USA and Canada Tax Treaty

Instructions for Completing Internal Revenue Service Tax Forms for Royalty Payments

https://www.upenn.edu/pennpress/about/taxforms.html

Instructions for Completing Internal Revenue Service Tax Forms for Royalty Payments

https://www.millerthomson.com/en/publications/communiques-and-updates/tax-notes/april-2013/overview-of-limitation-on-benefits-article-in/

Sayed Ahmed

Linkedin: https://ca.linkedin.com/in/sayedjustetc

Blog: http://bangla.saLearningSchool.com http://SitesTree.com,
Online and Offline Training: http://training.SitesTree.com

OOP concepts in PHP 5 in brief

OOP concepts in PHP 5 in brief

1*UQKkJhqTgaCVWVQW2BbNXQ.jpeg

OOP concepts in PHP 5 in brief

OOP concepts in PHP 5 in short

Why this short — note? if you are familiar with OOD and any OOP language such as Java/C++, this short note will give you enough information to start with PHP 5 OOP Class

  • Class definition starts with the keyword class, followed by a class name (non reserved word), followed by a pair of curly braces. The curly braces contain the definition of the classes members and methods
  • You can create objects based on the classes. $obj = new className()
  • You use $obj->methodName() to access a class method (public). You can use className::classMember to access class members (static): to use :: operator the method does not need to be declared static
  • Inside a class all class methods have access to $this variable to refer to the calling object (if called from/using an object)
  • member declaration: public $var = ‘a default value
  • Default value always is: constant expression
  • Class/Object Functions
  • A class can use extends keyword to inherit methods and members of another class
  • Multiple inheritance is not allowed
  • To avoid using a long list of includes in the beginning of php files, you can use __autoload() function to do the job for you
  • When you try to use an undefined class/interface an __autoload function is automatically called
  • function __autoload($class_name) {
    require_once $class_name . ‘.php’;
    }
  • Constructor syntax: void __construct ([ mixed $args [, $… ]] )
  • Parents’ constructors are not automatically called from children’s constructor. use explicit parent::__construct() instead
  • Destructor syntax: void __destruct ( void )
  • Destructor is called: 1. all references to the object are removed 2. the object is explicitly destroyed 3. in shutdown sequence
  • Parents’ destructors are not automatically called from children’s destructors. use explicit parent::__destruct() instead
  • Access modifiers for class members: public, protected or private: Public — accessible from anywhere. Protected — accessible from inherited and parent classes, within the class. Private — accessible within the class
  • No access modifier = public
  • :: — scope resolution operator — allows access to static, constant, and overridden members or methods of a class
  • Abstract classes: Introduced in PHP 5. You are not allowed to reate an instance of an abstract class.
  • Even if a class contains one abstract method, the class must bedeclared abstract
  • Abstract classes are just about signatures, they cannot define the implementation
  • A class inheriting from an abstract class, must have to implement all abstract methods. The abstract methods must be defined with the same/(less restricted) visibility
  • Interface: Just the method signatures. No method implementation inside interfaces
  • All interface methods must be public
  • Classes implementing interfaces must implement all methods. Classes use implements keyword to implement an interface
  • A class can not implement two interfaces having same class names
  • Interfaces can be extended using extends keyword
  • Interfaces can also have constants
  • Overloading: Overloading in PHP = dynamically “create” members and methods
  • overloading methods: invoked when interacting with non-declared/invisible members or methods
  • All overloading methods must be defined as public
  • In PHP, overloading is done through magic methods
  • The arguments of the magic methods can not be ‘passed by reference’
  • Member overloading methods: void __set ( string $name , mixed $value ), mixed __get ( string $name ), bool __isset ( string $name ), void __unset ( string $name )
  • Method overloading: mixed __call ( string $name , array $arguments ), mixed __callStatic ( string $name , array $arguments )
  • Object Iteration: Inside the class
  • foreach($this as $key => $value) {
    print “$key => $valuen”;
    }
  • Object Iteration: Outside class:
  • $class = new MyClass();
    foreach ($class as $key => $value) {
    print “$key => $valuen”;
    }
  • Patterns: Factory Pattern: allows the instantiation of objects at runtime
  • Patterns: Singleton: Helps in situations where only a single instance of a class is required that will be used by many other objects
  • Magic methods: have special meaning. __construct, __destruct (see Constructors and Destructors), __call, __callStatic, __get, __set, __isset, __unset, __sleep, __wakeup, __toString, __set_state and __clone
  • serialize() — applies to __sleep(). unserialize() applies to __wakeup()
  • final keyword: final members can not be overriden, final classes can not be extended
  • $copy_of_object = clone $object; : will create a clone of $object. Unless a __clone method defined, a shadow is created. __clone() method can define how the cloning will be done
  • Objects Comparison: == : two object instances are equal if they have the same attributes and values, and are instances of the same class.
  • Objects Comparison: === : Object variables are identical if and only if they refer to the same instance of the same class
  • Reflection APIs: to reverse-engineer classes, interfaces, functions and methods, extensions
  • Reflection APIs: Offer ways to retrieve doc comments for functions, classes and methods
  • Type Hinting: Functions can enforce parameters to be objects:
  • Late Static Bindings: to refer the called class in a context of static inheritance.

