Author Archives: Sayak Sarkar

HTTPS Methods and Status Codes


Here’s a curated list of HTTPS methods and status codes for quick reference by web devs:

METHODS:

  • ‘ACL’,
  • ‘BIND’,
  • ‘CHECKOUT’,
  • ‘CONNECT’,
  • ‘COPY’,
  • ‘DELETE’,
  • ‘GET’,
  • ‘HEAD’,
  • ‘LINK’,
  • ‘LOCK’,
  • ‘M-SEARCH’,
  • ‘MERGE’,
  • ‘MKACTIVITY’,
  • ‘MKCALENDAR’,
  • ‘MKCOL’,
  • ‘MOVE’,
  • ‘NOTIFY’,
  • ‘OPTIONS’,
  • ‘PATCH’,
  • ‘POST’,
  • ‘PRI’,
  • ‘PROPFIND’,
  • ‘PROPPATCH’,
  • ‘PURGE’,
  • ‘PUT’,
  • ‘REBIND’,
  • ‘REPORT’,
  • ‘SEARCH’,
  • ‘SOURCE’,
  • ‘SUBSCRIBE’,
  • ‘TRACE’,
  • ‘UNBIND’,
  • ‘UNLINK’,
  • ‘UNLOCK’,
  • ‘UNSUBSCRIBE’

STATUS_CODES:

  • ‘100’: ‘Continue’,
  • ‘101’: ‘Switching Protocols’,
  • ‘102’: ‘Processing’,
  • ‘103’: ‘Early Hints’,
  • ‘200’: ‘OK’,
  • ‘201’: ‘Created’,
  • ‘202’: ‘Accepted’,
  • ‘203’: ‘Non-Authoritative Information’,
  • ‘204’: ‘No Content’,
  • ‘205’: ‘Reset Content’,
  • ‘206’: ‘Partial Content’,
  • ‘207’: ‘Multi-Status’,
  • ‘208’: ‘Already Reported’,
  • ‘226’: ‘IM Used’,
  • ‘300’: ‘Multiple Choices’,
  • ‘301’: ‘Moved Permanently’,
  • ‘302’: ‘Found’,
  • ‘303’: ‘See Other’,
  • ‘304’: ‘Not Modified’,
  • ‘305’: ‘Use Proxy’,
  • ‘307’: ‘Temporary Redirect’,
  • ‘308’: ‘Permanent Redirect’,
  • ‘400’: ‘Bad Request’,
  • ‘401’: ‘Unauthorized’,
  • ‘402’: ‘Payment Required’,
  • ‘403’: ‘Forbidden’,
  • ‘404’: ‘Not Found’,
  • ‘405’: ‘Method Not Allowed’,
  • ‘406’: ‘Not Acceptable’,
  • ‘407’: ‘Proxy Authentication Required’,
  • ‘408’: ‘Request Timeout’,
  • ‘409’: ‘Conflict’,
  • ‘410’: ‘Gone’,
  • ‘411’: ‘Length Required’,
  • ‘412’: ‘Precondition Failed’,
  • ‘413’: ‘Payload Too Large’,
  • ‘414’: ‘URI Too Long’,
  • ‘415’: ‘Unsupported Media Type’,
  • ‘416’: ‘Range Not Satisfiable’,
  • ‘417’: ‘Expectation Failed’,
  • ‘418’: “I’m a Teapot”,
  • ‘421’: ‘Misdirected Request’,
  • ‘422’: ‘Unprocessable Entity’,
  • ‘423’: ‘Locked’,
  • ‘424’: ‘Failed Dependency’,
  • ‘425’: ‘Too Early’,
  • ‘426’: ‘Upgrade Required’,
  • ‘428’: ‘Precondition Required’,
  • ‘429’: ‘Too Many Requests’,
  • ‘431’: ‘Request Header Fields Too Large’,
  • ‘451’: ‘Unavailable For Legal Reasons’,
  • ‘500’: ‘Internal Server Error’,
  • ‘501’: ‘Not Implemented’,
  • ‘502’: ‘Bad Gateway’,
  • ‘503’: ‘Service Unavailable’,
  • ‘504’: ‘Gateway Timeout’,
  • ‘505’: ‘HTTP Version Not Supported’,
  • ‘506’: ‘Variant Also Negotiates’,
  • ‘507’: ‘Insufficient Storage’,
  • ‘508’: ‘Loop Detected’,
  • ‘509’: ‘Bandwidth Limit Exceeded’,
  • ‘510’: ‘Not Extended’,
  • ‘511’: ‘Network Authentication Required’

