – The Message Type Indicator.

The first 4 bytes describe the message type.

Eg: 02 00, which tells that the message is actually a financial transaction request. (The response to this request would also be in ISO 8583 and would carry an MTI: 02 10). Various MTIs exist and can be found on the web.

Bitmap

It is almost a visual representation of which fields are actually present in this message and which fields are not.

Eg: F2 38 80 01 08 E0 80 0F

11110010 00111000 10000000 00000001 00001000 11100000 10000000 00001111
(all the bit positions that are 1 implies the corresponding fields are present)

Hex Binary (Positions that have 1)
F2= 11110010 -> (1,2,3,4,7)
38= 00111000 -> (11,12,13)
80= 10000000 -> (17)
01= 00000001 -> (32)
08= 00001000 -> (37)
E0= 11100000 -> (41,42,43)
80= 10000000 -> (49)
0F= 00001111 -> (61,62,63,64)

We’ve just read the map! Therefore the fields that will be present in this message are field numbers: (1,2,3,4,7,11,12,13,17,32,37,41,42,43,49,61,62,63,64)

Note the first bit. Field 1 is a special field which indicates the presence of an extended bitmap. Since this sample message contains 1 on the 1st position, it means that this message contains another bitmap with another 64 bits.

Extended bitmap, Binary 64 bits

80 00 00 00 00 00 00 00
(=hex .extended bitmap field)
(80)10000000 -> (position 64+1=65)
This extended bitmap shows that field number 65 is also present in this message.

Data Elements

Immediately after the bitmap, the data elements start serially. From the bitmap, we know that fields 2,3,4,7 are present one after the other. All that we need to do is to read them one by one. Each field number has a predefined type in the ISO 8583 definition and has a predefined length. Some fields have a variable length in which case the first N bytes provide the length of the field.

Example:

Data Element 2. Length 16. Value : 0000011319353459 = Primary account number
Data Element 3. Length 6. Value : 011000 =Processing code. 011000 = cash withdrawal
Data Element 4. Length 12. Value : 000000020000 =Amount 200.00
Data Element 7. Length 10. Value : 0804030013 =DateTime DDMMhhmmss
Data Element 11. Length 6. Value : 051028 =Systems Trace number
Data Element 12. Length 6. Value : 083013 =Time, hhmmss
Data Element 13. Length 4. Value : 0804 =Date, MMDD
Data Element 17. Length 4. Value : 0804 =CaptureDate, MMDD
Data Element 32. Length 6. Value : 123456 =Acquiring institution ID code 123456
Data Element 37. Length 12. Value : 192165102801 =Retrieval Ref. No.

……………………………………………………………………………………………………

Isn’t ISO 20022 the new standard?

ISO 8583 will be a difficult one to get rid of anytime soon and hence one way or the other, in the financial industry ISO-8583 is here to stay.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author.
To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Google Puppeteer

Puppeteer : Is it time to ditch Selenium?

Google has introduced a new library based on Chromium’s dev tool protocol. The library grants high-level API to interact with chromium and handle most tasks which you can perform using Chromium dev tools. The library is implemented in node.js and is really easy to get started once you install required packages using the node package manager.

……………………………………………………………………………………………………

Why Puppeteer?

Puppeteer flexes its muscle where selenium misses out. It is not just limited to interactions with the web application under test performing tasks like for e.g. interacting with dom, submitting forms, generating screenshots and pdf of web pages but also in intercepting network activity, throttling CPU and network, generating timeline trace and mocking API amongst some. The puppeteer can be easily be used to write end-to-end automation test suites with the benefit of getting a detailed timeline of the performance of all the assets (images, javascript files and so on).

Engineers can easily switch between headless and non-headless modes. While writing the automation suite, non-headless mode gives a good view of how the browser is interacting with the application under test and helps in debugging; just like in Selenium. But in production, we can execute suite in a headless mode as it reduces execution time and save resources.

……………………………………………………………………………………………………

Is it really that Good?

Yes, it enjoys the goodness of async code execution. You can always perform multiple tasks simultaneously following the latest javascript async await conventions. You can test the behavior of your application under different screen sizes. The network can be throttled on demand to find out how your application will run at low internet speeds. For e.g. if you want to test the error messages in an application when a user loses internet connectivity, puppeteer can easily handle such a scenario. Mocking APIs can also be achieved with utmost ease. For instance, if you want to test your “payment completed” screen but don’t want to go through the payment gateway flow, you can easily perform it with puppeteer by mocking the API response. With a detailed performance matrix, puppeteer can easily be used for performance testing.

So what are the drawbacks?

Google puppeteer supports only Chromium and Chrome out of the box. Third party implementations are available for Firefox and Internet Explorer. But they are experimental as of now and are missing a good chunk of the firepower. The documentation available is minimal as compared to selenium.

Why should you prefer Puppeteer over Selenium?

The targeted audience is the major deciding factor. If it majorly comprises of Chrome users you should go ahead with Puppeteer. Other factors include performing automation tasks which are not possible with selenium, like testing Chrome extensions, mocking API calls and so on. Selenium follows WebDriver protocol and has been from a very long time in the market compared to puppeteer hence itis better documented compared to puppeteer.

……………………………………………………………………………………………………

Conclusion

Puppeteer is a powerful library which has revolutionized the automation testing by overcoming functionalities missing in WebDriver protocol used by Selenium. Although it is still in the early stages, it promises a bright future, backed up as it is by the illustrious Chrome dev tools team.

……………………………………………………………………………………………………

If you have any queries in this field, talk to Mindfire Solutions. For over 19+ years now, we have been the preferred Software Development Partner of over 1000+ Small and Medium-sized enterprises across the globe.

Spread the love
  • 1
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    1
    Share
Overcoming pain points in offshoring software development

Overcoming the Critical Offshoring Pain Points in Software Development

It is imperative for businesses today to leverage the effectiveness of software in order to get ahead in the market. This is not limited to the enterprise software pieces they use as part of their day to day operations, but it also relates to the proprietary pieces they offer to their users, clients, and partners.

But developing proprietary software is a serious undertaking, and one which might be beyond the reach of the average small or medium-sized business – in terms of cost effectiveness and also the general skill and expertise needed to truly deliver. So what is the answer for SMEs in the market?

Offshoring software development represents a viable solution. This concept in software design refers to hiring a third party team in a different country to handle the development process. This approach to development brings with it immense benefits, as well as significant challenges. So what are the key pain points, and how can businesses navigate through them. Let us look at the critical ones :

……………………………………………………………………………………………………

Difficulties Commonly Associated with Offshoring Software Development?

Breakdown in communication between teams

Offshoring means a team operating in a different country or territory – which in turn means potential time zone clashes and a heavy reliance on digital communication tools. There is also the very critical factor of cultural differences existing between the in-house and outsourced teams, leading to communication breakdowns.

Quality not guaranteed

This is a familiar source of anxiety for any businesses working with an outsourced team – How to ascertain the quality of the outcome? There is no guarantee here, but, if the services of a company are hired purely on the basis of low rates, there is a strong likelihood of low quality turning out to be the byproduct. No good service comes cheap.

Sensitive data risk

We are in the beginning of the digital era. Data has already started making the business world go round. This makes outsourcing something of a minefield. On one hand, the team needs the requisite data to do the job and to do it well, while on the other, the companies outsourcing are always going to be nervous about how much access to sensitive data would they be giving away. The risk of data breach, either accidental or malicious, is always high and the ensuing penalty could be significantly detrimental.

……………………………………………………………………………………………………

Overcoming the Pain Points

Deployment of digital communication tools

Outsourced teams – both on and offshore – are introducing businesses to a whole new world of flexibility and agility. This is being supported by a wealth of different communication tools which allow collaboration and communication between teams across the globe in real time. With so many high-quality software tools and platforms available, communication breakdowns can be completely eliminated.

Progress reports and regular project appraisals

When a contract is drawn up with an offshore team, regular appraisals and reports have to be included in it to keep a tap on work progress. The result will be a process which is far more streamlined, one unlikely to get hung up or face too many unexpected pitfalls. It enables both the teams to stay on course and make required modifications whenever it is deemed necessary.

Temper cost reduction with a quality-oriented focus

Reducing costs and achieving better resource management are certainly two important and obvious factors for a company when it comes to outsourcing their software development work. What should also be given equal importance is the quality of work. Everything fails otherwise. Clarity is required on two fronts here. Firstly, knowing the impact the quality of the outsourced work will have on the end result. Secondly, having established evaluation criteria to identify the right partner to engage with.

Develop an in-house data security plan, Extend it to outsourced teams

A business should first understand that it is not immune to data breaches from within, and thus, should begin by drafting a high-level data security plan that covers all potential vulnerabilities.With the required processes in place the approach can then be extended to include the offshore partner. Providing them with a copy of one’s data security policy, and ensuring that the same is ratified and agreed upon before the final contract is signed would clearly underline the importance the company puts on the matter.

……………………………………………………………………………………………………

If you have any queries in this field, talk to Mindfire Solutions. For over 19+ years now, we have been the preferred Software Development Partner of over 1000+ Small and Medium-sized enterprises across the globe.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •