Add free search for your website. Sign up now! https://webveta.alightservices.com/

KickStarter campaign, offering steep discounts. Sign-up and support if possible. Thank you!

Categories
.Net C# NLP

C# .Net, Python and NLP – Natural Language Processing

The available NLP libraries for C# are very less. Some of the best NLP libraries are in Python. There are few C# implementations that either are a re-write of Python’s implementations or wrappers.

If you are serious about any NLP related work in C#, use well-maintained Python implementations and integrate with C#. The wrappers / re-write’s might not have much support.

Let’s look at 2 popular libraries:

NLTK – Natural Language Toolkit

spaCy – Industrial-Strength Natural Language Processing

Both the libraries are well documented and easy to use. i.e even C# developer like me can understand the python code examples provided. And very easy to experiment.

Now here are some ways of integrating with C#:

  1. Have a separate set of micro-services or message based applications for NLP.
  2. Use some of the following libraries that attempt to integrate Python with .Net
  3. Use System.Diagnostics.Process class i.e run the Python program as a separate process.

The integration libraries are:

Python.NET

IronPython

Python.Included

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
.Net Azure C# Key Vault

How to add secrets into Azure KeyVault using C#

Azure KeyVault is a Azure service for secrets management. Secrets can be easily added, updated, retrieved etc… This post has small code snippet, code implementation can be found here:

https://github.com/ALightTechnologyAndServicesLimited/LightKeysTransfer/blob/main/LightKeysTransfer/LightKeysTransfer/Implementation/AzureKeyVaultHelper.cs

The above code is from my own open source project – LightKeysTransfer, the code can be found at:

https://github.com/ALightTechnologyAndServicesLimited/LightKeysTransfer

var client = new SecretClient(new Uri("https://VAULT_NAME.vault.azure.net"), new DefaultAzureCredential());

client.SetSecret(new KeyVaultSecret(key, secret));

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
Security

An introduction to CyberSecurity and VPNs

There are certain anonymous hacker groups, most of them work for government organisations of various countries. They have access to special equipment and probably clusters of computers.

Cookies are little pieces of information used by web browsers and web servers for identifying the logged in user and displaying appropriate information. However hackers steal these session cookies and use for different purposes. Their intent definitely evil, why would they steal session cookies?

Although cookies are encrypted, modern computing tools and hackers gigs are able to easily crack.

VPNs add an extra layer of encryption. In most scenarios, even VPNs encryption layer might not be enough when targeted by these organized crime units = mafia! Does not matter which countries spies (R&AW – India’s spying organization) are the culprits, when they do organized crime, they can be called mafia.

There are few different options for free self-hosted VPN software, my favorite are WireGuard and OpenVPN.

Wireguard: Fast, easy to setup etc…

OpenVPN: Slightly slow, extra layers of security, plenty of tweaks via configuration etc…

I might not be able to stop them completely from session hijacking, but at least the task won’t be easy. i.e instead spending 1 – 2$ for cracking, they might end up spending 40 – 50$ for hacking every single time i.e this is based on associated costs in a cloud computing environment. Either way, I am making their task little harder.

People who chose crime for a living made a conscious choice, now they must face the law for making the choice. What they did was NOT pardonable, they must suffer the consequences for their actions.

Tomorrow, I am doing live video on my startup’s youtube channel. I am going to talk about the above topics, show some implementation / customization details. In other words raise awareness – if needed consult for free or low costs for small startups and SME’s.

In the past in several blog posts I have talked about cybersecurity and I have spent several hours 50 – 100 hours. I want to distill this information and help other startups and SME’s.

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
Security

Importance of securing keys

In the past, I have written several times of powerful surveillance equipment in the hands of br*thel mafia! The equipment has video camera capabilities i.e viewing, listening, speakers – making noise / sounds / talking and even mind-reading. The equipment also has mind-reading and neural manipulation capabilities. They sometimes even enact as though helping by prompting, but in reality mind-reading / guessing i.e predicting.

