10 interesting stories served every morning and every evening.
I’ve had my fair share of App Store rejections in the past:
But I wasn’t prepared to be rejected because my app is “not good enough” for the App Store.
I tried to launch a simple, no-frills iOS app for party-goers and music festivals in 🇷🇴 Romania.
The backend would be a simple Google Sheet which my brother would update daily with curated underground parties and the usual festivals.
My brother is not a programmer, so entering data had to be as low tech as possible.
So ok, I did a basic SwiftUI implementation where I fetch the .csv of the sheet, massage that data into a grid of events, and add the following useful iOS features:
* Add to Calendar button (which uses EventKit to fill in the URL, Location, End Date fields automatically, and adds the necessary reminder alerts)
* Get directions button (which gives you a Google Maps link to the exact coordinates of the event. Super useful as some events are in forests or places where the address is not enough)
* Buy tickets button (which should always point you to the correct website to get tickets from)
All of the above are only possible because my brother spends hours of his time every day to look for event location, coordinates, ticket website, FB/IG/Official website links. Info which is not readily available on a single internet webpage.
Then I created a simple website at subsol.one and sent the app to App Store review.
After days of waiting, I got the most stupid rejection I ever read:
We noticed that your app only includes links, images, or content aggregated from the Internet with limited or no native iOS functionality. Although this content may be curated from the web specifically for your users, since it does not sufficiently differ from a mobile web browsing experience, it is not appropriate for the App Store.
We encourage you to review your app concept and work towards creating an app that offers customers an engaging and lasting experience that also meets the App Store’s high expectations for quality and functionality.
So the app does not sufficiently differ from a mobile web browsing experience. Ok. Fair enough.
I thought the app is useful enough as it is for now.
Considering that the iOS App Store still can’t get rid of so many scam apps which are even used for extortion and blackmail, I really didn’t understand how this was an acceptable reason for a rejection.
The app is simple, fast, does what it says without any BS unneeded complexity. I thought subsequent features would be added based on what the users would ask for.
But sure, let’s add some premature iOS native features for Apple:
* Push Notifications: so you can know instantly when new parties are found
* User Location: used for sorting by how close the events are to you, and for notifying only on events near you
* Share button: for sharing Universal Links to events with other people
Still, after even more agonising days of waiting, the same rejection came along.
I added more iOS features, because why not:
* Events on the map: to visually assess where each event is happening in the country
This was surprisingly easy to do in SwiftUI, I was amazed myself
* This was surprisingly easy to do in SwiftUI, I was amazed myself
* Homescreen widgets: utterly useless, but can’t get more iOS-y and less webapp-y than this, right?
Three more days of Waiting for review and, as before, another rejection with the same generic message. This time I had to ask, what the heck did they want from me?
I sent the following message to the App Store reviewers:
What exactly do you need for this app to be accepted? I have people asking for it, it’s already done and these rejections are keeping them from using the app.
It already uses the following native iOS functionalities:
Push Notifications on new events (this is not possible on the web in iOS)
Getting user location using CoreLocation and sorting events by how close they are
Uses the above two functions for notifying only on new parties within 30km of the user location (again, not possible to do such a thing in a web app)
Shows the events on the native iOS MapKit UI
Uses a custom URL scheme (subsol:) and Universal Links for easy sharing of parties
Has homescreen widgets for viewing the latest events
Allows the user to add the event to calendar with most fields already filled in (event location, when it ends, useful URLs etc.)
And all I got was another generic response:
Thank you for your response. We encourage you to consider ways to make your app stand out.
We understand that it can be difficult to determine what the best experience is to offer your users.
While there isn’t one set answer that works for every app, the following iOS development videos offer great information for helping understand how your app can provide a great user experience: — Essential Design Principles — Design Tips for Great Games
You may also want to review the Human Interface Guidelines available on Apple Developer.
I considered using some more device sensors to justify the app being an app.
I even did a parallax animation (because I thought it looked cool and it uses the accelerometer) and added one of those Taptic Engine button-like vibrations on clicking on the event image.
But I think they just don’t like the idea of the app, and no matter what I add to it, they won’t accept it.
...
Read the original on notes.alinpanaitiu.com »
Sign up
An open source list of developer questions to ask prospective employers
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more.
If nothing happens, download GitHub Desktop and try again.
If nothing happens, download GitHub Desktop and try again.
If nothing happens, download Xcode and try again.
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
Permalink
An open source list of developer questions to ask prospective employers
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
...
Read the original on github.com »
I recently saw a Lack Rack—an inexpensive Ikea Lack table put to use rackmounting servers—and now I keep running into them. Pictured above is Paul Curry’s £5 example, replete with vinyl wood texture.
They need little explanation: Ikea makes a cheap little table whose legs are exactly 19″ wide and (barely) sturdy enough to accept screws and the weight of most rackmount equipment. (I wouldn’t chance a loaded Apple Rac in it). Here’s an orphaned photo posted to reddit featuring a typical example:
Eth0 entertains a specification and offers a fantastic IKEA-style manial for the Lack Rack. The most notable recommendation: use cavity screws to increase the load-bearing strength of the mostly-hollow legs if you’re putting in machines more than 5cm down from the tabletop.
Its low-cost and perfect fit are great for mounting up to 8 U of 19″ hardware, such as switches (see below), or perhaps other 19″ gear. It’s very easy to assemble, and thanks to the design, they are stable enough to hold (for example) 19″ switches and you can put your bottle of Club-Mate on top! Multi-shiny LackRack can also be painted to your specific preferences and the airflow is unprecedented!
And of course the tabletop is perfect for placing a monitor or laptop, like the one in Frank Denneman’s lab:
Things sometimes get quite out of hand.
...
Read the original on boingboing.net »
Shazam turns 20 today, and as of this week, it has officially surpassed 70 billion song recognitions. A mainstay in popular culture, the platform has changed the way people engage with music by making song identification accessible to everyone. For more than 225 million global monthly users, to “Shazam” is to discover something new.
To mark the occasion, Shazam invites fans to take a trip down memory lane with a special playlist comprised of the most Shazamed song of each calendar year for the past 20 years. Featuring everything from Train’s “Hey, Soul Sister” to Sia’s “Cheap Thrills,” the playlist is a true reflection of the music fans across the globe actively searched for over the past two decades. Listen now exclusively on Apple Music.
Over the years, Shazam’s global charts have played a crucial role in helping to identify breaking new talent like Masked Wolf, who was one of Shazam’s 5 Artists to Watch in 2021 and ended up having the most Shazamed track globally that year with “Astronaut In The Ocean.”
“The fact that people all over the world took time out of their day to pull out their phone and Shazam my songs is a huge honor for me as an artist,” said Masked Wolf. “You know you’ve got something special if you see the Shazam stats moving.”
Shazam’s charts have also become a barometer for unexpected pop culture moments. Kate Bush’s 1985 song “Running Up That Hill” being featured in “Stranger Things” led to an all-time peak in Shazams of the singer, and the track took No. 1 on the Shazam Global Top 200 for 10 days. It ended up reaching the top of 25 national charts — more than any other song in 2022.
Keeping its finger on the pulse of music, Shazam has also played a key role in bringing local artists to a global audience. The longest-running global No. 1 song of 2021 was “Love Nwantiti [Remix]” by Nigerian artist CKay, which became the second song to ever surpass one million Shazams in a week.
“Shazam has played an impactful role in my career,” said CKay. “It allowed millions of people all over the world to discover me and my unique Nigerian sound. It made me a global sensation even before I started to perform all over the world. The story of CKay cannot be told without Shazam connecting me to the world.”
With its continued commitment to innovation over the past two decades, Shazam is pioneering new ways to bring fans closer to the music and artists they love with new tools like the concert discovery feature, which spotlights concert information and tickets on sale for shows nearby, simply by Shazaming a song, or by searching for it in the Shazam app or website.
While Shazam remains focused on the future of music discovery, today’s anniversary offers an opportunity to look back at the notable moments and milestones that make up its two-decade history.
Shazam turns 20 today, and as of this week, it has officially surpassed 70 billion song recognitions. A mainstay in popular culture, the platform has changed the way people engage with music by making song identification accessible to everyone. For more than 225 million global monthly users, to “Shazam” is to discover something new.
