All posts by Lakin Mohapatra

Beginnerโ€™s guide to learn golang: Your first steps to get started

Software Outsourcing, ThoughtsLakin Mohapatra

Google created Go programming language, also known as Golang, to address some of the shortcomings and inefficiencies they were experiencing with existing languages and tools.

Why Google created Golang

Compile time: Google has historically struggled with long compile times for its projects having large codebases. This problem has been so significant that Google has developed build tools to separate the dependency analysis and compiling, just to gain a few percent in build time using conventional languages. In an effort to address this issue, Google created the programming language Go, which is designed for faster compilation without the need for dependency checking.

String processing: Google frequently processes and analyzes large amounts of text data in the form of web pages, requiring efficient manipulation of strings. To meet this need, the company incorporated a comprehensive set of string functions into the Go programming language, which also uses garbage collection to make working with strings more efficient compared to some other languages like C++.

Concurrency: The rise of multicore CPUs in the past argued that a language should provide first-class support for some sort of concurrency or parallelism. And to make resource management tractable in a large concurrent program, garbage collection, or at least some sort of safe automatic memory management was required. To address the complexity and difficulty of concurrent programming, where multiple parts of a program run simultaneously, is challenging to do well. Go was designed to make it easier to write concurrent programs by providing built-in support for concurrency and synchronization.

Learning curve: Go is a relatively simple language with a straightforward syntax and a small set of core features. This makes it easy for programmers to learn and use, even if they are new to programming.

Modern software development practices: Go was designed to support modern software development practices such as agile development, continuous integration, and test-driven development. It includes features such as built-in testing and support for dependency management.

Go = C + strings + garbage collection + concurrency.

Key features of Go

Some of the key features of Go include:

Concurrency: Go is built with concurrency in mind and provides a number of features to make it easy to write concurrent code.

Garbage collection: Go includes a garbage collector that automatically manages memory, making it easier for developers to write code without having to worry about memory management.

Static typing: Go is a statically-typed language, which means that variables are explicitly declared with a specific type and the type of a variable cannot be changed during its lifetime. This can help catch errors at compile time and improve the overall reliability of the code.

Lightweight: Goroutines take only 8 kilobytes and you can have thousands of them.

Fast compilation: Go has a fast compiler that can quickly build large programs, making it suitable for building scalable applications.

Zero dependency: Since the language does not rely on any external libraries or frameworks, you do not need to worry about installing those dependencies on the target machine. This can simplify the deployment process and reduce the risk of issues caused by missing or incompatible dependencies. This can be particularly useful for building applications that need to be deployed in a variety of different environments.

Built-in support for testing: Go includes built-in support for writing and running tests, making it easy to test and verify code.

Strong community: Go has a strong and active community of developers who contribute to the language and its ecosystem, including libraries and tools.

Overall, Go is a versatile and powerful programming language that can be used in a wide range of projects. Whether youโ€™re building a web application, a network server, or a command-line tool, Go is a good language to consider.

As more and more companies and people began to realize Goโ€™s potential, it became a mainstream language to build following kinds of products.

  1. World-class system tools like Docker and Kubernetes
  2. Advanced databases like CockroachDB and InfluxDB
  3. Decentralized Blockchain platforms like Ethereum
  4. To separate configuration into infrastructure layer like Istio
  5. Faster continuous deployment like Drone.
  6. More performant messaging systems like NATS.
  7. Widely used CLI tools like Cobra

