However someone should mention that the National Vulnerability Database, whhich contains details of vulnerabilities, does not necessarily agree with the Computerworld article and security firm Kaspersky and their suggestion that the mentioned Software is free of security threats. So who do you trust here?
Must be some young person administering this. It reminds me of the old US Budget Data at GPO, Back then it seemed like the staff took great pride in making the data appear as complex as possible. Job security I guess.
The current DOL 'API' is complete bologna. In addition to being housed on a server running IIS 6 It's like a return to the old days, when things were not functional and were not secure. This clearly was built by some kid with an overactive imagination.
The "Authentication" apparently requires that a string which includes a HMAC-SHA1 hashed value, be placed in the request header (as best as I can figure out you read it) with a line entitled, “Authorization ”, see the second list of, "steps".
Why? Why is not the hashed secret in the GET request sufficient? I'd like to hear the specific (underline specific) reason for doing this.
What is the difference? Is it any less secure on the URI (rhetorical question)? The answer is no it isn't any more secure in the header than on the URI.
So why require the creation of custom request headers? By doing so, John Q has to write custom request headers to access the data. And I got news for you kid, this defeats the purpose.
It is no more secure using such a convoluted and complex approach, and this approach serves to render the data functionally useless. Especially when coupled with server responses that take into account none of the requirements of the user when attempting to implement the required custom headers.
... try this on for size as a solution. I send you a HMAC-SHA1 hashed value generated using my 'secret' and your 'guid' and you send me the properly formatted request header as a reply whenever I send an unacceptably formatted header (instead of current meaningless .net nonsense) ... and now that is computing.
I have been receiving emails from companies advertising for open positions for programming. Mostly Dot Net related stuff.
Salaries indicated range from the mid 50's to the 80's. Quite a few 80's in fact.
I recall that a lot of very large and successful leading edge companies are running world class world scale operations using PHP and MySql as their platform. Not Dot Net. And not just a few companies, quite a few companies have, since their inception, run Linux, BSD's, Apache, Mysql, Postgres and so on (add the links later) and done quite well (ebay, facebook, and platforms drupal, moodle, OFB).
So I wonder, what is the reason that American companies are pouring such exorbitant amounts into salaries for Dot Net Platform Developers.
A rhetorical question. I am already convinced that it is the marketing and not the technical knowledge that has been driving this.
So I Google Php, who is using it. I get Wikipedia on the first page. The Wikipedia page sites statistics from the National Vulnerability Database that indicate that PHP is really a child’s toy.
O.K.
So I Google the same using Dot Asp. Wikipedia displays nothing about security related to Dot Asp. So, now I’m suspicious. Go straight to the National Vulnerability Database and look up each of the two (links follow). That's Dot Net and PHP5.
Poof, instant asshole. It's like the more resources that are expended on one end, the greater the waste on both of the ends. All almost exclusively, expended to create the same rows and columns that every software ever written has been fundamentally designed to do.
That's not innovation that's being a real sucker.
As I watch the (second) migration of foreign IT workers, I observe the wreckage on the landscape. American business weaned onto the stupidity of Cloud based expectations through naivety and under the influence of slick expensive (intoxicating ?) marketing. Rushing to the marketplace with purses in hand, in the new crush to finance the next wave of high end mediocrity.
While the bosses aging secretary nurses the ancient spreadsheets from which all that really matters within the organization continues to flow.
Wow 80 thousand. Let me think about this for a while.
That title is a mouth full. I know ...
I have been using Linux for several years. I have noticed that the locations for various software configuration settings tend to often be located in places other than what available references describe.
Debian Wiki's are helpful. Independently run and operated sites which often include the words 'Linux' and `Debian` in their domain names too often are not; some of these appear to exist solely for the purpose of collecting coins by delivering advertisements.
I need answers. Not really buying anything today.
I have been sidetracked again by a scheme (dream?) to install BSD in a small laptop to serve as DHCP, DNS (caching) and PXE (various OS's) as I am sick of thrashing around when requiring these basic services.
I am writing because my installed TFTP server (laptop 1) is pissing me off.
Just removed TFTP-HPA tftp server from the Debian machine. Can't get PXE booting to work. Have you seen the error
" ...in.tftpd missing, aborting". Somewhat intuitive. but where is in.tftpd and why should it matter? forgive me I'm getting really spoiled with BSD's. Starts to seem kind of silly roaming endlessly for answers to such fundamental questions for configuring somebody else's software. Put it in the frigging README.
Feverishly working to install BSD on a small laptop so I won't ever have to go through this again. It's just that I have to do the install using PXE on this Dell Latitude LS Model No. PP01S from laptop 1 (Linux). The Dell has no means to access the outside world without some kind of attachments of some sort (designed to leave the owner forever dependent on something that they don't have). It (the Dell) will not boot from USB. It is trash to most people. In fact a guy gave it to me in Atlanta at a really prestigious IT shop (on the hill kind of thing) where I worked as a Janitor because it was pretty much trash to him I suspect.
Anyway it is going to become a core resource for my little network here it's just the perfect size to sit on the edge of the desk and run everything.
'AFTP' (tftp server) install left a README in docs. ...and abandoned (after further study). Moved all to BSD on laptop 2. Configured laptop2 with DHCP, tftp copied bsd and bsd.rd to boot location. Small stupid laptop booted. Took about one hour to configure. Resolved to move everything to BSD. Small stupid laptop to run core services. Linux makes a nice toy, but for me BSD for network related stuff is the tool!
Amiel Summers
_______________________________________
This work, various projects, by Amiel Summers is licensed under a CC BY-NC-SA license.
Theme by Alexandru Popescu. Ported to e107 by batboy.net
