Back to The tech awesomeness

Table of contents

Endeavor chapters

The article for today.

It is the server which receives the request and requests through two and more IPs, especially IPv6, which there are more of those available than IPv4.

Why is that; that is because my motivation is pretty straight forward.

It turns out, that hackers have the ability to hack VPNs https://www.vpnmentor.com/blog/can-vpns-hacked-take-deeper-look/.

So such approach minifies the chances to hack depending on the amount of the requests the server receives after the split of the request.

Browser can work from multiple IPs, for example Opera browser even has the VPN feature inside.

So when the VPN is active, that pipe, channel is on.

In those clouds the request is jumping through different computers, even it is not visible at that picture.

If the VPN is with encryption than those requests in that pipe, channel will be with encryption.

If the hacker gets access to such pipe, channel even with encryption, even if it is VPN in VPN, pipe in pipe, channel in channel, then I assume, there is a non-zero chance the hacker can hack it.

Example:

                    intrusion by hacker with decryption
                                         \ /
                          ----------------|------------another VPN, pipe, outside
                                          |
                          ---------------/ \-----------VPN, pipe, inside
one route, one connection      ...data...data...data...
                          -----------------------------VPN, pipe, inside

                          -----------------------------another VPN, pipe, outside

The update from 2020-07-17.

For example, in CVE-2019-14899.

The end of update from 2020-07-17.

And there many of such points: the devices, where the requests start, the cables, the wireless space, the communication devices, the internet service providers and so on.

And there is only one route and one connection and even with VPN only one pipe, channel, where such request and response are in transfer.

In order to keep sensitive data in protection, there are many points to safeguard and there is only one route, connection, pipe, channel to use by hackers to get that data.

One of the solutions for such case is to split the same request over several routes, connections, pipes, channels.

So that the client:

    var sendByNewIpAndOptionallyViaNewVPNToWebAddress = function ...

    var assignEachRequestNewUniqueHeaderWithNumericPartNumberAndIdentifier = function ...

    var requests = request.splitByTrim(length=60)
    requests.forEach(assignEachRequestNewUniqueHeaderWithNumericPartNumberAndIdentifier)
    requests.forEach(sendByNewIpAndOptionallyViaNewVPNToWebAddress)

And the server:

    //greedy non-efficient
    List < Request> requests =  concatenateAllPartialRequestsAndProduceUniqueRequests(connectorSources);
    handle(requests);

Apache Tomcat has connectors:

<Connector 
    port="8080" 
    protocol="HTTP/1.1" 
    address="127.0.0.1"
    connectionTimeout="20000" 
    redirectPort="8443" 
  />

Eclipse Jetty has connectors:

### HTTP Connector Configuration

## Connector host/address to bind to
# jetty.http.host=0.0.0.0

## Connector port to listen on
# jetty.http.port=8080

## Connector idle timeout in milliseconds
# jetty.http.idleTimeout=30000

So that the internet structuring is rather in use than in amending, while each such partial request(subrequest) is in transfer.

The client server architecture than relies on non one client IP to one server IP, and rather one client IP to two, more, several server IPs. Especially IPv6 ones.

Depending on the amount of partial requests after split, the same amount of routes, connections are self establishing between browser and applications server using the internet technologies.

Then hacker have lower chance to hack both, more streams of data in packets.

The more the different streams where my:

    < form >
        < login > name < / login >
        < password > code < /password >
    < / form >

is in transit, the harder for hacker to get such data, unless in other points, which are then limited to software, client device, internet service provider and few others.

So the hacker after that captures two or more streams of data with partial requests after splitting and I protect less points where such data is during sending.

For example, when the application server connects to at least two internet service providers, the point for data protection through each internet service provider get lower priority. Because each internet service provider gets part of the flow of data from each user under same user IP in such configuration.

Of course, it is possible that two service providers agree for unfair sharing of data.

But then the application server connects to three and more internet service providers, so that situation is still manageable.

Of course, it is possible, that one internet service provider merges, acquires another internet service provider, leaving a ghost proxy internet service provider, and even creates the ghost proxy internet service provider.

However same case is still manageable by connecting the application server with sensitive data to more than two, three internet service providers via some automation possibly.

One internet service provider assigns at least one IP.

The data travels through IPs.