To mark the occasion, Shazam invites fans to take a trip down memory lane with a special playlist comprised of the most Shazamed song of each calendar year for the past 20 years. Featuring everything from Train’s “Hey, Soul Sister” to Sia’s “Cheap Thrills,” the playlist is a true reflection of the music fans across the globe actively searched for over the past two decades. Listen now exclusively on Apple Music.
Over the years, Shazam’s global charts have played a crucial role in helping to identify breaking new talent like Masked Wolf, who was one of Shazam’s 5 Artists to Watch in 2021 and ended up having the most Shazamed track globally that year with “Astronaut In The Ocean.”
“The fact that people all over the world took time out of their day to pull out their phone and Shazam my songs is a huge honor for me as an artist,” said Masked Wolf. “You know you’ve got something special if you see the Shazam stats moving.”
Shazam’s charts have also become a barometer for unexpected pop culture moments. Kate Bush’s 1985 song “Running Up That Hill” being featured in “Stranger Things” led to an all-time peak in Shazams of the singer, and the track took No. 1 on the Shazam Global Top 200 for 10 days. It ended up reaching the top of 25 national charts — more than any other song in 2022.
Keeping its finger on the pulse of music, Shazam has also played a key role in bringing local artists to a global audience. The longest-running global No. 1 song of 2021 was “Love Nwantiti [Remix]” by Nigerian artist CKay, which became the second song to ever surpass one million Shazams in a week.
“Shazam has played an impactful role in my career,” said CKay. “It allowed millions of people all over the world to discover me and my unique Nigerian sound. It made me a global sensation even before I started to perform all over the world. The story of CKay cannot be told without Shazam connecting me to the world.”
With its continued commitment to innovation over the past two decades, Shazam is pioneering new ways to bring fans closer to the music and artists they love with new tools like the concert discovery feature, which spotlights concert information and tickets on sale for shows nearby, simply by Shazaming a song, or by searching for it in the Shazam app or website.
While Shazam remains focused on the future of music discovery, today’s anniversary offers an opportunity to look back at the notable moments and milestones that make up its two-decade history.
August 2002: Shazam launches as a text message service based in the UK. At the time, users could identify songs by dialing “2580” on their phone and holding it up as a song played. They were then sent an SMS message telling them the song title and the name of the artist.
July 2008: Shazam launches on the brand-new App Store. Shazam later launched its Android version in October 2008.
April 2015: Shazam becomes available on the first Apple Watch.
First Shazamed song on the iOS app: “How Am I Different” by Aimee Mann (July 10, 2008)
First track to reach 1,000 Shazams: “Cleanin’ Out My Closet” by Eminem (September 2002)
First track to reach one million Shazams: “TiK ToK” by Ke$ha (February 2010)
First track to reach 10 million Shazams: “Somebody That I Used to Know” by Gotye feat. Kimbra (December 2012)
First track to reach 20 million Shazams: “Prayer In C (Robin Schulz Radio Edit)” by Lilly Wood & The Prick and Robin Schulz (October 2015)
Fastest track to reach 1 million Shazams: “Butter” by BTS (nine days)
Fastest track to reach 10 million Shazams: “Shape of You” by Ed Sheeran (87 days)
Fastest track to reach 20 million Shazams: “Dance Monkey” by Tones And I (219 days)
Most Shazamed of All Time
Drake is the most Shazamed artist of all time with over 350 million Shazams across songs the artist has led or featured on. “One Dance” is Drake’s most popular track at over 17 million Shazams.
“Dance Monkey” by Tones And I is the most Shazamed song ever with over 41 million Shazams.
“Crazy” by Gnarls Barkley was the most Shazamed song using the “2580” text service.
Top Dance: “Prayer In C (Robin Schulz Radio Edit)” by Lilly Wood & The Prick and Robin Schulz
Top Singer/Songwriter: “Take Me to Church” by Hozier
The first Shazamed song used the service’s prelaunch public beta.
Copy text
The first Shazamed song used the service’s prelaunch public beta.
...
Read the original on www.apple.com »
...
Read the original on katv.com »
IEEE websites place cookies on your device to give you the best user experience. By using our websites, you agree to the placement of these cookies. To learn more, read our Privacy Policy.
...
