Notes: Blockchain

A block chain is a transaction database shared by all nodes participating in a system based on the Bitcoin protocol.

  • So technically, a block chain is a chain of blocks. Where, a block links to the previous block, thus creating a chain of blocks.
  • It is a transaction database, meaning that the blocks contain the transactions.
  • It is shared, or distributed in nature, as the same copy of the database is with all the nodes in the system.

A full copy of a currency’s block chain contains every transaction ever executed in the currency. With this information, one can find out how much value belonged to each address at any point in history.

  • Each block contains, transaction, which can be used to extract the information of the balance of individual.

Every block contains a hash of the previous block. This has the effect of creating a chain of blocks from the genesis block to the current block. Each block is guaranteed to come after the previous block chronologically because the previous block’s hash would otherwise not be known. Each block is also computationally impractical to modify once it has been in the chain for a while because every block after it would also have to be regenerated. These properties are what make bitcoins transactions irreversible. The block chain is the main innovation of Bitcoin.

  • Kind of a “linked-list” of blocks
  • The first block is called “Genesis Block”
  • As the block contains the hash of previous block, any block in the history cannot be altered, without impact on the current blocks.
  • Because a block can only reference one previous block, it is impossible for two forked chains to merge.

The first work on a cryptographically secured chain of blocks was described in 1991 by Stuart Haber and W. Scott Stornetta

Merkle Trees

A Merkel Hash Tree is a data structure with built-in verifiability. The data is stored in blocks which form the leaves of the tree. Each data block is hashed, and the level in the tree above it is formed by nodes which store the hash of the sum of the two nodes below it. Read request responses are accompanied by a list of hashes, and a client only needs to know the root hash in order to be able to verify the authenticity of data returned from the server maintaining the tree. Hash trees are used extensively in distributed systems such as P2P file sharing applications.

Architecture

Python Implementation of Merkle tree

 

Installing WordPress over LAMP Stack on Ubuntu 17.04

So, I am setting up a VPS with the following configuration.

  • Operating System – Ubuntu 17.04
  • Web Server – Apache2
  • Database – MySQL
  • Backend  – PHP 7.0

 

This method of procedure will be a step by step guide from initializing your server to making it up and running.

 

Setting up your instance

Overview

At the time of OS selection , select Ubuntu 17.04. Once the instance is deployed , you will get the following details on your dashboard.

Setting up the first user

The first task would be to use the non-root user for all the configuration and disable the root login over ssh. You can use any SSH client on your local PC or laptop to SSH to the IP address. Use the username as root and password displayed in the snapshot.

Once you login , you will get the following prompt

~$ ssh root@99.99.99.99
The authenticity of host '99.99.99.994 (99.99.99.99)' can't be established.
ECDSA key fingerprint is SHA256:sssssssssssssssssssssssssssss.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '99.99.99.99' (ECDSA) to the list of known hosts.
root@99.99.99.99's password: 
Welcome to Ubuntu 17.04 (GNU/Linux 4.10.0-35-generic x86_64)

First thing that you should do is update the packages.

root@hostname:~# sudo apt-get update
Get:1 http://security.ubuntu.com/ubuntu zesty-security InRelease [89.2 kB]
Hit:2 http://archive.ubuntu.com/ubuntu zesty InRelease    
Get:3 http://archive.ubuntu.com/ubuntu zesty-updates InRelease [89.2 kB]            
Get:4 http://archive.ubuntu.com/ubuntu zesty-backports InRelease [89.2 kB]
Fetched 268 kB in 1s (164 kB/s)
Reading package lists... Done

Creating the first user

We will be using this user for all our operations purposes.

root@hostname:/# sudo adduser newuser
Adding user `newuser' ...
Adding new group `newuser' (1001) ...
Adding new user `newuser' (1001) with group `electron' ...
Creating home directory `/home/newuser' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for electron
Enter the new value, or press ENTER for the default
    Full Name []: 
    Room Number []: 
    Work Phone []: 
    Home Phone []: 
    Other []: 
Is the information correct? [Y/n] y

Also we will add the newly added user to the sudoers list so that we can carry all the operations which require higher privileges. Use visudo to open the GNU Nano editor to edit the /etc/sudoers file.

root@hostname:~# visudo
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
newuser    ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

After you have edited this file, do a ctrl + O followed by ctrl + X. Make sure, you set the file location to /etc/sudoers while overwriting it.

