Seunthomas's Posts
Nairaland Forum › Seunthomas's Profile › Seunthomas's Posts
1 2 3 4 5 6 7 8 ... 10 11 12 13 14 15 16 17 18 (of 36 pages)
teampregar:I actually dont look down on anyone. Infact i encourage young people and even teach some people in my leisure time outside NL. The thing is most people lack approach. Most of the people i attacked in this thread have the same thing in common, they are not objective. They all attacked me first. I Just showed them that am not someone you push to the side. I dont have a mentality and to be honest am probably better than most people that contributed in this thread. Why cant they just accept that?? The thing is if any of them was as much as a programmer as they claim, ordinarily reading my answers to some of their queries would show it very clearly that am a guru in this line. As for you, i welcome you to the club of coders. Its not always a smooth and straight journey but if you are determined you will reach the land of milk and honey. My advice for you is to start with the harder stuff first. Programming is a mind thing. Its like formatting your brain to think in a certain way. Once you can learn the hard stuff, the easy would be like abc.... NB: Dont let people deceive about having a repo on github. It works for some companies. From time to time, i hire programmers to work for me. The truth is most times many of them are not sound and they show me a lot of things they have worked on. Build your competence and even if you dont have one single file uploaded on github, people will find you and hire you. |
teampregar:I actually dont look down on anyone. Infact i encourage young people and even teach some people in my leisure time outside NL. The thing is most people lack approach. Most of the people i attacked in this thread have the same thing in common, they are not objective. They all attacked me first. I Just showed them that am not someone you push to the side. I dont have a mentality and to be honest am probably better than most people that contributed in this thread. Why cant they just accept that?? The thing is if any of them was as much as a programmer as they claim, ordinarily reading my answers to some of their queries would show it very clearly that am a guru in this line. As for you, i welcome you to the club of coders. Its not always a smooth and straight journey but if you are determined you will reach the land of milk and honey. My advice for you is to start with the harder stuff first. Programming is a mind thing. Its like formatting your brain to think in a certain way. Once you can learn the hard stuff, the easy would be like abc.... NB: Dont let people deceive about having a repo on github. It works for some companies. From time to time, i hire programmers to work for me. The truth is most times many of them are not sound and they show me a lot of things they have worked on. Build your competence and even if you dont have one single file uploaded on github, people will find you and hire you. |
KvnqPrezo:I dont have a degree in computer science but i do have a degree. And am not just good in concept or objective as you called it, i am very sound in writing code too. In programming you learn the abstract first and then you can go into writing code, if you are not good with concepts, you will only write poor code. |
KvnqPrezo:I started programming quite young,wish i started younger like 10 yrs old. A lesson for you to be dilligent and be appreciative of those ahead of you. |
Actually there a number of ways to of foiling a DDOS attack. Multiple servers is the last resort. There are newer techniques of user request throttling that cant lower the frequency of requests to the server. Lesson 3 starts tonight. Stay tuned. |
FincoApps:Yesterday, i took an app belonging to someone in this forum and reversed engineered it under 5mins. He is also a top contributor here. He has some documents in the app which he encrypted with self-written encryption. The security considerations in this thread is actually the default(basic) if you handling any form of important content. Be it documents you are selling to people etc. You can reverse engineer most apps but some apps are very difficult to reverse engineer. On android, use c/c++ to build very critical sections of your code. On IOS and windows, its more difficult to reverse engineer. If you read my introduction in this thread "The thing is there is really no 'Unbreakable app'." The concept of an 'Unbreakable app' does not exist. But while some apps will take 5 mins to reverse engineer some may take 5 months and by that time the company using that app has moved on to something else. Also DDOS and DOS are preventable and could be really limited. We have managed security companies that can help with that but if you want an internally developed solution then we have open source projects that can help out. So i will continue with this thread later in the day. Anymore questions ?? |
