Which computer language(s) is used to make WhatsApp

Introduction

WhatsApp has been developed from the early days using open source software. WhatsApp engineers use, contribute to and release a lot of open source software.

We contribute to key projects

Our engineers are eager to contribute back to the open source community.

Erlang is a programming language used to build massively scalable soft real-time systems with requirements on high availability.

FreeBSD is an advanced computer operating system used to power modern servers, desktops and embedded platforms.

jqGrid is an Ajax-enabled JavaScript control that provides solutions for representing and manipulating tabular data on the web.

libphonenumber is Google’s common Java, C++ and Javascript library for parsing, formatting, storing and validating international phone numbers.

LightOpenId is a PHP 5 library for easy openid authentication.

lighttpd is an open-source web server optimized for high performance environments while remaining standards-compliant, secure and flexible.

PHP is a popular general-purpose scripting language that is especially suited to web development.

yaws is a HTTP high performance 1.1 webserver particularly well suited for dynamic-content web applications.

Source: WhatsApp :: Open_source

IoT Security is everybody’s business!! – Part 2

We identified the risks and potential threats to our living in the part 1 of this blog. Let us discuss some of the preventive ways to secure our living in this part – some remedial steps which will help repose faith in the technology driven lives.

A study by Hewlett Packard shows that around 70% of the connected devices are prone to serious threats.  Many of the consumers of technology, roughly more than 76% do not understand or appreciate these risks. The attitude is – “.. it has not impacted me so far…”.

To deal with, let us identify the top 10 security issues with IoT to increase our awareness. These could be potential sources:

  Insufficient authentication or authorization
    Insecure Web interface
    Insecure network services
    Insufficient security configuration
    Privacy concerns
    Insecure mobile interface
    Lack of transport encryption
    Insecure software or firmware
    Insecure cloud interface
    Poor physical security

The above list, though not exhaustive, is definitely worth pondering.

All organizations rallying to be the top IoT product and solution providers must compel themselves to create the hard security platforms which will make the solutions bullet-proof for any vulnerability resulting thereof.

While everybody would love to believe prevention is better than cure, we cannot ignore detection and detention of rogue application creators/hackers/disruptors and the havoc-makers. The cyber laws of all lands embracing such technological progress (leaves none untouched though), need to be made more stringent, detectable, with outcomes for prevention. A new brand of Cyber-cops will need to be constituted – who have in-depth knowledge and technical capabilities (rather extensively trained) to

  Comprehend the types of crimes that can be committed
    Analytical skills to trace the equipment(s) used for the crime
    Understand the device characteristics with potential vulnerable points
    Analyze the data getting generated through millions of devices
    Profile the device types used in the crime
    Understand data privacy laws and detect the extent of damage
    Complete understanding of compliance laws of several vertical industries (like BFSI)
    Most of the categorized IoT devices used in solutions
    And many more

What I am indicating is that Cyber police can no longer be a selective location based optimized teams in a police station, but proper networked teams who have extensive tech knowledge of the field. They must be equipped with applications and mechanisms to establish crime patterns and behavioral trends of typical class of the crime being committed (periodically?). These can also be virtual teams which can work on distributed patterns but build a virtual cyber security data center – with enough potentials and credibility to nip the crime in the bud bringing speed and effectiveness into the crime scene.

While preparing for this so-called 3rd Industrial Revolution, the policy makers must get into following actions as part of readiness:

Defining and designing cyber threat intelligence (CTI)
Defining Cyber security ecosystem including suppliers, partners, vendors, business networks
Cyber cells must be formed at each department of the citizen service to create preventive mechanisms for tracking cyber-crimes, and intervention at greater speeds
Creating a level of understanding among the organizations for strong governance, controls and accountability
Enlisting high valued assets(buildings, transports, Physical data centers among many) and provisioning for their safety against such attacks
Using forensic analytics continuously to understand the cyber threat sources and their patterns through threat intelligence data
Policies to monitor all financial transactions through the mobile devices for understanding modus operandi

Cyber Security can no longer be tagged only to IT engineers in this digital era, especially where engineering organizations are embracing it in a big way. With th amalgamation of engineers from various branches to form the IoT teams, it has to be a collaborative effort to create ward-offs by both the core engineers as well as the IT engineers. Every solution must be scrutinized for a security threat and provisioning of the same- as part of each IoT solution. Penetration testing techniques would need more sophistication to weed out holes and at a much better pace.

There must be security norms laid out and each customer at all times must think and demand security wrappers around the solutions being doled out. …hate to say this but CYBER SECURITY CAN BECOME A NIGHTMARE if not taken care of!!

IoT Security is everybody’s business!! – Part 1

With the Digital wave, the structure of the IT organizations, especially those racing to embrace new technologies and IoT is poised for a paradigm shift. Every brilliant side of technological revolution comes with a darker patch as well. With so much of data slated to being generated via connected devices, the Cyber Security can no longer be the forte of IT folks ONLY.

While technology brings in convenience, it also comes at a cost (read flip side).

