application design – Should I store data from third parties?

should I also store all the data

It is not your duty. That does not mean you can’t, nor that there is no benefit to it. Storing the data, at least the data you access, would be a cache. And a cache is useful if reading the state is more common than updating it.

Will it be over-redundant or is storing the data by myself a protection against something?

A common trade off is memory in exchange for performance. That is what you would be doing here. Less latency getting the state, because you don’t actually go to the third party API, but read the copy of the state stored in memory.

It is protecting you from high latency and intermittency in the I/O connection, if there is any.

Of course, you profile. If with your cache it happens to be slower… Well, you know, don’t do that.

What points should be taken into consideration?

Who owns the data? Can the data be mutated elsewhere unexpectedly? Does the API support the concept of transactions? Are you using a library that already does caching?

If the state behind the third party API changes, what you have stored is not correct anymore. You are facing one of the hardest problems: when to invalidate cache.

If your application follows a simple event driven design, you can copy the portion of the state relevant to handle the current event (and you will naturally do that, as the response of the API is likely to be a copy anyway), and you keep that copy as long as you handle the current event (pretending it does not change during that period). And if the data can be modified unexpectedly elsewhere, that is the extend at which you would keep that information in your system. You should always assume that the data has changed since you read it (and transactions would be useful to make coherent updates, if available).

However, if you know your application is the only one modifying the data (despite it being behind a third party API), then you are free to use more complex cache schemes. Except, if you are using a library that already does caching for you.

Note that third party API does not imply remote. In fact, any library you import in your project that was not written by you, has a third party API.

encryption – Exporting SSL Certificate to 3rd Parties

One of our 3rd party service provider wants us to create a certificate PFX file in order to host an application outside our network from xxx.companyname.com

What are the security risks about this? Can they acquire our private key, or can they use the certificate for any malicious activities?

edit: i guess i have to mention that we have *.companyname.com wildcard SSL only. And xxx.companyname.com does not exist yet.

Did the parties really "switch sides" as the Demockkkrats claim?

It is not as simple as changing the parts, but yes, the realignment of the parts is a historical fact.

There used to be liberal and conservative factions in both parties.

There was even a group in Congress called the Conservative Coalition (which, of course, you've never heard of) consisting of conservative Republicans from the north and right-wing Democrats, segregationists from the south

Ironically, people who reject this are proposing a very ridiculous change, which is that the deep south only started to be the most stubbornly conservative part of the country about 50 years ago.

authorization: use of the OAuth SPA application to provide third parties with access tokens

Let's say you had a centralized OAuth 2 authentication server, a single page application (SPA) in an electronic application, and a third-party server. The user starts this SPA, goes through the PKCE flow to get an access and update token, and is now authenticated. The SPA can now access and modify information on the authentication server.

Then, let's say that this SPA wanted to access a third-party API, which performs some function; in my case it provides authenticated downloads to a client. That third-party API can already authenticate a user through the normal OAuth flow, causing a user to access the page, redirect the user to the authentication server, and then send the user back with an access code, which the API third-party exchanges for symbolic access. But instead, what happens if I want this SPA to access the third-party service? The SPA is not "connected" to the authentication server as it is only an OAuth client, and the user cannot simply go to the URL of the authentication server to follow the flow of the standard authorization code. What would be the process to generate an access token for this third-party API to allow access to the authentication server on behalf of the user, retrieving or modifying information about the user?

Thanks in advance!

blockchain: If two parties send a transaction in conflict with each other, how does the network decide which is the correct one?

If two transactions spend the same currency (utxo), only one is allowed in the mempool of each node. However, that may not be the tx that a miner actually commits and inserts into a block. In this case, the confirmed transaction "evicts" the double expense of the mempool.

Two competing miners may mine different blocks at the same height with conflicting transactions. This is a divided blockchain and a divided network, but it is not a problem. Finally, one of these branches of blockchain will be extended by an additional block. The string with the most accumulated proof of work is the only one that matters, and the other branch (with the TX in conflict) will be removed again.