Lesson 2: In the beginning was security..... This is sometimes another issue in application development. Most times we start developing an app and we decide to leave security for the last stage. Then at that stage we are left with no choice but to implement a very weak security. Wise develops start up their application development by putting in security considerations first. If the application has sensitive data, then security must come in first. You need to alight and possible list all the areas of attack on your application. a. Does your application write to database? b. Does the application access data from an unsecure source. c. Do you implement SSL (Today using SSL must be the default for any application getting data from a webservice/api)? d. Is the webserver/api open to DDOS/DOS(Distributed Denial of Service/Denial of Service)? e. Can an intelligent attacker reverse engineer your application and reimplement your app? You must consider all this and look for solutions and then build this solution into your app. Its no longer wise to send unencrypted data over SSL. Even with SSL pinning, its still possible for Man in the middle attacks. So when sending sensitive data over a network, use SSL as well as encrypt the data on the client side. |
Real Life Case Study Study A: Apple For so many years, i have been intrigued about icloud security. So i go ahead and start doing research on how to break icloud security. Currently as of today its practically impossible to bypass icloud security using any hacking tools. The only way that an icloud locked iphone can be activated is if apple unlocks it from their end (their are other ways that involve removing a chip from the device). Most of us may have heard the FBI VS Apple case. With the resources at the disposal of the FBI, they still needed to contact Apple. This is because, the data is stored by Apple and only if a proper and correct TLS handshake is achieved can the data be retrieved from the icloud servers. Even Apple internal staff cant access this data from their own end. Please note this method is not full proof but it creates so many constraints that only a very persistent attacker can compromise an I-device. They would need a lot of hardware and technical resources to do this. Study B: Legal Company ESQ(Fictious Company) Legal Company B used in house secuity algorithm for their app. Also the app was byte compiled within 5 mins, John Hackinton was able to reverse engineer the app and their in house algorithm. He had all their data in less than an hour. So please never use self-written security algorithms. The best way to go about it is to adopt and use well tested and known public domain security alorithms. |
DanielTheGeek:Am in my early 30's. But who that one epp? But i like the fact that you took time to check his real age. Most people who have just stood at the assumption and started fight again. lol. |
DanielTheGeek:Correct answer. Don't bother reinventing the wheel except you really need too. |
DanielTheGeek:Go tell Gosling that one. He is over 50 and his still active in openjdk. I never even reach half him age so i still get plenty fuel. |
Waiting for comments to indicate interest. Positive comments. |
Lesson 1: Never ever ever implement your own security algorithm Except your have a phd in mathematics and security. Its always better to use the popular and well tested security algorithms. The thing about security is that you don't have an exclusive right to it. Analogy: Developer A was contracted for a job to build a mobile app to secure data on mobile devices. Developer A has been building applications for quiet sometime. He decides that he has the experience to implement his own security algorithm and uses this algorithm to secure the data within his app. The data on the app is the companies selling point. They sell the data to people and cant afford people have free access to it. Best Approach: It would be better for Developer A to implement security using a known algorithm like AES. The key should be kept on the server and be unique per client. This means that each client has their own key. So in case one key is compromised, its local to that specific client. Also, he should have a way to identify the clients mobile device. UDID worked for a while, but right now UDID has become more compromised. Apple for a long time has been against the use of the device UDID and has actually blocked access to it in recent times. Developer A can generate his own unique device identifier on the device. He may send a copy to the server or have a way for the server to know how to compute the identifier. |
