logo
logo
logo
logo
logo
logo
logo
logo
logo
logo
logo

Enterprise server monitoring


Advertisement
This is a web service for web server owners and IT consultants, who need to have a complete overview of their web services. After a simple registration, our tool allows you to monitor any web service, that is connected to the internet. Our clients use us for monitoring of cloud-based servers as an additional server monitoring solution, as a server alarm service when their website is offline completely, or responding too slowly during offline backups or another task, that consume resources heavily above server average. We can monitor any server hosted in the cloud, fully managed dedicated servers, or pure dedicated servers with root access. This solution does not depend on expensive setup, we just need to know final URL of your service to be monitored. After that, out tool will ping your web from multiple locations to bypass false alarms, and notify you in a case of any problems. Typical use case is additional uptime monitoring, located outside of your domestic data location.

Sign up for free


By signing-up I agree with your T&C

382 IP addresses tracked
550,080 checks per day
90 outages per 24h

DNS server monitoring

DNS service is a critical part of every infrastructure. It's usually the first thing, that is responsible for the correct working of all services. Our company has great knowledge with DNS server monitoring, monitoring of VPN-based DNS servers, managed DNS servers, or large-scale DNS behind load balancers. Using our cloud-based technologies, you can set up your own, global DNS service, able to overcome possible DNS DDoS attacks using distributed load balancers. We can set up monitoring process for your company with intervals of 5-second checks, just to be fully sure your DNS is responding as you need. Our service is completely remote, in another word, you do not need to give us any access to the service. We can help you with a simulation of a large number of requests as well, providing you great insight into the performance of your DNS servers in case of the dramatic rise of requests or DDoS attack.

Link

Webhosting monitor

Setting up a new web hosting plan is easy in these days. Wait, what do you know about the quality of your web hosting during months, is it stable or not? There may be many factors, that may have a significant influence on speed and availability of your website. Probably the safest option, how to avoid any website downtime is to use cloud-based server hosting - no other website is taking a part of your private cloud resources. Another choice is to use shared web hosting, a kind where your data are not alone, where you share server resources with another user. The most typical problem with shared web hosting is you do not know, how many another website is hosted on the same physical server. This gives you a long portfolio of possible problems - starting with web hosting company focus on income, instead of providing enough server resources for every website, ending in possible hack of any of sites hosted on the same server, usually resulting in high server load and non-working services (like sending emails or website availability). Our company can provide you a detailed overview of your services and their status in way of availability and speed. We can provide you information, that is not possible to discover by reading web hosting reviews. Placement of your website on a concrete server may result in problems, that are not typical for another dedicated server of your web hosting company.

Link

Up or Down?

If you need to check fast, if your website is down, or it’s just a problem of your internet connection or DNS settings, try this tool. We test your website connection from more than 70 locations worldwide, so you can be pretty sure where’s the problem. This tool is suitable for fast decisions when you just launched expensive PPC campaign, large-scale viral content is heavily shared across social networks and you do not know if your website is down, and more cases you can imagine.


Link

Web hosting plans comparison

Compare thousands of web hosting plans offers, that are being used by our clients of server monitoring plans. We aggregate their hosting provider’s uptimes to create ultimate, global table of server hosting outages. Compare them by prices and much more.

ProviderPlan
Pricing / mo

Hard drive

Data/mo
CountryLast check
7host.comSmartEURUnlimited10GB43s ago
Description: create cloud server, cloud based server hosting, cloud application server
catalyst2.comPower ExtraEUR11 160GB8GB43s ago
Description: ruby server monitoring, gfi server monitor, wow mop private server
nogics.comBusiness ProEUR250GB20GBGermany Germany41s ago
Description: cloud based server backup solutions, server monitoring tool, cloud hosted servers
bdinfotech.comStandardEUR500MB25MBBangladesh Bangladesh39s ago
Description: dedicated server hosting australia, cloud based server backup, server backups
HostwayBlue GumEUR30 100000 MB800 MBAustralia Australia59s ago
Description: server monitor android, raid server recovery, sql server recovery
Domain & Webspace Manuel Tremmel2GB + .de Domain 3 JahreEURUnlimited1.95GBGermany Germany57s ago
Description: cloud backup services for servers, server monitoring cloud, windows server monitoring tools
RatiokontaktOxidWeb MEUR46 Unlimited10GBGermany Germany28s ago
Description: exchange server monitoring, windows server recovery, server monitoring
Pixel X e.K.Cloud Webhosting XLEUR20 Unlimited500.00GBGermany Germany54s ago
Description: running wordpress on windows server, linux server monitoring, windows 2008 server backup
hostgeek.com.auSavvyEUR20GB1GB30s ago
Description: cloud file servers, sql server backup strategy, small business server backup solutions
chinookwebs.com/LiteEUR10 Unmetered4GBCANADA49s ago
Description: systems management server, windows cloud servers, cloud backup servers
nexus.co.zaLiteEURUnlimited2GBSouth Africa South Africa14s ago
Description: best server backup solution, server cloud canada, cost of cloud server
jumphosting.hkSilverEUR10 10Gb500MBHong Kong34s ago
Description: xen server backup, monitor windows server performance, server backup solution
Loomes AG (Deutschland)Loomes Business GoldEUR25 Unlimited73,24GBGermany Germany57s ago
Description: back up servers, server on cloud, cloud server setup
ehosting.comStarterEUR1GB25GB 54s ago
Description: cloud server host, cloud server services, server disaster recovery
SynServer - Powered by Plusserver AGHost MegaEUR66 Unlimited46GBGermany Germany59s ago
Description: how to backup server, performance monitor windows server 2008 r2, monitoring server performance
Campusspeicher GmbHProfessor (250GB / 5 Domains / Premium Support)EUR13 Unlimited250GBGermany Germany26s ago
Description: online server backup solutions, monitoring server software, cloud vs server
hosttech GmbHpemiumKMUEURUnlimited34.17GBGermany Germany17s ago
Description: server image backup, sql server backup table, cloud virtual servers
20m.comWordPressEUR20GB2GB49s ago
Description: cloud server solutions, window server backup, cloud backup for servers
inc.clCorporateEUR10 25GBUnlimitedChile Chile49s ago
Description: hp server monitoring software, australian dedicated server hosting, servermonitor
tandyukservers.co.ukCopperEUR500MB5GB 48s ago
Description: server network monitoring software, windows server 2003 installation, server network monitoring
NetspaceBronzeEUR13 Unlimited125 MBAustralia Australia55s ago
Description: server backup system, online server backups, cloud based mail server
DM Solutions e.K.Reseller Basic v3EUR35 Unlimited35.00GBGermany Germany24s ago
Description: online server backup, windows server backup system state, cloud plex server
untsolutions-tz.comGrayEUR10GB500MBTanzania Tanzania37s ago
Description: cloud server provider, server monitoring dashboard, simple server monitoring
ewebguru.comStarter PlanEUR27 100GB10GB16s ago
Description: cloud servers reviews, server 2008 image backup, sql server with check option
lithiumhosting.comEconomyEUR3GB100GBUnited States United States42s ago
Description: backblaze server backup, creating a cloud server, web server monitoring tools
Celeros Online KGWebhosting ProfiEURUnlimited24.41GBGermany Germany12s ago
Description: cloud server costs, windows server 2003 group policy editor, best server backup
starhostbd.comBasicEUR10GB500MBBagladesh23s ago
Description: cloud backup server, datacenter server architecture, online backup servers
uniqinfotech.comAdvancedEUR100GB10GBIndia India53s ago
Description: server backup tools, server cloud, server performance monitoring
Webhost Germany c/o WHG Internetservice UG (haftungsbeschränkt)web SEURUnlimited10.00GBGermany Germany27s ago
Description: web server monitoring, build a cloud server, windows server 2008 system restore

