Reasons why you are being hacked

Weak passwords
Phished 
Phishing is a common method of identity theft that utilizes fake e-mails which are sent to customers to acquire sensitive user information.
Insecure Internet Browsing 
Cyber threats that originate as the result of web browser vulnerabilities, can be controlled by using the latest versions of the web browser software, or by installing updates and configuring settings to disable applets, scripts, plugins and Active X controls.
Use of pirated software
Pirated software may be used to harvest Trojans and viruses in computer systems and since the software is “unsupported” the user is deprived of technical support.
Misuse of Portable storage devices.  
Lack of proper encryption
Some of the risks that one can expect from an unsecured network include: a

1. Unauthorized access to files and data 
2. Attackers may capture website traffic, user id and passwords, 
3. Attackers may inject a software to log user key strokes and steal sensitive information 
4. Unauthorized access to corporate network. (In the event that the user’s network is connected to a corporate network.)
5.  A users IP address could be compromised and unauthorized users may use it for illegal transactions. 

Using Wireless Hotspots

While using public access points it is safe to use secure websites protected by the Secure Sockets Layer. Using infrastructure mode is safer than ad-hoc mode as it uses access controls to connect to network. A Virtual Private Network (VPN) is a secure way for a user to connect with their company network. (VPN creates secure access to private network over public connections.)

The Most effective way of stealing Passwords and relevant information

In this blog, I'm going to discuss about keylogs and why they are malicious.
Keystroke logging,  is the action of recording (logging) the keys struck on a keyboard, it can also  be defined as  a piece of software — or, even scarier, a hardware device — that logs every key you press on your keyboard. It can capture personal messages, passwords, credit card numbers, and everything else you type.
The keylogger can theoretically reside in a malware hypervisor running underneath the operating system, which thus remains untouched. It effectively becomes a virtual machine.
 A program on the machine obtains root access to hide itself in the OS and intercepts keystrokes that pass through the kernel.
Writing simple software applications for keylogging can be trivial, and like any nefarious computer program, can be distributed as a trojan horse or as part of a virus.
Legitimate programs may have a keylogging function which can be used to call certain program functions using “hotkeys,” or to toggle between keyboard layouts (e.g. Keyboard Ninja).
There is a lot of legitimate software which is designed to allow administrators to track what employees do throughout the day, or to allow users to track the activity of third parties on their computers. However, the ethical boundary between justified monitoring and espionage is a fine line. Legitimate software is often used deliberately to steal confidential user information such as passwords.

It is more difficult, however, for users to combat keyloggers; the only possible method is to use an appropriate security solution, as it’s usually impossible for a user to tell that a keylogger has been installed on his/ her machine.

Eight Important Oracle Storage Capabilities and Database Benefits

Oracle Intelligent Storage Protocol (OISP)
OISP is a unique communications protocol that enables Oracle Database 12c to communicate dynamically with the ZFS Storage Appliance to automatically tune critical factors, including logbias and record size, for optimal database performance. With OISP, storage administrators reduce manual tuning tasks by 65 percent, it is only available for ZFS Storage Appliances.

Oracle Database Hybrid Columnar Compression (HCC) for Oracle Exadata and Oracle Storage 
Systems Oracle Database HCC, available only with Oracle Exadata and Oracle storage systems, enables customers to compress data 12 to 50 times, depending on usage, resulting in a 3 to 5 times reduction in storage capacity requirements. HCC combines with new features in Oracle Database 12c to provide Heat Map and Automatic Data Optimization (ADO) in Oracle Advanced Compression.

Quality of Service (QoS) Plus for FS1
QoS Plus is a policy-based virtualization feature, incorporating business priority I/O (input/output) queue management fused with sub-LUN (logical unit number) automatic tiering into one simple management framework.

Application Profiles for FS1 Oracle FS1 Flash Storage System
Comes with predefined application profiles that provide tuned and tested out-of-the-box storage optimization for Oracle Database and key enterprise applications, including non-Oracle applications such as Microsoft Exchange.

Hybrid Storage Pools 
Oracle ZFS Storage Appliances leverage Hybrid Storage Pools intelligent data caching algorithm and architecture to ensure that up to 70–90 percent of “hot” I/O is processed in DRAM (in memory) — up to  44 2TB per system, frequently accessed data is cached in flash, and less-frequently accessed data is read from disk when needed. This ensures continuous and optimal storage performance and efficiency, with no enduser involvement required (refer to Chapter 2 for a full description).