In the recent past in India, we have started seeing mobile wallets increasingly being used for payments and other financial transactions to another device or account. The connected wallets also create opportunities for hackers to break in and creatively lay their hands on the information pertaining to transactions, account details, the payee details, their numbers, the payment patterns, sources of funds, and many such confidential data which one would not like to divulge.

Cyber security, will don a new hat with the advent of new technology and devices working in tandem. Trying to stop break-ins will need a lot more intelligence and smart techniques to be devised. The provisioning of security to these mushrooming applications and connected devises will need to be really understood well so that people know they are secure while transacting with gates to personal data. The approach itself requires comprehensive techniques.

The mobile channels will provision more incentives with increase in volumes of both devices and transactions. The global reach of the mobiles have opened standard techniques for the hackers across the global hacking communities. Ubiquity and connectivity are vulnerable and enables folks to get to mobile devices. The incentives are more for mobiles which use financial transactions, undoubtedly. It may not be hard for hackers to know which user uses which number to carry out financial transactions.

The richer the features of the mobile, the more it becomes a target for the hackers.  The concern about the privacy invasion by advertisers is rising steeply with these smarter devices. In 2010-11 Wall Street conducted a test for 101 Android/iOS applications and found that more than half sent device information, 47 shared location data, and 5% users –  personal information to advertisers without the consent of the users.

More than 1000 malware target mobile devices globally. An instance of worm attack can infect mobiles rapidly to the tune of millions of handsets.  As mobiles are getting more advanced so are the worms accomplishing more sophistication – raising their quality of attack as well.  As technology carriers are improving the device capability, the blue-tooth and Wi-Fi is also becoming airborne contaminators. Some viruses dial international numbers while the subscriber is sleeping.

The mobile computing increases the data loss as well. With the connected devices expected to transmit data across applications and other devices, the hackers would try means and ways to create opportunities in the chaos. Mobile banking has also brought in rogue applications which are smartly working their way to gather financial information from devices through even legitimate applications topped with these malware at app stores.

Over all this, it is said that more than 37% of the service providers do not have any threat intelligence programs.

Impacting Scenarios

As hackers take control of the connected devices, the very capability for which the IoT was brought in (efficiency, productivity, ease, etc) will be compromised.  It is scary to even think what if the folks are unable to stop machines, controlled by connected devices for convenience- large ones at that. IT security itself will not stand ground here.  The extended knowledge across applied industrial controls and production processes would become mandatory to put the checks and balances in place. (What if one is not able to stop a blast furnace in steel plants?…)

Water Management:  Anything which is scarce and essential comes under the cloud of threat and catches attention for disruptive opportunities. Water management through connected devices is becoming a lucrative offering from many vendors ensuring appropriate water quality, controlled water supply, water treatment, metering and other features. Water consumption, like electricity is also vulnerable where automatic vaults and control mechanisms for pressure and flow are devised to be controlled through technology. A loss of control would create wastage of water across and lead to a water crisis.

Patients Health Records (PHR)

The PHRs of patients are too personal a data to be privy to. These personal health records reveal several confidential parameters of personal health profile of an individual with historic ailments, health issues in the recent past, blood group info, and many more data which can lead to people either playing with or destroying the data for obvious reasons or holding the same for ransom. Very dangerous but true, not because we need to be scared, but the awareness of such a threat is missing till the first casualty occurs.

The Nuclear plants, used for positive reasons, like generating power can be a huge source of risk – if they were to lose hold over the control process of nuclear reactors.  If IoT based controllers were deployed in these plants for the purpose of analytics and other accompanying research advantages, there should be exhaustive sets of checks and audits built in – plus multiple approvals at multiple governance decision points to ensure disasters would be at least minimized.

Likewise, hacking connected or smart cars can lead to road disasters.  This includes the hacking of smart traffic management – feature of smart cities. Insurance transactions can be blocked and claims disabled or diverted, where insurance segments are moving from statistics to individual fact-based policies.

Cloud is another source of vulnerability. The plethora of data being stored on cloud will require tighter secured solutions, and hence the cloud data security will only become more crucial.

It is said that M2M communications will themselves generate about $900 billion in revenues by 2020.

Dependency on the connected devices for various aspects of the futuristic work-style like improved real-time decision making, better design of solutions, reliability on the so-generated data analytics (what about data quality?), driving future product conceptualization, fleet management,  and many others could be a challenge if the systems malfunction due to malware or cyber-attacks.

The above are potential scenarios where the flip side of technology, if misused, can create disasters and can cause unimaginable disruption. However, it is not too late to create a strategic security blueprint and get the awareness levels in the public embracing these newer emerging solutions in future.

We will discuss the potential next steps on what we should do, what the state agencies should do and what the general users should know in the sequel to this blog shortly. Till then happy reading….

12+ FOCUS AREAS FOR A TRANSITION MANAGER!!