Link

Password protection

Password protection is a critical part of internet security. The problem is that once hackers attack a particular website, they are able to download whole database of clients of particular business in seconds. If your email address is between these emails, you should be aware that there exist a real risk your email and password was compromised as well. Why? It depends on the business and their practices for saving passwords of their clients. The worst case is saving passwords in plain text. They simply save you password as-it-is, so not only hacker, but even an employee, or anyone with temporary access to the database can read your password. Even though knowledge of these 2 pieces of information is not critical, there may be a problem, if you use the same password and email for many services, or (the worst case), for your internet banking services. In that case, the attacker have access to your internet banking as well, possibly even email account, where all your digital identity stays. In another words, attacker with your password and login into email can easily read all the history of your communication – problem is, when your email was used to register a previous company domain names, to pay for webhosting services, or if another person sent you critical documents, that should not be visible by another party. The only solution is to use different passwords for different services and stores, without any relation as well. We all know how hard is to remember all the passwords, so in the next part, we will show you the best passwords managers, that are integrated with internet browsers, so you do not need to remember any passwords.

Link

About Temporary email

Temporary email is kind of service, when anyone want to use the email for a very short time and then discard it. It can be useful, when you want to register some free service and do not want to be bothered by spam in your private email box.

There is several ways to achieve this – first, common way is to use some free email service like outlook, gmail or yandex.mail. There are dozens of these free mail servers. This way is good, but you put some load on servers, which are used by other people and basically you are adding costs to the free email providers.

If you really want just the temporary email, then there are specialised services for that. They offer temporary email address with “self-destruct” feature. After some period, the email is discarded with all its content. With a quick search, you will find plenty of them. Just choose some, use it and do not care anymore.

Link

Farmers market – Setting a new farmers market

For organizers and creators, organizing markets it is not an easy task. These people have to think twice about having enough time for the markets and all the circumstances that belong to them. Finding a good place, suitable operator, supplier is the basis, but it also includes compliance with different regulations, city approval and other important things.

Finding the operator

The first step is very important and crucial for the organization of markets. People who oversee and manage the markets are one of the most important people at all. Operators can decide whether to drive the markets themselves, or leave the management to another person. These people need to consider whether they have enough time for the markets, because the operation of a quality market requires in most cases half and sometimes all the time. If they find it challenging for them, it is better to find a suitable substitute. This should be done by, for example, the city's office where the markets are held. At the meeting with the Authority, the operator will propose the concept of the farmers' markets, depending on whether the Market Authority will be interested or not. Municipal authorities are usually interested in markets, but they do not want to organize themselves. "In this case, you have to look elsewhere: to join friends in the search for social networking, to advertise in local newspapers, or in co-operation with the city hall, to the city newsletter, etc. The municipal office can also declare a con- cure to the operator. In the event that suitable candidates can be found, it is advisable to verify the appropriate incentives for the market. It should be seen that they are interested in leading markets fairly and are interested in bio products and markets in general.

Finding the right place

The success of the markets is very much the place where they are held. Inspiration can be places where they have traditionally been held in the past. When looking for a suitable place, it is necessary to take into account the demands of farmers (availability for goods with cars, parking and technical equipment) and customers (transport accessibility from the place of residence, overall pleasant appearance). However, some technical parameters are key to market functioning: access to electricity, water and sewerage. At the local offices, the availability of connections can be verified, or the need for adjustments needed. When preparing them, it is therefore very important to choose the place of the markets, a suitable place does not only affect the customers but also the farmers who sell their products on our market.

Agreement with the city

Most of today's markets originated from the enthusiasm of individuals who want to provide themselves and their families with better local food. These people did not have experience with similar work, but they still decided to implement the farmers' markets, and it is now possible to say that they have succeeded. Most often the markets are in the middle of a town or village, which means they are in a public space. Since this area belongs to a city, region or village, it is necessary to agree with this institution the conditions and permission to hold the farmers' markets. A future contract between the future market operator and the city office should be signed, which must certainly include the responsibilities of both parties: what the operator or tenant must provide and what the city will provide as the landowner. The contract is usually written by the lawyer of the city office.

Finding a suitable farmer

For the good functioning of the market, it is important to find suitable suppliers who will meet the required conditions and product quality. Finding a good farmer, but it is not that easy, it is one of the most difficult and very challenging tasks for the market operator. It also depends on which products and products are to be sold on the market, so it should be adapted to the supplier's requirements (originality, organic food, regional product).

Contract with vendors

For greater certainty, contracts with sellers are concluded to guarantee compliance with market rules and determine partial terms. The contract should also mention the price of goods - it should not go and deliberately overproduced products. Vendors should also be thoroughly scrutinized, not just honest farmers, but also scammers. Any bad decision can come back, so be careful to keep every farmer running his booth or care for him by the person authorized by him. If food is also processed, it is good to check the origin of the food. Not only to be a local producer, but also a country of origin. It would not be good for the credibility of the markets if local quality were to be mentioned with foreign products.

Link

Streaming sports – Mobile phone applications

With streaming applications, at least in some cases, we're going to the so-called "gray zone." In these applications, besides broadcasting publicly accessible TVs, you can also find TVs that are otherwise paid. For example, NOVA Sport, Eurosport and Eurosport 2.

In addition, these apps give us the ability to watch on their mobile phones and TVs that do not have a TV broadcasting application (such as TV Barrandov), or watch TV broadcasts that are not commonly available (eg Super Sport, Fox Sport, Sport Plus etc.).

Streaming applications have proven usable in Slovak and Czech streams. Through this application, you can watch all basic TVs, including NOVA Sport, Eurosport and other paid or unavailable TVs for free, without registration. Several streams are available for each program, and you have to test which one is actually active (usually, 3 items do not go from one TV to up to the fourth).