Sayed Ahmed

Linkedin: https://ca.linkedin.com/in/sayedjustetc

Blog: http://bangla.saLearningSchool.com http://SitesTree.com,
Online and Offline Training: http://training.SitesTree.com

PHP SQL Server Stored Procedure

/* prepare the statement resource */
$stmt=mssql_init("your_stored_procedure", $conn);

/* now bind the parameters to it */
mssql_bind($stmt, "@id", $id, SQLINT4, FALSE);
mssql_bind($stmt, "@name", $name, SQLVARCHAR, FALSE);
mssql_bind($stmt, "@email", $email, SQLVARCHAR, FALSE);

/* now execute the procedure */
$result = mssql_execute($stmt);

Another Example

$conn = mssql_connect($db_host,$db_user,$db_password);if ($conn===false){
echo 'Cannot connect.';
exit;
}

if (mssql_select_db("YourDatabase",$conn) === false) {
echo 'no database';
exit;
}

$proc = mssql_init('YourStoredProcedure',$conn);
mssql_bind($proc,'@ParameterOne',$ParameterOne,SQLVARCHAR);
mssql_bind($proc,'@ParameterTwo',$ParameterTwo,SQLVARCHAR);
mssql_bind($proc,'@ParameterThree',$ParameterThree,SQLVARCHAR);
if ($result = mssql_execute($proc)) {
if ($row = mssql_fetch_row($result)){
// process results
}
}

Sayed Ahmed

Linkedin: https://ca.linkedin.com/in/sayedjustetc

Blog: http://bangla.saLearningSchool.com http://SitesTree.com,
Online and Offline Training: http://training.SitesTree.com

Important Basic Concepts: Statistics for Big Data

Important Basic Concepts: Statistics for Big Data

Graphical : Exploratory Data Analysis (EDA) methods?
First of all, EDA is about exploring the data and understanding if the data will be good for the experiment and study. Graphs and plots can easily show the data patterns. The raw data can be difficult to understand for patterns and fitness, Graphs can easily show some information about the data.

Graphical Methods can be as follows:
1. Scatter Plots
2. Histograms
3. Box Plots
4. Normal Probability plots

Quantitative Exploratory Data Analysis Techniques:

1. Interval Estimation (Ranges)
2. Hypothesis testing (Null Hypothesis, Alternate Hypothesis)

1. Interval Estimation (Ranges): Create a range of values within which a variable is likely to fall. Confidence Interval (mean will be here) is an interval estimation.

2. Hypothesis testing: Test various propositions about a data

Example: Test that the mean age of Canadian Population is 53.

It’s a multi-step process. Steps can be as follows:

1. Test Null Hypothesis: Assume the Hypothesis is true
2. Alternate Hypothesis: Hypothesis that will be accepted if the null hypothesis is rejected
3. Significance Level: what level of significance the null hypothesis will be conducted (i.e. 95% of the time the average return of index investing is 6% for 10 years period)
4. Test Statistic: Numerical measure showing sample data is consistent with Null Hypothesis
6. Critical Value: If test statistic (numerical measure) is more extreme than critical value – null hypothesis is rejected
7. Decision: decision is made by considering Test Statistic and Critical value

Some Basic Probability Distributions:

Binomial Distribution: When the variable can have only one of two values

Poisson Distribution: Describe the likelihood of given number of events occurring during a time interval (customers to your shop in an hour)

Normal Distribution: Symmetrical data. probability that a variable will have a given distance from the mean on both lower and higher side is equal.

t distribution: Similar to Normal Distribution. Extreme large or extreme low values are highly likely. Shows too much variance. Useful when the sample size is small (it is also told when there is not variance, standard deviation)

Chi Square Test: Test to see if a population follows a particular distribution such as normal distribution.

The F distribution: To test if two datasets are from the same population (by using variances).

