What if the Earth STOPS Spinning- (Full Documentary)
Why does the moon change shape?
A 2D instructional animation created to show how multimedia might feature in lectures.
Used in Epigeum's Learning Technologies Online course: Built to an unusually high standard, these courses contain fascinating case studies from around the world, together with a wealth of interactive simulations.
Used in Epigeum's Learning Technologies Online course: Built to an unusually high standard, these courses contain fascinating case studies from around the world, together with a wealth of interactive simulations.
Google announce to pay death employees' families for 10 years!
Google treats its dead employees better than some companies do their living workers.
Google recently rolled out death benefits to employees, including a generous offer to pay the spouse or partner of a deceased staffer half of their salary for a decade. The company's "chief people officer" Laszlo Bock revealed in an interview with Forbes.
The news of these death benefits also comes with "no tenure requirement," but it covers only U.S. employees right now. It was put into place earlier this year.
Mashable confirmed with a Google spokesperson that the benefits don't just stop at salary. The surviving spouse or partner of a deceased employee will also acquire vested stock benefits, and children will receive $1,000 a month until the age of 19. The timeline can be extended if the child is in school full time.
"Obviously there's no benefit to Google. But it's important to the company to help our families through this horrific if inevitable life event." A Google representative declined to comment in more detail about the policy.
According to Bock "what helps employees ultimately helps the company."
Google recently rolled out death benefits to employees, including a generous offer to pay the spouse or partner of a deceased staffer half of their salary for a decade. The company's "chief people officer" Laszlo Bock revealed in an interview with Forbes.
The news of these death benefits also comes with "no tenure requirement," but it covers only U.S. employees right now. It was put into place earlier this year.
Mashable confirmed with a Google spokesperson that the benefits don't just stop at salary. The surviving spouse or partner of a deceased employee will also acquire vested stock benefits, and children will receive $1,000 a month until the age of 19. The timeline can be extended if the child is in school full time.
"Obviously there's no benefit to Google. But it's important to the company to help our families through this horrific if inevitable life event." A Google representative declined to comment in more detail about the policy.
According to Bock "what helps employees ultimately helps the company."
Habits of Successful Vs Unsuccessful People:
Everyone wants to be successful in their life. Nobody wants to lead a life like a minion with mediocre existence. There are plenty of habits that successful people share with each other. We came across a powerful infographic by successstory that differentiates the successful people from those who are unsuccessful.
For instance successful people will take risks, are humble and exude joy. Whereas unsuccessful people think they know it all, blame others, never set goals and always get angry at others. If you want to be successful in life and want to reach higher levels of accomplishments, then do try to follow some of the given habits, if not all of them.
Source : businessinsider
10 security tips to protect your website from hackers
01. Keep software up to date
It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.
If you are using a managed hosting solution then you don't need to worry so much about applying security updates for the operating system as the hosting company should take care of this.
If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in.
02. SQL injection
SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.
Consider this query:
"SELECT * FROM table WHERE column = '" + parameter + "';"
If an attacker changed the URL parameter to pass in ' or '1'='1 this will cause the query to look like this:
"SELECT * FROM table WHERE column = '' OR '1'='1';"
Since '1' is equal to '1' this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.
03. XSS
Cross site scripting is when an attacker tries to pass in JavaScript or other scripting code into a web form to attempt to run malicious code for visitors of your site. When creating a form always ensure you check the data being submitted and encode or strip out any HTML.
04. Error messages
Be careful with how much information you give away in your error messages. For example if you have a login form on your website you should think about the language you use to communicate failure when attempting logins. You should use generic messages like “Incorrect username or password” as not to specify when a user got half of the query right. If an attacker tries a brute force attack to get a username and password and the error message gives away when one of the fields are correct then the attacker knows he has one of the fields and can concentrate on the other field.
05. Server side validation/form validation
Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.
06. Passwords
Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.
As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.
Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.
In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.
Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it's worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset.