 

Once the user is created you can just switch to the user and test if the sudo is working correctly

$ sudo bash
root@hostname:/#

 

Update the password for the root user

It is better to update the password for the root user and keep it somewhere safe

root@hostname:~# passwd
New password:
Retype new password:
passwd: password updated successfully

Enabling the password less SSH access

To enable the password less SSH access , we will have to follow 3 steps

  • Generate a SSH key on the local client i.e. your laptop or PC
  • Transfer the key to the server
  • Login using the SSH password less method

 

Generating the SSH Keys

To generate the SSH key , we will use the command ssh-keygen

~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/localuser/.ssh/id_rsa): 
/home/localuser/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/localuser/.ssh/id_rsa.
Your public key has been saved in /home/localuser/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxx localuser@localpc
The key's randomart image is:
+---[RSA 2048]----+
|  sd             |
|       +.o=  . . |
|   ds o         .|
|       oS*+o+o ..|
| sssss .+++o+... |
|ssssss...o +  o .|
|     o= + .E ..o.|
|    .+o+ .  ..o..|
+----[SHA256]-----+
~$ 
Transferring the SSH Key

The easiest way to transfer the key is using the SSH-COPY-ID method

~$ ssh-copy-id newuser@99.99.99.99
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'newuser@99.99.99.99'"
and check to make sure that only the key(s) you wanted were added.

you might need to add the generated SSH Key to your client ssh keys as well.

~$ ssh-add
Identity added: /home/localuser/.ssh/id_rsa (/home/localuser/.ssh/id_rsa)

Now, you can try to login using the password less method

~$ ssh newuser@99.99.99.99
Welcome to Ubuntu 17.04 (GNU/Linux 4.10.0-35-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

 * Ubuntu is participating in Google Code-in, a contest to introduce students
   from 13 to 17 years old to free software. You can join as a student or as a
   mentor:
   - https://ubu.one/UcodeIn

79 packages can be updated.
43 updates are security updates.

New release '17.10' available.
Run 'do-release-upgrade' to upgrade to it.


Last login: Fri Dec 15 06:40:44 2017 from 5.37.153.121
newuser@hostname:~$ 

Now, we will install LAMP.

Apache Web Server

newuser@hostname:~$ sudo apt-get install apache2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0
Suggested packages:
  www-browser apache2-doc apache2-suexec-pristine | apache2-suexec-custom
Recommended packages:
  ssl-cert
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0
0 upgraded, 9 newly installed, 0 to remove and 75 not upgraded.
Need to get 1,580 kB of archives.
After this operation, 6,533 kB of additional disk space will be used.
Do you want to continue? [Y/n] y

After apache is installed. Just put the IP address of the server in the browser.

 

 

Next, we will add a single line to the /etc/apache2/apache2.conf file to suppress a warning message. While harmless, if you do not set ServerName globally, you will receive the following warning when checking your Apache configuration for syntax errors. You can either set it to the IP address of the server or the domain name, that you are going to Map with the IP.

newuser@hostname:~$ sudo apache2ctl configtest
[sudo] password for newuser: 
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
newuser@hostname:~$ sudo vi /etc/apache2/apache2.conf
newuser@hostname:~$ 
newuser@hostname:~$ 
newuser@hostname:~$ 
newuser@hostname:~$ 
newuser@hostname:~$ 
newuser@hostname:~$ sudo service apache2 restart
newuser@hostname:~$ sudo apache2ctl configtest
Syntax OK
newuser@hostname:~$ sudo apache2ctl configtest
Syntax OK



Adjust the Firewall to Allow Web Traffic

Next, assuming that you have followed the initial server setup instructions to enable the UFW firewall, make sure that your firewall allows HTTP and HTTPS traffic. You can make sure that UFW has an application profile for Apache like so:

newuser@hostname:~$ sudo ufw app list
[sudo] password for newuser: 
Available applications:
  Apache
  Apache Full
  Apache Secure
  OpenSSH
 
newuser@hostname:~$ sudo ufw app info "Apache Full"
Profile: Apache Full
Title: Web Server (HTTP,HTTPS)
Description: Apache v2 is the next generation of the omnipresent Apache web
server.

