I was recently chatting with a friend about stock trading, where the markets are going, how to survive. He said "I think working is actually more fun." I answered "especially when you have a Great Vision." And he replied "Great Vision comes from having an understanding of the technology."
This is absolutely true. Until you work through technology to the point of clarity of "what is possible?", every little vision will remain foggy. Your attitude will be horrible: "How the hell can I do that?" and then there's doubt that it can even be done. Ghosts live their whole lives this way, going from one doubt to the next. Shriveling away over what couldn't be done. What a pitiful way to live! Don't keep company with them. Don't listen to them. Don't take on their attitudes.
It takes a lot of digging and finding out what it's going to take. But once that's clear, then it's just a matter of time, and doing what needs to be done, and the momentum is there that nothing can get in the way of making it happen. It becomes very focused, and life consuming.
In fact, once that takes place, life becomes completely and wonderfully different: from living in doubt, to living with resolve.
Thursday, November 18, 2010
Thursday, November 11, 2010
DOS attack mitigation for Google App Engine
Maybe there's a better way - so please feel free to post comments.
For a relatively light loaded app engine server, tracking heavy request loads from the same IP address should be trivial. This server then would respond to periodic (30 seconds or so) queries from an upload PC asking what IP addresses need to be blocked, and the upload PC issue an "appcfg.py update_dos myapp/" (pipe in your password with --passin, and use the -e <emailaddress> option) to block the app engine server from the DOS attack.
For a relatively light loaded app engine server, tracking heavy request loads from the same IP address should be trivial. This server then would respond to periodic (30 seconds or so) queries from an upload PC asking what IP addresses need to be blocked, and the upload PC issue an "appcfg.py update_dos myapp/" (pipe in your password with --passin, and use the -e <emailaddress> option) to block the app engine server from the DOS attack.
Tuesday, November 9, 2010
Unity Security and Google App Engine (Python)
I'm relatively new to programming with both Unity and Google App Engine and Python. I've been playing with them for not even a month now, and ran into a nasty situation today.
Namely, attempting to read any text from a website in Unity doesn't work, unless that website also serves a crossdomain.xml file. This is explained in some detail here:
http://unity3d.com/support/documentation/Manual/Security%20Sandbox.html
Great! I'll just add that crossdomain.xml file, and those runtime errors will go away right? No. And here I show my flying blind syndrome - I don't know all the ins and outs of app engine yet. But if you dig deep enough, this is explained with sufficient searching.
The reason it doesn't work to just place the crossdomain.xml file in the project directory, is that the app.yaml file has to be configured to stop expecting every request to the root directory to be handled by the <whatever>.py file, which is what you get when you run the Python tutorial from Google App Engine:
http://code.google.com/appengine/docs/python/gettingstarted/
You'll wind up with an app.yaml file that looks like this:
application: helloworld
version: 1
runtime: python
api_version: 1
handlers:
- url: /stylesheets
static_dir: stylesheets
- url: /.*
script: helloworld.py
Namely, attempting to read any text from a website in Unity doesn't work, unless that website also serves a crossdomain.xml file. This is explained in some detail here:
http://unity3d.com/support/documentation/Manual/Security%20Sandbox.html
Great! I'll just add that crossdomain.xml file, and those runtime errors will go away right? No. And here I show my flying blind syndrome - I don't know all the ins and outs of app engine yet. But if you dig deep enough, this is explained with sufficient searching.
The reason it doesn't work to just place the crossdomain.xml file in the project directory, is that the app.yaml file has to be configured to stop expecting every request to the root directory to be handled by the <whatever>.py file, which is what you get when you run the Python tutorial from Google App Engine:
http://code.google.com/appengine/docs/python/gettingstarted/
You'll wind up with an app.yaml file that looks like this:
application: helloworld
version: 1
runtime: python
api_version: 1
handlers:
- url: /stylesheets
static_dir: stylesheets
- url: /.*
script: helloworld.py
And they explain it actually very clearly - but for some reason it just didn't sink in:
"Every request to a URL whose path matches the regular expression
/.* (all URLs) should be handled by the helloworld.py script."To get App Engine to serve the crossdomain.xml file, change hte app.yaml file to look like this instead:
application: helloworld
version: 1
runtime: python
api_version: 1
handlers:
- url: /stylesheets
static_dir: stylesheets
- url: /crossdomain.xml
static_files: static/crossdomain.xml
upload: static/crossdomain.xml
- url: /.*
script: helloworld.py
Then place the crossdomain.xml file in a subdirectory "static" and that's it. Unity can now use the WWW class to read text from an app engine website.
Subscribe to:
Posts (Atom)