Zero MQ : implementation of Publisher/Subscriber model using node

Zero MQ is a very easy technology to implement various message passing technology. Here I am trying to implement one of most common pattern Publisher/Subscriber model  with  Node JS and Zero MQ .

In Publisher/Subscriber model , Publisher (server) publish a message , and number of client that can subscribe it to it.

Before starting to code , Plz go ahead and intall zmq in your machine . You can follow step by step command in the below github gist
https://gist.github.com/cdjhlee/b8e3c927a01b0948b42d

Next you need to install zmq node module in your machine. I have installed it "globally" .

Let now , begin our Publisher. Here in the below code our Publisher is constantly watching a file and send a message when it find that file has been change. Let assume the file name is "pub.txt".

	const fs = require('fs'),
	zmq = require('/usr/local/lib/node_modules/zmq'),
	filename = 'pub.txt';
	const pub = zmq.socket('pub');
	//watch the change in the file.
	//when you want to sned the message make change in pub.txt
	fs.watch(filename, function() {
	//message send to subscriber with cat
	pub.send( [ 'cat' , JSON.stringify({
	type: 'change',
	file: filename,
	time: Date.now()
	})
	]);
	//message send to subscriber with dog
	setTimeout( function () {
	pub.send(['dog' ,JSON.stringify({
	type: 'change',
	file: filename,
	time: Date.now()
	})
	]);
	} , 10000)
	});
	pub.bind('tcp://*:3000', function() {
	console.log("Publisher listening to port 3000");
	});

view raw zmq-publisher.js hosted with ❤ by GitHub

Here I have added the fs.watch function that monitor the change in the above file and send message to all the connected client when there is change in file.So when ever u want to trigger a message all u need to make change in pub.txt file.

I have written 2 subscriber one that subscribe to cat and other to dog. Now when the server , send the message . The respective client capture the message and print it to console.

	const zmq = require('/usr/local/lib/node_modules/zmq');
	sub = zmq.socket('sub');
	//subscribe to only cat topic
	sub.subscribe("cat");
	sub.on('message' , function(topic , data) {
	let msg = JSON.parse(data),
	date = new Date(msg.time);
	console.log( topic + ' file has got change : ' + date);
	});
	sub.connect('tcp://localhost:3000');

view raw zmq_clent1.js hosted with ❤ by GitHub

	const zmq = require('/usr/local/lib/node_modules/zmq');
	sub = zmq.socket('sub');
	sub.subscribe("dat");
	sub.on('message' , function(topic , data) {
	let msg = JSON.parse(data),
	date = new Date(msg.time);
	console.log( topic + ' file has got change ' + date);
	});
	sub.connect('tcp://localhost:3000');
	~

view raw zmq_client2.js hosted with ❤ by GitHub

Node JS : understanding the event loop in Javascript.

Most of the time , JavaScript developer have the confusion around the concept of event loop. How event loop , libuv and Google V8 interpreter works  together that make JavaScript I/O non-blocking and asynchronous.

Most of us will one-way or other , has/have encountered the question in the interview or have been asked to explain the event loop or asynchronous concept in small JavaScript script with "setTimeout" function with a callback.In many ways , the concept of event loop is a kind of  hard shell to crack for people coming from different programming background.

Recently I came across , Philip's lecture were he has not only explained the flow of code from stack , to callback queue to event loop  successfully but also demonstrated it very well.
He has even develop small tool to give demo of event loop flow and how various component of Javascript interact with each other . http://latentflip.com/



Hope the above lecture will able to clear the confusion surrounding  the concept.

Study Less, Study Smart

If you spend hours and hours of studying, without improving your grades, or information retention, then learn how to study smart by Marty Lobdell. Lobdell taught Psychology at Pierce College in Washington State for 40 years. During Lobdell's career, he has taught tens of thousands of students and he wants students to succeed. After watching students cram for eight hours or more for a test without any improvement, Lobdell has developed a studying technique that helps the brain retain the information that you are studying in this video "Study Less, Study Smart"

Which of the following two passwords is stronger?

Which of the following two passwords is stronger,
more secure, and more difficult to crack?

D0g.....................

PrXyc.N(n4k77#L!eVdAfp9

If you really want to know you need to check the gibson password brute force search calcultor. Most of the website are password strength calculator. Check out the website https://www.grc.com/haystack.htm

nodemon : must have tool for node js developer

 Some of the tools we have make developer life easy. If you are node js developer and writing any server app , you must install this small command line tool . It will make ur life dam easy.

The tool restart the server as soon any files are modified. So life become bit easy.For more details check the nodemon website. 

Web security : tool that u can make use to test your website

It important for a web-developer to know kind of attack malicious people make use to do damage to your web site.

You can easily visualize how these attack is being used for some of the world biggest data breached
Check the information beaches around the world http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/


some of the common one are

1. SQL injection.  here I will discuss error based sql injection.In these attacker try to modify the serach query in the url and then try to get the error and next he will modify the query to get output they you does not want to desirably want to share on the web page.

