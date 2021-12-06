A web application firewall (WAF) is a type of application firewall that lets you see and analyze HTTP traffic to and from a web application. It has the objective of preventing attacks that seek to deny service and steal data. It gives the administrator direct control over the requests and the responses passing through the system without needing to modify backend code. A WAF differs from a standard firewall by protecting a specific web application or set of web applications. And it does this without actually touching web applications. Unprotected web applications are the easiest entry point for criminals and vulnerable to a number of attack types. Once a web application security vulnerability is discovered, it must be promptly fixed. Virtual patching using a WAF or patching the web application code directly are two solutions. Preventing attacks in application code can be difficult and may need painstaking maintenance, patching and monitoring at multiple layers of the application topology. And web application attacks are the main cause of data breaches. About 75% of all attacks are focused at the web application level. Most websites suffer dozens of attacks every day and some popular sites suffer, on average, a thousand attacks per hour. WAFs are deployed to add an external security layer; this improves a system’s security. They detect and prevent attacks before they reach web applications.

VMware : Open Source License Compliance and Why It Matters

Open source license compliance isn't glamorous. It has little to do with cranking out code. It's a messy, nuanced undertaking that is in no way amenable to a simple technical fix. But it's something we ignore at our peril. Any open source user - or community - that fails to take software license compliance seriously is risking serious harm. It's worth reminding ourselves why that is, and what we can do about it.

I didn't expect this, and this year I wasn't asked ahead of time if I wanted to receive this gift. It is however something of a collector's item that I find very enjoyable. I received my GitHub contribution matrix printed in steel. This is my 2021 contribution skyline. (Click the images for higher resolution.)

Alexander Wirt, Bucha executions & Debian political prisoners When and why are these tactics used in Debian? It usually involves questions about money. If you ask why a woman who had a shared travel history with the Debian leader received a $6,000 internship, you are almost certain to be subject to one of these secret bans/censorship too. Debian oligarchs do not want to draw any attention to these cases, not even on debian-private so they blackmail people to disappear quietly.