Emmet — the essential toolkit for web-developers

“a plugin which enables you to add your own CSS snippet and generate HTML, XML quickly”

Introduction

Basically, most text editors out there allow you to store and re-use commonly used code chunks, called“snippets”. While snippets are a good way to boost your productivity, all implementations have common pitfalls: you have to define the snippet first and you can’t extend them in runtime.

Emmet takes the snippets idea to a whole new level: you can type CSS-like expressions that can be dynamically parsed, and produce output depending on what you type in the abbreviation. Emmet is developed and optimised for web-developers whose workflow depends on HTML/XML and CSS, but can be used with programming languages too.

Some features and brief implementation detail is as follows:

HTML from CSS : Abbreviations

Abbreviations are the heart of the Emmet toolkit. The abbreviation’s syntax looks like CSS selectors with a few extensions specific to code generation. So every web-developer already knows how to use it.

Here’s an example: this abbreviation

#page>div.logo+ul#navigation>li*5>a{Item $}

…can be transformed into

<div id="page">
    <div class="logo"></div>
    <ul id="navigation">
        <li><a href="">Item 1</a></li>
        <li><a href="">Item 2</a></li>
        <li><a href="">Item 3</a></li>
        <li><a href="">Item 4</a></li>
        <li><a href="">Item 5</a></li>
    </ul>
</div>

Abbreviations are optimized for, but not limited to, HTML and XML generation, and make writing tedious markup code a breeze. You can start learning syntax to unleash the full power of Emmet abbreviations …more

Customizable

Emmet offers wide range of tweaks you can use to fine-tune your plugin experience. Almost all officially developed editor plugins (except PSPad and browser-based) has extensions support: a special folder where you can put json and js files to extend Emmet. Please refer to README file bundled with your editor’s plugin to find out where Emmet looks for extensions.

Each .js file located in extensions folder will be loaded and executed on plugin start-up. Use js files to create your own filters or actions: you can use Emmet modules and bindings to script your editor with JavaScript.

With .json files you can fine-tune different parts of Emmet toolkit:

snippets.json : Add your own or update existing snippets
preferences.json : Change behavior of some Emmet filters and actions
syntaxProfiles.json : Define how generated HTML/XML should look. …more

Dynamic snippets

While Emmet abbreviations are good for generating HTML, XML or any other structured markup, it may look useless for CSS. You don’t want to write CSS selectors and transform them to CSS selectors, right? The only thing Emmet can do for you is to provide shorthands for CSS properties, but editors with native snippets and autocomplete can help you way better.

Actually, Emmet has something to offer.

For CSS syntax, Emmet has a lot of predefined snippets for properties. For example, you can expand mabbreviation to get margin: ; snippet. But you don’t want just margin property, you want to specify a valuefor this property. So you have to manually type, let’s say, 10px.

Emmet can greatly optimize your workflow here: you can inject value directly into abbreviation.

To get margin: 10px; you can simply expand the m10 abbreviation. Want multiple values? Use a hypen to separate them:m10-20 expands to margin: 10px 20px;. Negative values? No problem: precede the first value with hyphen and all the rest with double hyphens: m-10--20 expands to margin: -10px -20px; …more

Ultra-fast coding

A very powerful tool of the Emmet toolkit. It takes an abbreviation, expands it and places currently selected content in the last element of generated snippet. If there’s no selection, action will silently call “Match Tag Pair”to wrap context element.

Highly portable

Emmet is written in pure JavaScript and works across different platforms: web browser, Node.js, Microsoft WSH and Mozilla Rhino.

Platform for new tools

Dig into Emmet source code and re-use its modules to create your very own and unique actions.

 

Reference : google.co.in, http://emmet.io/

A Word Of Fear For Android Devices

A Word Of Fear For Android Devices

Introduction

If we talk about smartphones and android devices, then there are billions of billions users using Android OS worldwide. 1.5 million android devices are getting activated daily including smartphones, tablets and android wearable. If you keep this figure in mind then there are billions of users using android OS. These figures show just how popular android is right now. People like this Operating System very much. But due to increase of users, security concerns are rising.

