TECH INFO

Wednesday, January 1, 2020

Super cars that actually runs on sea water.

sulac01 January 01, 2020 No comments :
When a months-old company called NanoFlowcell AG showed up at the Geneva Motor Show in March 2014, debuting its prototype for a “supercar” powered by saltwater-filled flow battery, onlookers appeared intrigued but skeptical.
Yes, the Quant e-Sportlimousine was snazzy, and enough research was being done to suggest that liquid-flow batteries (which combine the technologies in regular batteries and fuel cells) could be the future of electric cars, but there was good reason to question the car’s prospects. NanoFlowcell’s founder, Nunzio La Vecchia, had brought another “Quant” car to Geneva before, in 2009, which never made it past the auto show circuit. And though La Vecchia insisted that NanoFlowcell’s 2014 prototype was completely different, few were convinced that it would ever be seen on actual roads. “It’s possible we can see this type of system utilized in the next few decades,” wrote Topspeed.com. “So check back with TopSpeed in 20 years or so for any updates.”
But now that the Quant e-Sportlimousi approved for use on European roads, there’s more enthusiasm, and some in the tech media are making the inevitable comparison with the high-profile luxury electric carmaker Tesla Motors and its Model S. The concept of the car, after all, is stupendously attractive. It has four motors—one for each wheel—powered by electricity generated from a process of filtering ionic liquid, or saltwater. The car carries the electrolyte fluids in two adjacent 200-liter tanks separated by a membrane. The fluids in each tank are slightly different, and it’s the reaction between them when they cross the membrane that creates electricity.
NanoFlowcell says its car can go for 370 miles on a single charge. Among the other (somewhat outlandish, and as yet unverified) claims: It takes 2.8 seconds to go from 0 to 62 miles per hour (the Tesla Model S takes 4.2 seconds to do the same); has a top speed of 218 mph (almost 100 mph faster than the Tesla S); and peaks at 920 horsepower (compared to 416 for the Tesla S). Until road tests get underway, though, this might as well be fantasy. At least it’s a beautiful one:
General Electric has been working on flow battery technology for years and announced in August 2013 that it aimed to power a car with a water-based battery for 240 miles, though there is no word on whether much progress has been made there. Flow cell batteries have the potential to power cars three times as far and for one-fourth the cost of lithium-ion batteries (the sort that industry darling Tesla Motors is betting big on), according to GE. Flow cell batteries are said to be safer, lighter, and easier to recharge than lithium-ion ones, as well.
It’s a shame, then, that the makers of the Quant e-Sportlimousine had to put their amazing saltwater battery in a car that, should it ever hit the market,may cost about $1.7 million, making Tesla’s Model S luxury electric car look like a bargain at $70,000 to $95,000.
And that’s why Tesla probably has nothing to worry about here: If the only way to get a saltwater-powered battery into a car is to price it like a moderately sized mansion, then lithium-ion batteries just look even better.

Wednesday, December 25, 2019

First e-bike of Nepal

sulac01 December 25, 2019 No comments :

Day by Day, the world is changing by technology and in this race of technology and, Nepal is also a good competitor. As we know Nepal is small in area but day by day Nepal is producing new talents in this competitive field. The first e-bike company of Nepal known as "YATRI" has published its first e-bike and they named as yatri of its own company name. It's all began technically in May 2018 and they name their project as "Project Zero" which gives an idea when the user switches to the electric vehicle then user don't have to compromise with the vehicle looking at the existing electric market of Nepal there is the restriction of range and charging time that is something they wanted to change and they started their journey of making first Nepal e-bike from scratch. Many e-bikes in Nepal in the present situation they only have one key and nothing but "YATRI" motorcycles gives a better key with unique user interface which makes more interesting riding they have their own app named as your hub whole body of this e-bike is designed and made in Nepal.

 Its whole body is made from fiberglass they gave it an unbelievable great look it inherits the proportions of cafe racer it is the bike for those people who care about the inspiring product. it contains 30kw battery which gives you a torque of 40 nm, it reaches the speed of 0-60km/hr at 0-4 sec it has a top speed of 120km/hr and it fully charges about 2hour. Basically, it's like a sports bike but it is specially designed for urban Areas like Kathmandu which is very helpful it is a special gift for all bike lovers and e-bike lovers. It contains a very slick designed display on its front of the body which displays distance battery percentage and other things.
It is showcased a week ago its ordering procedure is started but officially it is launched in March 2020.
You can preorder from [email protected].

Thursday, April 11, 2019

What is DDoS attack?