The more the internet service providers the application server connects to by human, by robot, the more the IPs it gets (optionally IPv6 ones), the more the split and load for client and server, plus a bit of extra load for traffice bandwidth, and higher the security in such configuration.

Later the client can get the two, more IPs for the same security reason.

Not all the data have to be in partial requests, maybe only the sensitive data.

The update from 2020-08-31.

When the hacker is in the middle of one channel and each request signs the previous request, the hacker can resign the next request in case, when the hacker amends the previous request, also for the cases when the file and its hash sum file are during sending over the same channel, but the same technique is much less possible, when such requests are in split over two and more channels for sending.

The update from 2020-09-01.

One of the solution to abovemention of the issue is Multipath TCP(MPTCP) with implementation in one of the newsest versions of Red Hat Enterprise Linux at operational system level.

It is a a different solution with regards to the levelness: operational system level and application system level.

And it is a specific solution for Transmission Control Protocol (TCP) in Transport layer protocol among its TCP, User Datagram Protocol (UDP), Datagram Congestion Control Protocol (DCCP), Stream Control Transmission Protocol (SCTP), Resource Reservation Protocol (RSVP) (protocol) representatives and others.

And it is different with and other protocol utilisations and amount of connections if it is in scope of TCP/IP.

The update from 2020-09-03.

a) Pretty outdatable observation I found earlier today while reading about quirky configuration in http://thetechawesomeness.ideasmatter.info/another-rss-client-with-persistence-to-relational-database.html. I download files and upload files using HTTPS and HTTP protocols using some web sites sometimes. And along with that I do not open web sites using FTP, FTPS, SFTP. And as well I am reading mail content using HTTP and HTTPS sometimes and as well I do not open web sites using POP and IMAP. And few others. So I made a conclusion, that even some of those protocols are at the same application layer in internet protocol suite classification, some of those protocols are more widely usable than others. I do not yet find the reason for that. b) And that possibility has two consequences, some application servers provide web site content via for example, via AJP, HTTP, HTTPS connectors (as Apache Tomcat server), but not via FTP, FTPS, SFTP, POP, IMAP. And as well from some browsers side, when I open a page it suggests that feed:// web sites or ftp:// they suggest some option in that case. c) When I read about those application layer protocols they are standard, standardized, with what I found only one deprecation in Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL) protocols and some protocols with explicit versions as POP: POP3 and POP4; as DNS: Domain Name System (DNS); DNS over TLS (DoT); DNS-based Authentication of Named Entities (DANE); Domain Name System Security Extensions (DNSSEC); DNS over HTTPS (DoH); DNS Certification Authority Authorization (CAA); as SMTP: Simple Mail Transfer Protocol (SMTP) and Extended SMTP (ESMTP; Enhanced SMTP); and some protocols with implicit versions(with mention of as successor) as HTTP: HTTP/0.9, HTTP/1.0, HTTP/1.1, HTTP/2, HTTP/3, and HTTPS: "referred to as HTTP over TLS, or HTTP over SSL" quote as in wikipedia; and with implicit implementations for secure and not secure versions as "IMAP server typically listens on port number 143. IMAP over SSL (IMAPS) is assigned the port number 993." also quote, so that there are no two protocols for IMAP and IMAPS at least at the article as in case with HTTP and HTTPS there are two articles; same for one article for NNTP and NNTPS (Network News Transfer Protocol and Network News Transfer Protocol with secure one). There are protocol with multiple names and renamings as: Jabber; Extensible Messaging and Presence Protocol (XMPP) and Border Gateway Protocol (BGP); Interior Border Gateway Protocol; Internal BGP; Exterior Border Gateway Protocol, External BGP, eBGP. And both multi version names: Precision Time Protocol (PTP); IEEE 1588-2002; IEEE 1588-2008, "also known as PTP Version 2" quote; IEEE 1588-2019; IEEE 802.1AS. There is also such case in internet layer for IP protocol: IPv4; IPv6 and Internet Control Message Protocol (ICMP) and Internet Control Message Protocol version 6 (ICMPv6). So to sum uptext: explicit and implicit protocol version and explicit and implicit protocol secure option along with single version and multi version names for protocols. In different locations: in article in scope of that resource, in protocol name, in protocol standard, in protocol specification, in protocol implementation, in protocol utilisation.

So I found few speculations about with regards to those earlier a), b), c).