Figure 2: Rising

If we talk about global market share of Android devices, then it is more than 82% worldwide. It means most of the smartphone users using Android OS. But with this increase of users now a days, mobile security is also at risk because a bug called StageFright has been detected due to which mobile security of billions of android users is at risk and this article describes all about StageFright.

Figure 3: Showing global

What is StageFright

According to Wikipedia.

“Stagefright is the collective name for a group of software bugs that affect versions2.2 (“Froyo”) and newer of the Android operating system, allowing an attacker to perform arbitrary operations on the victim device through remote code execution and privilege.”

Who discovered StageFright

A top Android researcher Joshua Drake (@jduck), who is working in Zimperium’s zLabs team, discovered the most vulnerable bug in Android OS escalation and was publicly announced for the first time on July 27, 2015. Zimperium’s team is also calling it ‘Mother of all Android Vulnerabilities’, as it impacts 95% or 950 million of all Android devices and do not require any interaction with the victim.

Why StageFright is the most vulnerable bug

It is most vulnerable because a hacker can get into your android device without interacting with the victim and can operate remotely or silently and you can never guess that you are the victim if you are not a techie and smart enough. Here below is a StageFright demo video released from Zimperium’s zlabs by Joshua Drake. In this video Joshua Drake is showing how a hacker can get into your device and what type of privileges he/she can escalate.

See StageFright Demo Video

StageFright Versions

Two versions are their which exploits an Android device:

  • StageFright 1.0
  • StageFright 2.0

StageFright 1.0

StageFright 1.0 fixed patch has been released from Google. StageFright chooses auto retrieval mms option of messaging app & chat apps to send malicious file into your Android device and silently get into it through the libStageFright mechanism (thus the “Stagefright” name), which helps Android process video files. Many text messaging apps — Google’s Hangouts app was specifically mentioned — automatically process that video so it’s ready for viewing as soon as you open the message, and so the attack theoretically could happen without you even knowing it. Google is saying that StageFright 1.0 is fixed. If I talk about my smartphone which is Motorola G, it got an update in which StageFright 1.0 patch is also there to fix it.

You can get an idea about StrageFright 1.0 from the following link:

Avast blog for StageFright 1.0

StageFright 2.0

According to Zimperium, a pair of recently discovered vulnerabilities make it possible for an hacker or attacker to get into Android device with a MP3 or MP4 like file, so when the metadata for that file is previewed by the OS that file could execute malicious code via website or a human being. In the middle of an attack it is built specifically for delivering these malformed files, this code could be executed without the user interaction.

“Zimperium claims to have confirmed remote execution, and brought this to Google’s attention on August 15. In response, Google assigned CVE-2015-3876 and CVE-2015-6602 to the pair of reported issues and started working on a fix.”

Is your Android device vulnerable for StageFright 2.0

According to Zimperium “In one way or another, yes. CVE-2015-6602 refers to a vulnerability in libutils, and as Zimperium points out in their post announcing the discovery of this vulnerability it impacts every Android phone and tablet going back as far as Android 1.0. CVE-2015-3876 affects every Android 5.0 and higher phone or tablet, and could theoretically be delivered via a website or man in the middle attack.”

What CVE is

I am talking about CVE but what actually CVE is?

CVE stands for Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.

CVE-ID Syntax

There was an old version of CVE syntax also which is little bit different from the below defined syntax.

CVE prefix + Year + Arbitrary Digits [ New syntax implemented from Jan 1st, 2014 ]

So if someone says what is CVE-2015-6602, then we can easily describe it, that it is a threat ( Common Vulnerability Exposure ) which came in year 2015 having CVE-ID 6602. By putting CVE-2015-6602 on website: www.cvedetails.com you can get more information, resources and links for the particular CVE. I hope that now CVE-YYYY-NNNN is not a new thing for you. You are aware and you can answer if someone asks.

Figure 4: Fetching

The following figure is clearly showing the difference between old CVE syntax and new CVE syntax.


