SparkVPS – 6x SSD VPS Resource Pool $55/year and more! – Deploy in Dallas & New York!

SparkVPS recently shared with us a sale they are running on SSD VPS Resource Pools in their Dallas and New York datacenters. These are for 6x and 10x SSD VPS Pools!

They’ve received positive reviews to their previous offers on here, and we hope you enjoy what they have to offer to you today! As always – we want to hear your feedback, so if you decide to buy one – please be sure to comment below!

You can find their ToS/Legal Docs here. They accept PayPal, Credit Cards, Debit Cards, and Cryptocurrency (Bitcoin, Litecoin, Ethereum, Monero, Bitcoin Cash) as available payment methods.

Here’s what they had to say: 

“SparkVPS is a faster-than-SSD VPS provider. Here at SparkVPS, we specialize in providing VPS hosting. We are able to deliver unparalleled performance in the industry via our proprietary technology, which we call “MaxIO,” combined with our optimized local RAID-10 pure SSD access storage allows us to deliver VPS hosting that is twice as fast as traditional SSD VPS hosting.

Exclusive for the LowEndBox community, we have some SSD VPS Resource Pool offers, which support Docker, Custom Kernel Builds, and so much more!”

Here are the offers: 

6x SSD VPS Pool

  • Create Up To 6 VPS’s!
  • 8 CPU Cores
  • 6GB RAM
  • 100 GB SSD Storage
  • 10TB Bandwidth
  • 6 IPv4 Addresses
  • Dallas + NY Datacenter
  • OpenVZ Virtualization
  • TUN/TAP/PPP Supported
  • Pool Resource Manager
  • $ 55/yr
  • [ORDER]

10x SSD VPS Pool

  • Create Up To 10 VPS’s!
  • 10 CPU Cores
  • 8GB RAM
  • 150GB SSD Storage
  • 15TB Bandwidth
  • 10 IPv4 Addresses
  • Dallas + NY Datacenter
  • OpenVZ Virtualization
  • TUN/TAP/PPP Supported
  • Pool Resource Manager
  • $ 89/yr
  • [ORDER]

NETWORK INFO:

Dallas, TX, USA

Test IPv4: 192.3.237.150

Test file: http://192.3.237.150/1000MB.test

Buffalo, NY, USA

Test IPv4: 192.3.180.103

Test file: http://192.3.180.103/1000MB.test


VPS Host Nodes

– Intel Xeon E3 Series Processors

– 32GB to 64GB RAM

– Samsung Enterprise SSD’s

– Dual/Redundant Power Supply

– 1Gbps Network Uplink

Please let us know if you have any questions/comments and enjoy!

The post SparkVPS – 6x SSD VPS Resource Pool $ 55/year and more! – Deploy in Dallas & New York! appeared first on Low End Box.

Cannot add Calendar Resource to My Calendars

I have a G Suite Meeting Room and I want to manage its calendar. I’m following the instructions on this page to add a Calendar Resource to “My Calendars”, however the section My Calendars (capital C) and referenced “+” button in Step 2 below is not present.

Note: This question is specifically to add the calendar to “My calendars” so it can be managed, not to “Other calendars” where it cannot be managed or edited.

What am I missing to complete these instructions?

Here’s the instructions:

  • https://support.google.com/a/answer/60766

I have the following pre-requisites:

  • “administrator account with Calendar and Super Admin privileges”
  • “a calendar resource (such as a meeting room) for your organization” – resource with “Calendar-based room release” set to “On” and “Type” set to “Conference Room”

Instructions

Here’s the screenshot from my user with the required “administrator account with Calendar and Super Admin privileges”. There’s no My Calendars (capital C) or “+” as specified in Step 2 above, but My calendars (lowercase C) does exist without a “+”.

