Let’s learn the basics of build automation with the help of Rake

Date: 04/05/2015

Author:

Any software development project is always associated with the automation of related routine tasks. Initially, IDE and a pair of manual operations will be enough for you. Then, the number of body movements begins to grow: you need to perform multiple sets of tests, embed various certificates, execute scripts in the database, generate documentation on the code, and so on. You also need to perform these and other operations on the Continuous Integration server. In addition, you may need to deploy applications on production servers (if we’re talking about a client-server solution). To automate such tasks, programmers sometimes create sets of batch or shell scripts, but more often, the team of developers comes to some consolidated decision.

Read full article →

TOP–10 ways to boost your privileges in Windows systems

Date: 07/04/2015

Author:

Well, how could we ‘boost’ privileges on Windows? First of all, we should say that there were found, lately, a lot of vulnerabilities regarding fonts parsing which make the process of privileges elevation rather simple as long as we have a proper exploit. If you use the Metasploit then you need only one command to get the system shell. However, it will only work if the system is not fully patched. In case if the machine has all the updates installed, despite the Linux, we will not be able to find SUID-binaries in here, furthermore the environmental variables usually do not transmitted to services or processes with higher privileges. So, what we can do then?

Read full article →

BDFProxy

Date: 30/03/2015

Author:

I guess you have heard about Evilgrade framework that allows to “fix” the update mechanism of the most popular programs (Windows update, Apple update and so on and so forth) by replacing valid files with malicious ones. You probably think that only the application’s updates are vulnerable? Well, you are wrong. I shall be honest with you, it is not that secure to download files from the web as it might be seemed from the first sight. Don’t believe me? Then look, or better say, read.

Read full article →

A small injection for memcached

Date: 23/03/2015

Author:

What is memcached?

But at first let us consider a small introduction. So memcached is a free and open high-performance distributed system for caching objects in memory. It is a storage of “key-value” type located in the operating memory and designed for small “portions” of arbitrary data (string values, numerical values, not infrequently serialized objects in the form of string values) such as results of queries to DB, results of API calls or generation of pages. In addition, memcached is a fully open development, is assembled and operated under UNIX, Windows, OS X and distributed under an open license. It is used by many popular web projects, for example, LiveJournal, Twitter, Flickr, YouTube, Wikipedia, etc. It is a normal network service with host-base authentication, which is operated in loopback interface on port 11211. memcached daemon supports UDP- and TCP-sockets and provides two different protocols for interaction with itself: text and binary. I suppose that this is all what we are to know about the patient so far.

Read full article →

Forged together with one chain

Date: 09/03/2015

Author:

In this paper, as I am an active enthusiast of Joao Dias, a Portuguese application developer, and his motto: “Automate your life,” I will show how you can make your life much simpler, automate the problems requiring communication between your smartphone and a computer, another smartphone or a tablet PC.

Read full article →

High Load Theory

Date: 03/03/2015

Author:

In our work, we are faced with very different projects. In one way or the other, many of them could be called “high-load projects”. If you spend some of your spare time on categorizing these projects and discard such ordinary things as second-rate online stores while roughly grouping what is left, you can come up with an approximate classification. It includes four types of high load:

  • By the number of requests (banner networks);
  • By traffic (video services);
  • By logic (complex back-end calculations);
  • Mixed (everything that fell into several categories).

Now, let’s have a closer look at them.

Read full article →

Deceiving Blizzard Warden

Date: 24/02/2015

Author:

Warden— that is how the developers of the most popular games in their genres employed by Blizzard decided to call their protection system. The system being, in fact, a part of Battle.net is used in such projects as World of Warcraft, StarCraft II and Diablo 3. According to official figures only, thousands of Battle.net accounts have been banned so far, and it is Warden that banned a considerable part of them.

Read full article →

Getting acquainted with Liferay

Date: 17/02/2015

Author:

Enterprise Information Portals (EIP) have gradually been transformed from fashion to an irreplaceable business tool providing employees with a single point of access to data, tools for management of business processes and information exchange facilities. The Liferay project to be distributed under an Open Source license competes quite successfully with most commercial solutions.

