In-memory database

An in-memory database is a type of nonrelational database that relies primarily on memory for data storage, in contrast to databases that store data on disk or SSDs. In-memory databases are designed to attain minimal response time by eliminating the need to access disks. Because all data is stored and managed exclusively in main memory, it is at risk of being lost upon a process or server failure.  In-memory databases can persist data on disks by storing each operation in a log or by taking snapshots.

In-memory databases are ideal for applications that require microsecond response times and can have large spikes in traffic coming at any time such as gaming leaderboards, session stores, and real-time analytics. 

Use cases  :- 

           Real-time bidding

Real-time bidding refers to the buying and selling of online ad impressions. Usually the bid has to be made while the user is loading a webpage, in 100-120 milliseconds and sometimes as little as 50 milliseconds. During this time period, real-time bidding applications request bids from all buyers for the ad spot, select a winning bid based on multiple criteria, display the bid, and collect post ad-display information. In-memory databases are ideal choices for ingesting, processing, and analyzing real-time data with submillisecond latency.  

          Gaming leaderboards

A relative gaming leaderboard shows a gamer's position relative to other players of a similar rank. A relative gaming leaderboard can help to build engagement among players and meanwhile keep gamers from becoming demotivated when compared only to top players. For a game with millions of players, in-memory databases can deliver sorting results quickly and keep the leaderboard updated in real time.

        Caching

A cache is a high-speed data storage layer which stores a subset of data, typically transient in nature, so that future requests for that data are served up faster than is possible by accessing the data’s primary storage location. Caching allows you to efficiently reuse previously retrieved or computed data. The data in a cache is generally stored in fast access hardware such as RAM (Random-access memory) and may also be used in correlation with a software component. A cache's primary purpose is to increase data retrieval performance by reducing the need to access the underlying slower storage layer.

Data after a machine with an in-memory database reboots or crashes? With just an in-memory database, there’s no way out. A machine is down — the data is lost. 

It is possible to combine the power of in-memory data storage and the durability of good old databases like MySQL or Postgres? Sure! Would it affect the performance? Surprisingly, it won’t!

Here come in-memory databases with persistence like Redis, Aerospike, Tarantool.

You may ask: how can in-memory storage be persistent? The trick here is that you still keep everything in memory, but additionally you persist each operation on disk in a transaction log. Look at the picture:

The first thing that you may notice is that even though your fast and nice in-memory database has got persistence now, queries don’t slow down, because they still hit only the main memory like they did with just an in-memory database. Good news! :-) But what about updates? Each update (or let’s name it a transaction) should not only be applied to memory but also persisted on disk. A slow disk. Is it a problem? Let’s look at the picture:

To summarize all that was said above about disks and in-memory databases:

1. In-memory databases don’t use disk for non-change operations.
2. In-memory databases do use disk for data change operations, but they use it in the fastest possible way.

Why wouldn’t regular disk-based databases adopt the same techniques? Well, first, unlike in-memory databases, they need to read data from disk on each query (let’s forget about caching for a minute, this is going to be a topic for another article).

You never know what the next query will be, so you can consider that queries generate random access workload on a disk, which is, remember, the worst scenario of disk usage. Second, disk-based databases need to persist changes in such a way that the changed data could be immediately read.

Unlike in-memory databases, which usually don’t read from disk unless for recovery reasons on starting up. So, disk-based databases require specific data structures to avoid a full scan of a transaction log in order to read from a data set fast. One such data structure of the kind is a B/B+ tree. The flip side of this data structure is that you should change a B/B+ tree on each change operation, which could constitute random workload on a disk. While improving the performance for read operations, B/B+ trees are degrading it for write operations. There is a handful of database engines based on B/B+ trees. These are InnoDB by MySQL or Postgres storage engine. There is also another data structure that is somewhat better in terms of write workload — LSM tree. This modern data structure doesn’t solve problems with random reads, but it partially solves problems with random writes. Examples of such engines are RocksDB, LevelDB or Vinyl.

References Used :-  What Is an In-Memory Database?                                                             
                                What an in-memory database is and how it persists data efficiently

Version :-  1.0.0

REST API Documentation using Swagger2 in Spring Boot

Spring Boot makes developing RESTful services ridiculously easy .  Using Swagger  we can makes documenting our RESTful services easily.

Building a back-end API layer introduces a whole new area of challenges that goes beyond implementing just endpoints. Clients which uses our API,need to know how to interact with our API. In SOAP-based web services, you had a WSDL to work with. This gave API developers an XML-based contract, which defined the API. However, with RESTFul web services, there is no WSDL. So Rest  API documentation becomes more critical due to those reasons .