Snap Management Utility
The Oracle Snap Management Utility for Oracle Database is a standalone management tool specifically engineered to work with the ZFS Storage Appliance. It provides

1.  A simple, fast, efficient, and automatic way to back up, restore, clone, and provision Oracle Databases that are stored on the ZFS Storage Appliance — all performed directly by the database administrator with a graphical user interface 
2.  One-step provisioning of database copies to accelerate development and test environments 
3.  Support for Oracle Solaris, Linux, and Windows clients and database hosts, for databases configured for NAS or SAN storage types 
4.  Support for Oracle Real Application Clusters (Oracle RAC)

Oracle Enterprise Manager (EM) and Oracle VM Integration 

Oracle EM is Oracle’s cross-system, global management, and monitoring tool. With Oracle EM plug-ins for engineered systems, Oracle FS1, and Oracle ZFS Storage, users can monitor and manage their entire Oracle environment from application to storage from a single pane of glass. EM plug-ins enable DBAs to monitor and manage storage resources with storage administration involvement.

Oracle Storage Archive Manager and Long-term Archiving 

Oracle StorageTek Storage Archive Manager (SAM) enables policy-based archiving and classification and provides ready access to data throughout its life cycle. 

Source: Oracle.com

How HTTPS Bicycle Attack Works

It is usually assumed that HTTP traffic encapsulated in TLS doesn’t reveal the exact sizes of its parts, such as the length of a Cookie header, or the payload of a HTTP POST request that may contain variable-length credentials such as passwords.

The Bicycle attack, in the context of obtaining the length of a user's password from a browser request, is fairly simple. All a user needs to do is have a packet capture of requests to a known site, including an authentication (login) request containing an already known username and an unknown plain-text password. If an attacker can determine the user's browser and how that browser would send requests to the site, they can subtract the length of all the known data the browser would send except for the piece of information they are interested in, which will result in them knowing the length of the unknown data.

Summary:

• Obtain a packet capture (i.e. via a Man-in-the-Middle attack) which has stream-cipher TLS traffic of encrypted browser requests to a known website, including one where there was likely to be a password sent in an authentication request. The target site may be revealed in the packet capture in the form of a DNS request, or the attacker may be able to find this out with some reconnaissance.
• Obtain a "User-Agent" string from the packet capture or determine which browser the target was using.
• Replicate browser requests to the site using the same browser. This will reveal the lengths of the requests to various pages on the site.
• From the encrypted TLS payloads of the browser requests in the packet capture, extract the lengths of the payloads.
• Compare the Pearson correlation coefficient for the plain-text and encrypted requests. This will enable to compare plain-text and encrypted request lengths in order to reveal which encrypted TLS requests are for which pages (URLs) of the website.

source: eccouncil.org

Five Phases Hacker Must Follow

Phase 1—Reconnaissance 
Reconnaissance refers to the preparatory phase where an attacker gathers as much information as possible about the target prior to launching the attack. Also in this phase, the attacker draws on competitive intelligence to learn more about the target. This phase may also involve network scanning, either external or internal, without authorization.

Phase 2 - Scanning
Scanning is the method an attacker performs prior to attacking the network. In scanning, the attacker uses the details gathered during reconnaissance to identify specific vulnerabilities. Scanning can be considered a logical extension (and overlap) of the active reconnaissance.

Phase 3 - Gaining Access 
Gaining access is the most important phase of an attack in terms of potential damage. Attackers need not always gain access to the system to cause damage. For instance, denial-of-service attacks can either exhaust resources or stop services from running on the target system.

Phase 4 - Maintaining Access
Once an attacker gains access to the target system, the attacker can choose to use both the system and its resources, and further use the system as a launch pad to scan and exploit other systems, or to keep a low profile and continue exploiting the system. Both these actions can damage the organization. For instance, the attacker can implement a sniffer to capture all network traffic, including telnet and ftp sessions with other systems.

Phase 5 - Covering Tracks 

This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process, e.g., a buffer overflow attack will usually leave a message in the system logs. Next, the attention is turned to effecting changes so that future logins are not logged. By manipulating and tweaking the event logs, the system administrator can be convinced that the output of his/her system is correct, and that no intrusion or compromise has actually taken place. 

What is REST?

REST stands for Representational State Transfer. (It is sometimes spelled "ReST".) It relies on a stateless, client-server, cacheable communications protocol -- and in virtually all cases, the HTTP protocol is used.

Secure Transactions with EMV chips goodbye magnetic chips

EMV -- which stands for Europay, MasterCard and Visa -- is a global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. In the wake of numerous large-scale data breaches and increasing rates of counterfeit card fraud, U.S. card issuers are migrating to this new technology to protect consumers and reduce the costs of fraud.

"These new and improved cards are being deployed to improve payment security, making it more difficult for fraudsters to successfully counterfeit cards," says Julie Conroy, research director for retail banking at Aite Group, a financial industry research company. "It's an important step forward."

For merchants and financial institutions, the switch to EMV means adding new in-store technology and internal processing systems, and complying with new liability rules. For consumers, it means activating new cards and learning new payment processes.

