- intellij, android studio
SHIFT + F6 // rename
CTRL + SHIFT + R // find and replace
SHIFT + F10 // run
F10 (file > settings > keymap > set a key for distraction) // Distraction-Free Mode; View > Distraction-Free Mode
CTRL + F4 // close tab
CTRL + 7 // un/comment; file > settings > keymap
CTRL + ALT + O // organize imports
CTRL + ALT + L // format code
CTRL + B // jump to source
CTRL + O // override methods
2x SHIFT // global search (commands, open files, ...)
CTRL + E // open recently opend files
CTRL + ALT + M // extract function
CTRL + I // implement methods
CTRL + ALT + INSERT / EINFG // create new file
ALT + 1 // open / close project view
ALT + 4 // open / close run view
SHIFT + ALT + left/right // switch design / text tab in layout
CTRL + ALT + L // reformat code (Android Studio)
- there are two types of a proxy (server)
- forward proxy: the client is using the proxy
- reverse proxy: the server is using the proxy
drawn with yed
Why use a proxy?
- a proxy acts as a middleman. in other words: the traffic goes through the proxy
- protect client or server from direct interactions (=security)
- distributes the total load / traffic to multiple servers
vboxmanage list vms
"WinDev1910Eval" {...}
- unpack compressed tar gz files
tar xfv ../Downloads/zulu8.40.0.25-ca-jdk8.0.222-linux_x64.tar.gz
unzip netbeans.zip
unzip -l netbeans.zip // list files
unzip netbeans.zip -d specific-dir/ // extract to dir specific dir
zip -r -0 -s 900m archive-0.zip folder-to-archive/ // split zip each 900MB; just archive no compress; recursivly.
- copy, disc usage / free
cp -v folder/file-* . // copy all files with file-* to current folder. verbose on.
for i in {1..100}; do cp free.ogg "free$i.ogg"; done // copy files multible times
df -h . // free disk space; human readable
du -h --max-depth=1 /home/ // disc usage for a folder with given depth
- network / openwrt
arp // list MAC adress to IP adress
cat /var/dhcp.leases // show IP adress, hostname, MAC adress
nmap -v ip.adress // fast simple scan for default ports
sudo service dnsmasq restart // restart dnsmasq: DCHP server (usually this is installed on openwrt)
dmesg // display kernel ring buffer (data structure of messages operated by kernel)
- symbolic links
ln -s apache-maven-3.6.1 maven
ln -s zulu8.40.0.25-ca-jdk8.0.222-linux_x64 jdk
rm jdk // remove symbolic link
- image resize
# dependency: imagemagick
convert -resize 25% screenshot.png screenshot.png
- config the environment variable PATH. Put that in
~/.profile(restart)
user management
- create user:
useradd guest - check user account information passwd:
cat /etc/passwd | grep guest
guest:x:1001:1001::/home/guest:/bin/sh
[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]
- check group account information group:
cat /etc/group | grep guest
guest:x:1001:
[Group name]:[Group password]:[GID]:[Group members]
-
modify user:
usermod --expiredate 2020-01-01 guest -
set password:
passwd guest -
delete user:
userdel --remove guest. will also delete/var/mail/guestand/home/guest
group management
- display, add, delete group
- add user to group
$ groups guest
guest : guest
$ groupadd restricted # will take the next free gid usually 1001
$ groupadd -g 2000 restricted # we specify the gid (= 2000)
$ cat /etc/group | grep restricted
restricted:x:2000:
$ chown guest:restricted open.txt
$ ls -l open.txt
-rw-r--r-- 1 guest restricted 15 Dez 23 23:50 open.txt
$ usermod -aG restricted guest
$ groups guest
guest : guest restricted
$ chmod 440 open.txt
$ ls -l open.txt
-r--r----- 1 guest restricted 18 Dez 24 00:37 open.txt
$ groupdel restricted
PATH="$HOME/development/jdk/bin:$PATH"
PATH="$HOME/development/maven/bin:$PATH"
PATH="$HOME/development/netbeans/bin:$PATH"
iso to usb stick
sudo dd if=linux.iso of=/dev/sda bs=1M && sync
battery lifetime / runtime with TLP
sudo tlp-stat -s // manual start
sudo tlp-stat -b // show battery info
/sys/class/power_supply/BAT0/cycle_count = 3
/sys/class/power_supply/BAT0/energy_full_design = 57020 [mWh]
/sys/class/power_supply/BAT0/energy_full = 57660 [mWh]
/sys/class/power_supply/BAT0/energy_now = 47530 [mWh]
/sys/class/power_supply/BAT0/power_now = 7446 [mW]
/sys/class/power_supply/BAT0/status = Discharging
Charge = 82.4 [%]
Capacity = 101.1 [%]
show / change display brightness / backlight
cat /sys/class/backlight/amdgpu_bl0/brightness
file operation
curl https://archive.ics.uci.edu/ml/machine-learning-databases/iris/iris.data --output iris.data
split -l 50 file.csv // split file to multiple files for given line number
grep -n 'search' file.csv // line numbers occurence
sed -n '/pattern/=' file.csv // line numbers occurence
- shortcuts
ALT + SHIFT + T // open terminal
CTRL + SHIFT + T // terminal: open tab
- update, upgrade, install software
sudo apt update
sudo apt upgrade
sudo apt install git
Authentication
- Who are you?