Some good resources to learn golang

  1. ๐“๐ก๐ž ๐จ๐Ÿ๐Ÿ๐ข๐œ๐ข๐š๐ฅ ๐†๐จ๐ฅ๐š๐ง๐  ๐ฐ๐ž๐›๐ฌ๐ข๐ญ๐ž provides comprehensive documentation, tutorials, and other resources for learning the language.
  2. โ€œ๐†๐จ ๐›๐ฒ ๐„๐ฑ๐š๐ฆ๐ฉ๐ฅ๐žโ€ website provides a collection of short, easy-to-understand examples of how to use various Golang features.
  3. โ€œ๐€ ๐“๐จ๐ฎ๐ซ ๐จ๐Ÿ ๐†๐จโ€ website provides an interactive, in-browser tutorial that teaches the basics of Golang.
  4. โ€œEffective Goโ€ is a free resource to learn the Go programming language and it is available on the official website of Golang. This course provides an explanation of all the key concepts in the Go programming language, how to use them, and their syntax.
  5. โ€œGopherCon UK 2022 Conferenceโ€ YouTube playlist includes a series of talks and presentations on various topics related to Golang.
  6. ๐†๐จ๐ฉ๐ก๐ž๐ซ๐œ๐ข๐ฌ๐ž๐ฌ โ€” a FREE course by John Calhoun of calhoun.io.
  7. Golang Crash Course by Traversy Media โ€” This Go language crash course explains all the fundamentals of Golang.
  8. Learn Go Programming by Building 11 Projects โ€” Course by FreeCodeCamp โ€” This Golang course is completely free and published on freeCodeCampโ€™s YouTube channel.
  9. โ€œ๐“๐ก๐ž ๐†๐จ ๐๐ซ๐จ๐ ๐ซ๐š๐ฆ๐ฆ๐ข๐ง๐  ๐‹๐š๐ง๐ ๐ฎ๐š๐ ๐žโ€ book by Alan A. A. Donovan and Brian W. Kernighan is a comprehensive guide to the language, with detailed explanations and examples.
  10. โ€œ๐†๐จ๐ฅ๐š๐ง๐  ๐๐ž๐ฐ๐ฌโ€ website provides the latest news, articles, and resources related to Golang.
  11. โ€œ๐†๐จ ๐…๐จ๐ซ๐ฎ๐ฆโ€ is an online community where you can ask questions and get help from other Golang developers.
  12. โ€œ๐†๐จ๐ฅ๐š๐ง๐  ๐’๐ฅ๐š๐œ๐คโ€ is an online community where you can join channels and discuss Golang with other developers.

Although the design of most languages concentrates on innovations in syntax, semantics, or typing, Go is focused on the software development process itself. Go is efficient, easy to learn, and freely available, but we believe that what made it successful was the approach it took toward writing programs, particularly with multiple programmers working on a shared codebase.

If you’re ready to turn your software development vision into reality, look no further than Mindfire Solutions. As a trusted industry leader, we are dedicated to delivering excellence in software development, innovation, and reliability. Let’s bring your ideas to life. Contact us today to start your next project with confidence.ย  Explore Lakin’s original article and discover a treasure trove of trending tech articles on Medium.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
webtransport-featured-img

WebTransport: Bridging the Gap Beyond WebRTC & WebSockets

Software Outsourcing, Web Application DevelopmentLakin Mohapatra

Imagine a world where real-time communication is faster, more secure, and more efficient than ever before. A world where online gaming feels as responsive as playing in person, video streaming is seamless and buffer-free, and IoT devices transfer data with lightning speed. Welcome to the era of WebTransport, the cutting-edge technology poised to transform the way we connect and communicate over the web. It’s time to say goodbye to the limitations of traditional protocols and get ready to be amazed by the endless possibilities of WebTransport.

In this blog article, we will explore the advantages of WebTransport over the widely adopted WebSockets and WebRTC technologies. We will uncover how WebTransport harnesses the power of datagrams, streams, and the cutting-edge QUIC protocol to redefine real-time communication, offering unparalleled benefits for a wide range of applications.

We will also discuss the current state of WebTransport adoption and the future of this promising technology.

So, without further ado, letโ€™s dive into the world of WebTransport!

WebTransport is a web API that uses the HTTP/3 protocol as a bidirectional transport. Itโ€™s intended for two-way communications between a web client and an HTTP/3 server. It supports sending data both unreliably via its datagram APIs, and reliably via its streams APIs.

How WebTransport works under the hood

WebTransport can be used to send and receive data in two different ways: datagrams and streams.

  • Datagrams are individual packets of data that are limited in size by the maximum transmission unit (MTU) of the underlying connection. They may or may not be transmitted successfully, and if they are transferred, they may arrive in an arbitrary order. Datagrams are provided through the QUIC datagram extension and are prefixed with a session ID that the recipient can use to multiplex different transports
  • WebTransport also uses streams to send and receive data that need reliable and ordered delivery. Streams are provided by creating an individual unidirectional or bidirectional QUIC stream and are also prefixed with a session ID. Streams provide better transport efficiency than the older packet mechanism.

Process:

  1. The client and server first establish a QUIC connection. This is done by using the QUIC handshake protocol.
  2. Once the connection is established, the client and server can begin sending data to each other.
  3. Data is sent in packets. Each packet is encrypted and includes a sequence number.
  4. The receiver uses the sequence number to reorder the packets and decrypt them.
  5. If a packet is lost, the receiver will request a retransmission.
  6. The sender will retransmit the lost packet.
  7. This process continues until all of the data has been sent and received.