To view the video, the Slovenian & Czech Stream requires one of three players - Vplayer, MX Player or VLC. From our experience with this app, our videos run smoothly under the VLC and MX Player. However, you will have to try out what it will do for you.

Another interesting application that streams broadcasts to many of the world's sports televisions is Live Sport Stream TV. Live Sport Stream TV has a large collection of sports channels with high quality television broadcasts, so its only problem is the fact that some channels sometimes do not work. A similar application for iOS is Sports Live TV.

The same can be said of the Football 4us Live Stream TV football stream, where you can find streams of all football matches including the Champions League, European League, Bundesliga, Premier League, La Liga, Serie A and many others.

Although the range of TV applications is not very large, we can expect, that they will expand in the future. In addition to watching the most famous televisions, we would be able to launch some of the smaller televisions, such as Barrandov and similar, on the mobile phone. In this case, we have only relied on streaming applications that are not as reliable as the official applications of any television. The positive message, however, is that if you have a little patience, you can get your favourite TV even on your cell phone. We wish you a lot of nice TV experiences.

Link

Checking plagiarism – commercial and free plagiarism checkers

To detect plagiarism, a number of detection tools are used worldwide. The practice of verifying student work on the occurrence of plagiarism is becoming a common practice in colleges. There are a number of tools. Below we list some of them, including plagiarism checkers for free.

The name of software / programs used by institutions

iThenticate is a detection software for searching for non-original passages - plagiaries. This tool allows publishers, companies, and companies to instantly verify the origin / originality of documents and manuscripts. It also allows them to determine whether their IP documents are not being used unlawfully in the Internet environment. The system is available at: http://www.ithenticate.com/

Turnitin is one of the most widely used software to detect plagiarism. The system is available at:
http://www.turnitin.com/

Moss (Measure Of Software Similarity) is an automated system that searches for similarities in C, C ++, Java, Pascal, Ada, ML, Lisp. This is an Internet service that serves to reveal plagiarism in programming. Moss can be used for Unix or Windows systems. Stanford University is responsible for the system and you can find its site here:
http://theory.stanford.edu/~aiken/moss.....

JPlag is a system that looks for similarity in software code. It is available at this address:
http://www.ipd.kit.edu/jplag/

MyDropBox.com offers a set of programs to prevent plagiarism, review articles, and online learning environments in which teachers can work with student ratings and grade their submited work online. MyDropBox is available here:
http://www.mydropbox.com

Individual software - desktop plagiarism checkers

Copy Catch Gold - A plagiarism detection system is available on the Managed Windows Service (MWS). It is used to detect plagiarism in electronic materials. Copy Catch compares documents selected by the classroom (one-year student work, all submitted work, etc.) and displays the degree of similarity to other works.
http://www.liv.ac.uk/csd/software/plag.....

The Essay Verification Engine (EVE2) is software-consistency control software. Free trial is for 15 days.
http://www.canexus.com/

Glatt - these are three softwares that allow you to detect plagiarism.
http://www.plagiarism.com/

Plagiarism Finder is a Windows application that is executable on any computer with Internet access. It checks the document's consistency and creates a detailed report in which it highlights the identical passages with a reference to the source.
http://www.m4-software.com/

WcopyFind compares parts of text or words in phrases. The software can not search websites and the Internet, nor can it work with pdf format.
http://plagiarism.phys.virginia.edu/Ws.....

Scan My Essay - a text-matching system, it is a free plagiarism checker.
http://www.scanmyessay.com/

Plag Tracker - Free online application Plag Tracker with unique control algorithm. Lack a support for special characters.
http://www.plagtracker.com/

Local country programs / software

Theses.cz - a system for detecting plagiarism between final papers. The Masaryk University Brno is behind the development and operation. The system serves both Czech and foreign universities and universities as a national register of final works (information on works - title, author, ...) and as a repository of search for plagiarism. The system allows representatives of participating schools to place work and search for plagiaries among them.
http://www.theses.cz/

Odevzdej.cz - a system for detection of plagiarism in seminar and other school works. It is linked to Theses.cz system and thus compares the content with the final university work.
http://www.odevzdej.cz/

Link

6 Great Plugins for Better Billing in WooCommerce.

Many of you surely have to solve how to simply and efficiently print and send invoices to your customers. The following plugins make this activity much easier. Most plug-ins contain a number of settings that cannot be included in this report. The report will highlight the key features of the plugin. Decide which ones best suits you. Most plugins are only in English, but some are localized in many languages. If you would like to have your own translation, we can recommend Loco translate (plugin)

Print Invoices and Packaging Lists

  • Simple printing of invoice and delivery list directly from the order page, during order editing, and customers see these documents on their customer account page
  • Bulk invoice printing and delivery lists
  • Send an invoice using HTML email
  • Editing information and text to be displayed on the invoice / delivery list
  • Adjustable appearance with editable templates

WooCommerce PDF Invoices and Packing Slips

  • Automatically attaches the PDF invoice to the emails of your choice
  • Bulk creation of PDF invoices / delivery lists
  • Possibility to customize the look with HTML / CSS
  • Available in many localisations, possibility of extension with additional functionality (automatic invoice printing...)

WooCommerce PDF Invoices

  • Automatically attaches the PDF invoice to the emails of your choice
  • Great selection of different numbering formats
  • Add company logo, name, slogan, address, claim and other conditions...

WooCommerce Print Invoice and Delivery Note

  • Print invoices and delivery lists using the sidebar on the order editing page, quick print from the order overview, bulk print
  • Adding a logo, address, and lots of other information
  • Intelligent Template System with PHP Support Features

WooCommerce Invoice Sharing

  • Allows users to share invoices at any email address from the order details page or from the order overview
  • Customization of all form fields, error messages, form position on the page, look and setup of e-mail
  • Validate users to prevent unauthorized use (abuse)

Fakturoid

  • Allows invoices to be displayed directly in the browser or via the API interface
  • Localization in many languages.
Link

Why people search for: "www facebook com login"

The most searched phrases on the Google search engine in the US include, without a doubt, the phrase "www facebook com login". This is not surprising, given the fact that Facebook is generally one of the most visited websites today. Interestingly, this phrase searches around 368,000 people a year, respectively. it is often used as a search phrase as stated at a great Semrust analytics tool, that we recommend to anyone searching for information not just about search results on the Google Search Network.

Why is it interesting?

The phrase itself "www facebook com login" indicates that the users, who enter it want to first sign up on facebook. They seem to want to do this by typing a direct URL: www.facebook.com/login, however, due to missing dots and slash, they get to search for phrases via Google. It would be much easier to use the phrase "facebook login" or just "facebook" and the result would be the same, these users would save a lot of time. Interestingly, however, these users know that the URL should include "www", but does not use the correct syntax so the browser does not correctly evaluate it and does not send it to Facebook. Instead they are send to Google search results page. It's also possible, that they enter the address on mobile devices, where writing is more complicated, but here too, simpler phrases would save a lot of unnecessarily tapped letters.

