Professional photographers often add watermarks to their images to make them easy to identify, indicate copyright, promote their brand, among other reasons. Protecting images from theft online can be challenging and online photo gallery stores commonly employ various measures to deter it, e.g. disabling the context-menu in JavaScript (AKA right-click), stacking/overlaying DOM elements, or other …
AWS Application Loan Balancers support what I think is an underappreciated feature: the ability to authenticate requests (via OIDC) at Layer 7. This allows developers to keep almost all authentication outside of the application layer code. An ideal use-case could be an internal-only web application that requires authentication, but little if any RBAC authorization. This …
As I discussed in a previous post, connecting to MSSQL with Python in Lambda can be tricky. While I had solved this earlier with pyodbc, using pymssql / FreeTDS is an another option and I wanted to similarly share the build process for creating its respective Lambda layer. Here’s the multi-stage Dockerfile: FROM public.ecr.aws/lambda/python:3.9 as …
I always run with my phone on me, so accessing my home afterward has been convenient since installing MyQ W-Fi connected garage doors several years ago. No need to remember to carry a separate house key anymore and getting into my house is (usually) an app launch away. It has worked great, until one day …
Getting Python to connect to MSSQL in Lambda isn’t as simple as installing other dependencies via pip. For earlier versions of Lambda runtimes, I followed the pattern outlined in this gist which builds both unixODBC and pyodbc and prepares them for inclusion in a Lambda layer. This has worked well for me to date, but …
When my wife and I were expecting our first child, a good baby monitor was one of the top items on our shopping list. Most of the available options of course now include Wi-Fi, a mobile app, and cloud integration. When we decided on the Motorola Halo+, I knew it deserved a closer look before …
Microsoft Graph API supports a Subscription Resource type that manages their webhook implementation for delivering change notifications to clients. Subscriptions are enabled for several resources, including Outlook messages — this was a perfect fit for my need to manage incoming messages to a shared inbox in O365. At a high-level, an implementation looks like this: …
A couple of weeks ago, Netflix disclosed a number of resource exhaustion vulnerabilities (identified by Jonathan Looney) present in many third party HTTP/2 implementations. Notably, this directly affected h2 endpoints in Kubernetes (GoLang libraries net/http, x/net/http2) as well as other projects like nginx. Yes, it even has a logo. Though DoS weaknesses usually aren’t particularly …
For those unfamiliar with modern advertising tech, iFrame Busters are HTML files hosted on publisher sites which allow ad creatives to extend outside of their standard boundaries. These expandable creatives are typically easy to identify on a site — usually the most annoying ads shown on a page. Background The ad tech industry is quite …
While recently comparing cloud storage solutions, I was surprised to learn there are still companies offering unlimited storage plans. OpenDrive is one such company — not to be confused with the OpenDRIVE format specification — offering unlimited options for personal, business, and enterprise customers. In addition to traditional cloud storage, they also offer backup and content …