 

WebTransport offers versatile capabilities for sending multiple types of data over the same connection. It allows for the reliable transmission of text or file data while concurrently enabling the unreliable transmission of video information. This flexibility enhances the efficiency and richness of communication among numerous simultaneous users. WebTransport facilitates the segregation of different content types on separate channels, preventing one type from blocking the transmission of others. Additionally, the ability to establish bidirectional streams enables quick data exchange between the server and client, making it ideal for implementing messaging systems and facilitating rapid communication.

What is QUIC Protocol?

QUIC, short for โ€œQuick UDP Internet Connections,โ€ is a modern transport protocol designed to enhance internet communication. Developed by Google, QUIC aims to replace TCP by utilizing UDP for faster and more efficient data transfer. It incorporates features like multiplexing to enable simultaneous transmission of multiple data streams, built-in encryption for enhanced security, and advanced congestion control algorithms to optimize network performance. With its standardization efforts by the IETF and increasing adoption by major internet players, QUIC holds the potential to revolutionize internet communication, offering improved speed, security, and reliability for a better web browsing experience.

QUIC is still under development.

Here are some of the benefits of using QUIC:

Performance: QUIC can improve the performance of web applications by reducing latency and increasing throughput. This is because QUIC is a connectionless protocol, which means that it does not need to establish a connection before sending data. This can reduce the amount of time it takes to send data, which can improve the performance of web applications.

Security: QUIC can improve the security of web applications by providing encryption and authentication. This is because QUIC uses TLS 1.3 to encrypt all data that is sent over the connection. This ensures that the data is secure from eavesdropping and tampering.

Efficiency: QUIC is more efficient than TCP in terms of bandwidth and CPU usage. This is because QUIC does not need to resend data that is lost, which can save bandwidth. QUIC also uses less CPU than TCP, which can save power.

Advantages of WebTransport over WebRTC/Websockets

WebTransport offers several advantages over WebSockets and WebRTC in certain use cases. Here are some key advantages of using WebTransport:

Enhanced Performance: WebTransport introduces the QUIC protocol, which offers significant performance improvements over WebSocket and WebRTC. It leverages UDP-based transport, reducing latency and providing faster data transmission. This means quicker response times, smoother real-time interactions, and improved user experiences.

Efficient Resource Utilization: Unlike WebSocket and WebRTC, WebTransport utilizes a more efficient resource management approach. It requires fewer server resources to establish and maintain connections, allowing servers to handle a larger number of simultaneous connections without compromising performance or scalability.

Bidirectional: WebTransport is a bidirectional protocol, which means that data can flow in both directions between the client and server. This is useful for applications that need to send and receive data simultaneously, such as chat applications and multiplayer games.

Streamlined Data Transfer: With WebTransportโ€™s data grams and streams, data can be sent and received in a more organized and efficient manner. It allows for the creation of bidirectional streams, enabling simultaneous data transfer between the client and server. This enables the development of advanced features such as reliable file transfer, simultaneous video streaming, and real-time collaboration.

More Reliable: WebTransport is a reliable protocol, which means that data is guaranteed to be delivered in the correct order. This is important for applications that require high reliability, such as gaming and video streaming.

Robust Security Measures: WebTransportโ€™s streams API, based on the secure QUIC protocol, offers robust security for encrypted streaming. With built-in encryption, it ensures data confidentiality. Additional measures such as Origin header usage and specific opt-in requirements enhance security. WebTransport provides a secure environment for streaming, protecting the integrity and privacy of transmitted data.

Seamless Integration: WebTransport is designed to seamlessly integrate with existing web technologies. It can be easily adopted and incorporated into web applications without requiring major architectural changes. This makes it a viable option for migrating from WebSocket or WebRTC while preserving the functionality and user experience of the existing application.

Support for server push: WebTransport enables servers to proactively push data to clients, eliminating the need for clients to continually poll for updates.

Specific Problems Addressed by WebTransport

Higher latency in WebSockets: WebSockets introduce additional latency due to the handshake and framing overhead, which WebTransport minimizes.

Lack of stream multiplexing in WebRTC: WebRTC does not natively support stream multiplexing, making it less efficient for scenarios requiring multiple concurrent data streams.