07. File uploads
Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded however innocent it may look, could contain a script that when executed on your server completely opens up your website.
If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not full proof. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.
So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won't attempt to execute files with image extensions, but it isn't recommended to rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.
Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can't be executed. If using *nix you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.
deny from all
order deny,allow
allow from all
Ultimately, the recommended solution is to prevent direct access to uploaded files all together. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content type in the HTTP header. For example:
- <img src="/imageDelivery.php?id=1234" />
- // imageDelivery.php
- // Fetch image filename from database based on $_GET["id"]
- ...
- // Deliver image to browser
- Header('Content-Type: image/gif');
- readfile('images/'.$fileName);
- ?>
Most hosting providers deal with the server configuration for you, but if you are hosting your website on your own server then there are few things you will want to check.
Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarised Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don't have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP.
If you are allowing files to be uploaded from the Internet only use secure transport methods to your server such as SFTP or SSH.
If possible have your database running on a different server to that of your web server. Doing this means the database server cannot be accessed directly from the outside world, only your web server can access it, minimising the risk of your data being exposed.
Finally, don't forget about restricting physical access to your server.
09.SSL
SSL is a protocol used to provide security over the Internet. It is a good idea to use a security certificate whenever you are passing personal information between the website and web server or database. Attackers could sniff for this information and if the communication medium is not secure could capture it and use this information to gain access to user accounts and personal data.
10. Website security tools
Once you think you have done all you can then it's time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short.
There are many commercial and free products to assist you with this. They work on a similar basis to scripts hackers will use in that they test all know exploits and attempt to compromise your site using some of the previous mentioned methods such as SQL injection.
Some free tools that are worth looking at:
- Netsparker (Free community edition and trial version available). Good for testing SQL injection and XSS
- OpenVAS. Claims to be the most advanced open source security scanner. Good for testing known vulnerabilities, currently scans over 25,000. But it can be difficult to setup and requires a OpenVAS server to be installed which only runs on *nix. OpenVAS is fork of a Nessus before it became a closed-source commercial product.
The results from automated tests can be daunting, as they present a wealth of potential issues. The important thing is to focus on the critical issues first. Each issue reported normally comes with a good explanation of the potential vulnerability. You will probably find that some of the medium/low issues aren't a concern for your site.
If you wish to take things a step further then there are some further steps you can take to manually try to compromise your site by altering POST/GET values. A debugging proxy can assist you here as it allows you to intercept the values of an HTTP request between your browser and the server. A popular freeware application called Fiddler is a good starting point.
So what should you be trying to alter on the request? If you have pages which should only be visible to a logged in user then I would try changing URL parameters such as user id, or cookie values in an attempt to view details of another user. Another area worth testing are forms, changing the POST values to attempt to submit code to perform XSS or to upload a server side script.
Hopefully these tips will help keep your site and information safe. Thankfully most CMSes have a lot of inbuilt website security features, but it is a still a good idea to have knowledge of the most common security exploits so you can ensure you are covered.
There are also some helpful modules available for CMSes to check your installation for common security flaws such as Security Review for Drupal and WP Security Scan for WordPress.
Content Source : creativebloq.com
3 Easy Steps that Protect Your Website From Hackers
As a webmaster, is there anything more terrifying than the thought of seeing all of your web-developed work being altered or wiped out entirely by a nefarious hacker? You’ve worked hard on your website – so take the time to protect it by implementing basic hacking protections!
In addition to regularly backing up your files (which you should already be doing, for various reasons), taking the following three easy steps will help to keep your website safe:
Step #1 – Keep platforms and scripts up-to-date
One of the best things you can do to protect your website is to make sure any platforms or scripts you’ve installed are up-to-date. Because many of these tools are created as open-source software programs, their code is easily available – both to good-intentioned developers and malicious hackers. Hackers can pour over this code, looking for security loopholes that allow them to take control of your website by exploiting any platform or script weaknesses.