- Methods: Login form, HTTP authentication, X.509 certificates, HTTP digest, ...
Authorization
- What can i do?
- Methods: Access control for URLs, Secure objects and methods, Access control lists (ACLs)
- Types: Role-, Claims-, Policy-based authorization
SiteMinder, Single Sign-On
- SSO is a solution that allows a user to authenticate once and gain access to all applications/resources supported by the SSO, without having to sign in separately to each application/resource.
- with a SiteMinder Web Agent a client request is intercepted
- Web Agent is a filter on the web server
- is the request path (resource) is protected then the request goes to Policy Server
- the Policy Server needs the credentials (username / password) to gave access
- why use SSO / SiteMinder?
- it acts as a single point of truth
- otherwise the user has to login each per system (ex. apache web server, IIS windows server, ...)
- CA Single Sign-On (formerly CA SiteMinder)
- CA SiteMinder Policy Server
- CA SiteMinder authentication provider
HTTP authentication schemas
- Basic: uses the easily reversible Base64 encoding instead of hashing
- Digest: applies a hash function to the username and password before sending them over the network
- Bearer / OAuth
- Token based authentication
- is complementary to and distinct from ODIC
- ODIC and OAuth are often used together
- OAuth act as the authorization layer
- NTLM NT LAN Manager authentication is a challenge-response scheme. NTLM uses Windows credentials to transform the challenge data.
API Keys
- access REST api with a key (no user required)
JWT
- JSON Web Token: is an encrypted JSON (format)
- typicalls used with Bearer auth.
ODIC
- OpenID Connect
- OIDC providing the user authentication layer
Integrated Windows Authentication (IWA)
- The current Windows user information on the client computer is used by the browser.
Kerberos
- is a computer-network authentication protocol
LDAP
- Lightweight Directory Access Protocol is a standard application protocol
- sharing of information on users, systems, networks, services, and applications
- LDAP authentication is the process of validating a username and password with a directory service using the LDAP protocol.
Links
- https://doubleoctopus.com/security-wiki/
- https://www.roytuts.com/how-siteminder-works/
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
- https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/understanding-http-authentication
- https://docs.microsoft.com/en-us/aspnet/core/security/?view=aspnetcore-3.1
- https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
- https://jwt.io/introduction/
- encryption / ciphering / encoding
- we need encryption when ever we send information over unsafe networks.
- main target of cryptography
- Confidentiality: only authorized person can read protected information
- Authentication: you talk to the right person. you can trust.
- Integrity: the message hasnt been changed
- encrypt a plaintext with a key and algorithm:
plaintext -> chiphertext
- a one-way function / fingerprint
- used e.g. for passwords. the hash of it is stored then stored.
example: python MD5
>>> hashlib.md5(b'bob').hexdigest()
'9f9d51bc70ef21ca5c14f307980a29d8'
>>> hashlib.md5(b'bob').hexdigest()
'9f9d51bc70ef21ca5c14f307980a29d8'
- symmetric encryption (algorithms): only one key for encryption and decryption
- problem: both user has to know the key
- asymmetric encryption / public key cryptography : key pair (private key and public key)
- the information can decrypted with private key
- encryption with public key
For an secure connection between two nodes (e.g. client / server) we can use TLS (SSL). In order to accomblish this we need a few artifacts.
First of all we need a SSL certificate.
Signed certificate: In order to obtain a signed SSL certificate we can create a private key and a CSR with OpenSSL.
With the key file we create the CSR. And with the CSR in turn we can request a signed digital certificate from an CA.
For the key generation you can use a common public-key cryptosystem provided in OpenSSL.
Self-signed certificate is the counterpart of the CA signed certificate.
Here you just create your private key and your certificate. And use it for secure connection.
- private key file
- CSR: Certificate Signing Request
- CA: certificate authority
rmdir /S // delete folder
move source-folder . // move folder to current folder
- (embedded / payara)
- start database:
asadmin start-database - stop database:
asadmin stop-database - sql connect (e.g. payara5\h2db\bin):
java -cp h2.jar org.h2.tools.Shell - create database (take default settings):
JDBC URL: jdbc:h2:~/test
Database/Schema: ~/test
- show tables
sql> show tables;
TABLE_NAME | TABLE_SCHEMA
DEVELOPER | PUBLIC
- create table
CREATE TABLE PUBLIC.DEVELOPER (
NAME VARCHAR(10),
PROGRAMMING_LANGUAGE VARCHAR(10),
CONSTRAINT DEVELOPER_PK PRIMARY KEY (ID)
);
- quit from sql shell:
quit
source: ant in action
- Unit tests test a piece of a program, such as a class, a module, or a single method. They can identify problems in a small part of the application, and often you can run them without deploying the application.
- System tests verify that a system as a whole works. A server-side application would be deployed first; the tests would be run against that deployed system, and may simulate client behavior. Another term for this is functional testing.
- Acceptance tests verify that the entire system/application meets the customers’ acceptance criteria. Performance, memory consumption, and other criteria may be included above the simple “does it work” assessment. These are also some- times called functional tests, just to cause extra confusion.
- Regression testing means testing a program to see that a change has not broken