Random Notes On Development & Security
Development, Security
Thursday, January 26, 2017
New shelter
From now on, you can find me on here (https://www.begueradj.com/) where you have the possibility to contribute to my articles through comments.
Saturday, October 22, 2016
Dirty Cow (CVE-2016-5195)
Dirty Cow is a newly discovered, but already a decade aged, vulnerability which is present in almost all Linux distributions including your likely favorite Kali Linux.
It is referenced as CVE-2016-5195 and called Dirty Cow as it is a race condition was found in the way the Linux kernel's memory
subsystem handled the copy-on-write (COW) breakage of private read-only
memory mappings. An unprivileged local user could use this flaw to gain
write access to otherwise read-only memory mappings and thus increase
their privileges on the system.(RedHat)
Solution:
Depending on your distribution, I think this vulnerability must have been fixed already. I will mention how to overcome it only on the latest Ubuntu release 16.04/10 LTS (check the bug) where new packages are released and the easiest way to get them is to update your sources.list file
sudo apt-get update
and then upgrade:
sudo apt-get dist-upgrade
Reboot your system so that the changes take effect.
Tuesday, July 26, 2016
Beyond design patterns
I came this morning across this issue posted on StackOverflow. The OP tries to build up a simple Tkinter GUI.
What is both funny and interesting to highlight is that the simplicity of the goals to fulfill became unexpectedly a little bit tricky or even complicated to fix because the OP relies on the MVC and Observer -the later one being often consequently a key component of the former-
The problem in itself can be resolved in 6 quick dirty lines of code on the fly. I am not here to tell you design patterns are worthless, but as a general rule of thumb I learned from my own experience, do not use them unless if really needed otherwise you would, probably, uselessly stumble in struggling to comply to them instead of effectively trying to implement the solution to the actual problem. Put it bluntly: be pragmatic!
As I deeply believe that the way we program reflects our state of mind, emotions, personality and daily life attitude, I think one must wonder on the rule mentioned above especially by those who tend quickly and blindly to follow the mainstream way of thinking, believing or behaving without daring to put ahead their self confidence to think about what matters on their own.
This attitude would lead you to bear your own stuff, to develop your own design pattern and thus express better who you are through dozens of thousands of apparently boring lines of code.
What is both funny and interesting to highlight is that the simplicity of the goals to fulfill became unexpectedly a little bit tricky or even complicated to fix because the OP relies on the MVC and Observer -the later one being often consequently a key component of the former-
The problem in itself can be resolved in 6 quick dirty lines of code on the fly. I am not here to tell you design patterns are worthless, but as a general rule of thumb I learned from my own experience, do not use them unless if really needed otherwise you would, probably, uselessly stumble in struggling to comply to them instead of effectively trying to implement the solution to the actual problem. Put it bluntly: be pragmatic!
As I deeply believe that the way we program reflects our state of mind, emotions, personality and daily life attitude, I think one must wonder on the rule mentioned above especially by those who tend quickly and blindly to follow the mainstream way of thinking, believing or behaving without daring to put ahead their self confidence to think about what matters on their own.
This attitude would lead you to bear your own stuff, to develop your own design pattern and thus express better who you are through dozens of thousands of apparently boring lines of code.
Sunday, March 6, 2016
Thursday, March 3, 2016
Printing data in MySQL format using Python
(I originally posted what follows as an answer to a question on StacOverflow that remained unanswered during 2 years)
The aim is is to have Python output that looks in MySQL format:
mysql> SHOW COLUMNS FROM begueradj FROM begueradj;
+-----------------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+-------------+------+-----+---------+-------+
| Reg_exp | varchar(20) | NO | | NULL | |
| Token | varchar(20) | NO | | NULL | |
| Integer_code | int(2) | NO | | NULL | |
| Attribute_value | varchar(2) | NO | | NULL | |
+-----------------+-------------+------+-----+---------+-------+
It is good to see the world as a set of objects, so my solution will be done in a class where we need to save the connexion parameters to MySQL server within a Python dictionary in the class consutructor
__init__(self):
self.config = { 'user':'begueradj',
'passwd':'begueradj',
'host':'127.0.0.1',
'db':'begueradj',
}
Of course, one needs to change these parameters to his ones.Of course, trying to do a hack by yourself is not necessarily the best idea. For my solution, I opted for the use of
texttable
which you can install by:- First download the compressed module.
- Uncompress the file and change the directory to it.
- Finally, type this command:
sudo python setup.py install
self.sqlquery = """SELECT * FROM begueradj"""
), you will need the MySQLCursor.description Property to get the columns' names in a tuple format:# Get columns' names
self.columns = [i[0] for i in self.cursor.description]
Note that is useful to transform the tuples to lists as texttable
module works on lists.Python program:
I commented almost each line of my program solution below:'''
Created on Mar 3, 2016
@author: begueradj
'''
import MySQLdb
import texttable
class Begueradj:
""" Display MySQL table's content along with
table's columns name as in pure MySQL format.
"""
def __init__(self):
""" Initialize MySQL server login parameters.
Try to connect to communicate with MySQL database.
"""
self.config = {'user':'begueradj',
'passwd':'begueradj',
'host':'127.0.0.1',
'db':'begueradj',
}
# Try to log to MySQL server
try:
self.dbconnexion = MySQLdb.connect(**self.config)
except MySQLdb.Error:
print "Database connexion failure!"
# Read the content of the MySQL table
self.sqlquery = """SELECT * FROM beg"""
def begueradj(self):
""" Display MySQL table data.
"""
self.cursor = self.dbconnexion.cursor()
self.cursor.execute(self.sqlquery)
# Get columns' names
self.columns = [i[0] for i in self.cursor.description]
self.tab = texttable.Texttable()
self.tablerow = [[]]
# Fetch all the rows from the query
self.data = self.cursor.fetchall()
# Must transform each tuple row to a list
for r in self.data:
self.tablerow.append(list(r))
# Get the number of columns of the table
self.tab.add_rows(self.tablerow)
# Align displayed data within cells to left
self.tab.set_cols_align(['l','l','l','l'])
# Once again, convert each tuple row to a list
self.tab.header(list(self.columns))
# Display the table (finally)
print self.tab.draw()
# Don't forget to close the connexion.
self.dbconnexion.close()
# Main program
if __name__=="__main__":
b=Begueradj()
b.begueradj()
Demo:
Saturday, January 23, 2016
Simple Java persistence application for beginners (JEE, Spring MVC, Maven)
I posted a very simple application on GitHub to help JEE beginners to grasp the main concepts of Java persistence by highlighting how to manipulate some basic operations. The application is in its version 1.0 but I am not planning to enrich it as it is not that important for me.
Link: https://github.com/begueradj/JPAlibSpringMVC
Link: https://github.com/begueradj/JPAlibSpringMVC
Wednesday, November 11, 2015
Numba installation and settings on Ubuntu 14.04 LTS
I followed pointlessly quite a lot of documentation to install and set correctly Numba on Ubuntu 14.04 LTS. So I want to share the solution I did to get function finally:
Installation:
Installation:
sudo apt-get install zlib1g zlib1g-dev sudo apt-get install libedit libedit-dev sudo apt-get install llvm-3.5 llvm-3.5-dev llvm-dev pip install enum34 pip install funcsigsImportant settings:
LLVM_CONFIG=/usr/bin/llvm-config-3.5 pip install llvmlite LLVM_CONFIG=/usr/bin/llvm-config-3.5 pip install numba
Subscribe to:
Posts (Atom)