Sagar Panta April 11, 2019 No comments :
What is DDoS attack and how does it work?
Hello everyone in this post we're going to talk about DDoS and what it is. DDoS stands for Distributed Denial of Service and it's basically a cyber-attack on a specific server or network with the intended purpose of disrupting that network or server’s normal operation. A DDoS attack does this by flooding the targeted network or server with a constant flood of traffic. Such as, fraudulent requests which overwhelm the system causing a disruption or denial of service to legitimate traffic.
 So for example, here we have a web server and let's just say that this web server could be a loan to a company that sells their products over the Internet. And over here we have a couple of customers with their computers that are browsing the company's web site looking at the company's products or services. Now let's just say that someone just wanted to do an attack on this company's web server and let's just say that they're going to attack the server for whatever reason. For example, maybe they don't like the company or they don't like the owners of the company or whatever. So what happens if the attacker is going to use their computer and their program to attack this server and flood it with fraudulent data traffic to try and disrupt its service now. This is not a DDoS attack this is just called a DOS attack which stands for denial of service. Because a DOS attack is an attack that's just coming from one source.
Now, normally a network or server is able to handle an attack from a single source because it's easier to pinpoint. The server can just simply close the connection where the attack is coming from. So that's not really a problem however the problem is that what if an attack comes from multiple sources simultaneously and that is what a DDoS is. A DDoS is an attack from multiple sources all at once. So this can computer here who is the ringleader can communicate with other computers around the world and coordinate an attack on this server. So now instead of an attack coming from a single source, the server now has to deal with an attack from multiple sources and when this happens it will overwhelm the server. It will eat up the server's system resources such as the CPU and memory and it will also eat up network bandwidth. So, as a result, these legitimate computers over here are going to be denied service because the server is too preoccupied in dealing with a DDoS attack. So the webpage is that these computers want to access or either not going to load or they are going to be very slow in loading. And they'll get that familiar spinning wheel of lag on their screens.
So the question is how does the attacker get other computers to get involved in a DDoS attack? And the simple answer is by using malicious software the attacker will developed a malware program and distribute it over the internet and put it on things like websites and email attachments. So if a vulnerable computer goes to these infected websites or opens these infected email attachments the malware will be installed on their computer without the owner even knowing that their computer has been infected. So now their computer has been recruited in an army of other infected computers to perform a DDoS attack and this army of infected computers is what's called a botnet. Now, this botnet is not just limited to a few computers this botnet could be hundreds or even thousands of computers that are scattered all over the world. So now this botnet can be controlled like an army waiting to receive instructions from the attacker, who is now like a centralized command and control center for the botnet. Then the attacker can send out commands to all these computers and to tell them to attack at a certain date and time. Then once that set time is reached the attack begins.
 Now a DDoS attack can last for hours or even days. It just depends on the attacker’s intent. So another question is why do people do DDoS attacks? DDoS attacks can happen for several different reasons. For example, it could be for financial reasons and the attacker is ddossing a competitor in the marketplace. It could also be for maybe political reasons maybe they don't like the targeted organization's beliefs. It could also be that maybe the attacker is just doing it for fun.

Tuesday, April 9, 2019

What is Ransomware Virus and how hackers use it?

Sagar Panta April 09, 2019 No comments :

What is Ransomware Virus and how hackers use it?



Ordinarily, falling victim to a ransom plot means that you are the son or daughter of some rich person and the only way to get out of it is by paying tons of money or waiting for someone to come and rescue at least that's what TV would have us believe. These days, being held for ransom can actually happen quite differently with your computer of all things. I'm talking of course about ransomware, a particularly diabolical type of malware that is to say bad software that's been making headlines recently.
So, here's how it works. Once ransomware gets on your computer usually through an infected email attachment or the all-too-common Trojan horse attack it will lock your computer or your data in some way and demand payment in exchange for giving control of your system back to you. Some of the simpler forms of ransomware will simply try to fool you into thinking there's something wrong with your computer and get you to pay money to fix it. A common tactic that we see in those banner ads that tell you that you've been inexplicably infected by something.
Now oftentimes with those you've probably got at least rudimentary control over your system still so the only real issue is that you have to deal with these constant popups until you find a way to get rid of the malware. A much more irritating kind of ransomware will lock your computer entirely and keep you from logging into your operating system unless you cough up the money. Many of these varieties of ransomware will display a threatening message purporting to be from the FBI or some other super hardcore police agency saying that your computer was used for something highly illegal but you can get your computer back and avoid doing hard time just by paying a few hundred dollars. Sounds absurd right!! But people have fallen victim to this and even if you recognize the scan immediately those ones can be a real pain to remove. Worst of all, is the ransomware that not only locks your system but also encrypts your files and won't provide you with the keys to decrypt them unless you pay up. The most notable of these being cryptolocker although many other variance have popped up since that one first made the news back in 2013. Some other issues with these unsurprisingly cyber criminals aren't exactly the most trustworthy folks and many people have reported not getting their files back even after paying the ransom. And on top of that there are some kinds of ransomware that don't even ask permission they just hit your Bitcoin wallet and take the money without even giving you a chance to say well hold on let me think about whether this data is actually worth paying for.
So then, how can you rescue your computer and protect your cash if you get infected? Many of the non-encrypting types of ransomware can be removed by booting into safe mode and running an up-to-date anti-malware tool. If that fails downloading a bootable removal tool to a flash drive and running that. However, if you've been hit by an encrypting variety of ransomware you're probably out of luck as most of these use a very strong encryption algorithms. In fact the FBI has advised people to just pay these ransoms in the past. So, if you don't like the idea of your money going to online criminals, backup your data somewhere preferably offline. And remember please to explain to your grandparents what a banner ad is if they call you in a panic over having 50 viruses on their all-in-one PC.