Figure 5: Showing
Image Source: mitre.org

How to know my Android device is affected by StageFright 2.0 vulnerability

Zimperium launched a tool StageFright Detector which tells us about StageFright vulnerability for our android device. You download their app from Google Play Store.

How to fight with StageFright 2.0 until the patch arrives:

  1. Try to not download mp3 or mp4 from your web-browsers.
  2. Avoid public networks.
  3. Secure your wi-fi connection with strong passwords.
  4. Pay attention that where and what you are browsing

OS which have fixed StageFright 2.0

Blackphone 2, is a smartphone in which phone is encrypted for tightening the security. The company named it Silent OS which is also made from Android open source.

Cyanogenmod OS have patched for StageFright 2.0

I am surprised what Google is doing, is Google seriously doing something to secure their OS like IPhone. iOS is much more secure than Android. iOS released updates in timely fashion to make it secure and for better performance and keeping eye on their store. I read the news 10-20 days ago that a Chinese app in iOS was trying to do getting information. Apple quickly blocked that app from their store. This is called secure environment with quick action.

Wrap Up

Although android device covered more than 83% market globally but if security issues will go on continuously people will lose their interest in android device. Billions of android devices are at risk. Privacy is also at risk. StageFright attacker can get access to your android device at root level and can do anything. Let’s see what will happen in coming months. Hoping better future for android device in terms of security.

VirtualBox

Virtual box is a virtualization software package from Oracle Corporation. VirtualBox acts like a different or separate computer within one’s existing computer.

One can install just about any operating system on it. This application allows any additional guest OS to run and load. If you install windows on it, you can use it to run any application for that version of windows. Linux, Windows XP, Windows 7, Solaris, Windows 8,Mac OS X and open Solaris are supported host Operating systems.

Under a single host operating-system (host OS), one can load multiple Oss. Every host can be started, stopped and paused independently. Using this desktop virtualization software, multiple OSs can be run on your computer.

Configuring a virtual machine is very simple and similar to assembling a computer with memory, processor etc. Guest VMs can also directly communicate with each other if configured to do so. It is basically to use the unused resources on a physical system /computer to run multiple Operating Systems in it.

Advantages:

  • Without restarting the single computer, multiple Operating system are available at a time.
  • Old legacy can be run on your latest computer.
  • Totally isolated environment from host OS.

Limitations:

  • It has a low transfer rate to and from USB2 devices.
  • It does not give support to USB3.
  • VirtualBox is an open source but certain features are under commercial license.

 

Angular JS – A New Era of Front End Programming

Angular JS – A New Era of Front End Programming

Angular JS is an open source java-script MVC framework developed by Misco Hevery/Adam Abrons  and maintained by Google and individual  developers Community.

It is being described by Angular Team as the “Structural framework for dynamic web applications”. Its main motive is to make the development and testing of Single Page Applications(SPA) easier and effective by providing a client side MVC architecture.

It basically extends and adapt HTML vocabulary with some additional declarations that are useful for web applications. With the concept of Two way data binding using scope it facilitates the automatic synchronization of views and models.

The design goals of Angular JS includes the following points :

1. To decouple the Application logic with the DOM manipulation.
2. To decouple the server side of the application with the client side. It makes the development of both run in parallel.
3. To provide a complete package starting from designing the UI through writing business logic, to testing.

Lets see the Architectural Pattern Diagram which is self explaining :

pic

Just a simple example how to start with Angular JS

<!DOCTYPE html>

<html lang=”en”>
<head>
<script src=”https://ajax.googleapis.com/ajax/libs/angularjs/1.2.5/angular.min.js”></script>
</head>
<body ng-app=”myapp”>
<div ng-controller=”HelloController” >
<h2>Hello {{hello}} !</h2>
</div>
</body>
<script>
     angular.module(“myapp”, [])
      .controller(“HelloController”, function($scope) {
       $scope.hello = “World, AngularJS”;
    } );
</script>

Example Explained :

1. Here ng-app is a built-in directive of Angular JS which is needed to be defined to auto bootstrap the angular js application.
And ng-app contains the name of our module which we created in our JS code.
2. After that ng-controller attribute is used which tells Angular JS that which controller to use with this view.
3. Also you can see the {{hello}} text. This is a part of AngularJS’s template system which tells Angular to write the “model” value named hello   (given by  $scope.hello = “World, AngularJS”;) to the HTML at this location.
4. $scope is the  an object that refers to the application model. It holds the data to display in the view.
5. Its better to place HTML and JS code on different files to make MVC effective.