              The Focus in transition is a key success factor and if you lose the focus, lots of things may fall off which would be impossible to re-gather to move on. While the statement is simple, the act of holding things together really needs multi-tasking, intense planning and precise execution. If not done meticulously, it can be a huge challenge, if not a nightmare! The following areas of focus need to be kept in mind:

    Change Management
    Client Management
    Risk Management
    Communication Management
    Quality Management
    Issue Management
    Scope Management
    Schedule Management
    Resource Management
    Security Management
    Transition Program Management
    Cutover Management

Apart from that, on the bolt-ons, we have the following areas to look into:

Vendor Management
    Transition Planning
    Pursuit Handover
    Checklist usage and Tools Management

Change Management is the key ingredient of any transition and all other topics get covered under this one umbrella if we were to put across our experiences. Afterall it is a game of Management of Change (MoC)!

Change being inevitable starts with change in the team and the team members who walk in to support start bringing in changes which come in trickles initially and then the trickle grows. The changes could be people, processes, or technology. However it assumes larger proportion when the Transformation activities are chipped into the plan and then the landscape itself is prone to change due to business needs and compulsions.

Client Management is another area which is very critical and due to collaborative nature of the MoC, every service provider must take the customer along in the journey. Having said that, client actually should be the source of change requests and unless the client plays the game with the objectives clearly defined, the outcomes can be un-satisfactory. However, that little nudge as technology service advisors sometimes becomes mandated to push in the right direction.

Risk – no change and no gain comes without risks and Transition is no exception. Risk Management is key since there are bits and pieces tending to fall all over during this journey as turbulent it may be. The risks can be from availability of teams to platforms to vendor behaviours, etc, etc. It is hence very critical to upfront start dealing with risks through identification by understanding the customer contours. This is where the experience of the transition managers counts. If a person playing the role of transition manager has seen this earlier, he can smell the risks much ahead in the game . However, make no mistakes as all risks are not defined or cannot be. Risks can come in any shape or form or time and hence transition managers need to tread carefully to build sufficient mechanisms to mitigate them upfront. The booby traps during transitions in the form of risks are difficult to gauge upfront – all the time.

Communication is a very critical weapon in the transition kit. If you don’t build/define the communication with stakeholders, the transparency suffers and this is where the client can become most apprehensive. An appropriate communication plan should be included in the Integrated Transition Plan document and relevant stakeholders, mode of governance & communication should be defined.

Quality is driven by mutually defining the set of structured processes for the engagement between client and us. All metrics must be unambiguously defined and reflected in the reports. Afterall, what gets measured gets done!

Issue Management should commence the instant you start identifying the risks for the engagement and this happens much earlier in the pre-sales cycle when you are assessing the landscape to takeover. Risks, not mitigated would eventually become issues which need resolutions and hence being proactive and diligent is critical to optimize the level of issues during the transitions.

Scope is very critical and unless we use base-lining techniques, it will only add to the turbulence during the journey. There could be instances where the elements of transition will change, the number of devices or number of applications, etc but we need to work on lead times. Many times, client would keep changing the scope, be it applications, devices, window of services, L1/L2/L3 definitions as per his perspective, etc – but may still expect the deadlines not to be shifted. This is a real challenge and hence you have to keep impressing the risks of doing a quick and dirty job in view of these changes. If the client confirms the risk appetite, it becomes easier to take up the risks. Hence a risk profiling of the scenario must be documented and submitted as a formal report or deliverable as part of the Change Management Process.

Related to the above, are Schedule and Resource management aspects. The Changes above would have a direct impact on the schedule, deadlines, resource needs in quantity and quality. I have seen the in-flight changes to scope and that, if not handled deftly and diplomatically, can turn into a relationship disaster. Your focus should be on transparency so that you find a natural sympathizer from the client organization (hence you should insist on identification of a Client Transition SPOC). Mobilizing resources is another challenge, even in large organizations. Hence please expect hard negotiations on lead times.

Security Management is more an item for set up and steady state but the seeds are sown during the transition and hence is highly inflammable if the team members don’t understand the impact of NDAs and data privacy. It becomes one of the activity in the transition plan to have a 30 min briefing by the program manager to all team members on the contractual obligations on security and its breaches – more so, the consequences.

It is highly advised to have a TPMO – the Transition Program Management Office – commissioned as part of the start-up. With so many things flying around, in transit, in change, dynamically changing around, one should have a single stop shop to manage that and that Management of Change office is the TPMO where such things are noted, notified, called out, actioned, resolved – driving all towards the destination milestone!! Many times this is given a miss and this is when you cut corners, especially for engagements greater than 40+ FTEs, you will feel the heat in the course of the engagement.

When ready to take over, your set of clients for the commencement of such a change in services, may, also change. They could be the end customers for your clients or your clients themselves. Whoever be the stakeholders, all must be notified of the upcoming changes in the services, from when, what will change (call-in numbers, especially), who will be responsible, improvements if any, change in processes -if any, etc. Hence a the TPMO must establish the Transition Cutover Command Center (TC3) for communication in advance so that service disruption due to non-awareness is vastly optimized.