How are the ransomware virus transferred to your PC?
·      Through infected files downloaded from internet
·      Through malicious cracked software that we use
·      Through friend’s pendrive
·      Through emails and messages
·      Through malicious links and advertisements.

So guys this was today’s information for you. Hope you guys liked the post. If you have any issue related to it please let me know in the comment box. I will be back soon with another tech news.

Thank you!!

Monday, April 8, 2019

What is CTF?

Sagar Panta April 08, 2019 No comments :

What is CTF (Capture The Flag)?


Security CTFs, or Capture-The-Flag competitions have nothing to do with paintball or shooter games, but they are awesome to learn to hack. They can be very challenging and teach you a lot of new skills. In this post, I want to tell you about what kind of challenges there are and how you can find CTFs to play.
 Generally, there are two categories of CTFs. Jeopardy-style and Attack-and-defense.  I will only focus on the Jeopardy-style, especially because it’s easier to get into. So a typical CTF offers a bunch of different challenges that you have to solve. Most commonly you have to exploit some kind of service so you get remote access to the server, so you can then read the content of a file that contains a special string, the flag, which is proof that you hacked the system. You can then enter that string in a form and you get points depending on how hard the challenge was for your team.
 Usually, a challenge has a title, a short description and maybe info on how to reach the service or a file to download. Oftentimes the title or description is already a small hint. So, for example, there was a challenge called sha1lcode at the HITCOn CTF 2014, and without really looking into the challenge I already assumed that you have to write shellcode, and it has something to do with sha1 hashes. Maybe writing shellcode in the form of sha1 hashes. And indeed, that was the solution in the end. There are a lot of different kinds of challenges, and sometimes you get some new creative ones, but the typical topics covered are reversing, pwning, crypto, web and maybe misc or programming.
Reversing usually comes with an executable, a program you can download and run locally. The program implements some kind of algorithm that checks an input key. If you find the correct key, which is oftentimes already the correct flag, then you solved it. So solving it requires you to reverse engineer and understand the implemented algorithm to deduct the correct input key.
For pwning challenges you often get also an executable but with it an IP address and port of a server running this program. So you have to figure out how to exploit the program to gain remote code execution. You develop your exploit locally and then use it against the server, where you can then read the flag file. These challenges range from simple buffer overflows to very advanced heap feng shui stuff. And they are the most interesting ones to me. 
Crypto, like the name says is about cryptography. Sometimes it’s about attacking a self-made cipher, or very simple crypto attacks like weak random generators. But it can get really advanced and mathematical. Where you are basically lost if you are not up to date with the research and papers form that field.
Web challenges are also clear, they are about web applications. Usually you get a URL and you have to exploit maybe a advanced SQL injection, or bypass authentication. Sometimes even XSS or CSRF challenges. I also have a web challenge writeup where you can get a feeling for what it is about. Misc basically covers anything else. And programming is also self explanatory.
Mostly it’s about clever implementations of solving some kind of problem. Now that you are excited about solving some of these challenges, let’s talk about where you can find them. The best platform for all of this is ctftime. It’s made by the CTF community for the CTF community. You can see which CTFs are upcoming and you get information like the format, when it happens and where to register. You can also see the archive of competitions in the past. Over the year the CTF teams collect these points and you have an overall ranking. Being in the top 50 is quite challenging. But how to find a team? Well it’s like finding a group of friends. There is no one way how to do it. You could also checkout the reddit CTF team OpenToAll, which is, like the name says, open to everybody. But all these CTFs are usually short. They are over a weekend. Maybe 48-72 hours. But there are also websites where these kind of challenges are available forever. So I played a lot on w3challs, smashthestack and overthewire. In the beginning you will realize you know nothing. You fail every challenge you try. But that’s normal. Because people create writeups or upload their exploit script. And then you can work through those solutions. You can research topics you didn’t know about. You see how other people solve it. And you start to gain experience. And you will see that after a couple of CTFs you start to be able to make progress yourself. So for that prupose you should look up the writeups on ctftime, or the ctf writeup github repository (maybe contribute yourself by gathering other peoples writeups and create a pull request), or simply hang around on the IRC channel of the competition, because people will start discussing solutions afterwards. I hope this quick overview was helpful to get into challenges yourself. And maybe consider recording yourself solving them during the CTF. Just make sure you don’t beg for flags, solutions and hints. Respect the competition. Be excellent to each other. And accept your lack of skill and convert it into motivation to learn more.

What is Cloud Computing?

