|
The Scientist posted:I have been fuzzing a web server I work on with Pathoc (super fun btw), and I discovered that if you do, for example, https://tools.ietf.org/html/rfc1945#section-10.9 posted:5.1 Request-Line GET / 9HTTP 1.1 looks to me like a malformed request that the server choose to allow ... maybe has a request for the file " 9". The good practice was: - Be flexible on what you accept - Be rigid on what you deliver This match the "be flexible" on what you accept good practice rule.
|
#
?
Apr 18, 2020 08:33
|
|
|
|
| # ? May 13, 2024 12:53 |
|
|
The Scientist posted:I have been fuzzing a web server I work on with Pathoc (super fun btw), and I discovered that if you do, for example, RFC 7230 posted:Recipients of an invalid request-line SHOULD respond with either a Because this says SHOULD and SHOULD NOT instead of MUST and MUST NOT, the server is free to do whatever it wants when it receives an invalid request line, specs be damned.
|
|
#
?
Apr 18, 2020 12:27
|
|
|
I'm trying to get my Internet of poo poo device to upload stuff to AWS S3 with the REST API but can't get the signature right. I'm not super familiar with the API but the short version seems to be that you're supposed to create a string with some hearers from your request, calculate the HMAC-SHA1 with your secret key, base-64 encode it, and send it as part of your request authorization header. I think I got the string right, it matches what the server spits back byte to byte. The problem is then probably with the hashing or encoding. Probably something very dumb but difficult to find since I don't know the correct result. I tried to test it on their example from https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html quote:PUT\n Their signature is MyyxeRY7whkBe+bq8fHCL/2kKUg= My code generates iqRxw+ileNPulfhspnRs8nOjjIBU I tried some presumably correct implementations: 530b4adc5500dced8481f18a50e7e615e307f195, 8aa473c3e8a578d3eed5f86ca6746cf273a38c80, YOvv/mr//HwVecxGLyxqoLHiN7c= At least my signature is the right length, I suppose the online tools are down to how they encode/decode the signature and key, but I can't get anything to match anything else and it's driving me nuts  . My actual IoT code is C put the following C# does does the same thing:code:
|
|
#
?
Apr 18, 2020 14:48
|
|
|
The Scientist posted:Should this even be considered a bug that's worth fixing? If its main purpose is to be a web server then yes, as an ancillary function as long as it is not insecure or crashing you can leave it for a junior or intern to address. It’s probably one of those things that makes the code more complicated and slower for the only benefit of passing a conformance test. MrMoo fucked around with this message at 15:50 on Apr 18, 2020 |
|
#
?
Apr 18, 2020 15:46
|
|
|
MrMoo posted:If its main purpose is to be a web server then yes, as an ancillary function as long as it is not insecure or crashing you can leave it for a junior or intern to address. Lol! I'm the intern
|
|
#
?
Apr 18, 2020 18:21
|
|
|
hello I am learning react right now and really enjoying working with API's; but I would like to learn how to make one with my own data and such. Does anyone know where I go to look for the right information on this? When I try a google search I get stuff that is like 10 layers deeper than where I am...is it really that intensive to make a simple API? Thanks enjoy the fruit of my labor in the mean time: https://project69420.herokuapp.com/
|
|
#
?
Apr 19, 2020 21:59
|
|
|
Can you elaborate what you mean when you say you want to create your own API? Are you talking about an API between the browser client and the server, so that your page's app can fetch and post data? If that's the case, I'm guessing your question is "how can I write a single definition of my API and then have a tool generate all the docs & boilerplate client-side & server code to implement the API?". In which case the answer is something like Swagger.
|
|
#
?
Apr 19, 2020 22:22
|
|
|
Yeah sorry for not elaborating lol. I guess I just want to make a basic json api that lets me get the data....not worried about doing anything else with it. I just want like a list of places with information about each place that I can access. I'll look into Swagger though if that sounds like what i'm looking for!
|
|
#
?
Apr 19, 2020 22:26
|
|
|
Swagger is over-complicated for what you want to do, by the sounds of it. Designing a simple API is as easy as designing the inputs/outputs of a function, like:code:Swagger helps with all the boring parts of doing just that when you have a complex API and have to maintain it long term. But it's overkill if you need something simple.
|
|
#
?
Apr 20, 2020 00:10
|
|
|
Sweet ya I was expecting it to be something small and simple. Thank you so much.
|
|
#
?
Apr 20, 2020 00:27
|
|
|
I want to create a website that functions like patreon for subscription boxes . What would be the best tools to do that?
PawParole fucked around with this message at 07:47 on Apr 20, 2020 |
|
#
?
Apr 20, 2020 07:45
|
|
|
PawParole posted:I want to create a website that functions like patreon for subscription boxes . What would be the best tools to do that? If I understood what that part meant, I might be able to be give helpful advise. 
|
|
#
?
Apr 20, 2020 14:48
|
|
|
PawParole posted:I want to create a website that functions like patreon for subscription boxes . What would be the best tools to do that? your favourite front-end and back-end tools, and probably stripe.
|
|
#
?
Apr 20, 2020 15:31
|
|
|
PawParole posted:I want to create a website that functions like patreon for subscription boxes . What would be the best tools to do that? Almost any drag and drop website builder designed for ecommerce should be able to accomplish this if you include apps for that builder. Shopify comes to mind. If they can't, a paypal link added to it can.
|
|
#
?
Apr 21, 2020 00:58
|
|
|
Novice here. I'm maintaining an old Asp.net web forms app. I need to fix an issue that occurs when the user's session times out as they're completing a form. If they take too long, when they try to submit, they get redirected to the login page, but all of the data in the post request is lost. Is there a simple way to make sure that everything they've entered into the form isn't discarded?
|
|
#
?
Apr 22, 2020 21:00
|
|
|
What I would do is add a background AJAX call that keeps pinging the server via an API endpoint so the session keeps getting refreshed as long as they're typing on the page. That requires a fair amount of work though, don't know how much flexibility you have in tinkering with it...
|
|
#
?
Apr 22, 2020 22:06
|
|
|
New Coke posted:Novice here. I'm maintaining an old Asp.net web forms app. I need to fix an issue that occurs when the user's session times out as they're completing a form. If they take too long, when they try to submit, they get redirected to the login page, but all of the data in the post request is lost. Is there a simple way to make sure that everything they've entered into the form isn't discarded? If what Data Graham suggested doesn't work for whatever reason, newer browsers have support for a feature called "Local Storage". Essentially you can store in the browser "smallish" pieces of information as they're being typed and clear it when the form is successfully saved. Of course, if you have to support browsers older than IE 8, then you don't have that feature. For older browsers, before we had Local Storage, we had cookies. The "session id" usually is stored in a cookie and just sent to the server whenever a request was made. So one could think that you could (via Ajax calls) just store on the server the form information as it's being typed, the problem is that if the session expires then the ability to save it server side goes away too. The only solution in this case was to simply tell the user: "Hey, your session expired, anything you type from now on will not be saved. But if you re-login you can continue from this point on". There are various levels of "hackiness" to any solution.
|
|
#
?
Apr 22, 2020 22:31
|
|
|
Thanks, those are both solid ideas. Would the AJAX requests refresh the session? If not, I'll need to handle the session eventually timing out, at which point anything the user enters past that point would be lost.
|
|
#
?
Apr 23, 2020 02:13
|
|
|
It depends on how the app is built. In some cases the session is refreshed upon login, other ones it's refreshed on every (authenticated) request. You'd have to find out how it gets reset, and if it's on login only, add it to the heartbeat API too.
|
|
#
?
Apr 23, 2020 03:34
|
|
|
I'm trying to figure out the best way to backup my mysql databases. Previously I would create a dedicated backup account on the server, setup a cron job to do a dump every four hours, and then manually login in every so often to download some as a local copy. But I want to automate the whole thing so that the backups are copied to an external service like AWS or Dropbox without me being involved. I see some options like: https://simplebackups.io which look nice and simple. $29 a month feels a little pricey for achieving that last step of getting the backups to an external server, but I would just charge the clients so I don't mind too much. Is there a better/more well regarded/simpler solution that I haven't found yet? I can work on the command line, but I prefer a dead simple UI so I don't gently caress something up.
|
|
#
?
Apr 24, 2020 14:52
|
|
|
Isn't this as simple as setting up an AWS S3 bucket, making an IAM account/role that can upload to it, and then addingcode:
|
|
#
?
Apr 24, 2020 17:01
|
|
|
Have you checked out backblaze.com ? Their service and tooling options work really well for me, and cost basically nothing.
|
|
#
?
Apr 24, 2020 18:30
|
|
|
minato posted:Isn't this as simple as setting up an AWS S3 bucket, making an IAM account/role that can upload to it, and then adding Hm. This might be easier than I expected. I don't have any experience with AWS so I'll see if I can find a nice walk through to get me started. I imagine it's pretty easy setup. ynohtna posted:Have you checked out backblaze.com ? Their service and tooling options work really well for me, and cost basically nothing. I'll check them out, too. Looks like they have a lot more business solutions than I realized.
|
|
#
?
Apr 24, 2020 19:21
|
|
|
Violator posted:I'm trying to figure out the best way to backup my mysql databases. Previously I would create a dedicated backup account on the server, setup a cron job to do a dump every four hours, and then manually login in every so often to download some as a local copy. But I want to automate the whole thing so that the backups are copied to an external service like AWS or Dropbox without me being involved. I see some options like: minato posted:Isn't this as simple as setting up an AWS S3 bucket, making an IAM account/role that can upload to it, and then adding I do this for my deep learning images. Works good. I have code in it that I version control and then I keep data sets in S3 that end up on my work computer, home computer and a SageMaker instance. When i make changes I just run: aws s3 sync <local dir> <s3://bucket>
|
|
#
?
Apr 24, 2020 20:55
|
|
|
Any strong opinions on whether I should use SVG or Canvas to generate a graphic inside a vue component? The graphic represents some midi data, but more 'abstractly' than with proper music notation: eg, just a series of dots whose height corresponds with pitch, and whose x-coordinate corresponds with the note's timestamp.
|
|
#
?
Apr 26, 2020 06:53
|
|
|
IMO use SVG because you can render it declaratively and it’s just generally easier. Canvas is a huge pain in the rear end even for simple graphics.
|
|
#
?
Apr 26, 2020 08:38
|
|
|
Newf posted:Any strong opinions on whether I should use SVG or Canvas to generate a graphic inside a vue component? The graphic represents some midi data, but more 'abstractly' than with proper music notation: eg, just a series of dots whose height corresponds with pitch, and whose x-coordinate corresponds with the note's timestamp. SVG
|
|
#
?
Apr 26, 2020 17:11
|
|
|
Trip report: had a good time implementing in SVG. I think I knew that it was the proper choice, but I'm more experienced with Canvas. My first pass: code: Just a nested loop that makes a circle for each note in the midi data. Nested because the underlying data structure interprets input events that are close enough together as chordal input, so that they can be displayed with exactly the same x coordinate. Question: how much like regular HTML elements do these `circle` elements behave? How straightforward is it to, say, have one of these notes enlarge on hover or click, and pop a tooltip that lists the note name?
|
|
#
?
Apr 26, 2020 21:55
|
|
|
Newf posted:Question: how much like regular HTML elements do these `circle` elements behave? How straightforward is it to, say, have one of these notes enlarge on hover or click, and pop a tooltip that lists the note name? Very similarly, I believe. You should be able to just add a hover state to the circle element with CSS (transform: scale(1.1) or whatever) and id's to each element to target them in JS for the tooltips.
|
|
#
?