Most of all, it means greater protection against fraud.

Want to know more about the transition and your new EMV chip-equipped credit card? Here are eight frequently asked questions to help you understand the changes.

1. Why are EMV cards more secure than traditional cards?

It's that small, metallic square you'll see on new cards. That's a computer chip, and it's what sets apart the new generation of cards.

The magnetic stripes on traditional credit and debit cards store contain unchanging data. Whoever accesses that data gains the sensitive card and cardholder information necessary to make purchases. That makes traditional cards prime targets for counterfeiters, who convert stolen card data to cash.

"If someone copies a mag stripe, they can easily replicate that data over and over again because it doesn't change," says Dave Witts, president of U.S. payment systems for Creditcall, a payment gateway and EMV software developer.

Unlike magnetic-stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again.

If a hacker stole the chip information from one specific point of sale, typical card duplication would never work "because the stolen transaction number created in that instance wouldn't be usable again and the card would just get denied," Witts says.

EMV technology will not prevent data breaches from occurring, but it will make it much harder for criminals to successfully profit from what they steal.

Experts hope it will help significantly reduce fraud in the U.S., which has doubled in the past seven years as criminals have shied away from countries that already have transitioned to EMV cards, Conroy says.

"The introduction of dynamic data is what makes EMV cards so effective at bringing down counterfeit card rates in other countries," she says.

2. How do I use an EMV card to make a purchase?

Just like magnetic-stripe cards, EMV cards are processed for payment in two steps: card reading and transaction verification.

However, with EMV cards you no longer have to master a quick, fluid card swipe in the right direction. Chip cards are read in a different way. 

"Instead of going to a register and swiping your card, you are going to do what is called 'card dipping' instead, which means inserting your card into a terminal slot and waiting for it to process," Conroy says.

When an EMV card is dipped, data flows between the card chip and the issuing financial institution to verify the card's legitimacy and create the unique transaction data. This process isn't as quick as a magnetic-stripe swipe.

"It will take a tiny bit longer for that transmission of data to happen," Witts says. "If a person just sticks the card in and pulls it out, the transaction will likely be denied. A little bit of patience will be involved."

While chip card transactions may take a bit longer than mag stripe transactions, total card processing time will vary between merchants and eventually speed up as the new payment environment is improved.

“It will vary depending on the merchant, the equipment and the point-of-sale system,” Ferenczi said. “I think that time lag overtime will be reduced for those longer transactions.”

3. Is card dipping the only option?

Not necessarily. EMV cards can also support contactless card reading, also known as near field communication.

Instead of dipping or swiping, NFC-equipped cards are tapped against a terminal scanner that can pick up the card data from the embedded computer chip.

"Contactless transactions are more consumer-friendly because you just have to tap," said Martin Ferenczi, president of Oberthur Technologies, the leading global EMV product and service provider. "Around the world, there is a move to make EMV cards dual-interface, which means contact and contactless. However, in the U.S., most financial instructions are issuing contact cards."

Dual-interface cards and the equipment needed to scan them are expensive. Right now, the first step is to successfully integrate EMV cards into the U.S. shopping scene. Dual interface will arrive later, according to Ferenczi.

“Dual-interface cards represent an excess of 40 percent of all cards issued outside the U.S. and I have no doubt that while we have a small base of 3 to 5 percent in the U.S. today, that percentage will grow significantly over the next year,” he said. “I think that we will start seeing an acceleration this year and further acceleration in 2017.”

Technology behind facebook

Software that helps Facebook scale

In some ways Facebook is still a LAMP site (kind of), but it has had to change and extend its operation to incorporate a lot of other elements and services, and modify the approach to existing ones.

For example:

• Facebook still uses PHP, but it has built a compiler for it so it can be turned into native code on its web servers, thus boosting performance.
• Facebook uses Linux, but has optimized it for its own purposes (especially in terms of network throughput).
• Facebook uses MySQL, but primarily as a key-value persistent storage, moving joins and logic onto the web servers since optimizations are easier to perform there (on the “other side” of the Memcached layer).

Then there are the custom-written systems, like Haystack, a highly scalable object store used to serve Facebook’s immense amount of photos, or Scribe, a logging system that can operate at the scale of Facebook (which is far from trivial).

But enough of that. Let’s present (some of) the software that Facebook uses to provide us all with the world’s largest social network site.

MEMCACHE

Memcached is by now one of the most famous pieces of software on the internet. It’s a distributed memory caching system which Facebook (and a ton of other sites) use as a caching layer between the web servers and MySQL servers (since database access is relatively slow). Through the years, Facebook has made a ton of optimizations to Memcached and the surrounding software (like optimizing the network stack).

Facebook runs thousands of Memcached servers with tens of terabytes of cached data at any one point in time. It is likely the world’s largest Memcached installation.