Sagar Panta April 08, 2019 No comments :

Cloud Computing

Cloud Computing


In this post, we'll be discussing what cloud computing is and the fundamental change it brings in how we view and think about computing. To better understand the massive revolution cloud computing will bring and is bringing to the field of computing, let's first go back in time and view a similar revolution with electricity.
 Before the height of the industrial revolution, electricity had to be generated in house, this had many downsides: every worker lost to generating electricity was one less to make the factory more productive and scalability was a major issue, at times when production of the factory went up, there wouldn't be enough generated electricity, causing power outages and a loss of production. Thus, often times more electricity than needed was generated which was quite costly. Then in the The 1880s, Thomas Edison, founded the Edison Illuminating Company, turning electricity into a utility. In other words, something that could be switched on and off whenever desired, delivering the exact amount of power needed at a cost per unit, in the case of electricity, watts.
 Coming back to the present day, this analogy has strong correlations to transformations seen in computing. When running a website or application in the pre-cloud computing days, every individual business with an online presence had to maintain servers that allowed users to access their site, this is referred to as hosting. Like with electricity, sometimes more users will access the site and sometimes there will be little to no users on the site. To prevent site crashes on periods of high traffic which therefore equated to lost users and customers, more servers than needed often had to be purchased. These servers are very costly, racking up bills even when they aren't used to full capacity. Also like the electricity analogy, having a large team of sysadmins, network engineers, etc takes away productivity from the true goal a business is trying to achieve, therefore making the barrier to a scalable business high and costly.
Now, with cloud computing, we are witnessing a revolution in how computing power is allocated, in other words, viewing computing as a utility. Cloud computing has seen an incremental evolution over the past decade, in large part due to the exponential increase in computing performance, with cloud computing currently growing at a rate of 23 percent per year. Before discussing the primary types of cloud computing, what exactly is it? Well, the best way to think about it is to think about actual clouds. A cloud is formed via a dense cluster of water molecules that appear as a single object from a distance, thus taking this concept, cloud computing refers to a dense cluster of computers working together that appear as a single computing resource. There are many companies in the cloud computing race now, to list some of the biggest cloud providers:
Amazon Web Services, Microsoft Azure, Google Cloud, IBM Cloud – the list can go on and on.
Essentially, the cloud services these companies provide are through vast data centers made for public use. As discussed previously, for a business to manage its online presence, in-house servers and maintenance was required, which racked up costly bills and was counterproductive to the true goals of the business. This is where the first type of cloud computing came into play:
Infrastructure-as-a-Service, IaaS, where the hardware, in other words, the hosting environment was abstracted away. Like with an electricity meter, businesses only pay the cloud provider for the exact amount of computing power used. So, when there is a heavy load on a cloud-hosted site, more is charged due to increased computing demand, and with less traffic, significantly less is charged.
The next type of cloud computing is, Platform-as-a-Service, PaaS, this is where the operating system and software backend is abstracted away. While IaaS provides the infrastructure for hosting an application, everything else involved in backend development is not covered. This is the role PaaS fills, backend services, including data management in the form of databases and middleware which is the plumbing between the components of an application to make sure everything works together.
The last type of cloud computing we'll discuss is, Software-as-a-Service, SaaS, this is where the software runtime is abstracted away, essentially a layer in the cloud for program execution. This part of the cloud affects us, the consumers, the most, allowing our devices to do minimal processing when running an application because processing is instead done in the cloud and results delivered to our devices.
This is the combination of all three types of cloud computing we've discussed, more on this in the next section. A serverless future provided through cloud computing is the new paradigm, this further exemplified by the fact that the price of cloud computing is decreasing due to increasing computing power. This is referred to as Bezos’s Law, where the CEO and founder of Amazon stated: a unit of computing power price is reduced by approximately 50% every 3 years. The unit of measurement for the allocation of computing power varies by provider due to the types of cloud computing they provide, for example, per gigabyte of RAM used, per gigabyte of storage, kilowatt hours of computing used, etc.
The reason for the drop in price and increase in power for these units extend to topics we discussed in previous videos in this computing series that deal with advances in both hardware and software such as GPUs like Volta, new memory devices as well as standards and much more! When electricity became a utility, the barrier to entry of a scalable business dropped and led to innovation at an exponential rate, computing as the utility does this once again. This is easily observable by startup culture today, where anyone with a vision or idea can immediately establish an online presence and proof of the concept of their application or website. Whereas in the past, expensive servers would have to be maintained and overhead of extra staff, now with cloud computing and serverless architecture all of that is taken care of at a bare minimal cost.

Saturday, April 6, 2019

Clash between Apple and Samsung

Sagar Panta April 06, 2019 , , , No comments :
How the clash between Apple and Samsung started?


If you’ve been following Apple for a while or know the company’s history, you’ll probably remember them having quite a few rivals over the pastthirty-fivee years. In the 80’s it was IBM, in the 90’s it was Microsoft, and in the 2000’s, it eventually became Google. But the rivalry between Apple and Samsung is more recent, and more unique. Since Samsung not only competes with Apple in the notebook, tablet, and smartphone markets, but also supplies Apple with key components for their devices. Like the iPhone’s OLED display and flash memory chip. So let’s explore how the two companies’ relationship soured, and how they feel about each other today. This is Sagar with Tech Info and if you want to help decide which post topics I cover, make sure you’re subscribed and comment.