If you are running your own full node, you don't need to trust any other source of truth. If you are a provider that accepts bitcoins, this is why "wait six confirmations" is generally accepted as best practice.

usability: make interested parties choose the right solution

I often find myself in a situation where interested parties ask for a specific solution for a new feature that is not the best in terms of usability compared to what I generally suggest. I always have arguments that interested parties may or may not consider valid (you know that everyone is more or less biased when talking about UX).

My current approach is to avoid iterating over your solution and propose my solution as the way forward.
Even so, most of the time I requested your suggested solution and, when it is presented, there is a risk of choosing that solution instead of the most "usable" one that I suggest.

What I am curious about is its approach when it comes to these types of situations. How do you discard the wrong solutions and choose the right one?
I know, there is always the option of doing some A / B tests, but let's be honest, in 99% of cases there is no time or budget for that. I am looking for ways to deal with these types of situations quickly and efficiently.

Cancellations – Itinerary if only one of the parties appears

I know that if one reserves a multi-leg itinerary and one does not show up on one of the legs, the rest of the flight can (will be lost).

I am curious to know what would happen if I had to book an itinerary for several people and one of the passengers does not register on one of the flights. Would the entire itinerary be in danger?

Address: How can a recipient verify that the transaction data has not been altered by third parties?

My scenario:

My web server:
– Generate a private and public wallet address, and public key for a website user account
– The server cannot connect to the outside (cannot connect to the Bitcoin network)
– It has a page that allows anyone to send money to the wallet address of the user account

What I need to do:
– The server needs to know when bitcoins were sent to the wallet address and how many total bitcoins are in the wallet address

Because the web server cannot access outside the Internet, I am using Javascript on the browser side to obtain the wallet address information by getting https://api.blockcypher.com/v1/btc/test3/addrs/ miedePxMt4SDQHjWJyfhbCWvXcm33vzDa1 / full and / or https: //api.blockcypher.com/v1/btc/test3/txs/681b16b4de3676a5865a85e0bba3097afcc195d928f3167e4d5591c388? includeHex = true … and send that data to my web server using an Ajax call to verify the bitcoins received.

Note: I have sent testnet bitcoins to that wallet.

Everything works except 1 problem: the browser user can easily change the amounts of bitcoins and trick the web server into thinking that more bitcoins were sent.

My question is: What methods can I use on the web server to verify that the browser user did not modify the transaction data? The web server has the pub / priv key of the receiving wallet. The web server has the "bx" libbitcoin-explorer program available and could install other software.

Can I use the commands in this diagram? https://github.com/libbitcoin/libbitcoin-explorer/wiki/Transaction-Commands

Gmail is deleting MIME email attachments from several parties for some recipients

I have a strange situation in which gmail seems to be deleting an email attachment, but only for specific recipients.

  1. Create a calendar invitation from bob@domain.zzz and emal at sarah@gmail.com and tom@gmail.com
  2. When reviewing the source of the messages received for Sarah @ and Tom @, the messages are identical except The attached file below is present for tom @, but is missing in sarah @:
--_=_swift_v4_1579834073_2cce74c64a50735eba644772892c3510_=_
Content-Type: text/calendar; method=REQUEST; charset=utf-8; name=event.ics
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=event.ics