Now when it comes to passwords, secure configuration keys it’s very hard to keep these away from these cyber thugs. Software should not show keys, even public keys. For example, most Cloud based connection keys, instead should be sent directly to KeyVault etc…

Even VPN software such as Wireguard. When Wireguard displays public key, it’s like anouncing “find the corresponding private key”. If they have some kind of advanced computers (probable, because they have advanced equipment), they can probably crack the key in few minutes. If the public keys are not displayed, ask them to guess. If they capture network packets, if they know the plain bytes being transmitted, they could try. Takes little extra work for them to figure out.

The software I develop at my startups – ALight Technology And Services Limited (U.K) ALight Technologies USA Inc (U.S.A) are definitely going to make the cyber thugs game harder.

We software engineers should make the work of cyber thugs harder, not easier. Those cyber thugs are like a gang of dacoits anyway.

BTW, why do I call them br*thel mafia? Because they offer women and ask me to participate in crime! Don’t know if some of the women are being blackmailed or not, but some of them seem to be sl*ts. Some women are sensitive and could have been blackmailed by n*des etc…

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
Security

Some nice to have security features in Operating Systems

I think the CyberSecurity market is going to increase multi-fold, because I know the capabilities of the anonymous spies/hackers/mafia’s invisible drone equipment. They would put the blame on “five eyes” etc… But why would “five eyes” help for infiltrating their own countries? Does not make sense. I.T industry under threat by the equipment mafia/spies. Mafia = organized crime! The equipment has been mis-used for organized crime, they can be and should be considered mafia, although rogue R&AW spies. They have even stole money from bank account.

I think Operating Systems should be secure. For example, normal people don’t run servers etc… block incoming connections. Everyone don’t have printers / other laptops in the network. Remote access / admin shares are not needed. When necessary, I.T professionals know what to do.

Create secure filesystem areas for sensitive info for special apps such as VPNs etc…

Password based logins are no longer secure. Enable bio-metric or hardware keys based login and provide the ability to disable password based login. Even mobiles should do this.

Don’t show sensitive information in alerts such as SMS – the invisible drone equipments guys did several OTP thefts on several occassions, They even stole money from my own bank accounts.

Websites should not show config keys etc… in plain text. I think Azure and AWS should allow the ability to export keys directly into KeyVault or SecretsManager etc… For example some blob storage key or IAM role keys – allow specifying the name for storage and directly store.

Seriously the world of computing is under threat from the mafia psychopath’s equipment. They did steal money, they did organized crime, murder attempts, they did try to put the blame on others, they did shadow, stalk, harass, blackmail, threaten etc… Probably signature forgeries, money laundering etc…

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
Security VPN

Some interesting and important configuration settings for OpenVPN

Yesterday in the announcements blog, I have mentioned about – Security levels at ALight Technology And Services Limited (U.K) ALight Technologies USA Inc (U.S.A).

Over the past few months, I have been writing about CyberSecurity, VPNs etc… I am using two levels of encryption i.e outer layer uses OpenVPN and the traffic gets sent to a OpenVPN server, the second layer is based on Wireguard. I use Oracle VM Virtual Box with Ubuntu linux for accessing sensitive servers. The ubuntu virtual box uses Wireguard based VPN while the Windows based laptop uses OpenVPN.

The reference manual for OpenVPN can be accessed from: https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/

–fast-io: Experimental but apparently has speed improvement.

–mlock: Tunnel data etc… are not written to disk, might have some speed improvement.

–script-security: The security setting for allowing what types of scripts to execute.

–allow-compression (NO): Don’t use compression.

–auth: Use 256-bit or higher algorithms, I am using 512-bit.

–auth-user-pass: Client option for the GUI to prompt for username and password.

–single-session: After first connection, don’t allow more connections.

–max-clients: Maximum number of concurrent clients to allow.

–verify-client-cert: Use require

–reneg-sec: How often should the keys get changed

–tls-cert-profile: Use at least preferred

–tls-cipher: Specify list of ciphers i.e mention only strong ciphers. Suggestion: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA

–tls-version-min: Use “1.2”

–hand-window: How long can a handshake happen.