Privacy in the Age of IoT


Privacy in the Age of IoT
<p value="<amp-fit-text layout="fixed-height" min-font-size="6" max-font-size="72" height="80">The advent of internet enabled ever-connected smart devices in our everyday lives has led to a large-scale proliferation of the Internet of Things into every aspect of our modern lives. It has now become more important than ever to understand the security and privacy risks associated with connected devices. With smart home devices, office tools, home automation systems, children's toys and even medical devices becoming an integral part of our digital lifestyles, becoming technology aware and understanding the key implications of technology in personal privacy and security should be a key priority for every individual.The advent of internet enabled ever-connected smart devices in our everyday lives has led to a large-scale proliferation of the Internet of Things into every aspect of our modern lives. It has now become more important than ever to understand the security and privacy risks associated with connected devices. With smart home devices, office tools, home automation systems, children’s toys and even medical devices becoming an integral part of our digital lifestyles, becoming technology aware and understanding the key implications of technology in personal privacy and security should be a key priority for every individual.

What is IoT?

The Wikipedia article on The Internet of Things (IoT) defines it as:

  • A system of interrelated computing devices, mechanical and digital machines,
  • That are provided with unique identifiers (UIDs) and 
  • The ability to transfer data over a network
  • Without requiring human-to-human or human-to-computer interaction.

IoT as a concept is still in a state of relative infancy in society, as are the regulations that accompany it. At its core, IoT involves the collection, classification and use of data captured by the sensors, which is processed in the cloud and is used to inform decision making and actions driven by the device logic. 

What is Privacy?

In the age of connected devices it can become tricky to define what is privacy – Is privacy a fundamental human right? Is it a right to be left alone? While talking about privacy in the context of information technology and the Internet of Things we tend to focus more towards Information Privacy. However, it isn’t always as simple as just maintaining secrecy. It is also about the right to have some degree of control over how our personal information is collected and used.

Privacy isn’t really about keeping things private, it’s not about secrets, it’s about choice.

Privacy refers to the ideology that individuals should have the freedom, or right, to determine how their digital information, mainly that pertaining to personally identifiable information, is collected and used. 

Impact of IoT on Privacy

Surrounded by a world full of sensors talking not just with us but also with the internet, where data about our everyday activities, our likes, our dislikes, our views and our beliefs is stored in the cloud, the implications of the advent of the age of IoT has serious implications on privacy and security. The potential for such data to be packaged and sold for a variety of purposes is in turn converting us to the product as opposed to being the consumer. While using a lot of free to use services, we might not be paying for using the service with money, but rather with our data, which might not be intended for sharing with anyone

Because a host of convenient smart devices now continuously collect, dissect and process data to make our lives more convenient, they have also magnified the threats to data privacy.

Our ability to collect and process data has overwhelmed our ability to protect that information. Our smartphones, fitness trackers, smart TVs, and even smart appliances generate a massive amount of sensitive information, from browsing habits to purchasing patterns to real-time location and personal health information.

It’s no longer just our photos and emails, but also our heart rate, respiration rate, location, what we eat and even how we sleep. We are left with no more personal spaces since we give service providers the permission to sell our data while accepting the Terms & Conditions for free services. The privacy and attention we’re trading for our “free” services and content is now much more personal. Particularly where sensitive data is concerned, IoT can put the privacy of individuals at risk.

Implications of Identity Management and Data Ownership with IoT 

The issue with this deluge of data leads to the problems of identity management and data ownership. Is the collected data really anonymous? Who owns the data being collected by connected devices to make these devices smart? The footprint our devices leaves on the Internet tells a story. How much of our personal narrative are we willing to trade off for the sake of convenience? The biggest issue while dealing devices like personal assistants that are always listening, is the concern around controlling the narrative around this story.

Even though it might seem counter intuitive, data privacy does not necessarily mean keeping our data private. Rather it focuses upon taking charge of what we choose to divulge about ourselves. With every smart device that we acquire, we leave an ever increasing trail of data. With an increase in the number of smaller and smarter devices, service providers can paint highly detailed portraits of almost everything we do. As such, connected devices deserve a healthy dose of skepticism when it comes to information security and data privacy. 

The GDPR – A ray of hope?

For over three decades we have debated over privacy in the internet, with not much success. The internet of things is however still in its infancy. Since regulation moves at a snail’s pace, it’s still mostly up to CEOs, executives, and employees to reject projects that put profit over privacy. 

IoT devices do provide many benefits, from convenience in the home, to tracking health and well-being. However, consumers are often blind to the risks associated with the sharing of personal data, until a big breach of that data occurs. IoT and connectivity are growing rapidly, so more and more potential vulnerabilities may be introduced if no security strategy was applied during the design phase. 

It is thus the responsibility of technology organisations and governments to come together to educate society about the value of their personal data and be more transparent about the way in which they process the data. 

The European Union’s General Data Protection Regulation (GDPR) is a step in the right direction; however, other nations need to adopt similar rules to ensure the privacy of individuals is protected.