HIPHOP FOR PHP

HP, being a scripting language, is relatively slow when compared to code that runs natively on a server. HipHop converts PHP into C++ code which can then be compiled for better performance. This has allowed Facebook to get much more out of its web servers since Facebook relies heavily on PHP to serve content.

A small team of engineers (initially just three of them) at Facebook spent 18 months developing HipHop, and it is now live in production.

HAYSTACK

Haystack is Facebook’s high-performance photo storage/retrieval system (strictly speaking, Haystack is an object store, so it doesn’t necessarily have to store photos). It has a ton of work to do; there are more than 20 billion uploaded photos on Facebook, and each one is saved in four different resolutions, resulting in more than 80 billion photos.

And it’s not just about being able to handle billions of photos, performance is critical. As we mentioned previously, Facebook serves around 1.2 million photos per second, a number which doesn’t include images served by Facebook’s CDN. That’s a staggering number.

BIGPIPE

BigPipe is a dynamic web page serving system that Facebook has developed. Facebook uses it to serve each web page in sections (called “pagelets”) for optimal performance.

For example, the chat window is retrieved separately, the news feed is retrieved separately, and so on. These pagelets can be retrieved in parallel, which is where the performance gain comes in, and it also gives users a site that works even if some part of it would be deactivated or broken.

CASSANDRA

Cassandra is a distributed storage system with no single point of failure. It’s one of the poster children for the NoSQL movement and has been made open source (it’s even become an Apache project). Facebook uses it for its Inbox search.

Other than Facebook, a number of other services use it, for example Digg. We’re even considering some uses for it here at Pingdom.

SCRIBE

Scribe is a flexible logging system that Facebook uses for a multitude of purposes internally. It’s been built to be able to handle logging at the scale of Facebook, and automatically handles new logging categories as they show up (Facebook has hundreds).

HADOOP AND HIVE

Hadoop is an open source map-reduce implementation that makes it possible to perform calculations on massive amounts of data. Facebook uses this for data analysis (and as we all know, Facebook has massive amounts of data). Hive originated from within Facebook, and makes it possible to use SQL queries against Hadoop, making it easier for non-programmers to use.

Both Hadoop and Hive are open source (Apache projects) and are used by a number of big services, for example Yahoo and Twitter.

THRIFT

Facebook uses several different languages for its different services. PHP is used for the front-end, Erlang is used for Chat, Java and C++ are also used in several places (and perhaps other languages as well). Thrift is an internally developed cross-language framework that ties all of these different languages together, making it possible for them to talk to each other. This has made it much easier for Facebook to keep up its cross-language development.

Facebook has made Thrift open source and support for even more languages has been added.

VARNISH

Varnish is an HTTP accelerator which can act as a load balancer and also cache content which can then be served lightning-fast.

Facebook uses Varnish to serve photos and profile pictures, handling billions of requests every day. Like almost everything Facebook uses, Varnish is open source.

Other things that help Facebook run smoothly

We have mentioned some of the software that makes up Facebook’s system(s) and helps the service scale properly. But handling such a large system is a complex task, so we thought we would list a few more things that Facebook does to keep its service running smoothly.

GRADUAL RELEASES AND DARK LAUNCHES

Facebook has a system they called Gatekeeper that lets them run different code for different sets of users (it basically introduces different conditions in the code base). This lets Facebook do gradual releases of new features, A/B testing, activate certain features only for Facebook employees, etc.

Gatekeeper also lets Facebook do something called “dark launches”, which is to activate elements of a certain feature behind the scenes before it goes live (without users noticing since there will be no corresponding UI elements). This acts as a real-world stress test and helps expose bottlenecks and other problem areas before a feature is officially launched. Dark launches are usually done two weeks before the actual launch.

PROFILING OF THE LIVE SYSTEM

Facebook carefully monitors its systems (something we here at Pingdom of course approve of), and interestingly enough it also monitors the performance of every single PHP function in the live production environment. This profiling of the live PHP environment is done using an open source tool called XHProf.

GRADUAL FEATURE DISABLING FOR ADDED PERFORMANCE

If Facebook runs into performance issues, there are a large number of levers that let them gradually disable less important features to boost performance of Facebook’s core features.