As an example, if you’re running a website built on WordPress, both your base WordPress installation and any third-party plugins you’ve installed may potentially be vulnerable to these types of attacks. Making sure you always have the newest versions of your platform and scripts installed minimizes the risk that you’ll be hacked in this way – though this isn’t a “fail safe” way to protect your website.
Step #2 – Install security plugins, when possible
To enhance the security of your website once your platform and scripts are up-to-date, look into security plugins that actively prevent against hacking attempts.
Again, using WordPress as an example, you’ll want to look into free plugins like Better WP Security and Bulletproof Security (or similar tools that are available for websites built on other content management systems). These products address the weaknesses that are inherent in each platform, foiling additional types of hacking attempts that could threaten your website.
Alternatively – whether you’re running a CMS-managed site or HTML pages – take a look at SiteLock. SiteLock goes above and beyond simply closing site security loopholes by providing daily monitoring for everything from malware detection to vulnerability identification to active virus scanning and more. If your business relies on its website, SiteLock is definitely an investment worth considering.
Step #3 – Lock down your directory and file permissions
Now, for this final technique, we’re going to get a little technical – but stick with me for a moment…
All websites can be boiled down to a series of files and folders that are stored on your web hosting account. Besides containing all of the scripts and data needed to make your website work, each of these files and folders is assigned a set of permissions that controls who can read, write, and execute any given file or folder, relative to the user they are or the group to which they belong.
On the Linux operating system, permissions are viewable as a three digit code where each digit is an integer between 0-7. The first digit represents permissions for the owner of the file, the second digit represents permissions for anyone assigned to the group that owns the file, and the third digit represents permissions for everyone else. The assignations work as follows:
4 equals Read
2 equals Write
1 equals Execute
0 equals no permissions for that user
2 equals Write
1 equals Execute
0 equals no permissions for that user
As an example, take the permission code “644.” In this case, a “6” (or “4+2”) in the first position gives the file’s owner the ability to read and write the file. The “4” in the second and third positions means that both group users and internet users at large can read the file only – protecting the file from unexpected manipulations.
So, a file with “777” (or 4+2+1 / 4+2+1 / 4+2+1 )permissions would then readable, write-able, and executable by the user, the group and everyone else in the world.
As you might expect, a file that is assigned a permission code that gives anyone on the web the ability to write and execute it is much less secure than one which has been locked down in order to reserve all rights for the owner alone. Of course, there are valid reasons to open up access to other groups of users (anonymous FTP upload, as one example), but these instances must be carefully considered in order to avoid creating a security risk.
For this reason, a good rule of thumb is to set your permissions as follows:
- Folders and directories = 755
- Individual files = 644
To set your file permissions, log in to your cPanel’s File Manager or connect to your server via FTP. Once inside, you’ll see a list of your existing file permissions (as in the following example generated using the Filezilla FTP program):
The final column in this example displays the folder and file permissions currently assigned to the website’s content. To change these permissions in Filezilla, simply right click the folder or file in question and select the “File permissions” option. Doing so will launch a screen that allows you to assign different permissions using a series of checkboxes:
Although your web host’s or FTP program’s backend might look slightly different, the basic process for changing permissions remains the same. If you have any questions about modifying your folder and file permissions, please see this helpful link. Don’t put off taking this important step – securing your site using all of these different strategies is a big part of keeping your site healthy and safe in the long run!
Source : content collect from hostgator, posted by Taylor Hawes
You are good! but your team is the one working very hard to give you a taste of success.
10 rules startup founders must remember about discipline
Rule#1 Friends are friends, colleagues are colleagues:
This is the first and foremost rule for every startup founder to instill. Your friends might have joined you in your entrepreneurship journey, but they need to prove their professional worth to be a part of a startup just like any other team member is expected to do.
Rule#2 Don’t push away legal formalities
We understand that you are a startup, and lots of your processes are still not in place, but that should not justify any lethargy in following standard practices, especially in hiring. Friends might be okay to join without any paperwork, but other members should not be expected to work without an offer letter. Make sure you are perfect with the paperwork, tomorrow your team might not be with you but you must ensure they talk highly of you.