Enterprise responsibilities for data privacy

Managing the risks associated with data collection begins with making the gathered data more secure. It’s high time to look into what privacy truly requires. 

  • Accountability and Transparency: Service providers handling consumer data need to be accountable for its privacy and security. Inclusion of IoT-specific language in data privacy agreements with clear, concise and transparent policies around data handling and protection is of utmost importance. 
  • Privacy focussed Lifecycle design: Objects need to be designed for privacy by default and manufacturers need to look at the implications of the data that they want to collect. There’s a need for an effort to look at the whole lifecycle of a smart device and go beyond the GDPR. From design to manufacture to eventual disposal, there’s a need for an effort to make more ethical design choices. Manufacturers should ensure that security keys and IoT device provisioning procedures comply with security and privacy data management guidelines. Architecture and data storage should be designed in such a way that enables GDPR compliance.
  • Inclusion of new levels of security and privacy provisions: To make IoT solutions secure and enable privacy, manufacturers need to include security features for data protection at early phases of architecture design. Integration with third-party services have the potential to introduce new concerns, so it is crucial to check that all components comply with stringent policies and guidelines to provide interfaces that are secure. Inclusion of security and privacy monitoring components into the IoT ecosystem would be highly beneficial from a service provider as well as consumer point of view. 

Wrapping up

Privacy is something that comes from within us. Whether we realize it or not, we are responsible for posting a lot of our own private data. We need to be conscious about privacy, and if we are not then we pay the price one way or the other. It’s high time for us to take our privacy seriously. Irrespective of whether we are a developer or a consumer we need to be aware about our choices and make conscious decisions around our personal privacy rather than just focussing on convenience.

References:

  1. https://en.wikipedia.org/wiki/Internet_of_things
  2. https://en.wikipedia.org/wiki/Digital_privacy
  3. https://kromtech.com/blog/security-center/what-is-privacy
  4. https://iapp.org/about/what-is-privacy/
  5. https://www.researchgate.net/publication/333305381_Privacy_in_the_New_Age_of_IoT
  6. https://www.brighttalk.com/webcast/17125/333169/privacy-security-in-the-age-of-iot
  7. https://medium.com/@aallan/has-the-death-of-privacy-been-greatly-exaggerated-f2c4f2423b5
  8. https://medium.com/pcmag-access/facial-recognition-technology-doesnt-have-to-destroy-privacy-65c8ed953645
  9. https://blog.trendmicro.com/data-privacy-age-iot/
  10. https://www.csoonline.com/article/3434079/data-privacy-in-the-iot-age-4-steps-for-reducing-risk.html

Updating Email ID and Author Name from multiple commits in Git


Multiple Commits:

git filter-branch --commit-filter '
        if [ "$GIT_COMMITTER_NAME" = "" ];
        then
                GIT_COMMITTER_NAME="";
                GIT_AUTHOR_NAME="";
                GIT_COMMITTER_EMAIL="";
                GIT_AUTHOR_EMAIL="";
                git commit-tree "$@";
        else
                git commit-tree "$@";
        fi' HEAD

Single Commit:

To update the author to a specified name [The committer will be set to your configured user in git config user.name and git config user.email]

git commit --amend --author "New Author Name <email@address.com>"

To set both the author and the committer:

git -c user.name="New Author Name" -c user.email=email@address.com commit \
--amend --reset-author

Interactive Rebase

git rebase -i -p <some HEAD before all of your bad commits>

Then mark all of your bad commits as “edit” in the rebase file. If you also want to change your first commit, you have to manually add it as first line in the rebase file (follow the format of the other lines). Then, when git asks you to amend each commit, do

git commit --amend --author "New Author Name <email@address.com>"

edit or just close the editor that opens, and then do

git rebase --continue

to continue the rebase.

You could skip opening the editor altogether here by appending –no-edit so that the command will be:

git commit --amend --author "New Author Name <email@address.com>" --no-edit && \
git rebase --continue

If there are any merge commits between the current HEAD and your , then git rebase will flatten them (if you use GitHub pull requests, there are going to be a ton of merge commits in your history). This can very often lead to very different history (as duplicate changes may be “rebased out”), and in the worst case, it can lead to git rebase asking you to resolve difficult merge conflicts (which were likely already resolved in the merge commits). The solution is to use the -p flag to git rebase, which will preserve the merge structure of your history. The manpage for git rebase warns that using -p and -i can lead to issues, but in the BUGS section it says “Editing commits and rewording their commit messages should work fine.”

Reference:

Working around untrusted certificate errors in Express JS


A few very common fatal errors thrown by the request module for express while trying to access data from self-signed web servers are Error: DEPTH_ZERO_SELF_SIGNED_CERT and UNABLE_TO_VERIFY_LEAF_SIGNATURE

This is because of https://github.com/nodejs/node-v0.x-archive/pull/4023 which mandates NodeJS to validate a server’s certificate by default, which needless to say is how things should be in a production environment.