Ports:
  80,443/tcp
newuser@hostname:~$ sudo ufw allow in "Apache Full"
Rules updated
Rules updated (v6)

Install MySQL

Install the mysql server package using the following method

newuser@hostname:~$ sudo apt-get install mysql-server


Securing MySQL

The next thing would be securing our MySQL installation.

newuser@hostname:~$ mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root: 

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 
 
Using existing password for root.

Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : 

 ... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done! 

Installing PHP

newuser@hostname:~$ sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libapache2-mod-php7.0 libmcrypt4 php-common php7.0 php7.0-cli php7.0-common php7.0-json php7.0-mcrypt php7.0-mysql php7.0-opcache php7.0-readline
Suggested packages:
  php-pear libmcrypt-dev mcrypt
The following NEW packages will be installed:
  libapache2-mod-php libapache2-mod-php7.0 libmcrypt4 php php-common php-mcrypt php-mysql php7.0 php7.0-cli php7.0-common php7.0-json php7.0-mcrypt php7.0-mysql php7.0-opcache php7.0-readline
0 upgraded, 15 newly installed, 0 to remove and 75 not upgraded.
Need to get 3,686 kB of archives.
After this operation, 14.9 MB of additional disk space will be used.

Test PHP Processing on your Web Server

In order to test that our system is configured properly for PHP, we can create a very basic PHP script.
In Ubuntu 17.04, this directory is located at /var/www/html/. We can create the file at that location by typing:

sudo vi /var/www/html/info.php
This will open a blank file. We want to put the following text, which is valid PHP code, inside the file:

phpinfo();


When you are finished, save and close the file and open the following URI in the webpage – http://99.99.99.99/info.php .The following page will be displayed

 

After the page is tested, do not forget to remove the file using the command

sudo rm /var/www/html/info.php

Creating the MySQL Database

We are going to create a user and database that we will be using for WordPress installation.

# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.7.20-0ubuntu0.17.04.1 (Ubuntu)

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database dbname;
Query OK, 1 row affected (0.00 sec)
mysql> 
mysql> CREATE USER 'dbuser'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON * . * TO 'dbuser'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

 

Installing WordPress

To install WordPress, we will fetch WordPress using wget.

newuser@hostname:~/apps$ wget http://wordpress.org/latest.zip

To unzip it , we would require unzip package.

newuser@hostname:~/apps$ sudo apt-get install unzip

Unzip the package

 newuser@hostname:~/apps$ unzip -q latest.zip

Move the files to the apache web server path

 newuser@hostname:~/apps$ sudo mv wordpress/ /var/www/html/

Provide the appropriate permissions

newuser@hostname:/var/www/html$ sudo chown -R www-data:www-data /var/www/html/wordpress
newuser@hostname:/var/www/html$ sudo chmod -R 755 /var/www/html/wordpress
newuser@hostname:/var/www/html$ sudo mkdir -p /var/www/html/wordpress/wp-content/uploads
newuser@hostname:/var/www/html$ sudo chown -R www-data:www-data /var/www/html/wordpress/wp-content/uploads

Add the database details

newuser@hostname:/var/www/html/wordpress$ sudo cp wp-config-sample.php wp-config.php
newuser@hostname:/var/www/html/wordpress$ sudo vi wp-config.php

SCTP Multi-Streaming Feature

The term “Stream” in SCTP is derived from the multi-streaming function provided by SCTP. The feature also helps in dividing the data into multiple streams that do not have a limitation to be delivered sequentially. This is also effective in case there is a loss of information in a specific stream the data can be delivered through other streams. This helps in avoiding unwanted delay because of the sequencing (which as a property of the TCP).

This property of SCTP is very helpful in telecom signalling which does not require sequencing.
Another example of possible use of multi-streaming is the delivery of multimedia documents, such as a web page, when done over a single session. Since multimedia documents consist of objects of different sizes and types, multi-streaming allows transport of these components to be partially ordered rather than strictly ordered, and may result
in improved user perception of transport.
SCTP accomplishes multi-streaming by creating independence between data transmission and data delivery. In particular, each payload DATA “chunk” in the protocol uses two sets of sequence numbers, a Transmission Sequence Number that governs the transmission of messages and the detection of message loss, and the Stream ID/Stream
Sequence Number pair, which is used to determine the sequence of delivery of received data.

If a message is received within the affected stream, there will be a corresponding gap in the Stream Sequence Number, while messages from other streams will not show a gap. The receiver can therefore continue to deliver messages to the unaffected streams while buffering messages in the affected stream until retransmission occurs.