Rule #3 Respect employees. You hired them for a reason.
Give employees a chance to show their worth and don’t jump to judgments quickly. People take time to understand the company and its culture before feeling the comfort of an office space. Learn to trust them with work and accept the changes they feel need to be implemented in order to improve the core product.
Rule #4 Create an office culture that is fun, but not awkward.
Head massages in the office are a strict no-no! Fun, laughter, and small talk is all okay and even necessary in this age of high stress level and competitive targets, but so is discipline. It is very important for the founders to set the right examples in front of employees instead of making them uncomfortable by becoming over-friendly or carrying personal grudges.
Rule #5 Be flexible, employees will stick around longer.
As the company grows, it needs to follow certain processes and rules to manage the growing number of employees on a daily basis, especially women. We agree that work is the most important, but work–life balance is essential too. Make sure you create an environment where employees can avail a work-from-home option or can leave a little early once in a while.
Rule#6 Don’t encourage favoritism
Each individual brings something different to the table, not everyone has the same strengths or weaknesses. This is where one’s experience is tested. To identify strength and use it to its best advantage for the company is not an easy task. If the founder cannot adapt to each individual, they will only end up with a racehorse view of their own vision.
Rule#7 Be humble at all times.
Don’t gloat about how much funding you’ve got or how much revenues the company makes. Just don’t show off to your employees. Remember you did not have this kind of money a few years ago and your team is the one working very hard to give you a taste of success.
Rule#8 Focus on your own strengths. Enhance them.
Being a CEO of a startup means you must be ready to do everything. There might be some aspects of running a business that you may not even be aware of, work on learning them. It does not help to act like Mr. Know-it-all. Employees need a good example. When they see you working toward achieving something, they will do so too.
Rule #9 Be aware of the way you communicate
Verbal language and body language plays a huge role in setting a tone in the office atmosphere. Swearing, abusing, demeaning others in front of the team, or shouting unnecessarily will put off the people working with you. Overall productivity suffers and employees become like islands. They will hesitate to come forward with their ideas and will not be able to contribute to the company’s mission.
Rule#10 Empathy is a must.
Founder must definitely empathise with employees and extend a helping hand to them to make sure they work towards the betterment of the startup. Fire employees if you have to, but do it with dignity. If you ask an employee to leave overnight, the least can do is treat your employees the way you would like to be treated.
Source : Suchi Agarwal @yourstory
Everything you wanted to know about PM’s Digital India programme
Right from the day of assuming power, Digital India and Make in India have been two big USPs of Prime Minister Narendra Modi. The first steps were taken with the launch of MyGov.in portal. Only a couple of weeks ago, Narendra Modi launched his mobile app to connect further with the netizens. Over the last one year, several initiatives have been taken for introduction of Information Technology to empower people in areas relating to health, education, labour and employment, commerce etc. Digital India Week has been launched with an aim to impart knowledge to people and to empower themselves through the Digital India Programme of Government of India.
The programme structure
Digital India comprises of various initiatives under the single programme each targeted to prepare India for becoming a knowledge economy and for bringing good governance to citizens through synchronized and co-ordinated engagement of the entire Government.
This programme has been envisaged and coordinated by the Department of Electronics and Information Technology (DeitY) in collaboration with various Central Ministries/Departments and State Governments. The Prime Minister as the Chairman of Monitoring Committee on Digital India, activities under the Digital India initiative is being carefully monitored. All the existing and ongoing e-Governance initiatives have been revamped to align them with the principles of Digital India.
Vision of Digital India
The vision of Digital India programme aims at inclusive growth in areas of electronic services, products, manufacturing and job opportunities etc. It is centred on three key areas –- Digital Infrastructure as a Utility to Every Citizen
- Governance & Services on Demand and
- Digital Empowerment of Citizens
With the above vision, the Digital India programme aims to provide Broadband Highways, Universal Access to Mobile Connectivity, Public Internet Access Programme, E-Governance: Reforming Government through Technology, eKranti – Electronic Delivery of Services, Information for All, Electronics Manufacturing: Target Net Zero Imports, IT for Jobs and Early Harvest Programmes.