Related Concepts:

What is Z Score?
Probability of a particular score to be occurring in our normal distribution.
Helps to compare two values that are from two different normal distributions

Another definition: it is a measure on how a value is related to the mean.

Chi Square test for Normal Distribution:
Null Hypothesis: No relation exists between categorical variables. They are independent. If the Hypothesis is true, it is a normal distribution

What is p value in Chi Square test:
p value is just a significance. Helps to understand the significance of the result. A small p value means a strong evidence against the Null Hypothesis.

Reference: Anderson A., Semmelroth D., Statistics for Big Data

Sayed Ahmed

Linkedin: https://ca.linkedin.com/in/sayedjustetc

Blog: http://sitestree.com, http://bangla.salearningschool.com

Questions Answered by Exploratory Data Analysis (EDA)

Questions Answered by Exploratory Data Analysis (EDA)

What are the key properties of a Dataset (Center, Spread, Skew, probability distribution, correlation, outliers)

1. What is the center of the data (mean, median, mode)
2. How much spread is there in the data? (Variance, Standard deviation, Quartiles, Interquartile Range (IQR), Example: IQR = Q3 – Q1)
3. Is the data skewed? : Mean > Median = Positive, Mean = Median = Symmetrical, Mean < median = Negatively skewed
4. What distribution does the data follows? Is the data Normally distributed?
5. Are the elements in the Dataset uncorrelated? i.e. two variable move positively or negatively together or not; linearly or non-linearly or not
6. Does the center of the data change over time? Example: for time series data, does the mean change over time?
7. Does the spread of the dataset Change over time? Example: for time series data, does the variance change over time?
8. Are there outliers in the data?
9. Does the data conform to your assumptions? Normally Distributed, constant parameter, no outliers, close to normally distributed, members are independent or nearly independent, variance increases over time, or several outliers are there in the data

Reference: Anderson A., Semmelroth D., Statistics for Big Data


Sayed Ahmed

Linkedin: https://ca.linkedin.com/in/sayedjustetc

Blog: http://sitestree.com, http://bangla.salearningschool.com

Best Practices in Data Preparation

Best Practices in Data Preparation

1. Check data formats (Image, CSV, PC, Mac, mainframe, text, structured, unstructured)
2. Verify data types (numbers, text, floats, currencies, nominal, ordinal, interval, range)
3. Graph your Data (Scatter, Histogram, bar, line)
4. Verify the data (data accuracy, data makes sense)
5. Identify outliers ( Examples: very large or very small (than the rest))
6. Deal with missing values
7. Check your assumptions on data distribution (normal, poisson )
8. Backup and document – everything that you do

Reference: Anderson A., Semmelroth D.
Sayed Ahmed

Linkedin: https://ca.linkedin.com/in/sayedjustetc

Blog: http://sitestree.com, http://bangla.salearningschool.com

Machine Learning and Security Basics

Machine Learning and Security Basics

Objective: Define/describe key concepts on what Machine Learning can do for Security and how

First of all, what are security threats?
Malware, Worm, Trojan, Spyware, Adware, Ransomware, Rootkit, Backdoor, Bot, Botnet, Exploit, Scanning (port scanning), Sniffing (silently observe and record), Keylogger, Spam, Login Attack, Account Take Over, Phising (masquerading), Spear phising, Social Engineering, Incendiary Speech, Denial of Service, Distributed Denial of Service, Advanced persistent threats (APTs), Zero day vulnerability.

Then Cyber Threat Taxonomy:
Information gathering (Scan, Sniff, Social engineering)
Intrusion Attempts
Intrusions (Account Takeover, Privilege escalation, bot, application compromise)
Fraud (Unauthorized use of Resources)
Abusive Content (Spam, …)
Malware (Virus, Trojan)
Availability Attacks (DoS)

What is the motivation behind cyber attacks?
There can be many reasons including monetary gain, power and political gain/control.

What is Machine Learning?
Simply, Programs that learn from data, adapt with data changes, then form models and algorithms to utilize that learning for a goal (such as prevent security attacks)

How and where machine Learning can help in Security:
Some examples can be: Pattern Recognition and Anomaly detection, Malware and botnet detection and analysis, Spam Fighting

How does Machine Learning help in Security?
Examples can be: Using classification and clustering events/incidents/contents into security categories/classes/levels and taking proper actions to mitigate the effect or to prevent future incidents.

Where and how can Machine Learning help with Security?
Machine Learning can help in Anomaly Detection, Malware Analysis, Network Traffic Analysis, Protecting the Consumer web, also protecting and adapting itself from security attacks.