I am starting this thread to just explain the basics of implementing security in your application. No matter how good or successful your application is, if you have bad security, you are waiting for a night-mare to happen. This would be informal. You can ask questions. I may use examples of applications i have tested by developers here but will leave their identity anonymous. One of my areas of interest as a software developer has always been security. The thing is there is really no "Unbreakable app". No matter how secure your application is, someone somewhere will be able to break. The whole idea of security is to limit the surface area for attack. Reduce the probability of your software ever getting hacked into. I will start with a very simple analogy of an app i was once hired to create a bot for. |
We actually have a good number of programmers in this country. I know so many. The thing is programmers tend to associate at their level. So if you have been coding for long, most likely you will find yourself in the midst of people who have been coding that long. As for if the numbers are exaggerated, i would say we have a ratio of 1/10000 very good programmers who are Nigerians. This is just a guess but i believe awareness about programming has become more rampant in the last 5 years. The future belongs to us. Don't be surprised if big companies from silicon valley start coming to shop for talents in Nigeria. Already we have a very large presence outside Nigeria but the internal workforce is growing. |
mogozi:I actually feel very insulted that you regard me as a blogger. I consider them as disseminator of false information. Anyway, like i said your presence is noted. But who you epp?? |
mogozi:As you don make your presence none. Na who you epp?? |
Fedric:Advice yourself. No be me get the thread? Abi who call you inside this matter?? Use panadol for ya own headache. |
mogozi:Bros, you don dey code for 2 years. Make we see ya code na..... |
CHYMZZY:Whatever thing you were high on last night, i dont want to ever be near it. I am trying to understand what you just wrote here. You actually write/code software. They could be used interchangeably. Code is software too. At least from a programmers point of view. I assuming you must have taken something very cheap or drunk something really cheap. Pele ohhh... |
CHYMZZY:Na so dem teach you how to write c++ code be dat. Na your curly braces be that ?. May God never allow me enter plane wey you code him software or car wey you write him software. LOUD Amen. |
FrankLampard:Always stick with native. In the short term, hybrid gets you faster to the market plus the sheer allure of cross-platform, but native apps always perform better than hybrid on the device. Also stay away from the new cross-platform native sdks like xamarin. They create problems on the long run. The last thing you want is to build a successful app and have to hurry to build the native version because of user complaints. |
KvnqPrezo:No be your javascript i dey criticize. No worry, i know say na only dat one you sabi so make i leave you for that one. LOOOOL. |
CHYMZZY:See me see wahala. Some people go just wake up from sleep start to they open mouth. Na who call you enter this matter We no need your 2cent. Wetin 2cent fit buy for this our change economy?? Abeg hold yourself. Carry your wahala go another thread. |
KvnqPrezo:Ta ta small boy.... |
dhtml18:Pele. He be like say dem dey owe you balance abi?? Welcome to the club.. But i don close this page. By the way people like our drama ohh. So pick a fight with someone tommorrow else i will. Not me sha. |
Am closing this thread again. Anyone that needs to ask any question or start a fight should please do so on a new thread. Please make nobody open am again ohhh. Merci beaucoup. |
DanielTheGeek:If you are handling a few users you can use mysql or any nosql db. But if you will be managing a lot of users, just use something like xmpp or you can create your own lightweight protocol(not recommended). XMPP will handle any future growth well enough and their are ready made libraries for it in every language you can think of. |
dhtml18:Well done. I know that particular template. I wanted to use it for a travel job. But its a good job. But as for security if you are ready to pay me, i can verify if the site is indeed secure or not. |
KvnqPrezo:Its spelt "steal" and i know why am asking. Let him speak for himself. He should pick his answer very well sha. LOL. |
DanielTheGeek:Am actually right and not partially. Even in CS, they will introduce you to socket programming first when they want to teach chat(communication). Putting the data into the database before sending to the user introduces latency and when you are doing chat, latency is something you want to avoid. Are you trying to say slack uses mysql backed chat system because i have working knowledge of what the use internally. |
KvnqPrezo:I actually dont think like a kid(In the real sense). Kids rarely program. But you should be more careful when you go picking a fight. You never know what you will find. Na you come attack me and am very sure you wont even bother to apologize.. |
1 2 3 4 5 6 7 8 ... 10 11 12 13 14 15 16 17 18 (of 36 pages)


We no need your 2cent. Wetin 2cent fit buy for this our change economy?? Abeg hold yourself. Carry your wahala go another thread.