Why is char[] preferred over String for passwords?

Strings are immutable. That means once you have created the String, if another process can dump memory, there is no way (aside from reflection) you can get rid of the data before garbage collection kicks in.

With an array, you can explicitly wipe the data after you are done with it. You can overwrite the array with anything you like, and the password won’t be present anywhere in the system, even before garbage collection.

So yes, this is a security concern – but even using char[ ] only reduces the window of opportunity for an attacker, and it’s only for this specific type of attack.

As noted in comments, it’s possible that arrays being moved by the garbage collector will leave stray copies of the data in memory. I believe this is implementation-specific – the garbage collector may clear all memory as it goes, to avoid this sort of thing. Even if it does, there is still time during which the char[ ] contains the actual characters as an attack window.


How do I find all files containing specific text on Linux?

grep -rnw ‘/path/to/somewhere/’ -e ‘pattern’
-r or -R is recursive,
-n is line number, and
-w stands for match the whole word.
-l (lower-case L) can be added to just give the file name of matching files.

Along with these, –exclude, –include, –exclude-dir flags could be used for efficient searching:
This will only search through those files which have .c or .h extensions:
grep –include=\*.{c,h} -rnw ‘/path/to/somewhere/’ -e “pattern”
This will exclude searching all the files ending with .o extension:
grep –exclude=*.o -rnw ‘/path/to/somewhere/’ -e “pattern”
For directories it’s possible to exclude a particular directory(ies) through–exclude-dirparameter.
For example, this will exclude the dirs dir1/, dir2/ and all of them matching *.dst/:
grep –exclude-dir={dir1,dir2,*.dst} -rnw ‘/path/to/somewhere/’ -e “pattern”


How to Copy files from host to Docker container?

The cp command can be used to copy files. One specific file can be copied like:
docker cp foo.txt mycontainer:/foo.txt
docker cp mycontainer:/foo.txt foo.txt

Multiple files contained by the folder src can be copied into the target folder using:
docker cp src/. mycontainer:/target
docker cp mycontainer:/src/. target

In order to copy a file from a container to the host, you can use the command
docker cp :/file/path/within/container /host/path/target


How to merge two dictionaries in a single expression?

For dictionaries x and y, z becomes a merged dictionary with values from y replacing those from x.
In Python 3.5 or greater, :
z = {**x, **y}
In Python 2, (or 3.4 or lower) write a function:
def merge_two_dicts(x, y):
z = x.copy() # start with x’s keys and values
z.update(y) # modifies z with y’s keys and values & returns None
return z
z = merge_two_dicts(x, y)


How to specify a sudo password for Ansible in non-interactive way?

We can pass variable on the command line via–extra-vars “name=value”.
Sudo password variable is ansible_sudo_pass.
So your command would look like:
ansible-playbook playbook.yml -i inventory.ini –user=username \
–extra-vars “ansible_sudo_pass=yourPassword”


Data Breaches – What you need to know

Data Breaches

It might look like stories of huge data breaches are popping up in the newsflash frequently these days. Unfortunately, this is not shocking. As technology advances, all of our information moves to the digital world, and, as a result, cyber-attacks are becoming the new wave of crime. Companies and small industries are exceptionally attractive targets to cybercriminals, simply due to the large payday of data that can be stolen in one swoop. So, explore this article and know more about data breaches.


The main reason that cybercriminals are thieving personal information is for use in identity theft. Last year more companies chosen not to reveal the full extent of their data breaches.

The targeted attacks from cybercriminals are generally carried out in four different ways: misusing system vulnerabilities such as out of date software, people using weak passwords such as their pet’s name without numbers and symbols, SQL injections, and targeted malware attacks. When systems do not have the latest software updates it can create a hole that an attacker can use to snitch malware onto the computer that can steal data. Weak and unsecure user passwords can make it easy for an attacker to crash, particularly if the passwords contain complete words or phrases. SQL injections allows for drive-by downloads that will inoculate spyware or malware onto the computer without the user doing anything to contract the malware. The targeted malware attacks happen when attackers use junk and spear phishing procedures to try and trick the user into revealing user credentials, downloading malware attachments or directing users to susceptible websites.


Being active about your accounts is the finest security measure that you can take to do your part to prevent data breaches.