      Samsung v. Apple is a long-running dispute between two main mobile phone manufacturers. These two companies have been fighting with each other over a various span that they hold all over the world, with Apple winning some and with Samsung winning some, but the Supreme Court is going to focus on just one issue: whether Samsung’s infringement of the way Apple’s phone look should be punished by forcing Samsung to turn over every single penny that they’ve made on the sale of those devices or whether the damage should be much lower and be reduced to limit them only to the value of a particular design that Apple came up with. There are generally two types of patents. 

One is called utility patent and one is called design patent. A utility patent is one that is meant to cover the way things work. The design patent covers the way things look, irrespective of how they work. It’s purely ornamental. Design patents are meant to cover these ornamental features that do not affect the utility of a particular device. Currently, it’s only those patents, it’s not the utility apatents that are at issue. The Court is concerned by whether or not Apple has really reduced the price to fairly small features. These are not fundamental, groundbreaking things. Whether or not by having patents on those things, they can essentially bankrupt an entire line of Samsung products. Apple prevailed at a jury trial and a jury concluded that Samsung’s Galaxy devices infringed some of Apple’s design patents and awarded them a judgment in the amount of, roughly, one billion dollars. Eventually, the case was appealed to the U.S. Court of Appeals for the Federal Circuit. Unfortunately for Samsung, the statute language is fairly clear. It does say entirety of the profits. Section 289 of Title 35 of United States Code says that when a design patent is infringed, the infringer is liable for the entirety of his profits. The section is actually fairly clear and we can certainly debate whether that’s a right decision or a wrong decision from microeconomics, fairness, incentives, and so on. Nonetheless, that’s what Congress said, therefore, Samsung was liable to figure out how much money they made on the sale of their Galaxy devices and turn it all over to Apple. It’s going to take some effort by Samsung to convince the Court that the statute is either not as clear as people think or at least doesn’t make sense in a modern economy. Samsung’s argument is that people were not necessarily buying Samsung because it has rounded edges and a button at a particular location, and even if they’ve infringed those patents, according to Samsung, they should pay something, but they should pay only for the value of those particular features, and of course the value of the features is not very high. If the Supreme Court agrees with Apple, then Samsung will pay its one billion dollar judgment plus whatever interest has accrued since then. If the Supreme Court agrees with Samsung, then the case will be remanded back to the trial court for additional trial, not on the issue of infringement because that’s already been settled, but on the issue of how much that infringement is actually worth under the rule the Supreme Court will announce.

Cross Site Scripting (XSS)

Sagar Panta April 06, 2019 , , , 1 comment :
What is Cross Site Scripting (XSS)?


  • Introduction

Cross site scripting is the number one vulnerability on the web today. If you are writing any kind of web software, and you don't know about this, you should know this! And if you are the kind of person who likes to play about with websites, and break them, in a definitely legal manner, you should know this.

  • Concept

 To explain it, we have to go back to the early days of the internet. We have to go back to Tim Berners-Lee sitting at CERN, making up how the web will work. The web is based on something called HTML, Hyper Text Markup Language. Most people who are reading this, I think, will know how this works, but just very quickly, it means that you have tags. An HTML document starts with angle brackets like this <, and closes with angle brackets like this >. Anything between angle brackets is read as an instruction. So if I want to put some text in bold, I put a <b> tag and a close </b> tag, and I put some text in the middle, and that becomes bold. Those angle brackets, wherever they are in the document, mean "an instruction is coming here." So, what do you do if you want to put an angle bracket, which is basically a less-than sign, into your document? Well, you do something called escaping. Instead of sending the angle bracket, you send an ampersand, and then "lt" for less than, and then a semicolon. And that means, when the user actually reads it, it will become an angle bracket. Wonderful. And that works fine. It means in the old days of the World Wide Web, you could send a request, and the document would come back, and the angle brackets would not mess everything up.
Then we move on a bit, and we start coming back with more interactive things. Someone comes along and invents JavaScript. And JavaScript is a programming language that sits in the middle of web pages. You start with a tag in the middle of your document. So you've already got your HTML. You start with a <script> tag. And then everything stops. You've got a closing </script> tag down here. Nothing in this section will actually appear on the user's screen. What you have here is a completely separate programming language. You can declare variables. You can do calculations. That's vaguely sensible. You can create an entire language there, and that language can affect the document. So you can take the output from that, and you can put it into the rest of the text. It's really really powerful. It's the way that everything big, everything interactive, works on the web now. You can design entire games in JavaScript. And all its doing is creating a web page, and then just moving bits about. The trouble is that JavaScript is dangerous. It can do anything to the web page. And rightly so - that's how Gmail works. But imagine if you could get whatever JavaScript you wanted to do anything with, say, the login page of an online bank.

  • Working
 You could tell it that, instead of just taking the username and password and sending them to the bank's servers, first, it should send them to someone else. And when they've got them, and the user won't know that's happened, then it should log people into the bank. Or you could, say, instead of sending the words people are actually typing to the web, ignore them. Just send John instead. This is how MySpace worms spread, because you would type in the code, and it would appear, because MySpace hadn't quite filtered JavaScript properly, and that's the cross site scripting bug I'll get to in a minute. You could write anything you wanted in there, and every time someone looked at that MySpace page, the code would run! And it would say, hey, go do stuff with their profile instead. And it would.

  JavaScript is dangerous because it lets you do anything on a web page. So, how do you get it in there? Let's go to, say, Google. Whatever I type in here, appears on this web page. That's fine. What happens if, instead, I type in an italic tag? Well, what won't happen is that Google will send the whole page in italics. Because what they have done is they have converted it into  less-than. Which is great. Let's imagine that instead of typing "test", or instead of typing that, instead I type in <script> and then some code. And as long as I write valid code there, and as long as the box is big enough, and there's a few other hacks you can do to make that work, if, as a web developer, you forget to do that little trick that changes them from less-than signs to that code that means "put a less-than sign in there," your web server puts the page out, and the web browser looks at that and goes, "That is JavaScript code! I'm gonna run that!" And it does. And you can use that for entertainment.

  • Conclusion

But the more sinister stuff you can do with JavaScript, quietly stealing passwords and user information and letting you log in as other people, all of these things are entirely possible by just letting unescaped JavaScript get into your web page. And here's the thing. Here's the really important thing. All you need to do is mess up once, anywhere on your site, with any user input. Something that you think is completely innocuous because someone is just typing in their age. If you forget to escape that, and someone types in a little bit of code there instead, well, congratulations, your web site is now completely vulnerable. And this has happened regularly, in Google, in Facebook, in every single big site, because it's so easy to forget. Even when every single framework out there, every single tool to help web developers, has something that goes, "Guys! You've missed this!" "You've missed this! Do you really mean to do that? Are you sure you really mean to do that?" You can still mess it up. Even the big guys mess this up. And they have what are known as "bug bounties." They will pay you money if you find something like this and then responsibly tell them. You don't go and tell the world. If you can do that, I think someone earned something like $12,000 for finding a bug in Facebook that let people do this. So, rather than try and break things, try and mend them. Try and find something like this. If this is your thing, if this is your, something that you look at and go, "Oh, I can try and break things with this!", do it. And then look at the big guys, and try and earn some money with it instead. Cause they will thank you, they will put your name in lights on your site, on their site, and they will pay you money. 

Thursday, April 4, 2019

What is Dark Web?

Sagar Panta April 04, 2019 , , , 2 comments :
What is Dark Web and Deep Web?


Ø Introduction:
Hi, welcome to the new post.  I'm sure by now that everyone has heard of the dark web commonly known as the epicenter of illegal online activity a vast secret cyber underworld. It's called the dark web and people aren't using it to buy shoes they're buying drugs weapons. Anything you can imagine the subterranean realm is sinister and untraceable with consequences that can be deadly.
 People may also be familiar with the Silk Road or at least its history. The online marketplace where you could buy narcotics with absolute anonymity but the dark web is part of something much bigger. The Deep Web which makes up 90% of the entire web through our internet searches in our daily lives. We only see a tip of the iceberg how did this all start in this post we'll take a look at both the Deep Web and the dark web. For starters, let's take a look at some basics. The web can be defined into three categories.

Ø Understanding                   

First, there's the surface web and that's everything that's open and available. Basically, everything that can be found is through a Google search. Following this is the Deep Web. This is the portion of the Internet that's hidden from conventional search engines and it contains unindexed websites. Here you can find personal information like your payroll and medical records or a corporation's private data and finally, there's the dark web. Here, sites are intentionally hidden from search engines. Sites and the dark web can only be accessed through special browsers which you use masked IP addresses to hide the identity of the visitors.

Ø History of Darknet


So, where did this dark web come from? In 1969 a couple of university students sent the world's first computers to compete for a message. It was sent on ARPANET an early ancestor to the Internet. The concept of connecting computers together was a radical idea at the time and at certain motions. The progression to the modern Internet. But ever since there has been the internet or any form of internet people have used it for illegal online activity. In fact, one of the first-ever e-commerce transactions was a drug deal in 1970. It was done between two students at MIT and Stanford in the 1980s. People also attempted to create data havens in small countries with relaxed laws. These early examples were nowhere near as sophisticated as the modern dark web. However, they illustrate the point that they have always been people who wanted to use the web to escape the eyes of the authorities or everyone's eyes for that matter.
 In the mid-1990s things started to get interesting a technology called tor was created. Tor stands for The Onion Router and is a browser which allows users to exchange information anonymously online peer-to-peer networks like tor are the backbone of the dark web. For the dark web to exist, it needs anonymity. Tor manages this by hiding the identity of the user by bouncing the connection through three different servers around the world adding a layer of encryption each time. Hence, the name onion it would be logical to assume that tor was invented by a group of anti-establishment coders and criminals trying to evade government control. Looking at the illegal activity of the dark web this makes sense. However, quite paradoxically tor was invented by the US Naval Research Laboratory to allow intelligence personnel to transfer information securely. Another agency of the US Department of Defense called DARPA further developed all and in 2002 they made it available to the public. To this very day, tor is still funded in part by the US government.