There are a lot of similar unnecessarily searched phrases on the most used search engine, virtually every popular service has its own specific phrases. Overall, this suggests a lower level of IT literacy, but we believe that similar phrases will disappear over time with the emerging young generation living with the Internet from their childhood.

Link

Document sharing in LibreOffice

Many users, especially from corporate environments, solve the problem of file sharing within a business or other similar groups. So, whether you're a clerk, a private company, or a public institution, you'll experience the problem of working with multiple users in one file everywhere. And we are dealing with this issue in this article.

Although a number of proprietary solutions are ready for users, their use is highly controversial. For example, the use of Microsoft's cloud solutions faces several critical issues. The first is to share data in unauthorized hands; for the next one, it will not be possible (from 2020) to use OneDrive for Microsoft Office (Office 365 subscription will be needed).

We will confine ourselves to one, respectively in fact, two solutions that are completely different - both are built on LibreOffice, one is local / desktop, one cloud.

About LibreOffice History and Features

The beginnings of LibreOffice go back to the mid-1990s, when it was launched as a commercial StarOffice from Sun Microsystems, which was then released to the community (source codes were published) under the name OpenOffice.org. After Sun's acquisition by Oracle, OpenOffice.org developers have been convinced that Oracle's is burying the project, so they set up their own project, called LibreOffice, backed by The Document Foundation, based in Munich.

The use of the OpenOffice.org source code for the newly-founded LibreOffice project is a clear counter-argument to anyone who claims that the use of community-based free software is a risk; on the contrary, the risk is the use of closed software - by ending Microsoft, for example, will be the end of production of new versions of Windows and MS Office, as well as repairing Microsoft's security flaws.

The world's leading software companies such as Google, Red Hat, Canonical, Novell, as well as the smaller companies such as Collabora, have been included in the project. LibreOffice soon became the largest free project on Linux and one of the most dynamically developing ever. In parallel, OpenOffice was co-hosted by the Apache Software Foundation in cooperation with IBM, but the development has completely stopped.

Because LibreOffice is open, it has more developers than Microsoft. Not only that, the number of formal errors in LibreOffice dropped to 0.00. However, the high quality of the source code is not the main thing that the user goes to LibreOffice. This is, of course, the functionality provided by this package, expandable with numerous plugins.

LibreOffice is now taken seriously by European and world governments to become key software e.g. in the French, British, Australian, Icelandic, Hungarian administrations, used in education, at the NATO headquarters in Brussels, or was still in use in Parliament's Chamber of Deputies The Czech Republic, municipal offices, libraries, etc.

LibreOffice has a very robust export to PDF, supports both standardized PDF-A and PDF signatures, creating hybrid files (PDF files with an embedded source document - the PDF file can be easily opened directly in LibreOffice). Also important is the import of PDF files.

LibreOffice is used as a native Open Document Format, a certified and approved standard for the transfer of office documents under the BSO / BEC 26300, the expanded format 1.2 is registered under BSO / BEC 26300-1 / 2015 to BSO / BEC 26300-3 / 2015.

This format has become the default format in Britain (approved last year), in France, it is also used elsewhere, for example in Italy, the Netherlands, etc. The use of an open format with open software makes governments eliminate the vendor lock-in. The Swedish Parliament has been considering legalizing the ban on the use of closed software in the state administration.

LibreOffice Sharing

The question of file sharing needs to be split into local file sharing (FTP, network, shared disk) and online. In the first case, you can connect remotely to the remote file from the File | menu Open a remote file, then select the connection type and set the appropriate login information. However, a simpler option is to open a remote file file manager as a file located on your disk. (Of course, a given file manager must be able to connect via the appropriate protocol.)

This way, you can share your files with Writer or Impress, but it has a hook - other users will not be warned that the file has been changed by other users at the time of the last save. However, this does not concern the sharing of Calc spreadsheets. Calc provides enhanced sharing functionality, and if you choose to share files and manage them through LibreOffice's local installation, we recommend using the Calc module. You can share the workbook with the Tools | Share the workbook.

A confirmation dialog will appear, listing the users sharing the file. If another user opens the file, his name will be added to this list.

Some features in shared workbooks are disabled, you know them to be grayed out and unavailable. Storing is well solved - it detects the status of the stored data with an already stored file (saved by someone else), and in principle there are two possibilities:

  •     The file has been changed by another user, but it does not affect your records.
  •     The file has been changed and conflicts with your data.

In the first case, only the highlighting of parts changed by another user is displayed, in the second you will see a dialog box where you can either accept or exclude changes to other users, or, alternatively, enforce yours.

A great tool is also to record and manage the changes made in the document. We have devoted this issue to the whole large article, which focuses on Writer, but for the most part applies to Calc. Beware, this feature is unavailable in shared workbooks.

LibreOffice Online

From the end of 2015, you can use the cloud version of LibreOffice. Better said: cloud versions. There are several of them, literally even more. With regard to open code, anyone can implement this service. The big advantage is that it is literally offered to all - it is possible to install a LibreOffice cloud solution on your own server.

Sharing and collaborating in LibreOffice Online

LibreOffice Online as well as various other derivatives represent the best solution for remote document management, especially with a focus on multi-user collaboration at the same time. Users see online changes made to documents, see who has done them, confirm or revoke them. LibreOffice Online and a similar service from Collabora, Collabora Office Online is available.

Link

Eduroam Roaming Network: Connections around the world

The eduroam network allows you to use the Internet safely and securely all over the world. How to ensure user authentication and the security of using a net?

What is eduroam? It is the network, which offers roaming customers involved in many countries around the world. We all want to use Wi-Fi. We have LTE, but because of the 'specific market' we are able to run out of the FUP every twenty minutes. So we want Wi-Fi. In addition, in many places, especially in "concrete cathedrals", mobile connections are unavailable. All you have to do is connect to a local network that usually has better coverage.

How not to do it

Wi-Fi networks can be broken down by security: from unencrypted network through captive portal to WPA and 802.1X security. Experts have warned against unencrypted networks without a password, which can easily be intercepted. Today's devices are actively calling known Wi-Fi networks and there are routers that can tailor networks and let users connect to them. Known networks are actively invoked if they use a hidden SSID. The WiFi Pineapple Router can respond to such challenges and create a tailor made network. Any unsuspecting user then sends all of his data over this network.