                                                                                                                      Version -  1.0.0

PL-SQL Tips That May Usefull

1.Oracle  has a data type TIMESTAMP,
which can also represent a date (with time). If you subtract TIMESTAMP values, you get an  INTERVAL . 
To extract numeric values ,use the EXTRACT function.
 
select
    extract( day from diff ) Days,
    extract( hour from diff ) Hours,
    extract( minute from diff ) Minutes   ,
    (  extract( day from diff ) 24*60*60*60 +  extract( hour from diff )60*60*60  +
       extract( minute from diff )*60*60   )   TotalMiliSecResult
from (
          select  (  CAST( action_time as timestamp) - CAST( idle_time as timestamp)   ) diff 
          from    mwt_idle_wallet  
        );




                                                                                                                                                  Version :- 1.0.0

Array Vs Collections in Java

 Java offers two types of constructs where you can store multiple  objects of the same type: Arrays and Collections. They have following differences and features .

• Array  fixed sized and Collections is dynamic sized (Collections automatically expand in size when needed)
• Due to  above reason  Collections are preferred over Arrays with respect to memory.
• Array can contain both primitive data types as well as objects of a class depending on the definition of the array. However, Collections only supports object entries, not the primitive data types
• With respect to performance its better to use arrays but with respect to performance collection are not good to use.
  

References Used :-  array-vs-arraylist-in-java 
Version               :-  1.0.0  

HTTP vs HTTPS

What is HTTP?

HTTP is stands for Hypertext Transfer Protocol. HTTP offers set of rules and standards for web browsers & servers to communicate and  govern how any information can be transmitted on the World Wide Web.
HTTP is an application layer network protocol which is built on top of TCP. HTTP uses Hypertext structured text which establishes the logical link between nodes containing text. It is also known as "stateless protocol".

Advantages of HTTP:

• HTTP can be implemented with other protocol on the Internet, or on other networks
• HTTP pages are stored on computer and internet caches, so it is quickly accessible
• Platform independent which allows cross-platform porting
• Does not need any Run time support
• Usable over Firewalls! Global applications are possible
• Not Connection Oriented; so no network overhead to create and maintain session state and information

Limitations of HTTP

• There is no privacy as anyone can see content
• Data integrity is a big issue as someone can alter the content. That's why HTTP protocol is an insecure method as no encryption methods are used.
• Anyone who intercepts the request can get the username and password.

What is HTTPS?

HTTPS is stands for Hyper Text Transfer Protocol Secure. It is highly advanced and secure version of HTTP. It uses the port no. 443 for Data Communication. It allows the secure transactions by encrypting the entire communication with SSL. It is a combination of SSL/TLS protocol and HTTP. It provides encrypted and secure identification of a network server.
Allows you to create a secure encrypted connection between the server and the browser. It offers the bi-directional security of Data. This helps you to protect potentially sensitive information from being stolen.
In HTTPS protocol SSL transactions are negotiated with the help of key-based encryption algorithm.

Advantages of HTTPS

• In most cases, sites running over HTTPS will have a redirect in place. Therefore, even if you type in HTTP:// it will redirect to an https over a secured connection
• SSL technology protects any users and builds trust
• An independent authority verifies the identity of the certificate owner. So each SSL Certificate contains unique, authenticated information about the certificate owner.
• It allows users to perform critical transactions  such as online banking.

Limitations of HTTPS

• HTTPS protocol can't stop stealing confidential information from the pages cached on the browser
• SSL data can be encrypted only during transmission on the network. So it can't clear the text in the browser memory

• HTTPS can increase computational overhead as well as network overhead of the organization

Difference Between HTTP and HTTPS

Parameter	HTTP	HTTPS
Protocol	It is hypertext transfer protocol.	It is hypertext transfer protocol with secure.
Security	It is less secure as the data can be vulnerable to hackers.	It is designed to prevent hackers from accessing critical information. It is secure against such attacks.
Port	It uses port 80 by default	It was use port 443 by default.
Starts with	http://	https://
Used for	It's a good fit for websites designed for information consumption like blogs.	If the website needs to collect the private information such as credit card number, then it is a more secure protocol.
Scrambling	HTTP does not scramble the data to be transmitted. That's why there is a higher chance that transmitted information is available to hackers.	HTTPS scrambles the data before transmission. At the receiver end, it descrambles to recover the original data. Therefore, the transmitted information is secure which can't be hacked.
Protocol	It operates at TCP/IP level.	HTTPS does not have any separate protocol. It operates using HTTP but uses encrypted TLS/SSL connection.
Domain Name Validation	HTTP website do not need SSL.	HTTPS requires SSL certificate.
Data encryption	HTTP website doesn't use encryption.	HTTPS websites use data encryption.
Search Ranking	HTTP does not improve search rankings.	HTTPS helps to improve search ranking.
Speed	Fast	Slower than HTTP
Vulnerability	Vulnerable to hackers	It Is highly secure as the data is encrypted before it is seen across a network.

