Wednesday, July 29, 2015

I2P anonymous proxy,proxy network,anonymity,network ,communications ,I2P route,I2P runs

The I2P anonymous network ('I2P') is a proxy network aiming at online anonymity. It implements garlic routing, which is an enhancement of Tor's onion routing. I2P is fully distributed and works by encrypting all communications in various layers and relaying them through a network of routers run by volunteers in various locations. By keeping the source of the information hidden, I2P offers censorship resistance. The goals of I2P are to protect users' personal freedom, privacy, and ability to conduct confidential business.

Each user of I2P runs an I2P router on their computer (node). The I2P router takes care of finding other peers and building anonymizing tunnels through them. I2P provides proxies for all protocols (HTTP, IRC, SOCKS, ...).

The software is free and open-source, and the network is free of charge to use.

Sunday, July 26, 2015

HTTP compression_Security implications,CRIME,HTTP compression,dubbed BREACH,SPDY header compression,BREACH

In 2012, a general attack against the use of data compression, called CRIME, was announced. While the CRIME attack could work effectively against a large number of protocols, including but not limited to TLS, and application-layer protocols such as SPDY or HTTP, only exploits against TLS and SPDY were demonstrated and largely mitigated in browsers and servers. The CRIME exploit against HTTP compression has not been mitigated at all, even though the authors of CRIME have warned that this vulnerability might be even more widespread than SPDY and TLS compression combined.

In 2013, a new instance of the CRIME attack against HTTP compression, dubbed BREACH, was published. A BREACH attack can extract login tokens, email addresses or other sensitive information from TLS encrypted web traffic in as little as 30 seconds (depending on the number of bytes to be extracted), provided the attacker tricks the victim into visiting a malicious web link.All versions of TLS and SSL are at risk from BREACH regardless of the encryption algorithm or cipher used.Unlike previous instances of CRIME, which can be successfully defended against by turning off TLS compression or SPDY header compression, BREACH exploits HTTP compression which cannot realistically be turned off, as virtually all web servers rely upon it to improve data transmission speeds for users

Thursday, July 23, 2015

HTTP compression,bandwidth utilization,web servers,browsers ,HTTP message,cached,transferred,Compression,Transfer-Encoding

HTTP compression is a capability that can be built into web servers and web clients to improve transfer speed and bandwidth utilization.

HTTP data is compressed before it is sent from the server: compliant browsers will announce what methods are supported to the server before downloading the correct format; browsers that do not support compliant compression method will download uncompressed data. The most common compression schemes include gzip and Deflate, however a full list of available schemes is maintained by the IANA.Additionally, third parties develop new methods and include them in their products, for example the Google Shared Dictionary Compression Over HTTP (SDCH) scheme implemented in the Google Chrome browser and used on Google servers.

There are two different ways compression can be done in HTTP. At a lower level, a Transfer-Encoding header field may indicate the payload of a HTTP message is compressed. At a higher level, a Content-Encoding header field may indicate that a resource being transferred, cached, or otherwise referenced is compressed. Compression using Content-Encoding is more widely supported than Transfer-Encoding, and some browsers do not advertise for Transfer-Encoding compression to avoid triggering bugs in servers

Sunday, July 19, 2015

HTML and the DOM,web development tools, DOM viewer,web browsers,CSS properties

HTML and DOM viewer and editor is commonly included in the built in web development tools. The difference between the HTML and DOM viewer, and the view source feature in web browsers is that the HTML and DOM viewer allow you to see the DOM as it was rendered in addition to allowing you to make changes to the HTML and DOM and see the change reflected in the page after the change is made.

In addition to selecting and editing, the HTML elements panels will usually also display properties of the DOM object, such as display dimension, and CSS properties.

Thursday, July 16, 2015

Drupal_Database abstraction,SQL queries,SQLite,database engine,PHP distribution,abstraction ,multi-site table

Prior to version 7, Drupal had functions that performed tasks related to databases, such as SQL query cleansing, multi-site table name prefixing, and generating proper SQL queries. In particular, Drupal 6 introduced an abstraction layer that allowed programmers to create SQL queries without writing SQL.

Drupal 7 extends the data abstraction layer so that a programmer no longer needs to write SQL queries as text strings. It uses PHP Data Objects to abstract the database. Microsoft has written a database driver for their SQL Server.Drupal 7 supports the file-based SQLite database engine, which is part of the standard PHP distribution.

Monday, July 13, 2015

Drupal_Core modules, Blogs, books, comments, forums, and polls,OpenID support ,RSS feed, feed aggregator

Drupal core includes optional modules that can be enabled by the administrator to extend the functionality of the core website.

The core Drupal distribution provides a number of features, including:
  •     Access statistics and logging
  •     Advanced search
  •     Blogs, books, comments, forums, and polls
  •     Caching and feature throttling for improved performance
  •     Descriptive URLs
  •     Multi-level menu system
  •     Multi-site support
  •     Multi-user content creation and editing
  •     OpenID support
  •     RSS feed and feed aggregator
  •     Security and new release update notification
  •     User profiles
  •     Various access control restrictions (user roles, IP addresses, email)
  •     Workflow tools (triggers and actions)

Thursday, July 9, 2015

Drupal_Core themes,browser interface,color scheme,Color Module

Drupal includes core themes, which customize the "look and feel" of Drupal sites,for example, Garland and Bartik.

The Color Module, introduced in Drupal core 5.0, allows administrators to change the color scheme of certain themes via a browser interface.

Monday, July 6, 2015

Drupal_Auto-update notification,administrator ,Drupal security,vulnerability

Drupal can automatically notify the administrator about new versions of modules, themes, or the Drupal core. It's important to update quickly after security updates are released. On October 15, 2014, a sql injection vulnerability was announced and update released.Two weeks later the Drupal security team released an advisory explaining that everyone should act under the assumption that any site not updated within 7 hours of the announcement are infected.Thus, it can be extremely important to apply these updates quickly and usage of a tool to make this process easier like drush is highly recommended.

Friday, July 3, 2015

Drupal_Accessibility,Web accessibility,framework,WAI-ARIA,administrator ,CSS

With the release of Drupal 7, Web accessibility has been greatly improved by the Drupal community.Drupal is a good framework for building sites accessible to people with disabilities, because many of the best practices have been incorporated into the program code Core. The accessibility team is carrying on the work of identifying and resolving accessibility barriers and raising awareness within the community. Drupal 7 started the adoption of WAI-ARIA support for Rich Internet Applications and this has been carried further in Drupal 8. There have been many improvements to both the visitor and administrator sides of Drupal, especially:
  •     Drag and drop functionality
  •     Improved color contrast and intensity
  •     Adding skip navigation to Core themes
  •     Adding labels by default for input forms
  •     Fixing CSS display:none with consistent methods for hiding and exposing text onfocus.

The community also added an accessibility gate for Core issues in Drupal 8.