QkVHSU46VkNBTEVOREFSDQpWRVJTSU9OOjIuMA0KUFJPRElEOi0vL1NhYnJlLy9TYWJyZSBWT2Jq
ZWN0IDQuMC4wLWFscGhhMy8vRU4NCkNBTFNDQUxFOkdSRUdPUklBTg0KTUVUSE9EOlJFUVVFU1QN
CkJFR0lOOlZUSU1FWk9ORQ0KVFpJRDpBbWVyaWNhL05ld19Zb3JrDQpYLUVNLURJU1BMQVlOQU1F
OihVVEMtMDU6MDApIEVhc3Rlcm4gVGltZSAoVVMgJiBDYW5hZGEpDQpCRUdJTjpTVEFOREFSRA0K
VFpOQU1FOkVhc3Rlcm4gU3RhbmRhcmQgVGltZQ0KRFRTVEFSVDowMDAxMDEwMVQwMjAwMDANClRa
T0ZGU0VURlJPTTotMDQwMA0KVFpPRkZTRVRUTzotMDUwMA0KUlJVTEU6RlJFUT1ZRUFSTFk7VU5U
SUw9MjAwNjEyMzFUMDAwMDAwWjtCWURBWT0tMVNVO0JZTU9OVEg9MTANCkVORDpTVEFOREFSRA0K
QkVHSU46U1RBTkRBUkQNClRaTkFNRTpFYXN0ZXJuIFN0YW5kYXJkIFRpbWUNCkRUU1RBUlQ6MjAw
NzAxMDFUMDIwMDAwDQpUWk9GRlNFVEZST006LTA0MDANClRaT0ZGU0VUVE86LTA1MDANClJSVUxF
OkZSRVE9WUVBUkxZO0JZREFZPTFTVTtCWU1PTlRIPTExDQpFTkQ6U1RBTkRBUkQNCkJFR0lOOkRB
WUxJR0hUDQpUWk5BTUU6RWFzdGVybiBTdW1tZXIgVGltZQ0KRFRTVEFSVDowMDAxMDEwMVQwMjAw
MDANClRaT0ZGU0VURlJPTTotMDUwMA0KVFpPRkZTRVRUTzotMDQwMA0KUlJVTEU6RlJFUT1ZRUFS
TFk7VU5USUw9MjAwNjEyMzFUMDAwMDAwWjtCWURBWT0xU1U7QllNT05USD00DQpFTkQ6REFZTElH
SFQNCkJFR0lOOkRBWUxJR0hUDQpUWk5BTUU6RWFzdGVybiBTdW1tZXIgVGltZQ0KRFRTVEFSVDoy
MDA3MDEwMVQwMjAwMDANClRaT0ZGU0VURlJPTTotMDUwMA0KVFpPRkZTRVRUTzotMDQwMA0KUlJV
TEU6RlJFUT1ZRUFSTFk7QllEQVk9MlNVO0JZTU9OVEg9Mw0KRU5EOkRBWUxJR0hUDQpFTkQ6VlRJ
TUVaT05FDQpCRUdJTjpWRVZFTlQNClVJRDozNTcxMmI4YS04OTI5LTQ4Y2YtOTE1YS1hZjc1ODMw
NDUwZGMNClNFUVVFTkNFOjENCkRUU1RBUlQ7VFpJRD1BbWVyaWNhL05ld19Zb3JrOjIwMjAwMTI3
VDA4MDAwMA0KRFRFTkQ7VFpJRD1BbWVyaWNhL05ld19Zb3JrOjIwMjAwMTI3VDA4MzAwMA0KVFJB
TlNQOk9QQVFVRQ0KWC1NSUNST1NPRlQtQ0RPLUJVU1lTVEFUVVM6QlVTWQ0KTEFTVC1NT0RJRklF
RDoyMDIwMDEyNFQwMjQ3NTRaDQpEVFNUQU1QOjIwMjAwMTI0VDAyNDc1NFoNCkNSRUFURUQ6MjAy
MDAxMjRUMDI0NzU0Wg0KU1VNTUFSWTpnbWFpbCB0ZXN0IHRvIGNwIGFuZCBwbXANCkFUVEVOREVF
O0NOPVBhdHJpY2sgUHJpdGNoYXJkO1JTVlA9VFJVRTtQQVJUU1RBVD1ORUVEUy1BQ1RJT046bWFp
bHRvOnRlbmRpbQ0KIEBnbWFpbC5jb20NCkFUVEVOREVFO0NOPUNocmlzdGluZSBQcml0Y2hhcmQ7
UlNWUD1UUlVFO1BBUlRTVEFUPU5FRURTLUFDVElPTjptYWlsdG86Y2hyaQ0KIHN0aW5lLmt3dW5A
Z21haWwuY29tDQpPUkdBTklaRVI7Q049UGF0cmljayBQcml0Y2hhcmQ6bWFpbHRvOnBhdHJpY2tA
ZDI2Lm5ldA0KQ0xBU1M6UFVCTElDDQpFTkQ6VkVWRU5UDQpFTkQ6VkNBTEVOREFSDQo=

--_=_swift_v4_1579834073_2cce74c64a50735eba644772892c3510_=_--

As the email goes to both sarah @ and tom @, and they both use gmail addresses, I expected the content to be the same.

Any ideas on what could go wrong?