Apr 26, 2020 22:01
|
|
|
Newf posted:Question: how much like regular HTML elements do these `circle` elements behave? How straightforward is it to, say, have one of these notes enlarge on hover or click, and pop a tooltip that lists the note name? The best part of svg in html is that you can basically do all this stuff. You can add event listeners and apply css styles, including :hover.
|
|
#
?
Apr 26, 2020 23:48
|
|
|
minato posted:Isn't this as simple as setting up an AWS S3 bucket, making an IAM account/role that can upload to it, and then adding Yeah, this turned out to be pretty simple. I spent the morning signing up for S3 and getting everything figured out and working on dev. I'll spend some time looking a little more at the IAM stuff and then set it up on production tomorrow. Thanks for the suggestion. Cuts out the additional cost of the middle man for something that is basically set it and forget it. I might play with the script and see if I can have it send me error report emails as an extra layer of precaution. Now that I'm working with S3 I'm wondering where else I can use it since it seems pretty simple to use and relatively cheap. I had always put it off as something to look at later, so I'm glad I finally did.
|
|
#
?
Apr 28, 2020 21:38
|
|
|
Violator posted:Now that I'm working with S3 I'm wondering where else I can use it since it seems pretty simple to use and relatively cheap. I had always put it off as something to look at later, so I'm glad I finally did. ESPECIALLY IF USING GLACIER, make sure you watch your egress costs and number of requests.
|
|
#
?
Apr 28, 2020 23:35
|
|
|
Is there a package (whatever language) to drop a web UI in front of an API? I have an API to configure an application. I want a less technical user to be able to do it, so I'd like some simple GUI.
|
|
#
?
Apr 29, 2020 09:44
|
|
|
toadoftoadhall posted:Is there a package (whatever language) to drop a web UI in front of an API? You could potentially use something like Swagger, https://swagger.io. It's for API documentation, but it allows the use of forms to enter your queries, if that's what you're looking for. It may be better to search for the specific gem/library/node/etc. via Google rather than using their website.
|
|
#
?
Apr 29, 2020 15:13
|
|
|
toadoftoadhall posted:Is there a package (whatever language) to drop a web UI in front of an API? Django? I don't really understand what your asking. If you want to find a package that replaces building out a front end for your website - don't think that's a thing.
|
|
#
?
Apr 29, 2020 21:39
|
|
|
Just use react and like semantic ui?
|
|
#
?
Apr 29, 2020 21:41
|
|
|
toadoftoadhall posted:Is there a package (whatever language) to drop a web UI in front of an API? I only code in Python so I really like Dash. Havent tested it but this should get you going. You'd simply deploy this to Heroku following these instructions:https://dash.plotly.com/deployment Dash Bootstrap docs are here: https://dash-bootstrap-components.opensource.faculty.ai/docs/quickstart/ code:CarForumPoster fucked around with this message at 12:12 on Apr 30, 2020 |
|
#
?
Apr 30, 2020 11:34
|
|
|
My wife is working on a new landing page for her startup and purchased an .html template as a starting point for it, so naturally I am haphazardly teaching myself how to write in HTML, or at least how to read it enough to change the stuff in the template that she wants to change (I have some very limited coding experience from undergrad, none in HTML). A couple of basic questions to help me along... 1. I want to comment/dummy out some parts of the template that we don't plan on using in case we decide to use them. Do comments in HTML simply function as code:code:code:code:
|
|
#
?
May 5, 2020 04:16
|
|
|
1. Yep. 2. Correct.
|
|
#
?
May 5, 2020 04:21
|
|
|
|
| # ? May 13, 2024 12:53 |
|
|
C-Euro posted:I want them to open their respective pages in new tabs. A little bit of Googling suggests that adding this bit of code after href will do it: If you want get a leg up, make sure to add code:quote:Using target="_blank" without rel="noreferrer" and rel="noopener" makes the website vulnerable to window.opener API exploitation attacks (vulnerability description). source: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a
|
|
#
?
May 5, 2020 05:41
|
|