Here are the steps:

enter image description here

Resource recommendations for Shopify Theme Development

I am currently using a paid theme for my Shopify website. However, I want to build a theme of my own so that I can customize it entirely as per my need. I am well-versed with the Shopify coding language. Are there any books/courses that I should read before starting theme development? (I already have done the Udemy and other courses available). I need a book/course that covers coding from scratch and has in-depth info about everything related to Shopify code.

AWS S3 resource access control through IAM permissions or bucket policies?

The way we create buckets in our org and ensure sane ACLs around it is by providing an automated tool (that internally uses Terraform) to provision an S3 bucket. So say when a user requests for a new bucket, named testBucket we create a bucket named testBucket and also create an IAM user by the name testBucket-user. The automation ensures that the testBucket-user‘s policies are such that the only allowed actions to this user are :

"s3:ListBucket", "s3:PutObject", "s3:GetObject" 

and the only allowed resource on which the above actions are allowed is the testBucket bucket.

Similarly, the automation also ensures that the automation puts bucket policies to ensure that the only actions allowed on it are the above 3 actions are the only ones allowed on it and only by the user testBucket-user

However, on demand (& if business justified) we do make changes to the created bucket policies as and when needed). So recently there was one such requirement, where a certain bucket needed to have a folder in it that was meant to hold all publicly intended images.

Now there were 2 options we had in order to provision to above requirement:

  1. Modify the bucket policy to allow principal:* for the folder in the bucket thus allowing all objects in that folder in the bucket to be by default public.
  2. To modify and give PutObjectACL permissions to the IAM user that has access to that bucket and let the dev manage which objects in the folder can be or can not be public.

As the security team we were more convinced of the first option just because it looked more logical. The problem with the first option however was the fact that now any object (publicly intended or even otherwise) would be by default public.

I wonder what does the community think here around it? AWS/IAM experts, what would be your choice of the two options above ?

What is the purpose of a requesting a non existent resource

nwolb.com the site for Natwest Online Banking (a UK based bank) makes two requests to non existent resources. For example:

enter image description here

https://82.13.77.77:4531/NonExistentImage20297.gif https://127.0.0.1:4817/NonExistentImage25060.gif

What is the purpose of this? Is it some kind of webapp security hardening? It seems the port numbers and image numbers change but the ip addresses (external and loopback) do not.

Typescript, CRUD Applications, and the generation of resource identifiers

I am currently trying a create a fairly simple, declarative RESTful CRUD framework, whereby I can define a resource type, and have both the API endpoint created, as well as the the functions to Create/Read/Update/Delete the declared resource.

ie. the usage would look a little like this:

interface Student {      name: string;       dob: Date;  }     const {fetchFunctions, initApp} = createContract<Student>(app, "/students");   //Serverside:  const app = express();  initApp(app);   //Clientside      fetchFunctions.post({   //OK.     name: "bob",     dob: "11/11/1911" });   fetchFunctions.post({   //Type error, because dob isn't included.      name: "Bob" });   const student = await fetchFunctions.get("111");  console.log(student.name); //OK.  console.log(student.foo); //Type error, because Student doesn't have foo.  

Where I’m running into an issue is around the generation of IDs, and whether to include them in the resource object itself.

ie. Say I have done GET /students, to get a list of students, then I have to return the ID of the resources somewhere otherwise I am going to have no way to update them.

So either, I could put the ID on the resource:

[    {       id: "123",        name: "Bob",        dob: "11/11/1911",     },     {       id: "234",        name: "Alice",        dob: "12/12/1912",     } ] 

Or on some ‘Resource Wrappers’

[    {      id: "123",       data: {        name: "Bob",         dob: "11/11/1911",       }    },     {      id: "234",       data: {        name: "Alice",         dob: "12/12/1912",       }    } ] 

(Is this even RESTful? , and really, it’s not even different data).

The problem then, is I have to add the ID to the Student interface, and if I want to POST a student (without the ID), then I have to make it optional, and that starts getting messy, (ie. warnings about a possible null id everwhere).