Very problematic, but unfortunately also widespread, is how users log in to a web browser. The worst is the captive portal, which is very dangerous for the user and is also uncomfortable. The client connects to an unencrypted network, its HTTP traffic is blocked and "carried" towards the web authentication portal. After verification of the name and password, communication for the given MAC address is enabled. Captive portals are not compatible with HTTPS, IPv6, DNSSEC, and are not standardized. Moreover, it does not even solve the security at all because all communication is transmitted unencrypted.

Easily configurable and usable is WPA network security, which is very secure for the user. It is not possible to easily intercept the network, even if you know the password that the user used for the connection. On the other hand, this prevents simple user authentication - usually everyone shares one common password. Such a network is usable for a home or small office, but not for large organizations with thousands of users.

Eduroam with 802.1X

The last variant is the use of the 802.1X protocol on which eduroam is built. This is very safe for both operators and users. However, it is very difficult to operate and to operate properly. User Authentication solves the anonymity of Wi-Fi networks that can otherwise be abused to commit cybercrime. When someone goes through your network to steal large money, the police will come. And it will be very uncomfortable for you at least. Therefore, it is necessary to have a well-authenticated user in such an "open" network who can be traced if necessary.

All of the aforementioned problems have the task of solving the eduroam project. It originated in the Netherlands in 2002 because it was necessary to register MAC addresses for Wi-Fi cards by then, and for example, when traveling between universities, it was necessary to borrow cards. This was a matter of authentication on the physical level, but it was very impractical. Nowadays, users travel with a whole host of devices and all need to be connected to the internet.

The Czech Republic arrived eduroam very quickly, already in 2004. Originally, it was implemented using three different authentication methods: 802.1X, VPN, and captive portals. Since 2007, captive use has been disabled and VPN has not worked properly anywhere. Almost ten years ago, only authentication on the second network layer has been used on the network. It is not limited to Wi-Fi, but it can be deployed on wire ethernet in the same way.

Eduroam addresses user authentication but does not care about their home connectivity. When you have eduroam from Prague and you come to America, it does not mean you get a Czech IP address. The local network only verifies that you can let go and then connects you to your own infrastructure. It's up to a particular university, for example, whether it offers you IPv6, how you get addresses or other services.

Federation of Networks

The principle can be described very simply: If you connect to a 802.1X network, all traffic is blocked for you in its default state. An AP or switch authenticator will prompt the client for an EAP-over-LAN protocol. The client must have a supplicant available to communicate with the authentication server authenticator. In case of positive authentication, the client is allowed into the network. Suddenly everything works just like you did before. From the point of view of the network you have demonstrated your identity, the friendly server has confirmed its legitimacy and the obstacle in the form of the original block has been removed.

Eduroam adds federation and hierarchy to this scheme. Each organization runs its own authorization server (RADIUS) and the authorized users database. If the client reports to his home network, a local server query will be performed and the access point will be dropped by the user. However, if a user travels and attempts to connect to another network in the federation, the authentication server detects that the user is not a member of the federation and sends the query to the national RADIUS server. If this also does not know the answer, it sends the query even higher to the root server that already has the directory of all the national servers and the path then ends in the home organization. The user's server verifies it and responds in the same way that it can be put into the network. The home organization then only knows that the user has been admitted and that is why it ends.

EAP communications always follow from the client supporter to the home organization authentication server (IdP). Other servers should not interfere with the message and should only pass it on. Thus, the user does not know the difference whether they are in their own network or abroad. Everything happens to him transparently, and he still uses the same credentials.

Authentication protocols

Two protocols are used to authenticate users: EAP-TTLS and EAP-PEAP. Both work similarly: Build a TLS tunnel while the client verifies the server certificate; inside the assembled tunnel, the server authenticates the client password using the second (internal) authentication protocol. In practice, you have either a broken EAP-MSCHAPv2 protocol or an EAP-PAP protocol that has nothing to worry about either. Another option is the EAP-TLS, which uses certificate authentication on both sides. Then you just need to build a TLS connection and the user is verified. There is no need to send any messages inside the channel.

The communication of individual RADIUS servers is accomplished via UDP, where only password-shared passwords are encrypted. It was decided at the outset that this is not enough and for higher protection the protocol is transported in IPSec. However, this has the disadvantage of difficult configuration, transmission is incompatible with address translations, it is necessary to keep the tunnel alive and to restore the validity of the keys. These problems eliminate the new RadSec protocol, which encapsulates RADIUS messages into a common TLS. The vast majority of RADIUS servers now use this method.

Inner and outer identity

Two-tier authentication also results in a pair of user identities. External identity travels through the federation in open form and is used only to route authentication requests to the user's home organization. For greater privacy protection, its user section may be anonymized because it does not matter in the name of a particular user.

An internal identity goes against it inside an encrypted tunnel to a home organization that verifies the user on its basis. To this identity, nobody but a home organization has access to it.

The world of users and administrators

In practice, network operators are having problems primarily with searching for a particular IP address holder and blocking a specific user. 802.1X only addresses network access, not address allocation. Only some advanced L2 devices register client IP addresses in billing data. In addition, if NAT is used, translation information needs to be stored. It is not enough to configure access points correctly, but you need to build the infrastructure to store many data from different parts of the network.

If one of the users violates the rules, they usually want to prevent the network administrator from using the network again. In the case of user blocking, however, the administrator has only a MAC address that can be freely changed and an external identity. While external identity reveals the user's home organization, it does not have to reveal a specific username. Blocking can take with you all other users of the organization. Reliable blocking of one user therefore requires manual communication with the identity provider.

Identity Providers, in turn, solve problems with user passwords - for example, you need to choose whether the university uses the same user password for all systems including eduroam. All Czech universities are pushed for different passwords. But then the question is whether the user can choose the password or that its identity provider generates it. Some are definitely for generating secure passwords, but it also aggravates user convenience because some clients forget their passwords and want them over and over again. I'm talking about Windows. When you have a weak Wi-Fi signal and no response is received when you log in, the system evaluates the password as bad and forgets it. The identity provider also sees the two user identities as one and can decide whether to support the anonymization of external identities. Within the Czech Federation, admins do not recommend offering anonymous external identity, they believe that it brings more damage than good.

Users are often tempted to configure access to eduroam. A regular user is surprised by about the sixth choices that the operating system wants. Additionally, the client must authenticate the authentication server certificate correctly, otherwise the attacker can create a custom AP named eduroam and capture passwords. The problem is that the client does not know the server name and cannot recognize the correct certificate. Different platforms approach the issue differently. By default, Windows believes in any trusted certificate, Apple uses TOF access, and shows the fingerprint of the certificate for the first time. Other platforms usually do not perform any verification. Without the proper configuration, limited to the specific name of the authentication server, or to a particular private certification authority that issues certificates only for the authentication servers of that institution, authentication is not secure and the password can escape. You can defend yourself against password theft by using a client certificate if the identity provider supports it. This is usually very difficult for users who are not technically capable.