There are other areas that come into play during this Management of Change:

We could be in a situation where we need to manage the Vendors on behalf of the client. If there are many such vendors where contract novation happens, it is ideal to set up a multi-vendor council (MVC) as a general practice.
An Integrated Transition Plan is a blueprint with all planning aspects addressed comprehensively including the mpp for schedule of transition, RACI, etc., that becomes a rulebook establishing who will do what and when. This is another thing that should be used as a deliverable to the client and sign-off obtained.
When the focus of activity that passes from sales to transition, especially if the transition manager is not involved from a pre-sales stage, may things can drop hence creating a gap between what is committed and what gets delivered. Hence there should be a window for a proper Pursuit Handover activity to the transition manager. What gets handed over to the transition manager is the expectations sold to the client.
Checklist usage and Tools Management: non-establishment of a transition kit upfront can lead to scampering in between for proper checklists and tools. Usage of many tools, yet struggling to deliver a proper clean report is observed as outcomes of poor planning and casual approach to transition. This can become a nightmare as without appropriate tools, you cannot control the drive to destination.

Net-net, planning and continuous monitoring is key to any transition and Transition manager who is not entrenched into the details, would create a difficult journey for himself and the team with severe impact to the QoS!

Digital Workforce: Next Gen Engineers Asset

        The IT industry service providers are right now struggling with means and mechanisms to transform the existing workforce to adopt and adapt the Digital skills. As they keep stepping deeper and deeper, the journey seems to be getting more difficult and complex. The lateral folks resting on their laurels for long are finding it difficult to put their arms around the new technology and software engineering changes demanded as the industry as a whole seems to be suffering from inertia, built over more than a decade.
cropped-493d117744b6f0d01da7b16f25da1e82.jpg
The technological advances in the past 2-3 years have been going at a phenomenal pace. The platforms, packages, penetration of Social Media, Mobile apps, transformation to Cloud, Analytics being used as a primary R&D tool for almost all domains, and latest being the IoT – all have brought in compulsive factors in each of the industrial domain. It now looks like no industry will survive without embracing technology.

Many of the technologies/platforms that we hear today in the IT industry never existed 8-10 years ago like Raspberry Pi, Xively, Thingworx, Mahout, Apache KafKa, IBM Bluemix, Osmosis, etc – and to add further to the pace, what we see today maybe just the 40% of what we will see in the next 5 years!!  The bright minds would be needed in every organization to drive the adoption and delivery of solutions using these technologies.

The Next wave of engineers who will come out by 2017-18  hold the key. When I speak to them on the transformations and new developments today, they seem to understand most of the emerging areas, thinking like professionals who are ready to learn, execute and conquer the new technological frontiers beckoning them. Many with right support of the campuses are ideating like never before. Many are taking on the mantle of becoming entrepreneurs and donning a techno-commercial hat. They are able to talk, like the typical maverick innovative thinkers. Though many would think that’s not what we want, I would contest that this is what is needed now. If we cannot think out of the box, the conventional approach will spell a disaster.

The IT Organizations (especially those in service industry) are running aggressive internal transformation programs, some in a focused and some on discretionary ways, but the attention and absorption being quite low, the grip on the handle is a suspect. Hence the infusion of the new blood to mix and rejuvenate the read-to-learn experienced folks will create the new organizations which will sustain the next five years, if not the decade.

The young engineering students pursuing technology to graduate in 2017-18 will have bigger challenge to close the gaps between what was taught in earlier part of the curriculum and what is being rolled out in the current curriculum. The following will come true in the next few years:

There will be unprecedented collaboration between industries and academia to create unique products on mass scale. Both will come together to create a more vibrant workforce for facing the upcoming market competition and demands.
Project works or internships may start assuming more significance as IoT areas would require more hands on than being limited to a theoretical exercise. Industries would demand longer duration of projects/internships. It would extend from 6-12 months than the current 3-4 months. The top students would get paid heavily by the Indian outfits.
More internal labs and incubation centers would find places alongside customer CoEs, co-created between service providers, academia, product vendors and customers. All would focus to create innovative market disruptors and hence may unleash a fierce but healthy competition between the internal lines of business. Perhaps a mini Technology office within each delivery unit will be a need for the next 4-5 years.

With the above, more patents are expected to be created and the IP creation will become a buzzword to swear by, more aggressively.

Cloud, Mobility and Analytics will no longer be niche areas and every IT professional has to understand about few of these areas to decent levels of depth. Hence each delivery unit will need to have architects in these areas embedded into their organization.

With this being the futuristic scenario, the existing workforce will have quite a bit to bite and chew. The organizations struggling to wriggle out of the historical structures (especially ones where personality based organization structures have been a trend) would need to be dismantled. Every organization would need to re-incarnate themselves with a heavy focus on the next generation engineers playing a heavy role in the transformation. The quality of engineers will be focus and the pay packs are slated to surge up. Hence the intake may be limited to those who can walk the talk. Continue reading “Digital Workforce: Next Gen Engineers Asset”

Software Development Methodologies

Introduction
A software development methodology or system development methodology in software engineering is a framework that is used to structure, plan, and control the process of developing an information system.