What are the Machine Learning Approaches and Concepts that can help with Security?
These will be primarily classification, clustering, and prediction approaches and algorithms. The way Machine Learning will work, it will analyze past logs, emails, login attempts, inbound and outbound requests, then find patterns, then create algorithms (i.e. find/customize and apply proper ML algorithms ) based on those patterns. With training data and test data, fine tune the model. The following algorithms can be applied for Security as well: Logistic Regression, Decision Trees, Decision Forests, Support Vector Machines, Naive Bayes, KNN, Neural Networks.

However, feature selection and feature engineering with selection of the proper model and algorithms will be critical.

Will continue…
Sayed Ahmed

Linkedin: https://ca.linkedin.com/in/sayedjustetc

Blog: http://sitestree.com, http://bangla.salearningschool.com

Hacking Basics: Short Overview: A Short Breadth

Hacking Basics: Short Overview: A Short Breadth

Audience: Ethical Hackers, Wanna be security researchers, interested to know the basics of Security

Objective: Identify the key hacking concepts. Just the names primarily.

key Topics: Password Cracking, Keyloggers, Trojans, Viruses, Worms, Rootkits, Social Engineering, Privilege Escalation, Denial of service attack, Botnet, Alternate data streams, Steganography, Covering tracks.

Password Cracking Techniques that hackers use or can be used as part of ethical hacking:

Dictionary Attack, Brute Force Attack (uses combination of letters, digits, esp. characters – not dictionary words), Hybrid Attack (on top of dictionary attack such as world123), Syllable Attack (brute force attack on top of dictionary attack, combine dictionary and brute force), Rule based attack (when some hints are known then use rules to create passwords to use to crack), Rainbow Table Attack (uses pre-generated hashes of combinations/permutations of a character set), distributed password attack (uses multiple systems to crack the password), non-technical attack (social engineering, shoulder surfing to see typing)

Keyloggers: Used to steal passwords such as BIOS Embedded (sits in the BIOS), keylogger keyboard (replace keyboard with keyboards with internal memory), External Keyloggers (fits the PS/2, serial keyboard port to intercept), Software keyloggers (most common, installed in the target system)

Trojans: Hides inside trust-able applications can give the attacker full access to the system, can steal passwords and any other data. Two types: Overt channel (uses a genuine channel to communicate), Covert Channel (uses back/secret door)

Types of Trojans: Command shelf Trojans (gives command line access to the attacker), Document Trojans (hides inside word or pdf files), email trojans (attacker sends commands through email messages ), Botnet Trojans (uses bots to attack, for DOS attacks bots are usually used)

Viruses: A malicious program itself. The life-cycle of a virus: design/development, infection and replication (replicates itself on the target system to attack), detection (can be detected by anti-virus software), anti-virus signature development, Eradication

Types of Viruses: System/boot virus, File virus, Macro Virus (can be word and excel macro), Polymorphic virus (change code and behaviors of itself).

Computer Worms: Similar to virus however they self-replicate themselves aggressively and try to attack aggressively to infect as many systems as possible (and as quickly as possible)

Rootkits:

Affect the operating system, changes the kernels. hard to remove. Changes system level code to remain undetected by anti-virus software.

About Antivirus software: Not all anti-virus software can detect all viruses. VirusTotal a service scans submitted files using multiple anti-virus software to detect viruses.

Social Engineering: Deceptive art to engage in communication with others to collect sensitive/valuable information Such as the CRA scam, Lottery winner scam. Steps of Social Engineering: information gathering, choose the victim, establish trust, exploit the relationship.

Types of Social Engineering: Human based, computer based, mobile based

Privilege Escalation: First gets access to the system that can be a basic access. then tries to increase privileges that can be by using programming, or utilizing misconfiguration in the system.

DOS Attack: Overwhelms the system resources so that even legitimate users cannot get access or use the system and services.

Botnet: Can be used for DOS attacks. A Botnet is a group of systems that work together to shut the target system down. the botnet is controlled by the attackers.

Alternate Data Streams: Data attached to a file. The attachment is invisible to the user. Such as hidden.txt file (will be hidden and will gwt data) can be attached to file.txt (will be visible). StreamArmor application can detect such hidden files.

Steganography: techniques where data is hidden inside messages/data. Only the related parties will have keys to see the hidden data. Example purpose: Copy prevention, Hiding meta-data, Covert communication, Authenticity testing.

Covering Tricks:

Covering Tricks: Attacker after attacking the target systems and after collecting information, can try to clear all traces. Clearing might involve: clear browser cache, remove all files it created, clear audit and event logs, close open ports, stop the service processes, restore the registry, delete user accounts it created, create temp files.