There is an eduroam Configuration Assistant Tool (CAT) that allows easy and secure configuration. Based on an XML profile that publishes an identity provider. Generates an installer for a specific institution and platform. Windows, Mac and Linux are supported in both desktop and mobile versions. For Android, it's even the only way to set restrictions on a particular certificate name because the standard operating system menu cannot set up such a check.

The attacks are actually happening

That it was a real threat, it turned out, when the leaders of the VSE sent a warning e-mail informing that there was a foreign person who was creating a false eduroam network and capturing the passwords of the users have joined.

Therefore, there is a risk of abuse here and you need to be careful about securing the connection to the eduroam network. Especially if the university uses the same credentials for other systems and services as well

Link

Geographic Information Systems (GIS)

Much information in our life (whether we are an individual, a small business or a multinational concern) is linked to two issues:

  • most information is related to the geographical location of the site
  • this information is increasingly difficult to evaluate, process, and classify with increasing numbers

Some studies show that nearly 70% of the information has a common element - the geographical location of the site. People have been trying to handle this information for a long time. After decades of research and all sorts of practical attempts, we can say that recently, with a huge increase in computer performance, there is a massive increase in the means of manipulating geographic information. These are so-called GIS (Geographic Information Systems) systems that help people process large amounts of data depending on geographic location. GIS systems are becoming the main and probably the only data processor, depending on geographic location.

WHAT ARE GIS SYSTEMS?

Geographic Information Systems (GIS) systems are one of the major computer graphics applications. Regrettably, we are not right in favor of such incentives as CAD systems, although we can say with certainty that their significance (and especially for the future) is fully comparable. Unfortunately, it is due to low general public awareness. Reasons are, of course, more - a high price, not always the ideal interface between a computer and a human being, it is always necessary to do a great deal of work (data collection, digitization, subsequent data editing, etc.) than the first results of the work. All this causes a relatively low use of this powerful tool in our regions.

So how do we describe GIS systems as simply as possible? If we use some of the professional definitions, we can say: GIS is an information system designed to work with data that is represented by spatial or geographical coordinates. It is an automated system for collecting, storing, sorting, editing, analyzing and displaying data.

GIS provides the ability to represent reality by grouping different map expressions (such as topographical, geological, vegetation, hydrometeorological, cadastral and other maps, aerial or satellite imagery, etc.) in any combination. With all this information, it is possible to continue working on analyzes, forecasts and models of different situations. These graphical expressions are closely linked to the information contained in the databases using GIS, making GIS an effective tool. Thanks to the clarity, quantifiability of clear graphical expression, GIS provides significant management support. The GIS capabilities (graphical information tied to descriptive information) are particularly important in government, where they can facilitate and streamline decision-making. In addition, it will speed up access to, and enhance interconnection to, different maps and industry databases. Various questions such as: What to build or build, what to do and how to maintain, how a realized goal will be realized per month, year or 10 years etc. GIS can answer or help find it. GIS as a tool can be used for tasks of different scales (ie different areas), and GIS can be used in government at different levels: at central, district and municipal level. The use of GIS in government is typical of the following areas:

  • instrument for the development of analyzes and prognoses in terms of regional development as well as for comparison of forecasts with reality (directly in maps)
  • a tool for large-scale control of spatial and state changes such as forest stands, agricultural areas, urbanized areas, landscape interventions (various buildings, etc.), aerial photography
  • tool for support in building permit management
  • Support in giving consent or disagreeing opinion on land-use planning documentation for large municipalities
  • support for expressions when approving design proposals for national and transit liner constructions and their structures and their components
  • a tool for optimization (conservation and economic) of various interventions in the landscape
  • control of forest management, woodless, control of forest protection
  • support for the management of large-scale protected areas (national parks, etc.)

The list of applications could be continued for a long time since GIS is probably the most powerful platform with powerful analytics tools for spatial data and database systems and will always depend only on the person who will work with GIS and on his imagination using this tool.

Because the GIS is the easiest way to demonstrate examples of GIS systems, there are some of the most important uses of GIS in practice, but these are unfortunately mostly from abroad because, as mentioned earlier, the use of GIS systems is not yet high in our regions:

  • a network of supermarkets is looking for a location for their new department store, depending on the demographic, socio-economic indicators of the population of likely prospective customers in the proposed area (income groups, population age, availability, distance from other centers, proximity to other attractions, availability of supplies, etc.)
  • (variations to this could be a location for a gas pump, landfill, farm buildings, new school facilities, etc.)
  • city council is looking for a minimal way to clean and maintain streets, street lighting, garbage collection,
  • in the event of an unforeseen accident, estimation of the spread of groundwater pollution velocity, oil spill spread after a tanker accident
  • in the field of environmental protection, GIS can be deployed from simple applications as a simple database, eg the current status of forest areas to complex applications such as land erosion modeling in heavy rains
  • healthcare can be used to find the fastest route to the patient, depending on the state of the roads, their portability; However, GIS can be used, for example, in epidemiology to find the epidemic spread center
  • Suitable placement of waste bins at a distance of 5 minutes from the fast food center - Various distribution or collection centers (whether commercial or non-commercial) seeking optimal location of their centers due to the location of their potential customers - the same centers, but this time looking for the optimal way (with the optimal majority meaning minimal, whether in terms of time or distance) to their customers

One of the new applications is found in navigation systems that are built directly into the vehicle - GIS systems act as a support tool. It can be said that if you meet a number of conditions (you travel in North America, you have a modem and a mobile phone connected to the Internet, which is no longer an exotic idea), you can easily and cheaply go to http: // www.mapquest.com to use the navigation system, you can find any private or commercial address and view it on the map and zoom it up to the level of the street that you are looking for, indicating where the given descriptive number is. You can also list the itinerary between any two locations in North America (Canada and Mexico). Similarly, you can find an address on a city map in Australia before you go there and without having to buy a map (http://www.whitepages.com.au). Also, a big future is being put into the GIS system together with other stunningly evolving areas of GPS (Global Positioning Systems). These systems are now able to determine your location anywhere on Earth with the accuracy of a few meters, while their size does not exceed the size of the pocket calculators. Therefore, they are very suitable for navigation systems in conjunction with GIS systems.

With a reference to the worldwide computer network of the Internet to which our school is attached, I would like to mention an interesting project in the USA. This project aims to facilitate the exchange of data between individual US states and mutual awareness of where it is created, where there are demographic and geographic data processed for GIS systems. Once you've connected to the address, a US map marked with each country appears before you. Clicking on a single EU country lists all the data files applicable to GIS related to that state. This site is constantly expanding as new and new information grows, and its greatest importance is that there is no need to create the same data files at the same time (the most demanding part of GIS).