However, more often than none we tend to use self-signed SSL certificates in our development environments or even within internal networks.

Thankfully for such brain-wracking moments, two particular flags come to our rescue. Enter strictSSL and rejectUnauthorized. The way I personally like to use these flags, is to set defaults within my development environments as follows to bypass SSL validation hence, saving the day! 🙂

var request = require('request').defaults({
    strictSSL: false,
    rejectUnauthorized: false
 });

Please do note, that I do not recommend that you ever try this on your production systems without understanding the true implications of what disabling strictSSL and rejectUnauthorized means for you node server. By disabling these, you are essentially telling your server to skip validation of the requested server’s identity, which leaves your application in quite a vulnerable position.

Rebooting the Bugsmith’s Blog


It’s been a long long time since I last posted in this space. I guess I had been a bit too caught up with life and had been overly focused on my job.

Recently, I realized that I have become quite dormant in the open source communities, and it has been quite some time since I made a worthwhile commit on GitHub / Pagure / BitBucket/etc. My GitHub streak now looks mostly empty which means I have been lazy for over a year now.

So, enough with the slacking around for so long. It’s time to reboot the Bugsmith and get back to the groove of things.

It’s time to draw a line and balance out all the imbalances in my current everyday life. This means fixing my office work schedule, being a bit conscious about my health, and most importantly, getting back to doing something worthwhile with my life.

So, here’s the plan:-

  1. I’ll start posting more often about anything and everything.
  2. I’m gonna start sharing as much of my everyday learning related to tech and non-tech using this blog as a medium.
  3. Finish up all of my pending work [mostly personal stuff which I have been ignoring for a long time now].
  4. Get back to contributing more pro-actively to Open Source projects which I find interesting.
  5. Get back to attending tech-meetups in my vicinity and beyond.
  6. Well basically, get my stuff together and get back to being awesome yet again. 😉

Let’s see how I manage to cope up with my self-expectations! 🙂

Using Vim to generate HTML output of code


This is an interesting bit that I learnt about from an email in a mailing list by James Pryor.

To generate html output for code within a shell script you can use:

vim myscript.sh '+syntax on' '+ set nu' '+set background=light' +TOhtml '+w myscript.html' '+qall!'
If you don’t want numbers and need a dark background you can use:
vim myscript.sh '+syntax on' '+ set nonu' '+set background=dark' +TOhtml '+w myscript.html' '+qall!'

Installing EditorConfig on Sublime Text


To install Editor Config on Sublime Text all you need to do is to follow the following steps:-
  1. Go the Preferences tab -> Package Control.
  2. Select Install Package from the drop down menu.
  3. Wait for the list to load, once it loads it will show you a list of packages.
  4. Now, type in EditorConfig and select the highlighted option.

To confirm that Editor Config is installed correctly on your Sublime Text instance you can go to Preferences -> Browse Packages. If installed correctly you should be able to see an EditorConfig directory present in the Packages directory.

That’s it! Enjoy! 🙂

Installing Sublime Text 3 on RHEL / Fedora


Here’s another three step guide to installing Sublime Text 3 on RHEL 6,7 / Fedora 18, 19, 20:-

  1. Download the installation script from the following gist.
    https://gist.github.com/sayak-sarkar/11b039f398ddcae88139
  2. Extract it to your home directory [or anywhere you like].
    $tar -xvf gist11b039f398ddcae88139-e339084ef22e956ea6ef8d04f8279ca70772f534.tar.gz
  3. Open your terminal (preferably as super user), navigate to your home directory and execute the shell script.
     #./sublime-text-3.sh

Voila!! You now have Sublime Text 3 installed on your machine. You may run it from the terminal or via the alt+f2 shortcut by simply typing in “sublime”.

Based upon my previous post on How to install Sublime Text 3 on Fedora. 😉

Enjoy!! 🙂

Creating scrollable Charts using Angular-Kendo


Creating Scrollable Charts:

Horizontal scrolling of Charts is not supported out of the box in Kendo UI, however it can be achieved using a bit of custom styling.

Basic steps:

  • Set overflow: auto of the <div class="chart-wrapper">;
  • Set width of the aforementioned div;
  • Set width of the <div id="chart"> to a value higher than it’s parent div width size.

Example piece of code:

Template:

<div class="parent-container">
  <div kendo-chart k-options="line" class="chart-container">
  </div>
</div>

CSS:

.parent-container {
    overflow-y: scroll; 
    width: 1000px;
}

.chart-container {
    overflow: auto; 
    width: 2000px;
}
%d bloggers like this: