Thursday, February 27, 2014

validationQuery


Spring configuration in applicationcontext.cml for mysql

<bean id="myDataSource" class="org.apache.commons.dbcp.BasicDataSource"
    destroy-method="close">
    <property name="driverClassName" value="com.mysql.jdbc.Driver" />
    <property name="url" value="jdbc:mysql://${mySQL.host}/${mySQL.db}" />
    <property name="username" value="${mySQL.user}" />
    <property name="password" value="${mySQL.pass}" />
    <property name="testOnBorrow" value="true"></property>
    <property name="validationQuery" value="SELECT 1"></property>
</bean>

validationQuery - The SQL query that will be used to validate connections from this pool before returning them to the caller. If specified, this query MUST be an SQL SELECT statement that returns at least one row.

http://stackoverflow.com/questions/5636195/dbcp-and-hibernate-on-spring-doesnt-re-open-dead-connections-why

Monday, February 24, 2014

reputation system


  • Sybil attack

The Sybil attack in computer security is an attack wherein a reputation system is subverted by forging identities in peer-to-peer networks
It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder.

reputation system
A reputation system computes and publishes reputation scores for a set of objects (e.g. service providers, services, goods or entities) within a community or domain based on a collection of opinions that other entities hold about the objects
http://en.wikipedia.org/wiki/Sybil_attack

censorship

  • freenet

Share files, chat on forums, browse and publish, anonymously and without fear of blocking or censorship
freenetproject.org                  


  • Freenet is a peer-to-peer platform for censorship-resistant communication. 

It uses a decentralized distributed data store to store information, and has a suite of free software for working with this data store. Both Freenet and some of its associated tools were originally designed by Ian Clarke,who defines Freenet's goal as providing freedom of speech with strong anonymity protection.
http://en.wikipedia.org/wiki/Freenet



  • The countries where dictatorship rules try to silence freedom of speech and oppress democracy.Internet's nature is to share information which individuals invent,spread and promote.


Download opera browser
http://www.opera.com/computer/windows

Enable off-road mode which is previously known turbo mode.

you can test this mode on blocked websites.

References
http://help.opera.com/opera/Windows/1326/en/viewPages.html#offRoad


  • JonDo is a proxy client and will forward the traffic of your internet applications encrypted to the mix cascades and so it will hide your ip address.
JonDoFox and JonDoBrowser (beta) are recommended for anonymous web surfing
http://anonymous-proxy-servers.net


  • What is I2P?
I2P is an anonymous overlay network - a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs.
I2P is used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers, as well as the average person.

dragnet
a system in which the police look for criminals, using very thorough methods

https://geti2p.net/en



  • TOR
During the circuit creation process, your client exchanges cryptographic keys with the first relay it connects to and begins encrypting traffic back and forth. Further each hop in transit between the various relays is encrypted using those relays’ cryptographic keys. You can visualize this as layers of encryption being wrapped around your data: this is where the phrase “onion routing” comes from when describing the type of network Tor establishes. Finally, your encrypted traffic is decrypted at the exit relay where it is then forwarded out onto the “regular” internet. This is one of the ways that Tor helps maintain your privacy online – each exit node is aggregating traffic from many other Tor users and putting it out onto the internet all at once. Your traffic becomes a small stream in the giant swath of data coming from and entering back into any given exit node. It is also important to note that your exit node only knows which intermediate node to send receiving data back to (this is also true for each internal to internal leg of the circuit). What this means is that your identity and the content of your traffic are cryptographically bifurcated – your entry node knows who you are but not what you are doing and your exit node knows what you are doing but not who you are. All the relays in between only know to forward the encrypted payload to the next relay on the circuit. Assuming that the content of your traffic does not reveal your identity, this permits you to browse the internet completely anonymously.

Tor also allows you to run and access what are called hidden services.
These are servers that are accessible only from within the Tor network itself
Among the various hidden services are various blogs, email servers, and forums.

I2P
I2P appears to provide many of the same benefits that Tor does.
However, I2P was designed from the ground up to provide a different set of benefits.
the primary use case for Tor is enabling anonymous access of the public internet with hidden services as an ancillary benefit.
I2P on the other hand, was designed from day one to be a true “darknet.”
I2P performs packet based routing as opposed to Tor’s circuit based routing
I2P does not rely on a trusted directory service to get route information. Instead, network routes are formed and constantly updated dynamically, with each router constantly evaluating other routers and sharing what it finds
I2P establishes two independent simplex tunnels for traffic to traverse the network to and from each host as opposed to Tor’s formation of a single duplex circuit.
This provides the additional benefit of only disclosing half the traffic in the case of an in-network eavesdropper.
From an application-level perspective there is a fundamental difference between the I2P and Tor networks as well.
Tor functions by providing a proxy on your local machine that you must configure your applications to use (of download specially configured application bundles).
In contrast, I2P is generally used by applications that are written specifically to run on the I2P network.

Tor provides one with better anonymous access to the open internet and I2P provides one with a more robust and reliable “network within the network,” a true darknet, if you will.
when implementing either of these two tools, one must always be aware that one’s ISP can see that he or she is using Tor or I2P (though they cannot determine the content of the traffic itself).
In order to hide this knowledge from one’s ISP, one should make use of a high-quality VPN service to act as an entry point to either one’s anonymous network of choice or to the internet at large.



https://www.ivpn.net/privacy-guides/an-introduction-to-tor-vs-i2p




  • The two primary differences between Tor / Onion-Routing and I2P are again related to differences in the threat model and the out-proxy design (though Tor supports hidden services as well).

Tor takes the directory-based approach - providing a centralized point to manage the overall 'view' of the network, as well as gather and report statistics, as opposed to I2P's distributed network database and peer selection.

Comparison of Tor and I2P Terminology


Tor I2P
Cell Message
Client Router or Client
Circuit Tunnel
Directory NetDb
Directory Server Floodfill Router
Entry Guards Fast Peers
Entry Node Inproxy
Exit Node Outproxy
Hidden Service Eepsite or Destination
Hidden Service Descriptor LeaseSet
Introduction point Inbound Gateway
Node Router
Onion Proxy I2PTunnel Client (more or less)
Relay Router
Rendezvous Point somewhat like Inbound Gateway + Outbound Endpoint
Router Descriptor RouterInfo
Server Router


Benefits of Tor over I2P
More resistant to state-level blocking due to TLS transport layer and bridges (I2P has proposals for "full restricted routes" but these are not yet implemented)
Centralized control reduces the complexity at each node and can efficiently address Sybil attacks
C, not Java

Benefits of I2P over Tor
Designed and optimized for hidden services, which are much faster than in Tor
Fully distributed and self organizing
Peers are selected by continuously profiling and ranking performance, rather than trusting claimed capacity
Floodfill peers ("directory servers") are varying and untrusted, rather than hardcoded
Java, not C

https://geti2p.net/en/comparison/tor



  • Navigating through the Darknet or Dark Web

On the surface, there is only one big difference between surfing the Darknet and surfing the “normal” web. URLs don’t look like anything you can actually read. They are random strings of characters followed by the extension “.onion”
For example, if you launch TOR and go to this URL: http://3g2upl4pq6kufc4m.onion/ you’ll reach DuckDuckGo’s search engine on the TOR network. DuckDuckgois is a search engine that emphasizes protecting searchers’ privacy and avoiding the filter bubble of personalized search results. If you try to access that same URL through Chrome for example you won’t be allowed to view it.

https://99bitcoins.com/accessing-dark-net-under-minutes-beginners-guide/


  • Darknet Chronicles Pt 1: Clearnet vs Darknet

The Clearnet
Put simply the clearnet is a term used by darknet users to define the regular internet accessible from any browser. This definition bundles the surface web and the deep web. Essentially covering anything accessible by the average non-TOR user.
The Darknet
Also known as hidden services or websites, these sites can only be accessed through specialized software or means. The most popular is a browser known as TOR. Another software used is called I2P for more advanced users

https://www.business2community.com/cybersecurity/darknet-chronicles-pt-1-clearnet-vs-darknet-01972328


  • torrenting 
Tunneling wraps those packets in others that provide extra security against prying eyes. In addition, the data is encrypted in transit, meaning ISPs, service providers and other middlemen see nothing but gibberish. Different providers use different encryption methods, the most common being IPSec, L2TP, and OpenVPN.
    http://www.firewall.cx/vpn/vpn-guides-articles/1185-vpn-for-torrenting-anonymous-torrenting-test-avoid-bandwidth-throttling.html

    • browsing
    https://ixquick.com
    http://yippy.com/

    • Orbot: Mobile Anonymity + Circumvention
    Ostel: Encrypted Phone Calls
    Gibberbot: Secure Instant Messaging

    https://guardianproject.info/apps/tutorials/

    • Tails

    Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity
    use the Internet anonymously and circumvent censorship;
    all connections to the Internet are forced to go through the Tor network;
    leave no trace on the computer you are using unless you ask it explicitly;
    use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.
    https://tails.boum.org

    Sunday, February 23, 2014

    The Joel Test


    The Joel Test

        Do you use source control?
        Can you make a build in one step?
        Do you make daily builds?
        Do you have a bug database?
        Do you fix bugs before writing new code?
        Do you have an up-to-date schedule?
        Do you have a spec?
        Do programmers have quiet working conditions?
        Do you use the best tools money can buy?
        Do you have testers?
        Do new candidates write code during their interview?
        Do you do hallway usability testing?
       
        2. Can you make a build in one step?
        If it takes 20 steps to compile the code, run the installation builder, etc., you're going to go crazy and you're going to make silly mistakes.
        we required that the installation process be able to run, from a script, automatically, overnight, using the NT scheduler, and WISE couldn't run from the scheduler overnight, so we threw it out. (The kind folks at WISE assure me that their latest version does support nightly builds.)
       
        3. Do you make daily builds?
        Breaking the build is so bad (and so common) that it helps to make daily builds, to insure that no breakage goes unnoticed. On large teams, one good way to insure that breakages are fixed right away is to do the daily build every afternoon at, say, lunchtime. Everyone does as many checkins as possible before lunch. When they come back, the build is done. If it worked, great! Everybody checks out the latest version of the source and goes on working. If the build failed, you fix it, but everybody can keep on working with the pre-build, unbroken version of the source.
       
        4. Do you have a bug database?
       
        complete steps to reproduce the bug
        expected behavior
        observed (buggy) behavior
        who it's assigned to
        whether it has been fixed or not

    If the complexity of bug tracking software is the only thing stopping you from tracking your bugs, just make a simple 5 column table with these crucial fields and start using it.

    http://www.joelonsoftware.com/articles/fog0000000043.html


    Monday, February 17, 2014

    Spaghetti code

    Spaghetti code is a pejorative term for source code that has a complex and tangled control structure, especially one using many GOTOs, exceptions, threads, or other "unstructured" branching constructs. It is named such because program flow is conceptually like a bowl of spaghetti, i.e. twisted and tangled.

    pejorative
    a word or expression that is pejorative is used to show disapproval or to insult someone
    http://en.wikipedia.org/wiki/Spaghetti_code

    Monday, February 3, 2014

    MySQL High Availability (HA) tools

    • Tungsten

    Tungsten Replicator is a high performance, open source, data replication engine for MySQL
    https://code.google.com/p/tungsten-replicator/


    • Multi-Master Replication Manager for MySQL

    MMM (Multi-Master Replication Manager for MySQL) is a set of flexible scripts to perform monitoring/failover and management of MySQL master-master replication configurations
    http://mysql-mmm.org/


    • DRBD

    DRBD refers to block devices designed as a building block to form high availability (HA) clusters. This is done by mirroring a whole block device via an assigned network. DRBD can be understood as network based raid-1.
    http://www.drbd.org/

    • Liquibase
    Liquibase | Database Refactoring | Liquibase
    Supports code branching and merging
    Powerful refactoring commands
    Command Line, Ant, Maven, Spring, and Servlet integrations
    www.liquibase.org


    • I work on a Groovy/Grails project, and Grails uses Hibernate underneath for all its ORM (called "GORM")
    We use Liquibase to manage all SQL schema changes, which we do fairly often as our app evolves with new features.

    The awesome thing is that I can take a totally blank slate MySQL database on my laptop, fire up the app, and right away the schema is set up for me. It also makes it easy to test schema changes by applying these to a local-dev or staging DB first.

    The easiest way to get started with it would probably be to take your existing DB and then use Liquibase to generate an initial baseline.xml file. Then in the future, you can just append to it and let liquibase take over managing schema changes.

    http://stackoverflow.com/questions/221379/hibernate-hbm2ddl-auto-update-in-production

    • Galera Cluster for MySQL is  a true Multimaster Cluster based on synchronous replication. It is an easy-to-use, high-availability solution, which provides high system up-time, no data loss and scalability for future growth.

    http://galeracluster.com/


    • Percona, a leader in open source database software and services, today announced Percona Server for MySQL 8.0, the latest version of the company’s free, enhanced, drop-in replacement for MySQL Community Edition. Percona Server for MySQL 8.0 includes all the features of MySQL Community Edition 8.0, along with enterprise-class features from Percona that make it ideal for enterprise production environments. The latest release offers increased reliability, performance and security. 

    https://www.percona.com/about-percona/newsroom/press-releases/percona-server-mysql-80-delivers-increased-reliability

    • Get MySQL Replication up and running in 5 minutes

    MySQL allows you to build up complex replication hierarchies, such as multi-master, chains of read slaves, backup databases at a remote site or any combination of these.
    The first step in setting up replication involves editing the “my.cnf” file on the servers that will serve as the master and slave
    http://www.clusterdb.com/mysql-cluster/get-mysql-replication-up-and-running-in-5-minutes/



    • How To Set Up Database Replication In MySQL

    First we have to edit /etc/mysql/my.cnf. We have to enable networking for MySQL, and MySQL should listen on all IP addresses,

    Furthermore we have to tell MySQL for which database it should write logs (these logs are used by the slave to see what has changed on the master), which log file it should use, and we have to specify that this MySQL server is the master. We want to replicate the database exampledb, so we put the following lines into /etc/mysql/my.cnf:

    There are two possibilities to get the existing tables and data from exampledb from the master to the slave. The first one is to make a database dump, the second one is to use the LOAD DATA FROM MASTER; command on the slave. The latter has the disadvantage the the database on the master will be locked during this operation, so if you have a large database on a high-traffic production system, this is not what you want, and I recommend to follow the first method in this case. However, the latter method is very fast, so I will describe both here.

    http://www.howtoforge.com/mysql_database_replication