Ø   Deeper dive into Darknet

Ok so let's take a deeper dive and take an interesting look at the deep and dark web. Firstly it's huge and its size is growing rapidly. A 2001 study done by the University of California discovered that the dark web had 7.5 petabytes or 7500 gigabytes of information. In just two years this number increased to over 91,000 petabytes. Today combined the deep and dark web is over 96% of the entire web. When you do an internet search you're only searching 0.03 percent of the entire web. The dark web is such a nefarious place that you can get scams based around murder. In one case people kept falling for an elaborate scam to hire hitmen. A website called Besser mafia claim to offer the toughest Albanian hitman services. But in reality, it was two Eastern European men tricking people into handing over their money to pay for hit jobs that actually didn't happen. It said that you can find anything from an AK-47 to rocket launcher on the dark web if you look hard enough. Criminals have also been discovered selling fake degrees certifications and passports. People have also hired hackers to break into university systems just to change their grades. Stolen identities up for grabs from the dark web. Passwords for individual bank accounts cost around 160 dollars. And your full identity about $1,200.
 On the dark web, there's also a hidden Wikipedia. This contains Wikipedia articles that are immune to censorship. One of the most infamous sites on the dark web is the marketplace Silk Road.
 Here, many things can be purchased with Bitcoin but mostly illicit drugs and fraudulent documentation such as a passport. Being mostly anonymous Bitcoin among other cryptocurrencies was instrumental in allowing Silk Road and any anonymous marketplace to run. Approximately a hundred and seventy thousand bitcoins were seized by the US government from Silk Road and Oh bridges personal account at the time this was roughly a hundred million US dollars. You've sold at the peak of bitcoins price in 2017 it would be worth approximately 2.8 billion US dollars.


The New York Times and other news outlets have opened onion sites to allow people to anonymously submit information. So the dark web isn't really a place to surf. It's a place that allows you to do specific things and people should really know what they're getting into before accessing it. Many sites need invites and a lot of people provide very specific services stumbling upon a site. 

Wednesday, April 3, 2019

Machine Learning

Sagar Panta April 03, 2019 , No comments :
Machine Learning: Leading steps toward Machinery Intelligence
From identifying skin diseases to arranging cucumbers to distinguishing lifts needing fix, Machine Learning has allowed PC frameworks completely new capacities. In any case, how can it truly work in the engine? How about we stroll through an essential model and blame it so as to discuss the way toward finding solutions from your information utilizing Machine Learning. Welcome to Tech Info. My name is Sagar Panta. On this post, we'll investigate the workmanship, science, and apparatuses of Machine Learning.



We should imagine that we've been approached to make a framework that addresses the subject of whether a beverage is wine or lager. This inquiry noting framework that we assemble is known as a model, and this model is made by means of a procedure called preparing. In AI, the objective of preparing is to make a precise model that responds to our inquiries effectively more often than not. Be that as it may, so as to prepare the model, we have to gather information to prepare on. This is the place we will start. Our information will be gathered from glasses of wine and brew. There are numerous parts of beverages that we could gather information on- - everything from the measure of froth to the state of the glass. Be that as it may, for our motivations, we'll simply pick two basic ones- - the shading as a wavelength of light and the liquor content as a rate. The expectation is that we can part our two kinds of beverages along these two factors alone. We'll call these our highlights starting now and into the foreseeable future - shading and liquor. The initial step to our procedure will be to head out to the nearby market, purchase up a bundle of various beverages, and get some hardware to do our estimations - a spectrometer for estimating the shading and a hydrometer to gauge the liquor content. It gives the idea that our market has a gadgets equipment segment also.
Machine Learning is the exploration of getting PCs to act without being expressly customized. In the previous decade, Machine Learning has given us self-driving vehicles, down to earth discourse acknowledgment, viable web look, and an unfathomably improved comprehension of the human genome. Machine Learning is so inescapable today that you presumably use it many times each day without knowing it. Numerous scientists additionally think it is the most ideal approach to gain ground towards human-level AI. In this post, you will find out about the best Machine Learning strategies, and addition work on executing them and getting them to work for yourself. All the more critically, you'll find out about the hypothetical underpinnings of adapting, yet in addition gain the down to earth know-how expected to rapidly and intensely apply these procedures to new issues. At long last, you'll find out about some of Silicon Valley's prescribed procedures in development in accordance with Machine Learning and AI.
As a result of new registering advancements, Machine Learning today isn't care for Machine Learning of the past. It was conceived from example acknowledgment and the hypothesis that PCs can learn without being modified to perform explicit errands; analysts intrigued by computerized reasoning needed to check whether PCs could gain from information. The iterative part of Machine Learning is critical on the grounds that as models are presented to new information, they can autonomously adjust. They gain from past calculations to deliver solid, repeatable choices and results. It's a science that is not new – but rather one that has increased new force.