–tcp-queue-limit: Use 4096, the default value very less and causes connection drops.

–sndbuf: 512000 for buffer size, the default values cause connection drops.

–rcvbuf: 512000 for buffer size, the default values cause connection drops.

The other interesting useful options:

txqueuelen 15000
tun-mtu 9000
mssfix 0

auth-gen-token
reneg-sec
tran-window

The following scripting options are useful:

client-connect
client-disconnect

–auth-user-pass-verify

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
.Net C#

Dapper for data access in C# part 2

In the past, I have written about A quick introduction to Dapper! This blog article is a continuation:

The most popular ways to access data in .Net are:

  1. ADO.Net
  2. Entity Framework
  3. 3rd party ORMs such as Dapper

ADO.Net needs a lot of code i.e opening IDataReader, iterating, reading elements and mapping etc… Similarly when calling Stored Procedures, adding params etc…

EntityFramework is a great choice for a lot of different situations.

When connecting to RDBMS such as SQL Server, MySQL, I prefer StoredProcs over dynamically generated SQL for several reasons. Consider this as part of some best practices from security and performance reasons rather than ease of code. In the past, I have been responsible and represented audits from development team perspective.

The 3rd choice – 3rd party ORMs and Micro ORMs. Dapper is a micro ORM. Dapper has excellent performance and probably the most suitable when handling Stored Procedures. Dapper supports many different RDBMS types.

Even Dapper call’s can be easily wrapped around and logging etc… can be done. Almost all the methods accept optional Transaction for wrapping multiple calls in a single transaction.

https://www.learndapper.com/ has excellent documentation.

Some of the nicer features of Dapper are:

  1. No need of strongly typed objects
  2. Multiple RDBMS support
  3. Ability to read multiple resultsets

Some code samples (MySQL example):

using Dapper;

using (var connection = new MySqlConnection(connectionString))
{
    await connection.OpenAsync();
    await connection.ExecuteAsync(
       "STORED_PROC_NAME", 
       new {
          varParam1 = "value1",
          varParam2 = 1
       }, null, null, CommandType.StoredProcedure);
}

Some of the other useful methods are:

connection.ExecuteReaderAsync //For any reason, if you need IDataReader

ExecuteScalar // For single object
            // or
ExecuteScalar<T> //For single object of type T
            // or
ExecuteScalarAsync(), ExecuteScalaAsync<T>() // The async equivalents

Query()
QueryFirst()
QueryFirstOrDeafult()
QuerySingle()

 

BTW, combining these with Polly and creating robust wrappers would be a recommended approach.

Polly library for writing resilient .Net code

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
Security Tailscale VPN

A review and discussion of the free tier of Tailscale-2

This blog post is a continuation of: https://www.alightservices.com/2023/10/30/a-review-and-discussion-of-the-free-tier-of-tailscale/

In my own startups – ALight Technology And Services Limited (U.K) ALight Technologies USA Inc (U.S.A) I do everything from end-to-end i.e coming up with ideas, analysing value proposition, deciding on features, feature prioritization, cloud architecture, technical architecture, actual development, some sanity checks, deployment with the help of some CI/CD tools based in the cloud and blog articles in the open internet. I have been evaluating and experimenting with various methods of securely accessing cloud workloads.

I have tried few more things after writing the above mentioned blog post:

MagicDNS and Serve: Definitely useful feature for quick demos or prototypes.

SSH: SSH via Tailscale, did not trigger my alerts. I have configured and developed my own monitoring and alerting system based on NIST CyberSecurity Framework. When I SSH’ed via Tailscale by advertising node by passing –ssh these did not get triggered. The reason could be because Tailscale SSH does not use port 22 and that’s why port does not need to be opened. This option did not even require the .pem or password because SSH is being done directly inside of Tailscale rather than normal port 22.

I have not tried SSH without –ssh option i.e normal ssh while connected to VPN overlay yet.

I have uninstalled Tailscale and I might make further trials later or tomorrow.