GIS Issues

However, it is necessary to draw attention to one fact - this description would seem to be an all-powerful means that will solve all our problems for us. GIS systems are certainly a powerful tool, but we must not forget that they themselves are just a set of powerful tools that are used by humans and that they will be the people who will solve these problems. If we use analogies with CAD systems that GIS systems are closest to (and on which platform some GIS programs are based as superstructures), we can say that this is a means of helping decision makers.

GIS is a system composed of several interconnected elements, all of which are involved in the successful resolution of problems.

When defining a problem, it is usually the most serious problem of defining all the factors that our decision-making can influence. As has been said, GIS systems are not a self-sustaining solution and there may be situations where GIS deployment is inappropriate. Therefore, each responsible employee should ask several key questions to solve the problem before using the GIS:

  • There are available mechanisms for obtaining, storing and retrieving geographic data
  • in what format and quantity they are
  • how this information is accurate
  • what we get using GIS systems
  • we have alternatives to using GIS systems and how many of these alternatives will cost us
  • Who will be the end user of the model we have created and how many of these users will be
  • how we can expect performance in terms of access speed and data evaluation
  • that is the expected amount of processed data
  • how many existing archives will need to be converted to digital form, how long it will take, and what the cost of this transfer
  • this model is also intended for future meaningful expansions and modifications, or is only designed to solve a single specific problem

Only if the answers show that the use of the GIS system would be beneficial, we can start to deal with our own project creation. One of the other decisions must be to use the GIS system. There is a lot of producers and everybody is trying to convince us that the product is the best one on the market. Therefore, we must not immediately succumb to advertising pressures and first focus on our own problem. Therefore, not the GIS offered, but first to properly analyze the problem, determine what we expect from it, what results should be provided, what data we will process, what structure we have and what outputs we will demand. Also, the evaluation of the operator qualification that will work with the GIS system should be an important criterion. We should also look at what user interface the system provides. Last but not least, we will definitely be interested in what hardware requirements the system has and its cost. Since, as has been said, many manufacturers are selling and systems are priced at different prices, which may in some cases have the nature of a sharwar charge for simple GIS imaging systems up to many hundreds of thousands of values for such massive and powerful systems as the ESRI ARC/INFO program GeoWorks from Intergraph.

Link

Why does CMS need to lose its "head"?

The number of channels through which we consume digital content is steadily increasing. They are no longer just smartphones and tablets, but also smart watches, virtual and mixed reality, chatbots or the Internet of Things. Having just a responsive website is far from enough for companies. They need a tool to help them content for a large number of devices to create and distribute it to them. Traditional CMS is breathtaking here. Will it be a so-called headless CMS the solution?

What is headless CMS?

Traditional CMS is designed to display content primarily as a web page. It is a template engine that controls the look of the website. This is what we could call the "head" of CMS, which determines how content is displayed to users.

If you want to communicate with customers on different devices, you have basically three options:

  1. Use separate CMS for each device.
  2. Create a multi-headed saga, software with several different engines, each for each device.
  3. Or simply cut off the head and use CMS without an engine.

Both the first and the second are not economical, and the content on several different CMSs is laborious and time-consuming. By contrast, headless CMS is literally created to create content for multiple channels. Allows content to be prepared and managed from one place. It does not render it alone, but leaves it for device-specific applications. They distribute the content through the API. It clearly separates part of the preparation of content from application development for individual devices.

Why do we need headless CMS?

As we mentioned in the introduction, the world is changing and the channels are growing. Let's not talk about numbers.

51.3% of people browse the Internet on their mobile

More than half of people browse the Internet more often on their smartphone than on the computer.

3.5 devices per person

In the US, each person uses an average of 3.5 devices on which they consume content.

From 5.2 billion to 162 billion

While in 2016 the virtual and mixed reality market was around $ 5.2 billion, it is expected to grow to $ 162 billion by 2020.

Is it worth it?

The headless CMS itself only manages the content, so the application ("heads") is not programming for you. It will save you a lot of money, work and worries about creating and maintaining content. Instead of creating it over and over on different systems for different devices, you can create content once and use it repeatedly. This avoids a situation where, for example, you need to make a change to a branch address on the web, mobile app, chatbot, and other channels separately.

But is the headless CMS solution for everyone?

If you just need a website and do not need to use other communication channels, you probably have the traditional CMS and you do not have to change anything. But if you want to create content for multiple devices, headless CMS can be the ideal tool for you.

Link

Marketer's Guide: On Facebook is not the end of the CTW period - there is still a way

On 26 July 2017 there was a chaos on Facebook. When sharing links to Timeline, the option to change the lower text and the image disappeared. The URL labels continue to load from the meta tags of the page, and if you do not use the carousel, you will not change the image anymore. Facebook's goal is for people in News Feed to have the information they care about. The effort is therefore to reduce misinformation and "clickbait" posts with zero information value.

Together with editing the Newsgroup posting algorithm, Facebook also came up with a sharp change in sharing links to websites. Since abolishing the link metadata option, they promise to reduce misleading and misinformation posts on Facebook. Many sites have abused this option and created false posts leading to completely different sites.

For a lot of agencies and sites this can be a big problem. Finding IT support to change the meta tags when posting each CTW (Click to website) because you do not seem to think anything again is ... unreal. And publish an imperfect copy? Can not!

But do not make your way out of the bridges, because there are still ways to make a contribution to your liking. The first way we introduce here is the one that can be used by everyone who uses Business Manager and is quite simple.

Edit via Business Manager

Go to Power Editor or Ads Manager and create a post in your clickthrough campaign (you can edit everything here). You can also create a post in an inactive campaign.

Once your ad has been approved, go to the "Page Posts" section of Business Manager in the Business Manager and, here, under the "Ads Posts" option, you will see the post you created. Highlight the desired post and find "Post" under the "Action" drop-down menu. And it is done!

And once you have a full CTW. You can promote it and work with it just as before. The advantage of the CTW format on Timeline over the shadow post is that the responses of users from multiple adset are collected in this single post and are not split.

It's a more difficult way, but fortunately it leads to a modified CTW post, which is an integral part of every FB site.

If you're afraid that Facebook might have a problem with this, do not worry. We have verified this way of publishing the CTW and are listed in the official CTW change report as of 26 July.

Facebook authorizes this procedure because it passes through approval as every ad in this way, and Facebook therefore has more control over whether the text and image match the target link. But Facebook also states that this is only a temporary solution until they analyze the impact of these changes. Hopefully, in the future, publishing modified CTWs will be easier once again.

Editing through Link Ownership

Another way to modify CTW when linking to your site is Link Ownership. Simply put, you pair your own Facebook page and then you can edit links to your site as before. The problem is, however, that this option is not open to all Facebook sites.

Facebook first opened Link Ownership for sites publishing their own content (news sites, etc.). If you think that your site should also have access to this feature, you should contact FB support (preferably your FB partner manager).