There are the following methodologies:

Agile Software Development
    Crystal Methods
    Dynamic Systems Development Model (DSDM)
    Extreme Programming (XP)
    Feature Driven Development (FDD)
    Joint Application Development (JAD)
    Lean Development (LD)
    Rapid Application Development (RAD)
    Rational Unified Process (RUP)
    Scrum
    Spiral
    Systems Development Life Cycle (SDLC)
    Waterfall (a.k.a. Traditional)

Agile Software Development Methodology

Agile software development is a conceptual framework for undertaking software engineering projects. There are a number of agile software development methodologies e.g. Crystal Methods, Dynamic Systems Development Model (DSDM), and Scrum.

Most agile methods attempt to minimize risk by developing software in short time boxes, called iterations, which typically last one to four weeks. Each iteration is like a miniature software project of its own, and includes all the tasks necessary to release the mini-increment of new functionality: planning, requirements analysis, design, coding, testing, and documentation. While iteration may not add enough functionality to warrant releasing the product, an agile software project intends to be capable of releasing new software at the end of every iteration. At the end of each iteration, the team reevaluates project priorities.

Agile methods emphasize realtime communication, preferably face-to-face, over written documents. Most agile teams are located in a bullpen and include all the people necessary to finish the software. At a minimum, this includes programmers and the people who define the product such as product managers, business analysts, or actual customers. The bullpen may also include testers, interface designers, technical writers, and management .

Agile methods also emphasize working software as the primary measure of progress. Combined with the preference for face-to-face communication, agile methods produce very little written documentation relative to other methods. Continue reading “Software Development Methodologies”

How to remove malware from your Windows PC

Is your computer running slower than usual? How to remove malware from your Windows PCAre you getting lots of pop-ups? Have you seen other weird problems crop up? If so, your PC might be infected with a virus, spyware, or other malware—even if you have an antivirus program installed. Though other problems such as hardware issues can produce similarly annoying symptoms, it’s best to check for malware if your PC is acting up and we’ll show you how to do it yourself.

Step 1: Enter Safe Mode

Before you do anything, you need to disconnect your PC from the internet, and don’t use it until you’re ready to clean your PC. This can help prevent the malware from spreading and/or leaking your private data.

If you think your PC may have a malware infection, boot your PC into Microsoft’s Safe Mode. In this mode, only the minimum required programs and services are loaded. If any malware is set to load automatically when Windows starts, entering in this mode may prevent it from doing so. This is important because it allows the files to be removed easier since they’re not actually running or active.

Sadly, Microsoft has turned the process of booting into safe mode from a relatively easy process in Windows 7 and Windows 8 to one that is decidedly more complicated in Windows 10. To boot into Windows Safe Mode, first click the Start Button in Windows 10 and select the Power button as if you were going to reboot, but don’t click anything. Next hold down the Shift key and click Reboot. When the full-screen menu appears, select Troubleshooting, then Advanced Options, then Startup Settings. On the next window click the Restart button and wait for the next screen to appear (just stick with us here, we know this is long). Next you will see a menu with numbered startup options; select number 4, which is Safe Mode. Note that if you want to connect to any online scanners you’ll need to select option 5, which is Safe Mode with Networking.

You may find that your PC runs noticeably faster in Safe Mode. This could be a sign that your system has a malware infection, or it could mean that you have a lot of legitimate programs that normally start up alongside Windows. If your PC is outfitted with a solid state drive it’s probably fast either way.

Step 2: Delete temporary files

Temp files You can use Windows 10’s built-in disk cleanup utility to rid your system of unnecessary temp files. tempfiles

Now that you’re in Safe Mode, you’ll want to run a virus scan. But before you do that, delete your temporary files. Doing this may speed up the virus scanning, free up disk space, and even get rid of some malware. To use the Disk Cleanup utility included with Windows 10 just type Disk Cleanup in the search bar or after pressing the Start button and select the tool that appears named Disk Cleanup.

Step 3: Download malware scanners

Now you’re ready to have a malware scanner do its work—and fortunately, running a scanner is enough to remove most standard infections. If you already had an antivirus program active on your computer, you should use a different scanner for this malware check, since your current antivirus software may not have detected the malware. Remember, no antivirus program can detect 100 percent of the millions of malware types and variants.

There are two types of antivirus programs. You’re probably more familiar with real-time antivirus programs, which run in the background and constantly watch for malware. Another option is an on-demand scanner, which searches for malware infections when you open the program manually and run a scan. You should have only one real-time antivirus program installed at a time, but you can have many on-demand scanners installed to run scans with multiple programs, thereby ensuring that if one program misses something a different one might find it.

If you think your PC is infected, we recommend using an on-demand scanner first and then following up with a full scan by your real-time antivirus program. Among the free (and high-quality) on-demand scanners available are BitDefender Free Edition, Kaspersky Virus Removal Tool, Malwarebytes, Microsoft’s Malicious Software Removal Tool, Avast, and SuperAntiSpyware.