Read the original on spectrum.ieee.org »
Late last year, I started experiencing some unusual intermittent connection issues on my Desktop. In general, I had a stable connection with average latency; however, at (seemingly) random times throughout the week, I would start experiencing sudden 2000ms+ latency spikes every couple of seconds.
This made all audio/video calling software unusable and most online games unplayable.
This issue appeared to line up with my cross-country move from Washington State to South Carolina, so there were too many factors to easily pinpoint the issue. However, as it mainly only effected gaming and audio/video calls, I didn’t put too much focus on it.
Over the past couple of months I have (slowly) tried to figure out why this was happening, with little luck until today.
Initially, the only thing that was clear about the issue was that it was limited to my desktop computer only. My laptop and other devices connected to the wifi did not have this issue, even when placed in the exact same spot as the desktop.
First, I purchased a new, highly-reviewed, wifi adapter on Amazon. It didn’t resolve the issue. It did, however, come with an offer for a free 64GB flash drive in exchange for a good reviews.
Later, (for unrelated reasons) I built an entirely new desktop computer, not using anything from the old one, except the new wifi adapter. This included a fresh install of Windows 10.
It was great, this new computer had no issues! I had suspected that my old motherboard’s USB ports might have been damaged during the move to SC, so that must have been the case. Everything is good now, right?
No. Everything is not good now.
A few weeks later, and the issue suddenly began happening on the new computer also, and I had no idea what the cause could be.
I tried using multiple different wifi adapters that I owned.
I tried changing the wifi channel, as it appeared to overlap a neighbors.
I tried turning off Windows Update Delivery Optimization (p2p update sharing). After turning this off and restarting, the issue appeared to be resolved, but then reappeared later.
At one point, my wifi issue even annoyed one of my brothers so badly, due to dropping Skype calls, that he bought me another (slightly less sketchy) wifi adapter on Amazon. This appeared to temporarily resolve the issue after installing the Realtek driver and restarting, but then it came back.
Nothing seemed to work.
Today, in a last-ditch desperate attempt at fixing the issue, I:
* Turned off the box fan in my room
I immediately suspected interference from the wireless drawing tablet or box fan, so tried those again, but they were not the cause.
I couldn’t possibly imagine how a web browser or drawing application could cause this, but I tried anyway.
First I ran FireFox, opened multiple tabs on different sites, and waited…
Why the hell would digital painting software cause wifi lag spikes?
As it turns out, there are multiple instances of people complaining about this issue with MBPP.
If we take a quick look with Process Monitor, we can see that it’s definitely doing something odd.
At the exact same time the lag spikes occur, MBPP starts querying the registry keys for all of the network interfaces.
To dig a bit deeper into why this is happening, we can attach to the process with a debugger (x64dbg here), and set breakpoints on the Win32 Reg* APIs.
Eventually, our RegOpenKeyExInternalW breakpoint is hit, and we can take a look at the call stack to determine where this is being called.
Looking at the call stack, we can see that first non-system library in the call stack is qt5network.
Surprisingly, no more debugging is needed, as a quick google search for “q5network ping issue” will lead you to QTBUG-40332.
If I understand correctly, any Qt5 (QNetworkAccessManager will check for wifi interface changes every 10 seconds for the purpose of bearer management, causing massive lag spikes and/or packet drops entirely. Even if QNetworkAccessManager is instantiated internally for something simple, like an HTTP request.
I suppose the workaround is simple enough, set the environment variable QT_BEARER_POLL_TIMEOUT to -1.
I just wish I knew that around 8 months ago.
Qt5 has been crippling my wifi system-wide for past 7-8 months, just by running MediBang Paint Pro.
I stupidly attributed it to many other things, because, honestly, who would expect Qt to be the cause of their system-wide wifi problems?
...