While many Machine Learning calculations have been around for quite a while, the capacity to consequently apply complex numerical figuring’s to enormous information – again and again, quicker and quicker – is an ongoing improvement. Here are a couple of broadly exposed instances of Machine Learning applications you might be comfortable with:

1.    The vigorously advertised, self-driving Google vehicle? The quintessence of Machine Learning.

2.    Online proposal offers, for example, those from Amazon and Netflix? Machine Learning applications for regular day to day existence.

3.    Knowing what clients are stating about you on Twitter? Machine Learning joined with etymological principle creation.

4.    Extortion location? One of the more self-evident, imperative uses in our present reality.

Tuesday, April 2, 2019

Top Five Online Shopping Sites of Nepal

Sagar Panta April 02, 2019 , No comments :

Top Five Online Shopping Sites of Nepal

With the development of the Internet and Internet-based gadgets, the greater part of the general population are partial to things accessible over the web. Facebook and online media have developed their notoriety in Nepal especially nowadays. Web based shopping destinations or online stores are likewise one of the famous things in the web world at this point. Discover the rundown of best web based shopping destinations underneath.
Web based shopping has turned out to be well known among individuals living in the significant urban areas of Nepal. It has turned out to be famous principally due to accommodation and straightforwardness to shop from their home or office. A standout amongst the most engaging components about internet shopping is that it eases the need to hold up in long queues or scan from store to store for a specific thing. We see numerous youngsters are pulled in to online stores, as we can see the value, analyze between at least two locales and purchase the item.
We, the individuals from Nepalitelecom.com group have been utilizing different internet shopping locales in Kathmandu. According to the experience, in light of the accessibility of item, nature of item and convenient conveyance with simple installment choices, we have picked the best 5 web based shopping stores in Nepal.

  •        Daraz.com.np




Daraz has introduced itself as one of the most popular, reliable and trending online shopping centre of Nepal. Previously Kaymu is the quickest developing on the web commercial center working in South Asian nations Pakistan, Bangladesh, Myanmar, Sri Lanka, and Nepal. A wide assortment of items are accessible in Daraz. The items incorporate customer gadgets, design, and magnificence items, nearby quickly developing general items.
Daraz is positioned in any case in light of the accessibility of items and their quality. As of late they have refreshed their application to incorporate more items and highlights. Daraz conveyance is likewise entirely solid. It ships items to the greater part of the urban communities of Nepal. There's nearly everything recorded on the site that is required in day by day life. Daraz has been my absolute first need while purchasing items on the web. They offer just money down alternative for the installment to date.


  •         Hamrobazar.com 


Hamrobazar.com is an online ordered which empowers people just as organizations to list the wide assortment of new or utilized item on the web. It is a standout amongst the most utilized shopping locales in Nepal as it gives the stage to the person to sell their very own items. Hamrobazar.com is an extraordinary channel for associating purchasers and dealers. Hamrobazar.com is an ideal arrangement which records your items for nothing.
They additionally highlight new items yet the site isn't that mainstream for purchasing new items. It is additionally a standout amongst the most visited destinations in Nepal.



  • Muncha.com
Muncha.com.np is the online variant of the departmental store "Muncha House". They have an in all respects early history. Muncha began its administration in 2000. Muncha.com.np is an advanced shopping center and blessing site where you can locate a wide assortment of items to address your issues. Their primary point is to furnish boundless assortments of items with the best quality administrations.

They acknowledge iPay, MasterCard, and VISA as an installment choice. Money down is accessible in Muncha. They convey items inside 2-3 working days.  
  •  Nepbay.com


Nepbay began their administration in 2007 as an online catalog of shops in Kathmandu and Lalitpur. They have developed to turn into an online stage for Buyers, Seller and Advertisers to grandstand their items and brands.
NepBay offers a determination of a wide assortment of stores and classes where the purchasers can choose from 1000s items. 100s of stores and 1000s of classifications make NepBay online stage for secure online exchanges.
NepBay acknowledges PayPal, VISA, MasterCard as global installment alternatives. They likewise give installment structure Nepal Investment Bank and Laxmi Bank credit and check cards.

  •    Sastodeal.com


Sasto Deal is one of Nepal's greatest web based shopping site. Sastodeal conveyances are generally free inside Kathmandu valley and a little extra charge is included for requests outside the valley. They ensure the profits and trade of the items inside the predefined timeframe.
Sastodeal conveys items to the majority of the urban communities of the nation and offers money down for the installment. Some conveyance charges are brought about while the items are conveyed to your area.
 So these are the top shopping site of Nepal. These sites are totally reliable and you also can order things from these sites.

Subscribe to: Posts ( Atom )

Recent Posts


Contact us

Link:https://www.sagarpanta.com.np


Email: [email protected]


Author: Sagar Panta


Please contact me if you have any issues.

Like Page