Step 4: Run a scan with Malwarebytes

For illustrative purposes, we’ll describe how to use the Malwarebytes on-demand scanner. To get started, download it. If you disconnected from the internet for safety reasons when you first suspected that you might be infected, reconnect to it so you can download, install, and update Malwarebytes; then disconnect from the internet again before you start the actual scanning. If you can’t access the internet or you can’t download Malwarebytes on the infected computer, download it on another computer, save it to a USB flash drive, and take the flash drive to the infected computer.

After downloading Malwarebytes, run the setup file and follow the wizard to install the program. Once the program opens, keep the default scan option (“Threat Scan”) selected and click the Start Scan button. It should check for updates before it runs the scan, so just make sure that happens before you proceed.

Though it offers a custom-scan option, Malwarebytes recommends that you perform the threat scan first, as that scan usually finds all of the infections anyway. Depending on your computer, the quick scan can take anywhere from 5 to 20 minutes, whereas a custom scan might take 30 to 60 minutes or more. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.

If Malwarebytes automatically disappears after it begins scanning and won’t reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. Though you can try some tricks to get around this malicious technique, you might be better off reinstalling Windows after backing up your files (as discussed later), in view of the time and effort you may have to expend to beat the malware.

Once the scan is complete Malwarebytes will show you the results. If the software gives your system a clean bill of health but you still think that your system has acquired some malware, consider running a custom scan with Malwarebytes and trying the other scanners mentioned earlier. If Malwarebytes does find infections, it’ll show you what they are when the scan is complete. Click the Remove Selected button in the lower left to get rid of the specified infections. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.

If your problems persist after you’ve run the threat scan and it has found and removed unwanted files, consider running a full scan with Malwarebytes and the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.
Step 5: Fix your web browser

Malware infections can damage Windows system files and other settings. One common malware trait is to modify your web browser’s homepage to reinfect the PC, display advertisements, prevent browsing, and generally annoy you.

Before launching your web browser, check your homepage and connection settings. For Internet Explorer right-click the Windows 10 Start button and select Control Panel, then Internet Options. Find the Home Page settings in the General tab, and verify that it’s not some site you know nothing about. For Chrome, Firefox, or Edge, simply go to the setttings window of your browser to check your homepage setting.

IE Home Page Settings

Step 6: Recover your files if Windows is corrupt

If you can’t seem to remove the malware or if Windows isn’t working properly, you may have to reinstall Windows. But before wiping your hard drive, copy all of your files to an external USB or flash drive. If you check your email with a client program (such as Outlook or Windows Mail), make sure that you export your settings and messages to save them. You should also back up your device drivers with a utility such as Double Driver, in case you don’t have the driver discs anymore or don’t want to download them all again. Remember, you can’t save installed programs. Instead, you’ll have to reinstall the programs from discs or redownload them.

If Windows won’t start or work well enough to permit you to back up your files, you may create and use a Live CD, such as Hiren’s BootCD (HBCD), to access your files.

Once you have backed up everything, reinstall Windows either from the disc that came with your PC, by downloading the installation image from Microsoft, or by using your PC’s factory restore option, if it has one. For a factory restore you typically must press a certain key on the keyboard during the boot process in order for restore procedure to initialize, and your PC should tell you what key to press in the first few seconds after you turn it on. It there’s no on-screen instructions consult your manual, the manufacturer, or Google.
Keeping your PC clean

Always make sure that you have a real-time antivirus program running on your PC, and make sure this program is always up-to-date. If you don’t want to spend money on yearly subscriptions, you can choose one of the many free programs that provide adequate protection, such as Avast, AVG, Panda, or Comodo. You can read more about how to find the best antivirus program for your needs right here.

In addition to installing traditional antivirus software, you might consider using the free OpenDNS service to help block dangerous sites. And if you frequent shady sites that might infect your PC with malware, consider running your web browser in sandbox mode to prevent any downloaded malware from harming your system. Some antivirus programs, such as Comodo, offer sandboxing features, or you can obtain them through a free third-party program such as Sandboxie.

When you think that you’ve rid your PC of malware infections, double-check your online accounts, including those for your bank, email, and social networking sites. Look for suspicious activity and change your passwords—because some malware can capture your passwords.

If you have a backup system in place that automatically backs up your files or system, consider running virus scans on the backups to confirm that they didn’t inadvertently save infections. If virus scans aren’t feasible, as is the case with online systems since they usually will only scan a drive attached to your PC or just the C: drive, consider deleting your old backups and resetting the software to begin saving new backups that are hopefully free from infections.

Keep Windows, other Microsoft software, and Adobe products up-to-date. Make sure that you have Windows Update turned on and enabled to download and install updates automatically. If you’re not comfortable with this, set Windows to download the updates but let you choose when to install them.