“ Just give a start you will really start loving it.”

Things to remember while committing .NET code to SVN repository

Things to remember while committing .NET code to SVN repository

While working on .NET projects, I analyzed that most of the developers make some common mistakes while committing code to SVN. So, I have identified those common mistakes and collaborated them as SVN guidelines to be followed for .NET code. Those are as follows:

  1. We should not check in the debug files like .pdb files etc.
  2. We should not check in local settings file.
  3. We should not check in local DLLS.
  4. We should not check in bin and other local folders.
  5. We should not check in debug and published folders or any other information like “My Project” folder.
  6. We should not check in our solution files (.sln) until and unless we have added or removed any vb project.
  7. Never commit .suo file.
  8. We should not check in .vbproj file until and unless we have added or removed any file, sub-folder or reference to that particular project.
  9. We should not check in .vbproj.user file as it is local system specific file of user.
  10. Always remember to commit .vbproj file if you have added or removed any file, sub-folder or reference to that particular project. But before committing the code take a diff of this file and include only file information and not any unnecessary information like compile time changes or local reference changes etc.
  11. We should not check in web.config until and unless there are some code changes that are not user machine specific.
  12. Similarly if you are adding or deleting a project, then always remember to check in .sln file but before that take a diff and check in only the required changes of file and not the local version information.
  13. Always take a difference of all the changes in your folder before you check in. If you are using Tortoise SVN client, then you can follow the below steps:
  • Go to the parent folder of your repository.
  • Right click -> Tortoise SVN -> check for modifications

15

  • This will open up a window listing all the files, folders that are modified
  • Please keep in mind, to check the “Unversioned” which will also display the newly added files in your repository.

16

  •  To include newly added file, you have to right click that particular folder or file and Add into the SVN before commit. If you created new files and/or directories during your development process then you need to add them to source control too. Select the file(s) and/or directory and use TortoiseSVN → Add. If you add a file or folder by mistake, you can undo the addition before you commit using TortoiseSVN → Undo add….
  • If you want to delete some file or folder, you need to right click and Delete into the SVN before commit. When you TortoiseSVN → Delete a file or folder, it is removed from your working copy immediately as well as being marked for deletion in the repository on next commit. The item’s parent folder shows a “modified” icon overlay. Up until you commit the change, you can get the file back using TortoiseSVN → Revert on the parent folder

17

  • you want to delete an item from the repository, but keep it locally as an unversioned file/folder, use Extended Context Menu → Delete (keep local).
  1. If a Subversion command cannot complete successfully, perhaps due to server problems, your working copy can be left in an inconsistent state. In that case you need to use TortoiseSVN → Cleanup on the folder. It is a good idea to do this at the top level of the working copy.
  2. In projects you will have files and folders that should not be subject to version control. These might include files created by the compiler, *.obj, *.lst, *.pdb maybe an output folder used to store the executable. Whenever you commit changes, TortoiseSVN shows your unversioned files, which fills up the file list in the commit dialog. The best way to avoid these problems is to add the derived files to the project’s ignore list. That way they will never show up in the commit dialog, but genuine unversioned source files will still be flagged up. If you right click on a single unversioned file, and select the command TortoiseSVN → Add to Ignore List from the context menu.

18

 

Advancement in web with Focus on Quality & presentation

Advancement in web with Focus on Quality & presentation

With the growth of internet and the smart devices, it has become a necessity to provide learning solutions that work on laptops, smartphones and tablets. Development in HTML5, CSS and JavaScript has led to a common e-learning solution that work on all the devices. So as an e-learning developer, I will briefly talk about few of the new technologies in a short and precise way that I used in my e-learning project creation.

