Sunday, July 31, 2016

git tfs integration

Please get git for tfs from the following location.

To clone a repository in tfs just execute the following command,

git-tf clone  $/sourceToClone

Then fire up your favorite git explorer - probably SourceTree. Click on "Clone/New" button and enter the destination path in  the field called "Source Path / Url"

Click "Clone" when done.

You can see that your tfs repository is cloned.

More documentation can be found here.

Sunday, July 17, 2016

A quick tutorial for OWASP ZAP tool for beginners

OWASP's ZAP is a security tool and uses a proxy based approach to do its job. And because of this, the first thing we need to setup is proxy LAN settings.

Please download OWASP ZAP and then fire it up. Once it is up and running, togo Tools->Options->Local Proxy.

Once we have this setup, we proceed to configure your browser's proxy settings.

Fire up chrome, got to Advance settings -> Change proxy settings .. -> LAN Settings and under Proxy server, please change "Address" to localhost and port to "8080".

Now you're ready to go login to your website and start running scanning. What is happening that any traffic that pass through your browser get analyzed. The advantage of this approach is that, you don't have to setup username/password or oAuth token and a bunch of security stuff.

Of course, you can choose and easier approach (but don't have much use case in general) which is to use "Quick start" feature. All you need to do is, enter a valid url and press "atack" button.

Attack terminology

1. Spider - allows you to discover external links in current url / page. (ZAP Ajax spider is defaulted to Firefox, if you run your scan over chrome, you probably get some alerts.

2. Fuzzing - tried to inject custom data to a GET / PUT / POST request to crash the system.

3. X-Content-Type-Options Header Missing - this prevent your browser from initiating MIME sniffing. This prevent them from manipulated into downloading some MIME content which can make your site vulnerable.

4. Incomplete or No Cache-control and Pragma HTTP Header Set - You did not turn off caching on  your site properly. You probably get heaps of these messages. The proper way to turn this off can be found here.

5. Cookie without a secure flag - usage of unsecured cookie and might expose content of your cookie. This is relatively easy to solve.

6. Cookie No HttpOnly Flag - This means you need to set "HttpOnly" flag for your cookie to prevent javascript manipulation to your cookie.

Friday, July 15, 2016

Logistic regression

In logistic regression, we trying to get a final outcome which is either,


b) Between 1 to 0

Perhaps the following equation would paint the picture a little better.

y = 1 / e^- (a + b1x1 + b2x2 + x3b3...)

As you can see from the equation above, we will be getting a result  0 to 1 or true / false, depending on how you calculate it.

We will be using our data earlier and call a very important function in R, glm with family parameter set to binomial as shown below :-

And the result is as follows. Here can can see that degree is a strong influence of whether a person gets high salary or not.

Residue deviance - is lack of fit of your model taken as a whole.

Fisher scoring iteration is to say how a model is estimated.

As for the interpretation of results, here is one great link.

Multivariate regression

Multiple regression is just as pretty straight forward too, instead of trying to predict by one variable, we predict by using multiple variable, hence multivariate / multiple regression.

In linear regression we use the following formula

y = ax + b

In multiple regression, we need to figure out collective how are other variables affect outcome of a prediction.

So we probably have something like this

y = a + x1b1 + x2b2


y is our outcome

b1, b2  is our co-efficient (computed value that are know to influence our model)

x1, x1 are values that we input and see the prediction

To see how this can be used in R, we will see if salary is influence by age, education. To do this lets use the follow codes :

From here, we can see that degree is a strong influence to our salary as compare to age.

Too see, how much a person earn with no degree and age 50 we can use compute as follows :-

This person would probably earn :  $ 3797.45

Beginner tutorial : Linear Regression in R

Linear regression is a common technique used to show relationship between a predictor and outcome. For example, say you are trying to predict a car acceleration (0 to 100  km) based on its engine house power.

You might have a sample data shown below

Car horse power       Acceleration per second

100                            120
110                            150
120                            160
150                            170
200                              x

Given a car horse power 200 what would its acceleration (value x) be?