Read full article →

Everything-you-need-to-know about python interpreters

Date: 11/02/2015

Author:

Python itself is, of course, a programming language. But many people mistakenly believe that Python is the very thing that comes with most of the *nix systems and can be launched by typing “python” in the console. That is, the interpreter (a specific version thereof) is associated with the language as a whole. Just like those guys who write on Delphi. But what does it really mean?

Read full article →

Automation for OS X: the JavaScript way

Date: 02/02/2015

Author:

JavaScript has steadily been among the most popular programming languages in the recent years. Numerous frameworks and development for popular platforms have secured the success and erased the memories of the nasty clichés of the past. The language grows, develops and becomes more logical, which certainly pleases many thousands of its fans.

Read full article →

Let’s learn the programming language respected by Boeing

Date: 26/01/2015

Author:

For many years, I have been a fan of development for Windows and wrote pretty much about it to this best computer magazine ever. I switched to Mac OS and UNIX with time. Working in Mac OS, I set my mind to selecting a tool for creation of platform-independent programs. What should be preferred? Java? Mono? Too boring. I settled upon… Eiffel. For the following reason.

Read full article →

Let’s tame data streams with Python

Date: 19/01/2015

Author:

Information is currently gradually becoming “new oil” in terms of value. The only problem is that the volumes of data to be processed are growing by leaps and bounds. The sizes of files are sometimes larger than the hard drive, not to mention that RAM can’t cope, and interviewees receive increasingly scary tasks like comparing two petabyte files on the fly. But, fortunately for programmers, there is no need to make the machine choke on such amount of information, as iterators and generators can be used for threading, and there is also Python, a programming language which supports them perfectly. Would you like me to tell you about that?

Read full article →

Making UNIX daemon from Apache Tomcat

Date: 13/01/2015

Author:

Apache Tomcat is a server of web applications primarily used in commercial environment not only as an application platform, but also as a component of large projects related with providing of a web-interface. In corporate sector, security of information systems has the highest priority, while infrastructure stability ensures failure-free operation. Let us test a vaunted stability and security of UNIX daemons taking Tomcat as an example.

Read full article →

Prepare for Vaadin, an extremely powerful Java framework for enterprise web

Date: 30/12/2014

Author:

In a client-server architecture, Java applications are most often located on the server side, and web interfaces are created by separate groups of front-end developers using JavaScript. Java does not provide any useful tools to develop modern Web interfaces (Do you still remember what Java applets look like?) — neither in terms of design, nor in terms of the client-server interaction. But what if the entire client-server application was developed using Java? Why not to make the client part “native” to the browser in compliance with the most modern usability concepts?

Read full article →

Review of OpenLMI administration tools

Date: 23/12/2014

Author:

Linux supports a highly versatile set of administration tools. On the one hand, it is good — users have options. But, on the other hand, this very variety is not quite suitable for a corporate sector, as there are often tens and hundreds of computers to be managed. Recently, quite a number of tools have emerged to simplify this task, and we will discuss one of them.

Read full article →

The Reincarnation Of Little Red Riding Hood

Date: 16/12/2014

Author:

Relatively recently, we saw the release of Red Hat Enterprise Linux 7, a distribution that is rightly considered to be the number one in the corporate sector. Without waiting for its clones, we decided to look at what is new in this giant of open source world which was able, at some point, to combine the seemingly incompatible – making money and using an open-source model.

Read full article →

Let us see the Impact!

Date: 09/12/2014

Author:

Bug Bounty—vulnerability reward programs for vendors—become more and more widespread. And sometimes, vulnerabilities search detects some evidently insecure areas (e.g., self-XSS) the threat of which is hard to prove. But the larger (or even the smarter) is the vendor (e.g., Google), the more willing it is to discuss, to detect the indicated vulnerability and to reward if successful. This article is a collating of complex situations and the ways to prove a threat and to make the Internet more secure.

Read full article →