Read the original on blog.ando.fyi »
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9293.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.¶
In 1981, RFC 793 [16] was released, documenting the Transmission Control Protocol (TCP) and replacing earlier published specifications for TCP.¶
Since then, TCP has been widely implemented, and it has been used as a transport protocol for numerous applications on the Internet.¶
For several decades, RFC 793 plus a number of other documents have combined to serve as the core specification for TCP [49]. Over time, a number of errata have been filed against RFC 793. There have also been deficiencies found and resolved in security, performance, and many other aspects. The number of enhancements has grown over time across many separate documents. These were never accumulated together into a comprehensive update to the base specification.¶
The purpose of this document is to bring together all of the IETF Standards Track changes and other clarifications that have been made to the base TCP functional specification (RFC 793) and to unify them into an updated version of the specification.¶
Some companion documents are referenced for important algorithms that are used by TCP (e.g., for congestion control) but have not been completely included in this document. This is a conscious choice, as this base specification can be used with multiple additional algorithms that are developed and incorporated separately. This document focuses on the common basis that all TCP implementations must support in order to interoperate. Since some additional TCP features have become quite complicated themselves (e.g., advanced loss recovery and congestion control), future companion documents may attempt to similarly bring these together.¶
In addition to the protocol specification that describes the TCP segment format, generation, and processing rules that are to be implemented in code, RFC 793 and other updates also contain informative and descriptive text for readers to understand aspects of the protocol design and operation. This document does not attempt to alter or update this informative text and is focused only on updating the normative protocol specification. This document preserves references to the documentation containing the important explanations and rationale, where appropriate.¶
This document is intended to be useful both in checking existing TCP implementations for conformance purposes, as well as in writing new implementations.¶
This document obsoletes RFC 793 as well as RFCs 6093 and 6528, which updated 793. In all cases, only the normative protocol specification and requirements have been incorporated into this document, and some informational text with background and rationale may not have been carried in. The informational content of those documents is still valuable in learning about and understanding TCP, and they are valid Informational references, even though their normative content has been incorporated into this document.¶
The main body of this document was adapted from RFC 793′s Section 3, titled “FUNCTIONAL SPECIFICATION”, with an attempt to keep formatting and layout as close as possible.¶
The collection of applicable RFC errata that have been reported and either accepted or held for an update to RFC 793 were incorporated (Errata IDs: 573 [73], 574 [74], 700 [75], 701 [76], 1283 [77], 1561 [78], 1562 [79], 1564 [80], 1571 [81], 1572 [82], 2297 [83], 2298 [84], 2748 [85], 2749 [86], 2934 [87], 3213 [88], 3300 [89], 3301 [90], 6222 [91]). Some errata were not applicable due to other changes (Errata IDs: 572 [92], 575 [93], 1565 [94], 1569 [95], 2296 [96], 3305 [97], 3602 [98]).¶
Changes to the specification of the urgent pointer described in RFCs 1011, 1122, and 6093 were incorporated. See RFC 6093 for detailed discussion of why these changes were necessary.¶
The discussion of the RTO from RFC 793 was updated to refer to RFC 6298. The text on the RTO in RFC 1122 originally replaced the text in RFC 793; however, RFC 2988 should have updated RFC 1122 and has subsequently been obsoleted by RFC 6298.¶
RFC 1011 [18] contains a number of comments about RFC 793, including some needed changes to the TCP specification. These are expanded in RFC 1122, which contains a collection of other changes and clarifications to RFC 793. The normative items impacting the protocol have been incorporated here, though some historically useful implementation advice and informative discussion from RFC 1122 is not included here. The present document, which is now the TCP specification rather than RFC 793, updates RFC 1011, and the comments noted in RFC 1011 have been incorporated.¶
RFC 1122 contains more than just TCP requirements, so this document can’t obsolete RFC 1122 entirely. It is only marked as “updating” RFC 1122; however, it should be understood to effectively obsolete all of the material on TCP found in RFC 1122.¶
The more secure initial sequence number generation algorithm from RFC 6528 was incorporated. See RFC 6528 for discussion of the attacks that this mitigates, as well as advice on selecting PRF algorithms and managing secret key data.¶
A note based on RFC 6429 was added to explicitly clarify that system resource management concerns allow connection resources to be reclaimed. RFC 6429 is obsoleted in the sense that the clarification it describes has been reflected within this base TCP specification.¶
The description of congestion control implementation was added based on the set of documents that are IETF BCP or Standards Track on the topic and the current state of common implementations.¶
In the “Transmission Control Protocol (TCP) Header Flags” registry, IANA has made several changes as described in this section.¶
RFC 3168 originally created this registry but only populated it with the new bits defined in RFC 3168, neglecting the other bits that had previously been described in RFC 793 and other documents. Bit 7 has since also been updated by RFC 8311 [54].¶