The easier way to make user of automated tool "Havij". Plz explore it to validate to test your website.
Make sure validate the data getting as external input eg if u are expecting number .. then it should be number in thr post and get request.
The other best way to get stay away from SQL injection to make use of binding variable  (parameterize queries) in query that you are making use having the input from the outside.
The last one is allow application to have access access to certain table with "principle of least permission". Eg should ur application db account , can run database admin command".
Last one but important is web application firewall and cryptographic storage.



2.  Insufficient Transport Layer Security : it  mean here that are you making lack of making secure layer (eg http or https) while communicating to web server on internet.Most people get hacked when they using open wifi network. Here , attacker may monitor the information in and out flowing through the router. Some attacker even modify the DNS server setting for common ip request to their own hosted website with replicated page.
Some times attacker inject the key loger js script into the page. So how to prevent such attack.
Make sure that you web application login page open in https mode along with https post form is used.So apply TLS to encrypt by default (U need to pay some money to get the certificate) if you are expanding your application especially for the login page authentication.

Also make use of encrypted authentication cookies in your application and firewall is the last defense.
Also check out out the blog how to setup SSL certificate.
https://ksylvest.com/posts/2014-05-06/setup-free-ish-ssl-tls-on-heroku-for-ruby-on-rails-or-any-other-framework



3. Insecure Password Storage
I hope very developer  is aware of rainbow table.Here the attacker has pre-computed hash table that he make use of guess the password. Easiest way to prevent , to make use of bcrypt algorithm (avoid md5) and save password and random salt used , save  in two separate column. You can add additional layer of security by encrypting the output from bcrypt again using md5.
 
eg
byscript alogorithm -> random salt + password -> md5 -> save salt column and password column
I future I may be sharing , how to implement the above in node js

4. Cross Site Scripting (XSS)

5. Weak Account Management

interview details for Perl/ Unix developer @ deutsche bank

Recently I had interview @ Deutsche bank for perl developer.

I would like to share , though most of the question where pretty basic , few added my learning. :)

	1. Can you get the process running for specific user
	ps –u username
	2. What is system call
	In computing, a system call is the programmatic way in which a computer program requests a service from the kernel of the operating system it is executed on. This may include hardware-related services (for example, accessing a hard disk drive), creation and execution of new processes, and communication with integral kernel services such as process scheduling. System calls provide an essential interface between a process and the operating system
	3. What is kernel panic
	A kernel panic is a computer error from which the operating system (OS) cannot quickly or easily recover. The term applies primarily to Unix-based systems and to Mac OS X. In other systems, the equivalent of a kernel panic is known by slang terms such as blue screen of death, sad Mac or bomb
	4. Can u tell me how to check system call are being made by one process
	strace(1) - Linux man page
	http://www.thegeekstuff.com/2011/11/strace-examples/
	strace is a useful diagnostic, instructional, and debugging tool. System administrators, diagnosticians and trouble-shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them. Students, hackers and the overly-curious will find that a great deal can be learned about a system and its system calls by tracing even ordinary programs. And programmers will find that since system calls and signals are events that happen at the user/kernel interface, a close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race conditions.
	5. What is proc dir in linux
	/proc is very special in that it is also a virtual filesystem. It's sometimes referred to as a process information pseudo-file system. It doesn't contain 'real' files but runtime system information (e.g. system memory, devices mounted, hardware configuration, etc). For this reason it can be regarded as a control and information centre for the kernel. In fact, quite a lot of system utilities are simply calls to files in this directory. For example, 'lsmod' is the same as 'cat /proc/modules' while 'lspci' is a synonym for 'cat /proc/pci'. By altering files located in this directory you can even read/change kernel parameters (sysctl) while the system is running.
	The most distinctive thing about files in this directory is the fact that all of them have a file size of 0, with the exception of kcore, mtrr and self
	6. Where is system log locate?
	Almost all logfiles are located under /var/log directory and its sub-directories on Linux. You can change to this directory using the cd command. You need be the root user to view or access log files on Linux or Unix like operating systems. You can use the following commands to see the log files:
	7. If inbuild command like “cmd” is giving an error how you will check the error?
	strace - trace system calls and signals
	http://www.thegeekstuff.com/2011/11/strace-examples/
	8. What is iptables?
	Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains.Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a 'target', which may be a jump to a user-defined chain in the same table.
	9. What is subnet mask?
	A subnet mask is a screen of numbers used for routing traffic within a subnet. Once a packet has arrived at an organization's gateway or connection point with its uniquenetwork number, it can be routed to its destination within the organization's internal gateways using the subnet number.
	10. Which command to use for checking the network connection?
	Test Network Connection with Ping and PathPing. Ping is a tool that helps to verify IP-level connectivity; PathPing is a tool that detects packet loss over multiple-hop trips. When troubleshooting, the ping command is used to send an ICMP Echo Request to a target host name or IP address.
	11. One question was “etc/hosts” for DNS config. They asked me how you will config that.
	Simply put, the hosts file is a plain text file that all operating systems use to translate hostnames into IP addresses. Whenever you type in a hostname, such as facebook.com, your system will look into the hosts file to get the IP address that it needs to connect to the appropriate server.

view raw interview.txt hosted with ❤ by GitHub