With a basis on some of the definitions: 1) "The Internet protocol suite is the conceptual model and set of communications protocols used in the Internet and similar computer networks."; 2) "The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family."; 3) "suite; | swiːt |; a noun; a set of rooms designated for one person's or family's use or for a particular purpose; a set of coordinating furniture; (in music) a set of instrumental compositions, originally in dance style, to be played in succession; a set of selected pieces from an opera or musical, arranged to be played as one instrumental work; a group of people in attendance on a monarch or other person of high rank; (in computing) a set of programs with a uniform design and the ability to share data; (in geology) a group of minerals, rocks, or fossils occurring together and characteristic of a location or period.".

The number of protocols in application layer is more than in others: trasnport layer, link layer and internet layer as it is familiar for me as of 2020-09-03. This speculation is leaning towards c) point.

Few protocols(HTTPS; HTTP) serves more purposes in same application layer which duplicates and covers the purposes for other protocols as it is familiar for me as of 2020-09-03. This speculation is leaning towards a) and c) points.

There are no hyperprotocol as well as hyper layer if to reach after the link layer, internet layer, transport layer and application layer as it is familiar for me as of 2020-09-03. This speculation is leaning towards c) point.

Or vice versa there are no subprotocol as well as sub layer if to look after the link layer, internet layer, transport layer and application layer as it is familiar for me as of 2020-09-03. This speculation is leaning towards c) point.

There are no other such protocol suite and its implementation where there are available any of those protocols or layers if to look after the link layer, internet layer, transport layer and application layer(or their analogues) as it is familiar for me as of 2020-09-03. This speculation is leaning towards c) point.

While the amount of protocols in application layer is more than in other layers, but the usage is unfamiliar for me, though few protocols there (HTTPS and HTTP) supply services which cover other protocols in scope of purposes, and taking that such usage as a currency or unit for estimation, it reminds the pseudo situation for web site index Gini(Gini coefficient; Gini index; Gini ratio) or web site burger index(web site Big Mac-index) or web site index borschtu with regards to protocol usage for those web sites according to its purposes(for example web site serves files via HTTPS, HTTP and not FTP). This speculation is leaning towards a) and c) points.

This web page is more leaning towards b) point.

Оновлення від 2020-09-04.

There was an issue file and commenting with distant relation to a) and c) points about different protocol versions and possibility where web site(not specifically http site, but web site) around 5 years ago in https://issues.apache.org/jira/browse/HTTPCLIENT-1692.

Aijaz Mohammed Aijaz Yousuf proposed in comment the code with

    getBestProtocol(...

in scope of com.litle.sdk project.

In deed when the same web site is in provision through various internet protocols that method can choose the such best protocol according to its implementation and when some client overrides the protocols with supply by web site and instead defaults it to some protocol (in case when that protocol selection by code is in use) can be a feature not an issue. Similar when the browser(as some client) updates the protocol from http to https(secure) where I input login and password or other private not public information with subject for security, that is an upgrade which I prefer in contrast to upgrades for web sites with rather static content, where I do not input some information (from the user point of view only). While from the web site creator point of view, I provide either only one protocol, as well a choice for protocol.

Інший тип обслуговувача додатків і застосунків.

Стаття сьогодні.

Оновлення від 2020-08-31.

Коли хакер знаходиться по середнині канала і кожен запит підписує попередній запит, хакер може перепідписати наступний запит у випадку, коли хакер змінює попередній запит, також і для випадків, коли файлове сховище і файлове сховище з його хеш сумою є протягом надсилання у тому самому каналі, але така сама техніка є менш можливою, коли подібні запити є у діленні між двома і більше каналами для надсилання.

Оновлення від 2020-09-01.

Одним з рішень до зазначеного вище ще неперекладеного питання у цій сторінці є багатошляховий транспортний контрольний протокол Multipath TCP(MPTCP) з виконанням у однієї з найновіших версій Ред Хет Підприємницького Лінуксу рівнем операційної системи.

Це відрізняюча пропозиція щодо рівневості: рівня операційної системи та рівня системи додатків та застосунків.