The “Bit” column has been renamed below as the “Bit Offset” column because it references each header flag’s offset within the 16-bit aligned view of the TCP header in Figure 1. The bits in offsets 0 through 3 are the TCP segment Data Offset field, and not header flags.¶
IANA has assigned values as indicated below.¶
The “TCP Header Flags” registry has also been moved to a subregistry under the global “Transmission Control Protocol (TCP) Parameters” registry <https://www.iana.org/assignments/tcp-parameters/>.¶
The registry’s Registration Procedure remains Standards Action, but the Reference has been updated to this document, and the Note has been removed.¶
The TCP design includes only rudimentary security features that improve the robustness and reliability of connections and application data transfer, but there are no built-in cryptographic capabilities to support any form of confidentiality, authentication, or other typical security functions. Non-cryptographic enhancements (e.g., [9]) have been developed to improve robustness of TCP connections to particular types of attacks, but the applicability and protections of non-cryptographic enhancements are limited (e.g., see Section 1.1 of [9]). Applications typically utilize lower-layer (e.g., IPsec) and upper-layer (e.g., TLS) protocols to provide security and privacy for TCP connections and application data carried in TCP. Methods based on TCP Options have been developed as well, to support some security capabilities.¶
In order to fully provide confidentiality, integrity protection, and authentication for TCP connections (including their control flags), IPsec is the only current effective method. For integrity protection and authentication, the TCP Authentication Option (TCP-AO) [38] is available, with a proposed extension to also provide confidentiality for the segment payload. Other methods discussed in this section may provide confidentiality or integrity protection for the payload, but for the TCP header only cover either a subset of the fields (e.g., tcpcrypt [57]) or none at all (e.g., TLS). Other security features that have been added to TCP (e.g., ISN generation, sequence number checks, and others) are only capable of partially hindering attacks.¶
Applications using long-lived TCP flows have been vulnerable to attacks that exploit the processing of control flags described in earlier TCP specifications [33]. TCP-MD5 was a commonly implemented TCP Option to support authentication for some of these connections, but had flaws and is now deprecated. TCP-AO provides a capability to protect long-lived TCP connections from attacks and has superior properties to TCP-MD5. It does not provide any privacy for application data or for the TCP headers.¶
The “tcpcrypt” [57] experimental extension to TCP provides the ability to cryptographically protect connection data. Metadata aspects of the TCP flow are still visible, but the application stream is well protected. Within the TCP header, only the urgent pointer and FIN flag are protected through tcpcrypt.¶
The TCP Roadmap [49] includes notes about several RFCs related to TCP security. Many of the enhancements provided by these RFCs have been integrated into the present document, including ISN generation, mitigating blind in-window attacks, and improving handling of soft errors and ICMP packets. These are all discussed in greater detail in the referenced RFCs that originally described the changes needed to earlier TCP specifications. Additionally, see RFC 6093 [39] for discussion of security considerations related to the urgent pointer field, which also discourages new applications from using the urgent pointer.¶
Since TCP is often used for bulk transfer flows, some attacks are possible that abuse the TCP congestion control logic. An example is “ACK-division” attacks. Updates that have been made to the TCP congestion control specifications include mechanisms like Appropriate Byte Counting (ABC) [29] that act as mitigations to these attacks.¶
Other attacks are focused on exhausting the resources of a TCP server. Examples include SYN flooding [32] or wasting resources on non-progressing connections [41]. Operating systems commonly implement mitigations for these attacks. Some common defenses also utilize proxies, stateful firewalls, and other technologies outside the end-host TCP implementation.¶
The concept of a protocol’s “wire image” is described in RFC 8546 [56], which describes how TCP’s cleartext headers expose more metadata to nodes on the path than is strictly required to route the packets to their destination. On-path adversaries may be able to leverage this metadata. Lessons learned in this respect from TCP have been applied in the design of newer transports like QUIC [60]. Additionally, based partly on experiences with TCP and its extensions, there are considerations that might be applicable for future TCP extensions and other transports that the IETF has documented in RFC 9065 [61], along with IAB recommendations in RFC 8558 [58] and [67].¶
There are also methods of “fingerprinting” that can be used to infer the host TCP implementation (operating system) version or platform information. These collect observations of several aspects, such as the options present in segments, the ordering of options, the specific behaviors in the case of various conditions, packet timing, packet sizing, and other aspects of the protocol that are left to be determined by an implementer, and can use those observations to identify information about the host and implementation.¶
Since ICMP message processing also can interact with TCP connections, there is potential for ICMP-based attacks against TCP connections. These are discussed in RFC 5927 [100], along with mitigations that have been implemented.¶
This section is adapted from RFC 1122.¶
Note that there is no requirement related to PLPMTUD in this list, but that PLPMTUD is recommended.¶
...