BTW in my own startups – ALight Technology And Services Limited (U.K) ALight Technologies USA Inc (U.S.A) I do everything from end-to-end i.e coming up with ideas, analysing value proposition, deciding on features, feature prioritization, cloud architecture, technical architecture, actual development, some sanity checks, deployment with the help of some CI/CD tools based in the cloud and blog articles in the open internet.

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
Security Tailscale VPN

A review and discussion of the free tier of Tailscale

Tailscale is a SaaS product offering, enabling easy VPN networks of scale on top of WireGuard. I have been using Tailscale for 2 – 3 months now and I plan to use more Tailscale features soon. This article is not a hands on guide, but more of a discussion on the features.

Someday I might upgrade to the paid plans.

Simple and straightforward installation, setup and thorough documentation.

Tailscale machines can be registered in the network, removed from the console. By default machines need to be registered every 24 hours, but if needed key expiry can be disabled.

By registering machines, the machines are registered in an overlay network and can communicate. The communications, user-access can be configured via policies. I think it’s very important to use –shields-up argument with tailscale up on client machines where we don’t want inbound connections. Considering the anonymous mafia equipment, I think there is a small loophole where a hacker might temporarily gain control a server in some scenarios – I have reported and suggested an alternative way: https://github.com/tailscale/tailscale/issues/8823

tailscale up --shields-up

VPN via exit node:

Although not the primary use-case, one of the Tailscale nodes can be configured as exit-nodes and can be used as VPN with very minimal configuration. This is one of the features, I have been using. I have a exit node in AWS in London region and I use the exit node like a VPN. The reason, I liked this feature is because, I don’t need to open any ports to the public internet or even for my own IP.

SSH:

Another useful feature, for semi-secure environments such as Development / QA could be SSH. Without opening the ports SSH can be done through Tailscale portal. I have used this feature few times.

WebHook Alerts: Webhook alerts can be used for getting notifications. I have configured Slack for alerts.

Some features, I haven’t tried yet but plan to:

Lock: Locks allow key signing from trusted internal nodes.

MagicDNS: MagicDNS allows an internal DNS. Should be useful for Dev / QA environments, internal applications etc…

Cert: Allows generating certificates based on MagicDNS i.e internal applications can be accessed securely using SSL.

Serve: Spin up a web-server. This can be done from command-line for some quick tests / validations without worrying about web server configurations in Dev / QA environments. For longer-term, I think configuring NGinx / Apache / IIS would be more useful.

SSH Session Recording: This is a paid feature but definitely useful i.e SSH sessions via Tailscale can be recorded.

Tailscale has extensive documentation and should be straightforward for most users.

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
.Net C# Logging NLog

Custom Layout Renderer for NLog using C# New

In a previous blog post – Custom Layout Renderer for NLog using C#, I have mentioned about how to create a class inheriting LayoutRenderer and writing custom Layout Renderer.

This blog post talks about inheriting from WrapperLayoutRendererBase class.

The WrapperLayoutRendererBase class has a method with the signature:

protected override string Transform(string text)

This method needs to be overridden. The nice thing about using this class is other layout renderers can be used in combination.

Here is a GitHub repo implementing hash functions that can be used as LayoutRenderers.

https://github.com/ALightTechnologyAndServicesLimited/ALight.NLog.LayoutRenderer.Hash

The source code has 4 projects:

  1. The actual implementation
  2. Unit Tests
  3. Benchmark Tests
  4. Example

The usage is straightforward, use hash or securehash layout renderer.

  <extensions>
    <add assembly="ALight.NLog.LayoutRenderer.Hash" />
  </extensions>




<target xsi:type="File" name="logfile" fileName="c:\temp\console-example.log"
        layout="${longdate}|${level}|${message} |${all-event-properties} ${exception:format=tostring} ${hash:hello} 
        ${securehash:value=${level}} ${event-properties:item=secret} ${hash:${event-properties:item=secret}} ${hash:${level}}" />

The hash implementation is about 10 – 11 times faster but uses Murmur3 non cryptographic hash.

I might consider a nuget package at a later point, but not now, because the code is very minimal and like a small helper class.

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.