And how does Link Ownership look like in practice? The overall implementation is very simple. Just insert a short piece of code into your site and everything is done.

There are other ways to edit CTW. For example, you can use the Link Preview Editor to set everything up. But the problem is that you have to follow some rules for Facebook posts here. Most importantly, you must be the owner of the site, and you may not edit links to third-party sites.

We will see how Facebook will be able to fight the mischief of misleading messages and clickbaites on irrelevant websites. Let's hope he comes up with a clever solution, and editing our beloved CTWs will be as simple as before.

Link

How To Target Advertising on Facebook Most Effectively?

Custom audiences are the most effective way to set up your campaigns when it comes to Facebook targeting. Why is that so? Because you target ads to people who are following you, they know your brand, they regularly buy products or services, and so the interaction is multiplied by more than targeting by demographics, interests, etc. The largest social network now comes with a novelty that will delight all campaign managers.

Beyond the audience that's been available sometime time, Facebook has now come up with the ability to create audiences from people who interact with your site or posts. This option has only been available for videos, Leads Ads and Canvas. I personally think this is the biggest thing Facebook has come to this year. Why? You will understand this from the article below.

How to do it?

Open your Business Manager and click User Circles. Here click the "Create User Circle" button and click on "Custom Circle of Users". Facebook will give you a preview, see below.

You select "Page" and then show you an audience offering, see the preview below.

So you can prepare an audience for people who:

  1. Visited your site
  2. interact with a post or advertisement
  3. Click on the call-to-action button
  4. Have written you a message on the page
  5. Save or share a page or post

After selecting one of the options, you can set how many days the old audience you want to target (rather less than 30 days in the e-shop, you can set the marker much higher). Then you name the given circuit and save it.

Once you create it, you can then create a Lookalike Audience (a group of people similar to those that interact on the page) to use this in your targeting.

Our experience

Since this feature has been available for about two weeks, we were able to do a few first tests. We took bigger profiles and made audiences of people involved in interacting with the site. At the same time, we eliminated the fans of the site and set up a "I like it" ad for these people. Why? Because there is a great chance that when they interact with the site they know the site and are therefore very likely to become fans of the site. We had the same ad set for remarketing site visitors and fan friends.

What did we find out? In the first 4 days, we were at half the cost as well as the most effective campaigns we targeted for site visitors and lookalike audiences. Subsequently, advertising began to cost and we stopped it. The same procedure has been seen with "Web Clicks" or "Web Conversion" ads.

We have further targeted the targeting only on individuals who have interacted with the post. Here we saw the largest potential cost vs. performance.

What did we take away?

We strongly recommend targeting for performance sales campaigns. These are usually more optimized, and for this purpose, targeting is greatly suited. For "Like" campaigns, we have seen the opposite effect than typical campaigns happen to. Thus, in the course of time, they are not discounted, but they start at a very low cost and need to be changed more often.

Why do we think this is a revolutionary element?

For a long time, we've solved with clients that they wanted to target people who regularly interact with the site but are not fan of the site. That's why we've devised different ways of targeting, competing, collecting contacts, but there's been no way to target those people if you did not catch them through these methods. This concern is now out of the question and you can target all those who have left a trace in the profile you are managing. This opens up another area of targeting that is very effective.

Link

Errors in programming languages compromise application security

Five very popular programming languages have been subjected to security tests. JavaScript, Perl, PHP, Python, and Ruby contain serious security vulnerabilities in various implementations that compromise the resulting code.

At the Black Hat Europe 2017 conference, a number of security flaws were discovered in popular programming languages. Interpreters of these languages contain serious security flaws, which then expose the resulting code to different types of attacks. The new analysis is based on Fernando Arnaboldi, who works as the security consultant at IOActive.

For testing, he created his own automated software that tried to detect security flaws in the five most popular interpreted languages today: JavaScript, Perl, PHP, Python, and Ruby.

In testing, a fuzzing method was used, where invalid, unexpected, or simply random data were input to the program. This allows the induction of commonly untested conditions that do not correspond to normal usage, but may be misused for targeted attack.

Fuzzing lets you detect crashes, poor memory work, or unexpected program behavior. This is not a novelty, these techniques have been used for a very long time, like Google. Recently, a number of bugs have been discovered in . It is written to generate rights for the five languages mentioned. For each of them, he chose a set of basic functions to which he then puts various types of inputs (payloads).

In order to detect vulnerabilities in the code, you need to choose the correct inputs. So the author chose less than three dozens of primitive values (numbers, characters, etc.) that added a well-known payload. He was chosen to allow the test application to try to access external resources - something unexpected.

Differential fuzzers are less common than conventional ones. Their functionality is enhanced by the fact that they usually test one code on multiple implementations of the same language and look for different behaviors. For example, the outputs and error messages with expected status are compared.

Specifically, it monitors whether the program discovers the contents of local files, triggers a foreign code, or calls unusual operating system features. This challenging work brought its fruit, each of the tested programming languages has some problem:

  • Python includes non-documented methods and local variables that can be misused to execute the command in the operating system.
  • Perl contains typemap features that allow you to make code just like eval ().
  • Node.js displays under certain circumstances error messages revealing the contents of the files on the disc.
  • JRubs retrieves and executes remote code in a function that is not specified for it.
  • PHP allows abuse of code names for remote code execution.

Errors are also threatened by well-written programs

Arnaboldi warns that a potential attacker can exploit these mistakes even in a program that is otherwise written very safely. Because the programs are in the interpreter, the programmer can hardly be affected. Unknowingly, when writing his or her code, he uses dangerous functions that are abusive even if the rest of the program is written exactly according to the rules of secure programming.

According to the discoverer of security issues, it is likely to be a bug in the code or an attempt to simplify development. Errors unambiguously endanger the resulting programs, but should be corrected in interpreters. Such a patch will then resolve issues across all programs using the language.

Resources


Blog

Hra Superbike 2001
Zapomeňte na všechny ty hodi­ny naježděné ve formuli i, za­pomeňte na tisíce zatáček za volanty McLarenů, fordů, lancií, či škodo­vek. Teď stojíme všichni na stejné  startovní čáře, na prahu nový..

Proč lidé hledají: „www facebook com login“

Mezi nejhledanější fráze ve vyhledávači Google v USA patří bezesporu fráze „www facebook com login“. To není nic překvapivého, vzhledem k f..



Free variant

Free

  • Non commerce
  • 1 website
  • 10 minutes interval

Basic variant

EUR 12 / Month

  • Pro
  • Up to 100 websites
  • 1 minute interval

Unlimited variant

EUR 136 / Month

  • Pro
  • Up to 1000 websites
  • 10 seconds interval

Sign up for free


By signing-up I agree with your T&C


↑ Skip to Top ↑