Make sure that you use tough, secure passwords for each account you access, and be sure not to use the same password across various sites. Keeping track of various passwords can seem like an impossible feat.

To keep your personal identity safe and secure, it is always important to be alert on your

Monitor your bank and financial accounts on a regular basis for suspicious activity. If the companies you do business with offer activity alerts via text or email, sign up for them.

Take action as soon as possible if you do see suspicious activity. Contact the bank or institution the suspicious activity originated from. Notify them of the suspicious transaction and inform them that your information was stolen in a data breach.

  • Close all online banking applications on your phone whenever you are not using them, and give your phone a password if you do not have one. Having to enter a password every time you use your phone is dreary, but it also provides a solid line of defence if your device is stolen.
  • Use secure URLs that begin with https:// on well-known sites when entering credit card or debit card information. You may also request to use disposable credit cards when doing online purchases.
  • Implement high-quality security software that includes malware and virus protection. Keep it updated.
  • Use a removable flash drive to store financial and other sensitive information.
    Avoid oversharing on social media. Never post anything relating to sensitive information, making your profiles private, etc.


Data breaches are here to stay, and the best defence against them is a good offense. Edify yourself and stay conscientious about monitoring your online life. Luckily, there are laws in place to safeguard you, but it is up to you to report any suspicious activity and fight back against cybercrime or not.

Data Breaches – What you need to know


Top Trends Shaping IT Cloud Strategies

Top Trends Shaping IT Cloud Strategies

Cloud computing has helped many organizations to transmute their IT practices over the past few years, but whizzes agree that the market is ingoing a second wave for public, private and hybrid cloud services.

Predictions from major consultancy firms mentioned the fact that for the coming years, the rate of adoption is sustainable, and cloud computing will see more investment from IT giants, and more adoption from businesses.

In parallel, market experts, along with shareholders from the IT industry and enterprises across the globe, are in agreement that there is an irrefutable wave of transformation and progress taking shape. This metaphorical wave is best understood as the sum total of distinct trends in cloud computing that are shaping the industry. Let us understand these trends better, which can help you to get better idea on your IT cloud strategies.



It is grabbing our attention, how a plenitude of enterprises has preferred the cloud because of lack of trust in the security of their own on-premises technologies, and after the transition, have to deal with the truth that business data rests with a third-party vendor in the public cloud services domain.

Hyper convergence in private cloud appears as a solution. Now, private cloud also needs normalization, automation, resource monitoring, self-service, and virtualization, same as the public cloud. Dealing with all these capabilities and binding them into a coherent unit is hard for businesses, hyper convergence appears as an IT cloud strategies option.


The truth is, the payments for cloud investments have been long delayed for many enterprises. The cloud services purely based on cost, it helps to develop insight on regulating cloud costs.

For beginners, complex pricing plans and contracts are responsible for making businesses waterlogged so they are having trouble venturing into cost analyses. For example, Amazon and Google offer cloud services that charge businesses on the basis of number of messages generated per hour, or number of messages sent in a day. Then, there are several plans for each service customer wish to purchase.


Almost all major cloud service providers support container development. Containers help the developers to migrate software code effortlessly. OpenShift and CloudFoundry can be functioned easily on Azure, AWS, and Google Cloud. Containers help enterprises with portability between cloud services from Azure, Google Cloud, and AWS, or among others.

This is because they can use containers to realize their DevOps strategies to allow faster software production. The new paradigm brings new challenges around security, monitoring, networking, and storage issues. However, in spite of these challenges, containers have established their worth by helping enterprises to leverage portability


Some organizations are also looking for a refactor apps to run on public cloud systems, leveraging migration services, rather than simply removing existing apps in a public cloud. The ideal option of moving an application is by rewriting it to take advantage of cloud’s elasticity, although cloud apps migration can be expensive.


Cloud services have grown stronger, and are all set to transmute even more businesses, in more number of ways, than before. These trends will help CIOs and other IT decision makers to align their business cloud strategies to the realities shaping the market.


IT Security Advanced Persistent Threats

An advanced persistent threat is a big term used to define an attack in which an invader, or team of invaders, establishes an illegal, long-term presence on a network in order to mine highly sensitive data.