Eight simple things you can do to protect your business data:

Conduct a security audit.
If you don’t know what parts of your business are vulnerable or what data you have that needs to be protected, you can’t properly secure it. It is critical that you work with a professional to audit your entire IT infrastructure—computers, network, and mobile devices—to determine what you need to do to prevent hackers from accessing your network.
Make staff aware of the important role they play in security. 
Your staff are your front line of defense when it comes to security. Sure, hackers can access your network remotely and siphon off data without setting foot in your office. However, vigilant employees (consultants, partners, and vendors, too) can ensure that human error—which is a big cause of data security breaches—is minimalized.
Use strong and multiple passwords.
Too many of us use simple passwords that are easy for hackers to guess. When we have complicated passwords, a simple “dictionary attack”—an attack by a hacker using an automated tool that uses a combination of dictionary words and numbers to crack passwords—can’t happen. Don’t write passwords down; commit them to memory.
Encrypt your data. Encryption is a great security tool to use in case your data is stolen. For example, if your hard disk is stolen or you lose your USB thumb drive, whoever accesses the data won’t be able to read it if it’s encrypted.
Back up.
Security is important, but if your data is not backed up, you WILL LOSE IT. Ensure that your data is properly backed up, and test the backup to ensure that your data can be recovered when you need it. A One-Page Expert Guide from Ramon Ray Editor & Technology Evangelist, Smallbiztechnology.com 8 Tips to Protect Your Business and Secure Its Data
Have security policies.
It’s one thing to ask employees to work securely, but you must also have clear and simple policies in place for them to follow to ensure that they are working in a secure environment. For example, insist that all notebook computers connected to the corporate network have security software. Mandate that NO security information ever be given over the phone. Policies like this and more will help ensure that your staff are doing their part to be security aware.
Protect your mobile work force. 
Your sales team of 10 years ago is probably nothing like your sales team of today. With the proliferation of the BlackBerry, iPhone, and other mobile devices, more of your staff are working away from the office—and away from the protection of your network security. They are operating “in the open” on your customers’ networks, public networks at coffee shops, or free networks in the park. It is important to ensure that their mobile technology, often connected wirelessly, is as secure as possible.
Implement a multiple-security-technology solution.
Viruses that corrupt data are not the only security threat. Hackers, and their attacks, are more sophisticated than ever, and it is critical to have multiple layers of security technology on all your different devices (including each desktop, mobile device, file server, mail server, and network end point) to comprehensively secure your data. This multiple security will block attacks on your network and/or alert you to a problem so that you (or your IT expert) can take the appropriate action.

An Introduction To APIs

An Application Programming Interface (or API) is a way for two webpages and/or pieces of software to communicate with each other. An API works as a middleman, taking the request from one piece of software, and then replying with the appropriate response from the other.

One example of an API you may be familiar with is the Create publish and share function. Using an API, we send a request to allow us to post on your social media account such as Twitter. The Twitter API then responds by posting a status update on your social media account.

The Create API opens up the possibility to streamline a number of tasks in the day-to-day running of your business by allowing for the easy creation of Apps. For instance, an App could be set up using the API to automatically transfer your shop orders into your accounting software.

As a Developer

As a Developer, you have the option of creating Apps for yourself or client, and making these publicly available to Create customers as well. To learn more, and to read our Developer Documentation, see our API Information for Developers guide.

How much will Twitter ads cost?

Your bid and budget come into play when controlling the spend in your campaign. Twitter Ads is an auction based system, so your budget and bid determine the price of your campaign. There is no minimum for using Twitter Ads and our system will only charge advertisers when you acquire an action (based on your campaign objective). While we cannot provide an exact price for the cost of Twitter Ads, since this is based on your budget and bid, you can view the pricing definitions below to get an idea of how much you will end up paying. It’s important to note that advertisers are never charged for organic activity.

When setting up a campaign, advertisers have two options to choose from when determining how to set bids for their campaigns, automatic or maximum bidding.

Automatic bidding is a bidding option that enables Twitter to auto-optimize bids for a given campaign objective and budget on the advertiser’s behalf. When selecting the automatic bid option, Twitter will attempt to enter the advertiser in auctions with the lowest bid possible, while also delivering on the advertiser’s overall campaign objectives.

Maximum bidding allows users to manually select how much a follow, lead, click or engagement is worth to their business. When entering your manual bid, you will not pay that amount when you win an objective-based campaign auction. Instead, you will only pay one penny above the second place advertiser’s quality-adjusted bid. The common term for this model is a second price auction.

Your campaign type determines which actions you are bidding for and will be charged for once the campaign starts running.  The available campaign types and associated actions are listed below:

Website Clicks or Conversions Campaigns:

You will only be charged for the clicks to your website that are acquired from that campaign.  All other actions and engagements (impressions, replies and retweets for example) are free.

Maximum bid pricing option suggestion: $1.68 – $10.00

Followers Campaigns:

You will only be charged for the follows you acquire from that campaign.  All other actions and engagements (impressions, replies and retweets for example) are free.

Maximum bid pricing option suggestion: $2.50 - $3.50

Tweet Engagement Campaigns:

You will only be charged for engagements on your Promoted Tweets.  Impressions are free.

Maximum bid pricing option suggestion: $1.50 - $2.50

App Installs or App Engagement Campaigns:

You will only be charged for clicks to install or open your App you acquire from that campaign.  All other actions and engagements (impressions, replies and retweets for example) are free.