Read the original on www.rfc-editor.org »
Many of us have experienced the frustration of visiting a web page that seems like it has what we’re looking for, but doesn’t live up to our expectations. The content might not have the insights you want, or it may not even seem like it was created for, or even by, a person.
We work hard to make sure the pages we show on Search are as helpful and relevant as possible. To do this, we constantly refine our systems: Last year, we launched thousands of updates to Search based on hundreds of thousands of quality tests, including evaluations where we gather feedback from human reviewers.
We know people don’t find content helpful if it seems like it was designed to attract clicks rather than inform readers. So starting next week for English users globally, we’re rolling out a series of improvements to Search to make it easier for people to find helpful content made by, and for, people. This ranking work joins a similar effort related to ranking better quality product review content over the past year, which will also receive an update. Together, these launches are part of a broader, ongoing effort to reduce low-quality content and make it easier to find content that feels authentic and useful in Search.
We continually update Search to make sure we’re helping you find high quality content. Next week, we’ll launch the “helpful content update” to tackle content that seems to have been primarily created for ranking well in search engines rather than to help or inform people. This ranking update will help make sure that unoriginal, low quality content doesn’t rank highly in Search, and our testing has found it will especially improve results related to online education, as well as arts and entertainment, shopping and tech-related content.
For example, if you search for information about a new movie, you might have previously seen articles that aggregated reviews from other sites without adding perspectives beyond what’s available elsewhere. This isn’t very helpful if you’re expecting to read something new. With this update, you’ll see more results with unique, authentic information, so you’re more likely to read something you haven’t seen before.
As always, we’ll continue to refine our systems and build on this improvement over time. If you’re a content creator, you can learn more about today’s update and guidance to consider on Search Central.
We know product reviews can play an important role in helping you make a decision on something to buy. Last year, we kicked off a series of updates to show more helpful, in-depth reviews based on first-hand expertise in search results.
We’ve continued to refine these systems, and in the coming weeks, we’ll roll out another update to make it even easier to find high-quality, original reviews. We’ll continue this work to make sure you find the most useful information when you’re researching a purchase on the web.
We hope these updates will help you access more helpful information and valuable perspectives on Search. We look forward to building on this work to make it even easier to find original content by and for real people in the months ahead.
...
Read the original on blog.google »
Webhooks are the foundation of modern API development. They enable us to react to changes in our systems, an incoming text message, a successful payment, or that latest pull request no matter our stack. While webhooks are universal in concept, they are unstandardized API contracts with few organizations paying attention to their design, security controls, and overall operational experience.
It serves both as a directory of webhook providers and a collection of best practices for providing and consuming webhooks. Starting from security, moving into payload protection, and continuing into operationalizing webhooks, we delve into the concepts and practices currently available in the wild.
Yes! We have many webhooks to document, patterns to uncover, and best practices to highlight! Our contributing page covers how you can help.
Web development is hard. As you have more moving pieces integrating more systems across different organizations, it only becomes harder.
At ngrok, our goal is to simplfiy building for the internet. Since most people find us through their favorite webhook provider, we knew integrating webhook verification would make applications more secure and reliable at scale. During that effort, we investigated 100 webhook providers and built in-product verifications for 50 of the most popular providers. We found practices that stood out as exceptionally powerful and others that left much to be desired.
Our goal in sharing this is to inform teams to choose patterns that make building and consuming webhooks easier, faster, and more secure.
...
Read the original on webhooks.fyi »
To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".
10HN is also available as an iOS App
If you visit 10HN only rarely, check out the the best articles from the past week.
If you like 10HN please leave feedback and share
Visit pancik.com for more.