Limited transport options in WebSockets: WebSockets primarily provide reliable, ordered transport, whereas WebTransport offers flexibility by supporting both reliable and unreliable transport modes.

Inefficiency of polling for updates: With WebTransportโ€™s server push capability, the need for clients to continually poll the server for updates is eliminated, reducing network congestion and improving efficiency.

Difficulty in extending protocols in WebSockets and WebRTC: WebTransport addresses this problem by providing a more extensible framework, allowing the introduction of new protocols and features without disrupting existing implementations.

Connect to a server using WebTransport QUIC using JavaScript

  1. Client creates a new WebTransport object.
  2. Client calls the connect() method on the WebTransport object, passing in the URL of the server.
  3. WebTransport object establishes a QUIC connection to the server.
  4. Client and server negotiate the parameters of the QUIC connection, such as the encryption and congestion control algorithms.
  5. The client and server can now send data to each other over the QUIC connection.

Here is an example using javaScript:

const webTransport = new WebTransport();

webTransport.connect(‘https://example.com’);

webTransport.on(‘message’, (data) => {

ย ย // Handle the data received from the server.

});

webTransport.on(‘error’, (error) => {

ย ย // Handle the error that occurred while connecting to the server.

});

Possible use casesย 

๐†๐š๐ฆ๐ข๐ง๐ : WebTransportโ€™s bidirectional streams are super helpful for making games. They make sure that the data sent by the server arrives quickly with very little delay. This is awesome for action-packed games like shooting, driving, or fighting because it reduces the time between when you do something on your device and when you see the game respond. Itโ€™s also great for cloud gaming services, where the game is run on a powerful server and streamed to your device. With WebTransport, the back-and-forth communication between you and the game server happens fast, making the whole gaming experience smoother and more responsive.

For example, it could be used to send real-time game state updates and player input to other players.

๐•๐ข๐๐ž๐จ ๐ฌ๐ญ๐ซ๐ž๐š๐ฆ๐ข๐ง๐ : WebTransport is a good choice for video streaming, as it can provide a secure, reliable, and efficient way to send and receive video data. In addition, WebTransport can be used to multiplex multiple streams of data over a single connection, which can be useful for streaming video alongside other data, such as audio data or chat messages.

For example, it could be used to send video and audio data to the client without buffering.

๐‚๐ก๐š๐ญ ๐š๐ฉ๐ฉ๐ฅ๐ข๐œ๐š๐ญ๐ข๐จ๐ง๐ฌ: WebTransport is a great fit for chat apps because it allows for fast and efficient communication between users. When we chat with someone, we want our messages to reach them quickly, and we want their responses to come back to us right away. WebTransport makes this happen by providing a smooth and low-latency connection. It ensures that our messages are sent and received almost instantly, creating a more seamless chatting experience. Additionally, WebTransport is designed to handle a large number of users at once, so even in busy chat rooms with lots of people, communication remains smooth and responsive. In simple terms, WebTransport helps chat apps work really well by making messages travel fast and keeping the conversation flowing smoothly.

IoT( Internet of Things) applications: WebTransport can be really useful for transferring data from Internet of Things (IoT) devices to servers. These devices often collect and send small bits of data regularly. With WebTransport, this data can be sent quickly with very little delay. This is important because IoT devices usually run on batteries, so itโ€™s better if they use less energy. Plus, if there are a lot of devices connected to the internet, it can sometimes make the network slow. But with WebTransport, the devices use fewer resources and create less congestion, which means everything works better. So, WebTransport helps make IoT devices work well and saves energy at the same time.

Browser Support:

Chrome: 97+

Firefox: 114+

Edge: 97+

Safari: 16+ (partial support)

Samsung Internet: 19+

Opera: 97+

Current State of WebTransport Adoption and Future of This Promising Technology

The current state of WebTransport adoption shows promising signs for the future of this technology. Although still in its early stages, WebTransport has received significant interest and attention from developers and industry experts. The potential benefits it offers, such as improved performance, lower latency, and increased reliability, make it an attractive choice for building modern web applications. Major browser vendors have started implementing WebTransport protocols and APIs, signaling their belief in its value. As more developers become familiar with WebTransport and explore its capabilities, we can expect to see wider adoption and integration of this technology into various web applications and services. With ongoing advancements and the active involvement of the web development community, the future of WebTransport looks promising, and we can anticipate exciting developments and innovations in this space in the years to come.