Description of short terms 

Secure Sockets Layer  (SSL)       : is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

Transport layer security (TLS)   : is a protocol that provides communication security between client/server applications that communicate with each other over the Internet.
Stateless Protocol                         : each command is executed separately, without using reference of previous executions .

References Used :-  difference-http-vs-https.html 
Version               :-   1.0.0 

Technology Stack ,What We Love

Actually most of us not gets to work with the technology stack we love. Even if the opportunities have not been presented yet, it is mighty important to keep learning and practicing the things you love. Because, we never know when the opportunity will come knocking on your door. Mastering a language or a technology could prove to be difficult, if  we do not back our self and predict the future developments based on the current context. The struggle could prove to be immense, if we lose our direction in an industry that changes everyday. Trust your instincts, take a leap of faith and let our effort determine our  success!


References Used :-   Blog.zone24x7 > The-challenges-and-struggles-software-engineers-face-today

Basic Security Threats , Technologies and Tools Used for Security and control

   Computer crimes reported by most of the organizations may be related to different types of security problems such as

   Hacking   ,  Viruses , Worm, Trojan Horses , Spyware

  Malicious software (malware) is used to disrupt computer operation, gather sensitive information, or gain access to private   computer systems.
 'Malware' includes

•    Computer Viruses - computer programs that can spread across computers and networks by making copies of itself without the user's knowledge.

•    Worms  - similar to viruses but do not need a carrier program or document. create exact copies of themselves  and use a network to spread.

•    Trojan Horses -  programs that pretend to be legitimate software, but actually carry out hidden, harmful functions.

•    Spyware -  includes methods to collect information about the use of the computer on which the software is installed.

Spoofing and Sniffing
 
    In simple words,
   
    Sniffing   means to illegally listen into another's conversation
    Spoofing means to pretend to be someone else.

    Sniffing and spoofing are security threats that target the lower layers of the networking infrastructure supporting
    applications that use the Internet.

    Sniffing is a  passive security attack in which a machine separate from the intended destination reads data on a network.
    Spoofing is an active  security attack in which one machine on the network masquerades as a different machine.

    This masquerade aims to fool other machines on the network into accepting the impostor as an original, either to lure
    the other machines into sending it data or to allow it to alter data.


Identity theft is a form of stealing someone's identity.

    Someone pretends to be someone else in identity theft, by assuming that person's identity, usually as
    a method  to    gain  access to  resources or obtain credit and other benefits in that person's name.

Phishing 

   is the act of attempting to acquire information such as usernames, passwords, and credit card details by 

   masquerading as a trustworthy entity in an electronic communication.

  E.g.s

  an e-mail can be sent to the victim luring the victim to enter a site and when entered, information

  such as usernames, passwords and credit card information may be collected by the criminal posing as the victim’s bank site.

  Technologies and Tools Used for Security and control

These tools and techniques address how to:

• Authentication - Verify that users are who they say they are .
• Authorization   - Control access to data and functions .
• Data Privacy and Integrity  -  Protect the privacy and integrity of information assets.
• Non-Repudiation   - Ensure non-repudiation, so parties can't deny their actions .

In addition to cryptography, information assets can be protected by using tools such as
Virus scanners, firewalls and Intrusion Detection   Systems (IDS) .

These techniques and tools cannot alone provide information  security. Limiting physical access to servers, routers and other systems is required. By physically reorganizing or consolidating information assets, we can simplify the management of those assets while increasing their security. These servers and the other computer infrastructures should be physically protected as well. Security Audits    The information security status of critical IT environments should be subject to thorough, independent and regular security audits/reviews. In principle, security audits/reviews should be: defined in scope, and documented performed by qualified individuals who have sufficient technical skills and knowledge of information security conducted sufficiently frequently and thoroughly (in terms of scope, extent) to provide assurance that security controls function as required focused on ensuring that controls are effective enough to reduce risks to acceptable levels checked by competent staff complemented by reviews conducted by independent third parties.

References Used :-  BIT  UCSC Notes 
                                What-is-the-difference-between-spoofing-and-sniffing