Technical Quotes for the Students

1) “Technology is just a tool. In terms of getting the kids working together and motivating them, the teacher is most important.” – Bill Gates

2) “There can be infinite uses of the computer and of new age technology, but if teachers themselves are not able to bring it into the classroom and make it work, then it fails.” – Nancy Kassebaum

3) “Any teacher that can be replaced with a computer, deserves to be.” – David Thornburg

4) “Teachers need to integrate technology seamlessly into the curriculum instead of viewing it as an add-on, an afterthought, or an event.” – Heidi-Hayes Jacobs

5) “It is not about the technology; it’s about sharing knowledge and information, communicating efficiently, building learning communities and creating a culture of professionalism in schools. These are the key responsibilities of all educational leaders.” – Marion Ginapolis

6) “Education is evolving due to the impact of the Internet. We cannot teach our students in the same manner in which we were taught. Change is necessary to engage students not in the curriculum we are responsible for teaching, but in school. Period.” – April Chamberlain

7) “We need to embrace technology to make learning more engaging. Because when students are engaged and they are interested, that’s where learning takes place.”

8) “We need technology in every classroom and in every student and teacher’s hand, because it is the pen and paper of our time, and it is the lens through which we experience much of our world.” – David Warlick

9) “When we talk about 21st century pedagogy, we have to consider many things—the objectives of education, the curriculum, how assessment strategies work, the kind of technology infrastructure involved, and how leadership and policy facilitate attaining education goals.” – Chris Dede, Harvard University

10) 21st Century Education won’t be defined by any new technology. It won’t be just defined by 1:1 technology programs or tech-intensive projects. 21st Century Education will, however, be defined by a fundamental shift in what we are teaching – a shift towards learner-centered education and creating creative thinkers. – Karl Fisch

How Do Search Engines Work?

         To many people, Google IS the internet. It’s the default homepage and the first port of call before accessing any site. It’s arguably the most important inventhow search engines workion since the Internet itself. Without search engines, content would all be hand picked – just like newspapers and magazines. And while search engines have changed a lot since those first humble beginnings – and Google certainly isn’t the only search engine out there –  the underlying principles are the same as they always were.

Do you know how search engines work? There are three basic stages for a search engine: crawling – where content is discovered; indexing, where it is analysed and stored in huge databases; and retrieval, where a user query fetches a list of relevant pages.

Crawling:

Crawling is where it all begins – the acquisition of data about a website. This involves scanning the site and getting a complete list of everything on there – the page title, images, keywords it contains, and any other pages it links to – at a bare minimum. Modern crawlers may cache a copy of the whole page, how search engines workas well as look for some additional information such as the page layout, where the advertising units are, where the links are on the page (featured prominently in the article text, or hidden in the footer?).

How is a website crawled exactly? An automated bot – a spider – visits each page, just like you or I would, only very quickly. Even in the earliest days, Google reported that they were reading a few hundred pages a second. If you’d like to learn how to make your own basic web crawler in PHP – it was one of the first articles I wrote here and well worth having a go at (just don’t expect to make the next Google).

The crawler then adds all the new links it found to a list of places to crawl next – in addition to re-crawling sites again to see if anything has changed. It’s a never-ending process, really.

how search engines work

Any site that is linked to from another site already indexed, or any site that manually asked to be indexed, will eventually be crawled – some sites more frequently than others and some to a greater depth. If the site is huge and content hidden many clicks away from the homepage, the crawler bots may actually give up. There are ways to ask search engines NOT to index a site, though this is rarely used to block an entire website.

There was even a time when large parts of the Internet were essentially invisible to search engines – the so-called “deep web” – but this is rare now. how do search engines workTOR-hosted websites (What is Onion Routing?) for example, remain unindexed by Google, and are only accessible by connecting to the TOR network and knowing the address.

how do search engines work

Indexing:

You’d be forgiven for thinking this is an easy step – indexing is the process of taking all of that data you have from a crawl, and placing it in a big database. Imagine trying to a make a list of all the books you own, their author and the number of pages. Going through each book is the crawl and writing the list is the index. But now imagine it’s not just a room full of books, but every library in the world. That’s pretty much a small-scale version of what Google does.how do search engines work
All of this data is stored in vast data-centres with thousands of petabytes worth of drives. Here’s a sneaky peak inside one of Google’s:

Ranking & Retrieval:

The last step is what you see – you type in a search query, and the search engine attempts to display the most relevant documents it finds that match your query. This is the most complicated step, but also the most relevant to you or I, as web developers and users. It is also the area in which search engines differentiate themselves (though, there was some evidence that Bing was actually copying some Google results). Some work with keywords, some allow you to ask a question, and some include advanced features like keyword proximity or filtering by age of content.

The ranking algorithm checks your search query against billions of pages to determine how relevant each one is. This operation is so complex that companies closely guard their own ranking algorithms as patented industry secrets. Why? Competitive advantage for a start – so long as they are giving you the best search results, they can stay on top of the market. Secondly, to prevent gaming of the system and giving an unfair advantage to one site over another.

Once the internal methodology of any system is fully understood, there will always be those who try to “hack” it – discover the ranking factors and exploit them for monetary gain.how do search engines work
Exploiting the ranking algorithm has in fact been commonplace since search engines began, but in the last 3 years or so Google has really made that difficult. Originally, sites were ranked based on how many times a particular keyword was mentioned. This led to “keyword stuffing”, where pages are filled with mostly nonsense so long as it includes the keyword everywhere.