Building upon Lakin’s original article, our latest piece delves deeper into the subject, providing fresh insights and a broader perspective.ย Unlock the true potential of real-time communication with Mindfire. Our experts specialize in enhancing applications through cutting-edge technologies like WebTransport, including QUIC and HTTP/3. Elevate user experiences and stay ahead in the dynamic digital landscape. Let us transform your apps into seamless and efficient communication hubs. Reach out for a consultation today!

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
WordPress Malware Infection

What is WordPress Malware Infection? How do you deal with it?

Security, Thoughts, , , ,

WordPress is the most popular content management system on the web. Besides the popularity, it has many advantages. But unfortunately, it comes with certain downsides as well. if you go by statistics, more than 70% of WordPress installations are vulnerable to hacker attacks.

In WordPress websites, we generally install third-party plugins/themes for integrating additional features. But most of the time, we are not aware of the inherent security vulnerabilities of these plugins/themes which act as critical loopholes that are targeted by hackers/malware botnets, etc. Some plugins provide regular updates for patching those issues. But if we fail to do them, it leads to the exploitation of the vulnerabilities and severe malware infection.

โ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆ
Why secure WordPress websites before enabling SEO?

We know that bots crawl websites. But nowadays, bots make more visits to websites than human traffic. Malware Bots attack by trying a set of tentative URLs on websites. If a website has a vulnerability, and it gets figured out by the malware through this approach,ย ย the website becomes a candidate for exploitation. So, before enabling SEO on a website, we need to make sure that the website is secure; otherwise, you are at the mercy of bad bots which will take advantage of it. In some cases, malware can damage a site’s relationship with leading search engines by injecting malicious contents.

Effects of Malware Infection:
  • WP-admin will not be accessible due to unwanted 302 redirects to third-party malicious websites.
  • .htaccess file content will be changed even though it has proper file permission.
  • Files with extension .php.suspected will be created along with many duplicates of stylewpp.php.
  • Random posts will be created in WP DB.
  • Unknown admin users may have been created.
Steps to prevent Malware Infection :
  1. Take a regular backup of codebase and database.
  2. Restore content of .htaccess file and set proper file permission.
  3. Check crontab for any suspicious entries.
  4. Kill suspicious processes on the server.
  5. Check the access log and find suspicious HTTP calls.
  6. Block suspicious IPs which are making malicious attacks.
  7. Most core WordPress files should never be modified. You need to check for file integrity issues in the wp-admin, wp-includes, and root folders. Remove unknown files & folder with cascade delete [Suspected from access log]
  8. Analyze malicious PHP code which is injected into WP folders. It would be great if you can analyze malicious PHP script and decode their intention which will help you to remove infection easily.
  9. Prevent random article creation. We found โ€œcontent-main.phpโ€ file to be executed by malware botnet from access log. It was injected in path โ€œ/wp-content/content-main.phpโ€.
  10. Remove suspicious admin users
  11. Update WordPress to the latest version
  12. Change all credentials of cpanel , FTP and DB.
  13. Stop the brute force attack. Even if you will remove all files, folders, kill all malware processes & change passwords, malware will never sit idle. Because it has already entered your site domain name, IP & malware file locations in its database. So it will try to make continuous HTTP calls to malicious PHP script locations which will return 404 error which is fine. You also cannot block all IPs of malware botnet because it keeps on changing IPs.
    It tries the bruteforce login page with breached admin user names against a global database of pawned passwords.
  14. Block xmlrpc
  15. Prevent bad bots
    Modify the robots.txt file to prevent crawling core directories along with themes/plugin directories. Also, identify bad bots and prevent them from crawling website pages.
  16. Use SFTP instead of FTP
  17. Change default wp-login, wp-admin, wp-content urls. Below are some of the WP plugins which you can use for changing url of wp-login, wp-admin, wp-content, plugin urls.
    WPS Hide Login
    Protect Admin
  18. Install any of blow WP security plugins.
    Securi
    Quttera Web Malware Scanner
    Wordfence
  19. Add proper file & folder permissions.
  20. Check for known vulnerabilities in existing installed plugins.
    https://wpvulndb.com/
โ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆ
Conclusion

Nowadays, malwares are getting injected by botnets instead of humans. They crawl for vulnerable urls and exploit them one by one.

โ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆโ€ฆ

The views and opinions expressed in this article are those of the author. Lakin enjoys sharing his thoughts on computing and technology in hisย personal blog.
To know more about our company, please click onย Mindfire Solutions.ย 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •