Marketing 101
Do you think the bank has discovered mystery event marketing? Or that buggy javascript strikes again?
Loading ... Loading ...e-bikes and UPS: no, not really
Prepping for the new office. I got a heavy bike, why not put some cargo on? On the back you can see a UPS (standard lead+acid battery style) and some mounting brackets, in the back is the 6-port mini-pc that will be the router + the tablet to configure it. Adds about 35kg to the back of the bike.
Gotta say, stability not improved by that much weight over and behind the rear axel. Braking was also not the speediest.
Jury is still out on whether plugging the charger in to the UPS and then into the bike battery would improve range. I'll leave you to try 🙂
Google Docs and US Patents: Number Your Paragraphs for Posterity
Situation: many stackoverflow posts etc wringing hands about missing ability to number paragraphs.
Solution: write it.
You're welcome.
Now you can write a Patent, using Google Docs, collaborate with your team (including your Patent Attorney), and add the paragraph numbering when needed.
CORS’ing the complexity: idempotent and caching meets Vary: Origin for CORS
So I spent a bit of time debugging something this am, and I thought I would share. Its super detailed, so feel free to gloss over.
There is a class of browser-security issues addressed by CORS. They are meant to prevent inadvertent (or malicious) cross-origin resource sharing. E.g. some javascript in your current web page posts a password.
I am using Istio. It magically takes the CORS origin and rewrites it. So if you do a:
GET / Origin: foo
then it will respond:
200 OK Access-Control-Allow-Origin: *
*if* its configured for '*' policy.
Now, the problem is, I have two clients that are using OpenID Connect. They are fetching the keys for jwks validation. They run in the same browser. One of them does:
GET /keys Origin: app-1
the other does
GET /keys Origin: app-2
Unfortunately, the browser *caches* the 2nd response, returning the response app-1 got (with the wrong Access-Control-Allow-Origin) in it.
Why? Well, let's dive into some specs. Here we find the answer.
If CORS protocol requirements are more complicated than setting `
Access-Control-Allow-Origin` toÂ* or a static origin, `Vary` is to be used. [HTML] [HTTP] [HTTP-SEMANTICS] [HTTP-COND] [HTTP-CACHING] [HTTP-AUTH]
Huh. I'm supposed to add a 'Vary' header to these. But, sadly, I am not in control of these applications. What is one to do? RTFC for envoy?
Loading ...Opening the hiring taps: first legit job ad is up!
Apply early, apply often, tell all your friends, particularly if they want to get down and dirty with the inner workings of the big fluffy cloud called computing.
https://www.workintech.ca/job-details/10757/cloud-security-hacker/
And while I'm begging, feel free to follow us in Linkedin. Or Twitter. or why not both!