Maximum bid pricing option suggestion: $1.95 – $3.25

Leads Campaigns:

You will only be charged for the leads acquired.  All other actions and engagements (impressions, replies and retweets for example) are free.

Maximum bid pricing option suggestion: $4.47 – $23.00

Video View Campaigns:
You will only be charged for video views from that campaign. A view occurs when a video is 100% in-view on the user’s device and has been watched for at least 3 seconds, or the user clicks to watch the video in full screen. All other actions and engagements (impressions, replies and retweets for example) are free.

Maximum bid pricing option suggestion: $0.10 – $0.50

Difference betweeen AdWords and AdWords Express

There’s no advantage to using both advertising products at the same time. Using both AdWords and AdWords Express can complicate your ad management and cause your ads to compete against each other, so we recommend using only one of these advertising tools at a time.

Compare products at a glance

	AdWords Express	AdWords
Pay only for clicks	Yes	Yes
Automated management	Yes	No
Easy solution for businesses without a website	Yes	No
Ads on Google Search and Google Maps	Yes	Yes
Ads on other related websites	Limited	Yes
Mobile ads	Yes	Yes
Other advanced ad formats (e.g. video)	No	Yes
Ability to target ads geographically	Anywhere	Anywhere

Both AdWords and AdWords Express allow you to increase the number of times and the number of places where your business info appears. With either advertising product you can use targeted messaging in your ads to attract and engage potential customers.

Theme used for online shopping

Liquid reference

Liquid is an open-source template language created by Shopify and written in Ruby. It is the backbone of Shopify themes and is used to load dynamic content on storefronts.

Read about the basics of Liquid, or check out reference material on objects, tags, andfilters.

TWITTER AUTHRIZATION METHODS

Documentation

The Twitter Platform connects your website or application with the worldwide conversation happening on Twitter.

Fabric

Fabric is a flexible, modular set of mobile development tools called “Kits” that help you make your app more stable, add social features like sharing and login, and turn your app into a business with easy monetization.

Twitter for Websites

Twitter for Websites is a suite of embeddable widgets, buttons, and client-side scripting tools to integrate Twitter and display Tweets on your website or JavaScript application, including a single Tweet, multiple Tweets, Twitter Moments, Tweet Button, and the Follow Button.

Cards

Twitter Cards display additional content alongside a Tweet for supported links. Highlight a photo, video, or other page summary when your links are shared on Twitter to drive additional traffic to your website, iOS, or Android app.

OAuth

Use our OAuth endpoints to connect users to Twitter and send secure, authorized requests to the Twitter API.

REST APIs

The REST APIs provides programmatic access to read and write Twitter data. Author a new Tweet, read author profile and follower data, and more. The REST API identifies Twitter applications and users using OAuth; responses are available in JSON.

Streaming APIs

The Streaming APIs continuously deliver new responses to REST API queries over a long-lived HTTP connection. Receive updates on the latest Tweets matching a search query, stay in sync with user profile updates, and more. If your application is rate-limited for over-polling the REST APIs the Streaming APIs may be a good solution for your needs.

Ads API

The Ads API gives partners a way to integrate Twitter advertising management in their product. Selected partners have the ability create their own tools to manage Twitter Ad campaigns while easily integrating into existing, cross-channel advertising management solutions.

MoPub

MoPub is the world’s largest mobile ad exchange and ad server. Make more ad revenue and control your ad experience with first class ad serving, ad network mediation, and plug in to thousands of advertising sources with the world’s largest mobile ad exchange.

Differences between Java EE and Java SE

Java technology is both a programming language and a platform. The Java programming language is a high-level object-oriented language that has a particular syntax and style. A Java platform is a particular environment in which Java programming language applications run.

There are several Java platforms. Many developers, even long-time Java programming language developers, do not understand how the different platforms relate to each other.

The Java Programming Language Platforms

There are four platforms of the Java programming language:

• Java Platform, Standard Edition (Java SE)
• Java Platform, Enterprise Edition (Java EE)
• Java Platform, Micro Edition (Java ME)
• JavaFX

All Java platforms consist of a Java Virtual Machine (VM) and an application programming interface (API). The Java Virtual Machine is a program, for a particular hardware and software platform, that runs Java technology applications. An API is a collection of software components that you can use to create other software components or applications. Each Java platform provides a virtual machine and an API, and this allows applications written for that platform to run on any compatible system with all the advantages of the Java programming language: platform-independence, power, stability, ease-of-development, and security.

Java SE

When most people think of the Java programming language, they think of the Java SE API. Java SE's API provides the core functionality of the Java programming language. It defines everything from the basic types and objects of the Java programming language to high-level classes that are used for networking, security, database access, graphical user interface (GUI) development, and XML parsing.

