- 0 Posts
- 11 Comments
From my understanding, the impetus was that F5 submitted a CVE for a vulnerability, for an optional, “beta” feature that can be enabled. Dounin did not think a CVE should be submitted, since he did not considered it to be “production” feature.
That said, the vulnerability is in shipping code, regardless of whether it is optional or not, so per industry coding practices, it should either be patched or removed entirely in order to resolve the issue.
The generalized approach in industry is to use API calls, and create classes to structure the data you receive as JSON or XML. At that point, it is entirely up to you how to format and display the data from your classes. Take a look at some of the Lemmy client code like Mlem, Memmy, or Voyager as examples. Though they have gotten more complicated, they all follow this client-server model for front end development.
However, due to recent shenanigans around API and RSS by companies, mostly those looking to prevent AI companies from using their data for free, the alternative, much worse method is to take the HTML output from a standard web request, and try to reverse engineer the page information into a class structure. This sucks, breaks frequently, and requires you to code around ads and other junk on pages in order to get at the content.
You are trying to solve two different, but related problems, and there are discrete solutions for both.
One is a personal cloud. You need a secure place to store your shit from multiple users and devices, from multiple networks. You’ll need a mostly static IP and dyndns or your own domain, and certificates signed by a public CA/letsencrypt.
Then, you are looking for a backup application that supports rsync or sftp/scp over ssh or vpn, that is also cross compatible (Android and PC/Linux). Point this to the service above, and you are good to go.
This.
At some point, you need to be able to quantify the risk to your business before you can do this.
For instance, if your business earns $10 per transaction, and you perform 100 transactions per second, the difference between five and six nines (313 seconds vs 31 seconds) is $282,000; nowhere near enough to justify the added investment.
Edit: Important to note that for the first example, these are already enormously huge numbers. Such a business, assuming no holidays or weekends, would be grossing $31.5 billion per year, in the same ballpark as Oracle and Coca Cola.
So when we say the company is losing 282,000, this is a tiny, tiny fraction of revenue. Even 99.5%, which is almost two days of downtime, would “only” be a loss of 0.5% of all revenue for the year. Sure, this is $157M, but even that would probably not cover the cost of a six nines infrastructure (that said, they could save up to $120M per year by achieving 99.9%, which would be worth exploring).
They’re specifically for enterprise, typically. You have a license server that hands out the site licenses, rather than registering each machine with Microsoft directly. These keys get you into the box, and put it into “grace” mode for 30 days. You can rearm the key a few times, to use them for dev or evaluation purposes; for example, I believe you can extend a Server machine up to 180 days.
Likely need to define some basic rbac controls. They signed up, sure, but don’t receive a “user” role until after approval. Then in the home page, when signed in with no roles assigned, they get a banner saying they’re still pending approval and will not be able to post or comment.
The major concern will be retroactively applying user roles to the existing users.
Metroid prime pinball was incredible, especially with the use of the rumble pack. Underrated accessory for the DS.