AngularJS:

In early days of JavaScript, we had to manipulate DOM using APIs which were in-consistent across web-browsers. Then JQuery came which improved APIs and made it easier to develop cross-browsers web-applications. Now the era of powerful, versatile and flexible JavaScript MVC framework i.e.  Angular JS arrived which instead of hiding the HTML and CSS, has strengthen them to make them suitable for describing dynamic views and results into a work flow that is very much familiar to both new and experienced Smartphone app developer.

 1

All Three in one Cup:

HTML5, CSS3 and AngularJS MVC framework has simplified the frontend development to make the complex web app. The combination is a complete solution for rapid-frontend development. It has reduced the complexity of the server and eliminates the server-side HTML rendering.

AngularJS includes things like model-handling, template handling, AJAX and data-binding. It is a very approachable application framework with which one can easily work on. With this incredible framework, one can have an app within in few minutes. The code for AngularJS app is organized into Models, Views, and Controllers where the views are defined using HTML and CSS, Controllers are just JavaScript methods. So it’s easy to work out with these.

Working with this awesome JavaScript framework which provides two-way data binding is both fast and easy to use. It is such a powerful directive system which helps in creating reusable custom components and many more. This combination is a style that is clear and concise.

 

All in one cup

Benefits of AngularJS Framework:

AngularJs is that MVC framework which enhances HTML by attaching its directives to the page which in turn define powerful templates in one’s HTML. It includes its built in validations like min-length, max-length, required, email etc. It helps in structuring and testing the code very easily. It is easy to get started and is relatively fast to develop apps. It can work in a very small portion of the page with no impact on the file layout. It works efficiently with the other technologies and libraries and is also extensible.

Conclusion:

There are many strengths of client-side templating with HTML5, CSS3 and AngularJS technology. It affects the performance positively and maximize the code reusability and maintainability. Moreover, this framework is designed in such a way that testing of the AngularJS app is as easy as possible. Arrival of advanced and exciting application frameworks like AngularJS is a milestone that any developer or designer should be excited about.

 

WICKET in Nut·Shell

WICKET in Nut·Shell

Whenever we heard of Wicket first thing that come to mind is exciting game of cricket,loud scream of “Howzat”,a brilliant ball by Shane Warne,a great catch by Jonty Rhodes,an excellent batting display by Sachin Tendulkar and so many excitement surrounding it ,wait a second this is not a blog about cricket ;-),well then I must say Wicket is no longer a property of cricket alone,not any more.

Apache Wicket usually referred as Wicket is a very versatile.lightweight,component based web application framework for JAVA Developers.If we have to explain wicket in one line we can simply say,it is a stateful framework in which we simply program in JAVA,HTML with meaningful abstractions and it bridges the gap between stateless HTTP and stateful Object Oriented Programming.

Wicket Architecture

Wicket Filter

All the requests come to Wicket Filter , as the name suggest it filters the request and process only the wicket requests,rest of the requests are passed on to the chain.As a result resources outside the scope of Wicket Application,(for e.g:Static contents such as css, js files etc) will be served by the container.

Application

This is the main entry point of any wicket base application.One can have only one instance of it per application.We can customize various settings, addition of resources etc in this phase.

Components

This are the main bricks of any wicket application.Wicket has large set of components such as TextField,TextArea,Label, Form etc.

Model

Model binds data with wicket component i.e it holds the data for wicket component.Data hiding is implemented through model.Many types of model are available in wicket such as Static Model,Dynamic Model,Property model, Abstract ReadOnly Model,Loadable Detachable Model etc.

Request Cycle

This is responsible for handling all requests whether stateful or stateless.

It constitute of following steps

  •  Decode Request
  •  Determine Request Target
  •  Process Events
  •  Respond

Behaviors

We can think of behavior as a plug-ins for component that allow various functionality to be added to the component and get events forwarded by component.