Linear regression takes a straight line that pass through certain points. It can represented with the following equation

y = ax + b

Lets use R to help us with prediction

Line #5, we can see that we are using R method called lm to create our model.

lm(y ~ x) means y is a predicted by using x term. In our case, Y is acceleration per second. X is our horse power.

Let try to predict using our model above.

As you can see, given a 200 house power engine, we can have 5 second acceleration 0 to 100 km/h.

Some other terms might be of interested

a) R square - is a measure of how close prediction fits on regression line.  0% means regression line is not relevant at all. 100% means Y can be explained by the line.

b) F statistic - in regression F statistic is used to compare how best a model fits into dataset.

Tuesday, July 12, 2016

Sourcetree - configuring P4Merge tool

P4Merge is definitely one of the best diff and merge tools around. Totally love it although it comes with a 44 megebytes overhead.

Go ahead and download it from here.  Then fire up your sourcetree and goto Tools -> Options -> select Diff tab. This is where you can configure P4Merge as your Sourcetree default merge / diff tool.

After you have installed P4Merge, you can just select from the drop down box highlighted above.

Friday, July 08, 2016

One of the best post for studying machine learning with R

This is definitely one of the best link to learn about machine learning using R.

Although you can follow through the blog, there are some R syntax that you might not be so familiar with :-

a) What is the purpose of this command line

names(iris) <- c="" code="" epal.length="" epal.width="" etal.length="" etal.width="" pecies="">

This is just for naming your dataset. For example, lets create a list of bird and their size

bird <- bird1="1," bird2="5)</p" list="">
Size 1, would probably be sparrow and size 5 would be a larger bird call eagle. Let change this, using names

names(bird)[1] <- p="" sparrow="">names(bird)[2] <- eagle="" nbsp="" p="">

> bird
[1] 1

[1] 5

b) Funny looking operator "%>%"

This is a pipe operator import from magrittr. which is basically allow us to invoke command in sequence.

iris %>% ggvis(~Sepal.Length, ~Sepal.Width, fill = ~Species) %>% layer_points()

This is the same as calling

ggvis(~Sepal.Length, ~Sepal.Width, fill = ~Species) 



c) Another important aspect in the tutorial is that we divide our dataset into training and test using a sample command.

ind <- 0.33="" code="" iris="" nrow="" prob="c(0.67," replace="TRUE," sample=""> <- 1:4="" code="" ind="=2," iris.test="" iris="">

Notice that knn function requires this input parameters.

knn(train, test, cl, k = 1, l = 0, prob = FALSE, use.all = TRUE)

Some description of the parameters required.

train = input for our training set

test = input for our training set

cl = factor for true classification for training set

k = neighbor considered  We have 3 distinct neighbour for our dataset.

Other side notes.

How to install R package


Check if you have a package installed

any(grepl("", installed.packages()))

Angularjs Use custom attribute to customize your html behaviour

Sometimes you would like to add custom behaviour to our html markup and have a custom function invoke by it.
For example, lets say you're trying to implement google analytics to track specific field that a user interacts with. So we can create a custom directive that push tracking info to google analytics as user interacts with different field.

We can easily do that with angularjs directive as demostrated with code below :-

We create a normal directive and under the link section (Line #18), we use "on" method to listen to specific html event.

For a demo, please click here.

Monday, July 04, 2016

Embedding base64 images to a static html page

This is easier than i thought.  To get started all you need to do is :-

1. upload your image to this link here.

2. copy and paste base64 to your image html image tag as shown below :-

Walla... done!

mocking defer object with jasmine

Often you come across deferred object, that looks like the following code.

When you're writing unit test, you need to mock out this component. It is also a standard practice to inject external components on your constructor and then we can mock it out.

This is how our mock quote service in typescript looks like.

We have retrieve, then and catch function. Closer analysis (Line  #8), you can actually see that we're returning some results from then function and it sets data in our main component

Line #7, result parameter in then function is a function which we can execute and sets data it needs. This allows us to fake some data -> we provide a fake quoteNumber,

With this, we don't really have to use spyOn and we get to set our data as tho it is the real implementation.

This is how it all ties together