І це є уточненою пропозицією для контрольного передаючого протоколу Transmission Control Protocol (TCP) у рівні транспортного протоколу Transport layer protocol серед його TCP, користувацького датаграмного протоколу User Datagram Protocol (UDP), датаграмного нагромаджувального контрольного протоколу Datagram Congestion Control Protocol (DCCP), потокового контрольного передаючого протоколу Stream Control Transmission Protocol (SCTP), ресурсного зберігаюгаючого протоколу Resource Reservation Protocol (RSVP) (протокольних) представників й інших.

І також вона різна щодо інших утілізацій протоколів і кількості з'єднань якщо це у межах протоколів контрольного передаючого протоколу/інтернет протоколу TCP/IP.

Оновлення від 2020-09-03.

а) Доволі здатне до застарівання спостереження я знайшов попередньо сьогодні поки читав про незграбне налаштування у http://thetechawesomeness.ideasmatter.info/another-rss-client-with-persistence-to-relational-database.html "Інший RSS стрічковий клієнт з можливістю збереження до бази даних.". Я завантажуюі відвантажую файли використовуючи ГТТПБ HTTPS і ГТТП HTTP протоколи використовуючи деякі веб місця іноді.

Оновлення від 2021-07-23.

The update as of 2021-07-23.

Машина Тьюрінга демонструється переважно збоку з напрямком в один бік.

Але це від виконання. Наприклад:

    вакантно перегорнути(Цілий аргумент1, Цілий аргумент2){/**/}
    Цілий перегорнутиВперед(Цілий аргумент1){/**/}
    Цілий перегорнутиНазад(Цілий аргумент1){/**/}

Тож це є підтверженням деякої форми прийнятності такого формулювання як "повернути цей метод", наприклад у формі виконання. Тож це було про поломорфізм транзитивності. Не кожний метод транзитивний. Далі є цікавіше тут:

https://dzone.com/articles/void-methods-considered-anti-pattern

Turing machine is demonstratable mostly from the side with direction in one vector.

But it is up to its implementation. For example:

    void reverse(Integer argument1, Integer argument2){/**/}
    Integer reverseForwards(Integer argument1){/**/}
    Integer reverseBackwards(Integer argument1){/**/}

So it is a proof for some form of validity of such statement as "turn this method around", for example via implementation. So it was about polymorphism of transitivity. Not every method is transitive though. More here:

https://dzone.com/articles/void-methods-considered-anti-pattern

Оновлення від 2022-07-08.

The update as of 2022-07-08.

Так що зусилля хакінгу такє не обійти якщо веб клієнт має таку функцію. Адже веб клієнт не приховає навіть обфускуючи чи ховаючи інакше, тому що зусилля хакінгу скопіюють наприклад визначник як у http://thetechawesomeness.ideasmatter.info/table-chapters.html;1 то цей першиий малюнок від 2021-03-22 у http://thetechawesomeness.ideasmatter.info/gravitron.html у частині випадків для таких веб клієнтів. Але вона лише за участю веб обслуговувачок і веб обслуговувачів. Схоже з HATEOAS, але і перевіркою чи після запитів і відгуків з 1 веб сервером чи 1 веб обслуговувачем чи 1 веб сервісом чи 1 веб послугою або з 2 чи більше залежно від самої перевірки наприклад до таких як /деякийУРР/6565675.. веб клієнт обмінюється цим прихованим визначником із ними наприклад теж із застосуванням у них http://thetechawesomeness.ideasmatter.info/codifizer-and-decodifizer.html тобто як у малюнку від 2020-05-01. У тих веб серверах чи веб сервісах чи веб послугах чи веб обслуговувачках це можливо як до збереження або ускладнено до обміну такими визначниками між ними. В такому випадку це додатково й ускладнено 2021-02-13 http://thetechawesomeness.ideasmatter.info/. Тоді такий веб клієнт можливий для однозначного визначення і для обмеження від інших веб клієнтів щодо тих веб обслуговувачів. До того ж зусиллям хакінгу це сприятиме розробляти цей процес з перевіркою для іншого веб клієнта не маючи у наявності того такого прихованого визначника, http://thetechawesomeness.ideasmatter.info/table-chapters.html;1. Для того щодо було додано "..веб клієнт був доданий як кінцевий подібні зміни ніяк не обмежені якщо він не кінцевий а посередній у таких випадках.." і дещо щодо оновлення для випадку з http://thetechawesomeness.ideasmatter.info/cases-for-rather-immutable-distributable-storage.html.