In conclusion we can say since wicket is a component based framework so it is quite easy to understand and  no xml configuration is required for wicket application so all can be done using java code,which is a great relief.

Myths about Cloud Computing

Today “Cloud computing” is one of the hottest catch word in IT domain. Every organization irrespective of size is jumping on the cloud computing bandwagon.

As with any new technology or process, cloud computing is also subject to misconceptions and myths. These myths probably arise from a poor understanding of the technology or the capabilities of the providers.

The best way to begin to appreciate the potential for cloud computing is through a definition of the term:
Cloud computing is a model for enabling convenient, on_demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” – The National Institute of Standards and Technology, U.S. Department of Commerce; October, 2009(*1*)

Let us look at some of the myth associated with Cloud computing:

Myth 1: Cloud security and compliance is vulnerable.
Cloud computing security is no different than any secured network service. Cloud computing in itself does not introduce any new or unforeseen vulnerabilities or weaknesses.

Myth 2: All clouds scale on demand.
Not all cloud vendors have the resources or architecture to adequately scale applications and traffic on demand. While all try to maintain a certain number of extra resources to accommodate fluctuations, many cannot dynamically scale operations when demands exceed predicted thresholds.

Myth 3: Performance is worse in the cloud.
If the cloud infrastructure and applications are poorly managed and deployed, this might be true.But when properly configured, most users notice no difference when using cloud-based applications. In some cases, cloud computing provides noticeable improvements in performance as better provisioned machines with access to more resources can better handle more complex processes. The most significant potential bottleneck for cloud computing is access to the network itself.

Myth 4: Virtualization is equal to cloud computing.
Virtualization makes dynamic, scalable cloud computing possible, but does not constitute a cloud architecture on its own. Virtual machines deployed without intelligence or dynamic scalability can be nearly as inefficient and costly as physical resources they replace.

Myth 5: Cloud computing is only good for low end applications and software as a service.
Many vendors have jumped into the cloud computing market with simple software applications and declared themselves “cloud computing” experts. Cloud computing is the backbone on which businesses worldwide can perform thousands of transactions a second, transfer massive amounts of data across the globe. The most robust, secure, and scalable business applications available today can operate using cloud computing.

Myth 6: Cloud computing is less reliable than in-house systems.
Some of the most secure and reliable installations in the industry are cloud computing data centers. The best cloud computing centers are built from the ground up with multiple layers of redundant components,power, physical and cyber security measures.

Through this article, I have tried to bust some of the myth associated with cloud computing. Comments,suggestions and corrections are welcomed with open heart.

References
1. Badger and Grance. “Cloud Computing Synopsis and Recommendations.” National Institute of Standards and Technology, Information Technology Laboratory, U.S. Department of Commerce; May 29, 2012.
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=911075

Zend Framework

About Zend Framework, it is an open-source scripting engine or a software framework for PHP developed by the company Zend.

About its architecture it is very flexible so that you can build interactive web applications and web services very easily. Its main strength is its Modular Approach which contains Model-View-Controller design. This not only makes the code reusable but also makes it easily maintainable.

MVC is the term which we can define as an architectural pattern and is being used in Software Engineering. As we know when the product go on extending then its complexity increases and so a large amount of data is being presented to the end user. So, in Zend Framework we maintain the user interface and the logic in different places so that we can reorganinze the data without affecting the UI. To do so Zend provides an another component called Controller which separates the bussiness logic and the UI.

Zend Framework provides a very good platform to work and is the reason why PHP is being used for big enterprise applications.

If we talk about the database then Zend framework provides access to various types of RDBMS through an object-oriented and database-independent interface . There are a lot of databases that are being supported by Zend Framework . For eg., Microsoft SQL Server, IBM DB2, Oracle, MySQL, SQLite and PostgreSQL .

If we talk about Web Services then Zend Framework provides various classes to publish Web Services and feeds.

Zend Framework has made the common application development tasks quick and easy. For example, solutions for authentication, email, caching, filtering input, sessions, and others are included.