Monthly Archives: April 2015

Modern Client UI Development with Java backend

Yeoman + Bower + Grunt is a very powerful stack of developing web UI. It has all the features, like Minify, Uglify and Unit Test. However, it is a pure HTML and JS platform, in most enterprise applications,  it will stick to a Java Backend, may be in a form of Restful Service.

During development, we may need to proxy to with grunt-connect-proxy. I would post a working gruntfile.js section here for reference. The livereload options and livereload proxies are modified.

We don’t need to import the NPM task in grunt, as the pre-configured grunt file will import all the tasks from package.json

 

connect: {
  options: {
    port: 9000,
    open: true,
    livereload: 35729,
    // Change this to '0.0.0.0' to access the server from outside
    hostname: 'localhost'
  },
  livereload: {
    options: {
      middleware: function(connect) {
        /*return [
          connect.static('.tmp'),
          connect().use('/bower_components', connect.static('./bower_components')),
          connect.static(config.app)
        ];*/
        var middlewares = [require('grunt-connect-proxy/lib/utils').proxyRequest];
        middlewares.push(connect.static('.tmp'));
        middlewares.push(connect().use('/bower_components', connect.static('./bower_components')));
        middlewares.push(connect.static(config.app));
        return middlewares;
      }
    },
    proxies: [{
      context: '/api',
      host: 'localhost',
      port: 8080,
      https: false,
      xforward: false,
      ws: true,
      rewrite: {
        '^/api': '/oms-core/api'
      }
    }]
  },
  test: {
    options: {
      open: false,
      port: 9001,
      middleware: function(connect) {
        return [
          connect.static('.tmp'),
          connect.static('test'),
          connect().use('/bower_components', connect.static('./bower_components')),
          connect.static(config.app)
        ];
      }
    }
  },
  dist: {
    options: {
      base: '<%= config.dist %>',
      livereload: false
    }
  }
},

Running PostgreSQL on Windows with Non-Privileged Account

Developers always need to test on different Database like MySQL, Oracle and PostgreSQL. It is too heavy to run them as a deamon. I prefer to run them in a no-install and portable way. I recently found and tested to run on non-privileged account, meaning that it can be portable

First, Download No-Install version of PostgreSQL

http://www.enterprisedb.com/products-services-training/pgbindownload

Extract it to a Folder, mine is C:\JimmyWork\Development\pgsql

PgSQLonWin

Create a folder “data” under pgsql

Open Command Prompt, Init the DB with this command and type the password

C:\JimmyWork\Development\pgsql>bin\initdb.exe -D data -A password -W -U postgres

Start the DB Server with this command

C:\JimmyWork\Development\pgsql>bin\postgres.exe -D data

There is a PGAdmin III in bin folder, you can use that to access the DB Started. Configure the DB as followed.

PgSQLonWin2

Usually we will create user dedicated for a DB as followed.

CREATE USER mydatabaseuser WITH PASSWORD ‘P@ssw0rd’;
CREATE DATABASE mydatabase OWNER=mydatabaseuser ;
GRANT ALL ON DATABASE mydatabase to mydatabaseuser ;

Enjoy!!

Computer and Hacking Forensics By cybrary.it

I have recently found a good forensics tutorial online. It is provided by a startup focusing on security and hacking related tutorial. The course link is here

The course is good in the sense that it covers the current US law and some common utilities for a forensics beginner.

It has 15 chapters altogether, the title is as followed. I try to put down the software it describes as well for my own reference later on.

  1. Module 1 – Modern Forensics
  2. Module 2 – Investigative Process

  3. Module 3 – Searching and Seizing
  4. Module 4 – Digital Evidence
  5. Module 5 – First Responder

    • chkdisk: Windows Program to fix HDD problem, usually uses as chkdisk /f
    • Hex Workshop: Hex editors $89.95
  6. Module 6 – Computer Forensics Labs

    • FileMerlin: File Converters for different format. $95
    • FileViewer: A quick viewer for MANY file format, it is FREE
    • Paraben P2 Explorer: Tools for mounting drive and extract information, FREE for limited functions
  7. Module 7 – Hard Disks and File Systems

  8. Module 8 – Windows Forensics

    • Kdirstat / WinDirStat: Tools to visualize disk usage
    • PSLoggedOn: Windows tools to determine logon on remote computers
    • Regedit & Regedt32: Windows Tool to view and edit registry
    • Total Commander: Classic multi-windows multi-function file explorer
  9. Module 9 – Data Acquisition

    • Autospy Sleuthkit: Comprehensive forensic tools
    • DiskExplorer: Direct disk editor
    • FTK Imager: Extract memory, even after the program is closed
    • ListDLLs: ListDLLs is a utility that reports the DLLs loaded into processes
    • PMDump: PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process.
    • PromiscDetect: PromiscDetect checks if your network adapter(s) is running in promiscuous mode
    • Runtime Disk Explorer NTFS: Low level FS Scanner and Tool kit
  10. Module 10 – Recovering and Deleting Files

  11. Module 11 – Access Data

    • Access Data FTK: Integrated tools for 1st level computer scanning to locate suspicious files
  12. Module 12 – Image Files
  13. Module 13 – Steganography

    • Mp3Stegz: Tools to encrypt something inside a MP3 files without change the sound and filesize
    • QuickStego: Hide message in a Picture
    • XnView: Quick Image viewer
  14. Module 14 – Application Password Checkers

    • Cain & Abel: Comprehensive vulunbility scanner and password crackers
    • PasswordPro: A Password Manager, FREE
    • SAM Inside: Windows credential crackers
    • Ophcrack: Open source tools to crack Windows Password, with LiveCD version
  15. Module 15 – Log Capturing and Event Correlation