Cleaner Programs: CCCleaner, File Shredder

References: Sagar Ajay, CEH, Apress

Sayed Ahmed

Linkedin: https://ca.linkedin.com/in/sayedjustetc

Blog: http://sitestree.com, http://bangla.salearningschool.com

Where to get Malware Samples and Labels?

Where to get Malware Samples and Labels?

This information is intended for Security and Malware researchers.

Virus Total: https://www.virustotal.com/gui/

Malware-traffic-analysis-net: http://malware-traffic-analysis.net/

Virus Share : https://virusshare.com/

VX Haven: https://vxer.org

Kaggle, Microsoft Virus/Malware database: https://www.kaggle.com/c/microsoft-malware-prediction/data

Reference: Clarence C, and David F.

Visualization of Multivariate Charts

Dataset Types
Tables, Networks, Spatial
https://www.cs.ubc.ca/~tmm/talks/minicourse14/vad16nasa.pdf

Attribute Types
Categorical, Ordered, Quantitative

Multivariate Charts
Scatter Plot, Heat Map, Bubble Chart, Parallel Coordinates, Radar Plot

Scatter Plot
https://en.wikipedia.org/wiki/Scatter_plot

Scatter Plot : Details: Patterns
https://mste.illinois.edu/courses/ci330ms/youtsey/scatterinfo.html

Scatter Plot and Trend Line
https://www.mathsisfun.com/data/scatter-xy-plots.html

Scatterplot Details
https://www150.statcan.gc.ca/n1/edu/power-pouvoir/ch9/scatter-nuages/5214827-eng.htm

GRAPHICS: COMBINING TWOWAY SCATTERPLOTS | STATA LEARNING MODULES
https://stats.idre.ucla.edu/stata/modules/graph8/twoway-scatter-combine/

Multiple overlaid scatterplots
https://www.stata.com/support/faqs/graphics/gph/graphdocs/multiple-overlaid-scatterplots/index.html

Visualization in Data Science: What is it for?
https://cds.nyu.edu/wp-content/uploads/2014/04/bertini_datascience_showcase_May12_2014.pdf

Scatterplots and Outliers. Scatterplot Bad Examples
http://faculty.virginia.edu/ASTR3130/lablinks/GuidePlots.html

Heatmap
https://www.highcharts.com/demo/heatmap

SPSS: Heatmap
https://www.ibm.com/support/knowledgecenter/en/SS3RA7_15.0.0/com.ibm.spss.modeler.help/graphboard_creating_examples_heatmap.htm

Heat Map Color Gradients
https://docs.microsoft.com/en-us/bingmaps/v8-web-control/map-control-concepts/heat-map-module-examples/heat-map-color-gradients?redirectedfrom=MSDN

Heatmap and Correlation Map
https://blogs.sas.com/content/sasdummy/2013/06/12/correlations-matrix-heatmap-with-sas/

Heatmap: Biclusters
https://www.researchgate.net/figure/Heatmap-visualization-of-biclusters-a-Typical-heatmap-with-bright-colors-representing_fig1_5344500

A visual analytics approach for understanding biclustering results from microarray data
https://bmcbioinformatics.biomedcentral.com/articles/10.1186/1471-2105-9-247

Bubble Chart:
https://www.fusioncharts.com/resources/chart-primers/bubble-chart

HOW TO DESIGN BUBBLE CHARTS: i.e Kind of Scatterplot
https://visage.co/data-visualization-101-bubble-charts/

Ted Talk: A Famous Bubble Chart
https://www.ted.com/talks/hans_rosling_reveals_new_insights_on_poverty?language=en

Junk Charts
https://junkcharts.typepad.com/junk_charts/2013/03/blowing-the-whistle-at-bubble-charts.html

Parallel Coordinates
https://en.wikipedia.org/wiki/Parallel_coordinates

Polygonal chain
https://en.wikipedia.org/wiki/Polygonal_chain

Patterns: Parallel Coordinates
https://eagereyes.org/techniques/parallel-coordinates

More on Parallel Coordinates: Includes bad examples of Parallel Coordinates
https://ldld.samizdat.cc/2016/parallel/

Radar Plots
https://www.fusioncharts.com/resources/chart-primers/radar-chart

Radar Plots. Also, what does the area mean?
https://ncva.itn.liu.se/education-geovisual-analytics/parallel-coordinates-and-radar-chart?l=en

3 Things to Think About – A Warning Label for Radar Charts
http://www.verghisgroup.com/wp-content/uploads/2012/04/3-Things-to-Think-About-A-Warning-Label-for-Radar-Charts.pdf