In addition to the core API, the Java SE platform consists of a virtual machine, development tools, deployment technologies, and other class libraries and toolkits commonly used in Java technology applications.

Java EE

The Java EE platform is built on top of the Java SE platform. The Java EE platform provides an API and runtime environment for developing and running large-scale, multi-tiered, scalable, reliable, and secure network applications.

Java ME

The Java ME platform provides an API and a small-footprint virtual machine for running Java programming language applications on small devices, like mobile phones. The API is a subset of the Java SE API, along with special class libraries useful for small device application development. Java ME applications are often clients of Java EE platform services.

JavaFX

JavaFX is a platform for creating rich internet applications using a lightweight user-interface API. JavaFX applications use hardware-accelerated graphics and media engines to take advantage of higher-performance clients and a modern look-and-feel as well as high-level APIs for connecting to networked data sources. JavaFX applications may be clients of Java EE platform services.

27 Social Media Tools Retailers Can Use to Boost Influence and Sales

Social media isn’t just about viral videos or selfies. For consumers, sites and apps such as Facebook, Instagram, and Twitter are playing an increasingly large role in their path to purchase.

This is why it’s so important for retailers to invest in social media marketing. Having a strong presence in relevant social networks not only gives you an avenue to communicate with your audience, it also allows you to stay in the radars of your customers. This in turn, increases the likelihood of a shopper choosing your brand when they’re ready to buy.

To that end, we’ve compiled a list of tools you can use to streamline your social media efforts. From social network management apps that’ll save you time, to social commerce solutions that’ll enable you to sell products to your fans and followers, the following tools are essential for any retailer who wants to win at social.  

Facebook

Call to Action buttons – Businesses can add call-to-action buttons on their Pages and ads. Admins can select from seven calls to action, including Book Now, Contact Us, Use App, Play Game, Shop Now, Sign Up, and Watch Video.

Check out this example from Tory Burch, which has a “Shop Now” button on its page.

To add a call-to-action button on your Page, click the “Create Call-to-Action” button found at the top part of your page, on your cover photo.

Facebook Bluetooth® Beacons – Beacons have been a hot topic in the retail industry for some time, and it looks like Facebook now has its own Beacon initiative. The company launched Facebook Bluetooth® beacons, which are devices that retailers can use to help customers learn more about the business whenever they visit the store. Retailers will be able to deliver certain information or messages to customers such as a welcome note or a prompt to “like” the business’ page.

All you need to do is install the beacons in your store, and they will then connect with smartphone users who have Facebook location services turned on.

Facebook Bluetooth® beacons can be requested for free here.

Woobox Custom Tab – Woobox lets you install customized tabs to your Facebook page. It lets you add forms, embed external sites, fangate content, and it even create your own tab designs.

LikeAlyzer – Need a quick analysis of your Facebook Page? Just enter your URL into LikeAlyzer’s search field and it will generate a report that contains your page score, along with information on what you’re doing right and what can be improved. It even offers recommendations to help boost Page performance.

Facebook word blocker and profanity filter – These tools make moderating comments a bit easier. The word blocker allows you to create filters that automatically hide comments or posts that contain words or phrases that you specify.

The profanity filter on the other hand, lets you restrict (or enable) certain levels of profanity for your page. According to the social network, “Facebook determines what to block by using the most commonly reported words and phrases marked offensive by the community.”

You can find both these tools by clicking the Settings button at the top of your Page.

Twitter

Followerwonk – One of the most popular Twitter analytics solutions in the social realm, Followerwonk lets you “find, analyze, and optimize” for social growth. It offers features such as follower analysis, bio searches, follower tracking, and more.

Twitter Profile Analysis by Klear – This is a free tool that gives you a snapshot of how your (or anyone else’s) Twitter profile is doing. It measures activity level, popularity, and responsiveness, and it also identifies top content.

Topsy – Want to see who’s tweeting about your brand or any other topic? Just enter the term or phrase into Topsy’s search field and it’ll generate a list of Twitter users talking about the term or topic you searched for. You can even enter full URLs to see who’s shared your content. Perfect if you want to check out the people tweeting out your content.

Tweepi – Tweepi is a great tool for managing friends and followers on Twitter. It lets you view and sort the users you’re following, as well as those who aren’t following you back.

Twitterfall – If you need to monitor Twitter trends in real-time, look no further. Twitterfall displays tweet searches as they happen. This is great if you’re monitoring trends or events as they’re happening. Many social media experts, including Kelly Mahoney, social media manager for CompTIA, use this tool when running or participating in Twitter chats.

“It’s great because it allows you to visually display tweets in real-time. You can also retweet, reply, favorite, and follow people directly from the platform if you sign in to it through Twitter’s API.”