Key Projects of Digital India programme
Several projects/products have already launched or ready to be launched as indicated below:
- Digital Locker System aims to minimize the usage of physical documents and enable sharing of e-documents across agencies. The sharing of the e-documents will be done through registered repositories thereby ensuring the authenticity of the documents online.
- MyGov.in has been implemented as a platform for citizen engagement in governance, through a “Discuss”, “Do” and “Disseminate” approach. The mobile App for MyGov would bring these features to users on a mobile phone.
Swachh Bharat Mission (SBM) Mobile app would be used by people and Government organizations for achieving the goals of Swachh Bharat Mission.- eSign framework would allow citizens to digitally sign a document online using Aadhaar authentication.
- The Online Registration System (ORS) under the eHospital application has been introduced. This application provides important services such as online registration, payment of fees and appointment, online diagnostic reports, enquiring availability of blood online etc.
- National Scholarships Portal is a one stop solution for end to end scholarship process right from submission of student application, verification, sanction and disbursal to end beneficiary for all the scholarships provided by the Government of India.
- DeitY has undertaken an initiative namely Digitize India Platform (DIP) for large scale digitization of records in the country that would facilitate efficient delivery of services to the citizens.
- The Government of India has undertaken an initiative namely Bharat Net, a high speed digital highway to connect all 2.5 lakh Gram Panchayats of country. This would be the world’s largest rural broadband connectivity project using optical fibre.
- BSNL has introduced Next Generation Network (NGN), to replace 30 year old exchanges, which is an IP based technology to manage all types of services like voice, data, multimedia/ video and other types of packet switched communication services.
- BSNL has undertaken large scale deployment of Wi-Fi hotspots throughout the country. The user can latch on the BSNL Wi-Fi network through their mobile devices.
- To deliver citizen services electronically and improve the way citizens and authorities transact with each other, it is imperative to have ubiquitous connectivity. The government also realises this need as reflected by including ‘broadband highways’ as one of the pillars of Digital India. While connectivity is one criterion, enabling and providing technologies to facilitate delivery of services to citizens forms the other.
Policy initiatives
Policy initiatives have also been undertaken (by DeitY) in the e- Governance domain like e-Kranti Framework, Policy on Adoption of Open Source Software for Government of India, Framework for Adoption of Open Source Software in e-Governance Systems, Policy on Open Application Programming Interfaces (APIs) for Government of India, E-mail Policy of Government of India, Policy on Use of IT Resources of Government of India, Policy on Collaborative Application Development by Opening the Source Code of Government Applications, Application Development & Re-Engineering Guidelines for Cloud Ready Applications
- BPO Policy has been approved to create BPO centres in different North Eastern states and also in smaller / mofussil towns of other states.
- Electronics Development Fund (EDF) Policy aims to promote Innovation, R&D, and Product Development and to create a resource pool of IP within the country to create a self-sustaining eco-system of Venture Funds.
- National Centre for Flexible Electronics (NCFlexE) is an initiative of Government of India to promote research and innovation in the emerging area of Flexible Electronics.
- Centre of Excellence on Internet on Things (IoT) is a joint initiative of Department of Electronics & Information Technology (DeitY), ERNET and NASSCOM.
Impact
The estimated impact of Digital India by 2019 would be cross cutting, ranging from broadband connectivity in all Panchayats, Wi-fi in schools and universities and Public Wi-Fihotspots. The programme will generate huge number of IT, Telecom and Electronics jobs, both directly and indirectly. Success of this programme will make India Digitally empowered and the leader in usage of IT in delivery of services related to various domains such as health, education, agriculture, banking, etc.
Source : @yourstory by Alok Soni
Subscribe to:
Posts (Atom)