The targets of these attacks, which are very carefully chosen and researched, typically include large enterprises or governmental networks. The significances of such intrusions are huge:

Intellectual property theft such as patents, etc.
Compromised sensitive information.
The damaging of critical organizational infrastructures.
Total site takeovers.

For executing an APT attack requires more resources than a normal web application attack. The culprits are usually teams of experienced cybercriminals having substantial financial backing. Some APT attacks are government-funded and used as cyber warfare weapons.


A successful APT attack can be cracked down into three stages

  1. Network infiltration,
  2. The expansion of the attacker’s presence and
  3. The extraction of amassed data.


Organizations are typically infiltrated through the compromising of one of three attack surfaces: web assets, network resources or authorized human users.

This is achieved either through malicious uploads or social engineering attacks—threats faced by large organizations on a regular basis.

Additionally, at the same time infiltrators may execute a DDoS attack against their target. This serves both as a smoke screen to distract network personnel and as a means of failing a security perimeter, making it easier to breach.

Once the initial access has been completed, attackers quickly install a backdoor shell—malware that grants network access and allows for remote and stealth operations.


After the base is established, attackers move to expand their presence within the network.

This involves moving up an organization’s hierarchy, compromising staff members with access to the most sensitive data. In doing this, they are able to gather critical business information.

Depending on the final attack goal, the collected data can be sold to a contending enterprise, altered to damage a company’s product line or used to take down a complete organization.


While an APT event is ongoing, the lost information is usually stored in a secure location inside the network being assaulted. Once sufficient data has been collected, the thieves need to extract it without being detected.

Typically, white noise tactics are used to distract the security team so the information can be moved out. This might take the form of a DDoS attack, again tying up network personnel and/or weakening site defences to enable extraction.


Below are the best practice measures to take when securing your network:

  • Patching network software and OS vulnerabilities as fast as possible.
  • Encryption of remote connections to stop invaders from piggy-backing to infiltrate your site.
  • Cleaning incoming emails to prevent spam and phishing attacks targeting your network.
  •  Immediate logging of security events to improve whitelists and other security policies.

IT Security Advanced Persistent Threats


Machine Learning in JavaScript

Machine learning libraries are growing faster and more available with each passing year, showing no signs of breaking down. While traditionally Python has been the go-to language for machine learning, now-a-days neural networks can run in any language, including JavaScript!

The web system has made a lot of development in recent times and although JavaScript and Node.js are still fewer performers than Python and Java, they are now dominant to handle many machine learning hitches.

Most of the JavaScript machine learning libraries are fairly new and still in improvement, but they do exist and are ready for the users to try them. In this article, we will look at some of these libraries, as well as a number of cool AI web app instances to get you started.


The brain is a library that makes the user to easily create neural networks and then train them depending on input/output data. As training takes up a lot of resources, it is better to run the library in a Node.js location, though a CDN browser version can also be loaded directly onto a web page. There is a small demo on their website that can be trained to identify color contrast.


It is the most vigorously maintained project on the list, Synaptic is a Node.js and browser library that is architecture-agnostic, allowing the developers to build any type of neural network they want. It has some narrow built-in architectures, making it likely to test and relate different machine learning algorithms. It also features a well-published introduction to neural networks, a number of practical demos, and many other great tutorials illustrating how machine learning works.


FlappyLearning is a JavaScript project that is of hardly few lines of un-minified code copes to build a machine learning library and implement it in a fun demo that learns to play Flappy Bird like a virtuoso. The AI method used in this library is called Neuroevolution and applies algorithms motivated by nervous systems found in nature, dynamically learning from each iteration’s success or failures. The demonstration is super easy to run – just open index.html in the browser.


Though it is no longer actively maintained, ConvNetJS is one of the most progressive deep learning libraries for JavaScript. It works directly in the browser, supports several learning techniques, and is rather low-level, making it appropriate for people with better experience in neural networks.


Framework for building AI systems based on reinforcement learning. Miserably, the open-source project does not have a right documentation but one of the demos, a self-driving car experiment, has a great description of the different parts that make up a neural network. The library is in pure JavaScript and made using modern tools such as web pack and babel.


Although the JavaScript machine learning ecosystem is not completely developed yet, we suggest using the resources on this list to make your first steps in ML and get a feel for the core techniques. As the experimentations in this article show, there are loads of exciting stuff you can make by using only the browser and some familiar JavaScript code.