How is Google monetizing knowledge graph results? (my quora answer)

Google knowledge graph is created by the millions of Google users hisory and usage data from various Google product. Youtube, search engine, google+… They have huge statistics about users, countries and about all the World’s commons. In addition there are huge amount of vigilant capitalists who are curious about these information for their best and their huge companies’ benefits. But it is not free of course even it is not cheap fact you can learn from Google.
(For example think about election campaigns in any country and the possible benefits of the google’s knowledge for any candidate to collect statistics)
Continue Reading

Share

PHP MVC Frameworks

Zend Framework is a good foundation for everything and can be used also as just a library of various functions.  It is also the closest thing to be  an “official” PHP framework so there are a lot of developers who know how to use it.  It is, however, not a framework you would use to prototype something very quickly.

There are several frameworks that could be used as a quick RAD (Rapid Application Development) tools.

A good example is CakePHP, which is a very popular framework.  Fairly easy to learn.  It has a lot of sensible defaults and naming conventions that make your life much easier, but which you can override. Continue Reading

Share

What is asynchronous Programming?

Thread Execution
Normal Thread Execution

 

 

 

 

 

asynchtomous execution

asynchtomous execution

Start with the comparison (that assumes you know normal threaded execution).

Two main difference between normal threaded system and asynchronous system are:

  • For threaded execution each thread has its own controller, however for asynchronous system there is only one thread controller.
  • Threaded execution does not give the control of ending, starting, changing to user. It is mainly controlled by the operating system internals. On the other side asynchronous execution need some explicit command to interleave one execution to other. It is more in control in the programmer’s perspective.

Continue Reading

Share



Some console commands on linux.

netstat -lpn | grep :8080

— it is combination of two commands with a pipe. It gives you the process that listens port 8080. It is really beneficial, if you’re dealing with some server things on linux.

 

mv <current name> <new name> or mv <current_location> <new_location>

–mv moves your folder or file to wherever you want as a second argument. Or you might use it to rename your file. (I’ve been using linux for three years and I did not know it up to now 🙂

 

gem list | cut -d” ” -f1 | xargs gem uninstall -aIx

–this is not a generic console command but it is really useful for rails developer especially for reinstalling all the rails and the gem files from the scratch. It removes all the gem files installed before.

Share




Understand Rails Authenticity Token!

What happens:
When the user views a form to create, update, or destroy a resource, the rails app would create a random authenticity_token, store this token in the session, and place it in a hidden field in the form. When the user submits the form, rails would look for the authenticity_token, compare it to the one stored in the session, and if they match the request is allowed to continue.

Why this happens:
Since the authenticity token is stored in the session, the client can not know its value. This prevents people from submitting forms to a rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to http://serviceA.com/close_account. This is what is known as CSRF (Cross Site Request Forgery).

If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.

Notes: Keep in mind, rails only checks POST, PUT, and DELETE requests. GET request are not checked for authenticity token. Why? because the HTTP specification states that GET requests should NOT create, alter, or destroy resources at the server, and the request should be idempotent (if you run the same command multiple times, you should get the same result every time).

Lessons: Use authenticity_token to protect your POST, PUT, and DELETE requests. Also make sure not to make any GET requests that could potentially modify resources on the server.

Share

Pages:1...23242526272829...34