Then the concept of importance based on linking was introduced  – more popular sites would be more linked to, obviously – but this led to a proliferation of spammed links all over the web. Now each link is determined to have a different value, depending on the “authority” of the site in question. If a high level government agency links to you, it’s worth far more than a link found in a free-for-all “link directory”.

Shodan: The IoT search engine

[Opinion] Shodan is not the devil, but rather a messenger which should make us take responsibility for our own security in a world of webcams and mobile devices.

Shodan has made it even easier for our inner voyeur to spy upon the open webcams of homes across the world — but are the ramifications more pronounced than idle surveillance?

Launched in 2013, Shodan is a search engine used to find Internet of Things (IoT) connected devices around the world. Webcams, security systems and routers are only some of the devices which, once connected to the Web, can offer a glimpse into our lives behind locked doors should poor security turn the key.

Unfortunately, despite a steep rise in home Internet connectivity and the use of connected home devices — from lighting to cameras — and IoT-based vehicles, security comes up short.

We’ve heard of Jeeps hacked by attackers able to control braking systems, IoT devices with obsolete firmware that can be easily compromised by a remote hacker, and routers placed at risk should you fall for a phishing campaign.

The rapid push to capitalise on consumer IoT devices has left a rift which security needs to fill, and much of it can be solved by forcing consumers to take control of their basic security right at the start — while other elements, such as patching firmware flaws, are the responsibility of vendors.

Shodan, while potentially a dangerous tool, is also the absolute example of what can happen when devices with lax security enter our daily lives.

In some ways, Shodan is a voyeur’s dream. A quick scan either through paid or free membership using terms such as port:554 has_screenshot:true reveals cameras installed in places ranging from car parks in Japan to bars in France, private lounges in Korea to rabbit cages in Germany.

As reported by Ars Technica, you can use the vulnerable cam feed to find everything from “marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores.”

Once you’ve gotten over contemplating the decor choices of citizens in countries including the UK, US and Russia, you begin to realize being able to snoop in bedrooms, kitchens, garages, lounges and gardens has a far darker side than fleeting amusement.

A swift, short search also shows cameras honing in on sleeping children, oblivious couples snuggled on the sofa and happy patrons at bars, unaware their faces are being broadcast to the Internet while they enjoy a cheeky pint.

As the gallery of snapshots shows below, every facet of our lives can be recorded for the viewing of the Internet at large. (Faces and identifiable markers have been blurred by ZDNet to protect identities.)

But why does this happen?

Shodan scours the Web for devices which use Real Time Streaming Protocol (RTSP port 554) which are left open without basic password protection — or only the default password settings — in place. Luckily for those with vulnerable webcams, Shodan trawls the web for open feeds but only takes a snapshot before moving on.

This is bad enough, however, to highlight how important security has become for the average consumer, whether they realise it or not.

There’s no easy answer for consumers. Home cameras come in useful, especially when they are used for security. I use one myself, which remains on its own network and disconnected from any other IoT devices I have installed as one of the few measures I can take to improve the security of my devices.

When I’m out and about or abroad, I like knowing that intruders will set off both motion sensors and my camera, there will be a live stream, alert and the option to record footage of any unwanted guests. I also enjoy the fact I can ‘check-in’ to make sure everything is fine when i’m away.

There was something else I did straight out of the box, however: I changed the default passwords on every IoT device I operate at home. But not every device even allows you to do this, and this responsibility lies at the feet of vendors — which may require regulatory pressure to get their act together.

Security researcher Dan Tentler told Ars there are likely “millions” of vulnerable webcams in use. However, solving the problems this idea prompts cannot be done with a simple over-air patch.

Money, trust, and interest lie at the core. Consumers will often choose cheaper products that do the job over more expensive options, vendors wish to create the best profit margins possible, and a current lack of IoT security regulations set the trend.

In addition, consumers often expect vendors to provide secure products as a matter-of-course, and may not understand or care about ensuring complex passwords and barriers are in place before using their latest gadget.

It is possible that regulators such as the US Federal Trade Commission (FTC) may step in to stem the tide of vulnerable IoT devices, but until regulations are firmly in place, consumers are left in limbo.

The FTC issued a report last year urging IoT device makers to adopt a set of best practices to keep devices secure, but more must be done in the future to protect our connected homes.

If nothing else, make sure you change the default password on your device, if you can. Default passwords can be easily found by search engines such as Shodan, and by leaving default settings in place, you may be unwittingly inviting the interested eyes of the Web into your home.

But perhaps you should ask yourself: In a world where the Internet of Things is a fledgling industry and security is yet to catch up, do we really need a camera to enhance a baby monitor? In order to protect our privacy, is it completely outside of the realm of possibility to take a step back and downgrade some of our technology to maintain our privacy at home?

If the answer to the latter is no, then at the very least, any device connected to the Internet which can stream video or audio should not be placed in areas you would prefer to keep private.