Instagram

Crowdfire – Crowdfire enables you to easily manage your Instagram follower and following lists. It lets you view your non-followers and offers features to help you clean up your account. It also has a “CopyFollowers” feature that lets you quickly view another account’s followers. Perfect if you’re looking to follow relevant accounts.

TakeOff – Another app by Crowdfire, TakeOff allows you to schedule your Instagram posts at the most optimal times. It calculates the best time to post based on when your audience is most likely to be online, increasing your chances of getting in front of your followers. It also has additional features, including smart tags, photo search, and multiple account support.

Iconosquare – Analyze your Instagram account and get cool stats with Iconosquare. This tool gives you an overview of the number of likes and comments you received, and it also scores your account’s engagement levels.

Repost – As its name clearly implies, this app lets you repost photos and videos from your Instagram feed and likes. It also lets you bookmark posts so you could repost them at a later time.

Snapwidget – Show off your Instagram feed on your website with Snapwidget. Used by over 100,000 websites, this solution lets you create and customize a grid, slideshow, or photo map of your Instagram posts quickly and easily.

Pinterest

Pinterest Analytics – Pinterest Analytics helps you better understand your users and content. It shows you data on your Pinterest profile, your audience, and your website, allowing you to get insights into how users are engaging with your content both on your website and Pinterest profile.

Note: You’ll need a business Pinterest account to access analytics. You can either create one, or convert your existing profile on business.pinterest.com.

Tailwind – Tailwind provides an array of features to help you stay on top of your Pinterest efforts. With it you can schedule Pins, analyze trends, measure results, and monitor Pinterest activities, among others.

PinAlerts – Think of PinAlerts as Google Alerts, but for Pinterest. It sends you an email alert whenever someone Pins an image from your website, thus giving insights into which of your images are popular on Pinterest. It also lets you see who’s Pinning your images so you can reach out to them.

Social commerce tools

If you’re looking to make your social accounts more shoppable so you can sell directly to your fans and followers, the following tools are worth looking into:

Like2Buy – As we mentioned in our 2015 Retail Trends piece, Like2Buy is one of the leading solutions for making Instagram more shoppable. Here’s how it works: A customer who’d like to purchase an item they see on your feed can tap on the Like2Buy link found on Instagram profile. Clicking the link will take them to the your Like2Buy site, which looks similar to your Instagram page. When the shopper taps on an image, they’ll be taken directly to its product page, where they can find more details and proceed to checkout.

Tapshop –  Tapshop works by giving you a branded link that you can display on your Instagram profile. When users click through that link, they’ll be taken to “a custom page of products they’ve liked, and get an email with links directly to your product pages.”

Soldsie and Spreesy – These are comment-based selling solutions that enable retailers sell through Instagram and Facebook comments. When shoppers see an image of an item they’d like to buy, they would simply need to leave a comment indicating their purchase intent, and these services will automatically generate an invoice or checkout link, then send it via email.

Note: Soldsie also has a solution called Have2Have.It, which, similar to Tapshop and Like2Buy, lets retailers set up a curated page that has the same look and feel as their brand’s Instagram feed. From there, users can learn more about their products and head straight to the retailer’s ecommerce site if they want to make a purchase

General social media management and monitoring

Hootsuite – Hootsuite is one of the most a powerful and extensive social media management solution out there. It allows you to manage your Twitter, Facebook, Google+, LinkedIn, Instagram, and even WordPress account from one dashboard. You can view and schedule posts right from Hootsuite, saving you time and energy.

Buffer – If you’re looking for a more lightweight tool with a simple interface, then Buffer is worth checking out. It’s an excellent social media scheduling tool that works with Twitter, Facebook, LinkedIn, Google+, and Pinterest. Adding posts to your queue can be done with one click, and Buffer can automatically create a scheduling plan for you, or you can set pre-determined times for when posts should go out.

Handy design tools for creating shareable images

PicMonkey – Want to create beautiful images but don’t have the design skills to do so? Check out PicMonkey, a web-based solution that makes it easy for you to edit, touch-up, and design images for your blog posts and social media updates. It even has a collage maker for those who can’t decide on just one picture to post.

Canva – Canva is a powerful–but super user friendly–graphic tool for people who are “design-challenged.” Like most graphic design solutions, Canva lets you easily re-touch and edit images. On top of that, it also offers preset templates for Facebook posts, cover images, posters, flyers, and blog posts, making it easy for you to get started on projects. What’s more, Canva has a library of fonts, graphics, and photos that you can add to your design with a quick drag-and-drop feature.  

Share As Image – If you like putting text on top of images, Share As Image offers an extremely simple solution. It’s works as a Chrome extension and bookmarklet that you can access from any website. All you have to do is highlight text on the page, click the bookmarklet, and Share As Image will turn it into an image ready to be shared across social media.