Another solution is that I have two interfaces one Student and one NotYetCreatedStudent that doesn’t have an ID, and I POST the latter instead. This seems kind of tidy in a sense – but I don’t really like the ID of having to create two interfaces for every resource, having a whole second generic type on my functions etc.

This popular Stack Overflow question addresses the difference between POST and PUT, and basically the consensus seems to be that for creating a new resource, you do either:

POST /resource 

or

PUT /resource/123 

So maybe instead, then I could just not do ‘POST without ID to create a resource’ and instead do ‘generate a UUID on the client side and PUT with ID’ – which is seeming like the simplest solution.

Is there something I’m misunderstanding about RESTful APIs here that would help me solve this problem?

BigFootServers – SSD VPS Resource Pool Offer – Create 10 VPS’s for just $69/year – Deploy Servers in Los Angeles & Dallas + NY Coming Soon!

The BigFootServers team has recently contacted us with a flash sale they are running on SSD-powered VPS pools. With these pools, they’re giving customers the ability to create VPS instances on-demand, in both Los Angeles and Dallas. We were told that as they continue to expand and add additional regions, existing customers will be able to get access to them within their resource pool at no additional charge. They hinted to us that New York is one of the new locations they’ll be adding to the pool very shortly! (within the next three weeks).

BigFootServers has shared deals with the community before, but those were previously powered by traditional HDD’s. We are excited to share their new SSD-based VPS pool flash sale with you, and hope you enjoy the increased performance that SSD has to offer!

Here’s what they had to say:

“BigFootServers was founded when we saw a need for a simpler solution for small businesses to get started online. Our service-first business model sets us apart from the rest. At BigFootServers, we treat you with the utmost respect that you deserve, as our valued customer. In order to meet the needs and wants of our clients worldwide, we are pleased to present to you our expansion to offer SSD-powered VPS pools!

We provide a wide variety of different web hosting services to fit everyone’s budget. The solutions we provide are unique (in a good way), because they put you in control over your resources and environment, unlike conventional hosting solutions. These are unlike your traditional & conventional hosting solutions, because the services we’re providing here put you in control.”

Here’s the deal:

Product Description: Create, manage, resize or delete servers on demand within a few clicks! We provide you with a resource pool, and you determine how they are used! Please be sure to check out these screenshots of our easy to use and intuitive VPS Pools Interface here!

10 x SSD VPS Pool

  • 12 CPU Cores
  • 150 GB Pure SSD Storage
  • 12 GB RAM
  • 20 TB Monthly Bandwidth
  • 1Gbps Network Port Per VPS
  • 10 IPv4 Addresses
  • Create Up To 10 VPS’s
  • Los Angeles + Dallas Locations
  • OpenVZ Virtualization
  • $ 69/year
  • [ORDER NOW]


You can find their ToS/Legal Docs here. They accept PayPal, Alipay, Credit Cards and Bitcoin as payment methods.

NETWORK/HARDWARE INFO:

ColoCrossing – Los Angeles, CA, USA
Test IPv4: 107.175.180.6
Test file: http://107.175.180.6/100MB.test

ColoCrossing – Dallas, TX, USA
Test IPv4: 192.3.237.150
Test file: http://192.3.237.150/100MB.test


MINIMUM HOST NODE SPECIFICATIONS:

– Intel Xeon E3 Processors
– 32GB to 64GB RAM
– 4x 2TB HDDs
– Hardware RAID10 with Caching
– 1Gbps uplink

Please let us know if you have any questions/comments and enjoy!

The post BigFootServers – SSD VPS Resource Pool Offer – Create 10 VPS’s for just $ 69/year – Deploy Servers in Los Angeles & Dallas + NY Coming Soon! appeared first on Low End Box.

How to authorize access to a resource when requested with CORS and validate the origin?

I’ll try to make the explanation simple and to the point (keyword try). And if that’s not sufficient, then maybe I can expand on the question.

Imagine two sites: resources.example.com and www.example.com. I only have direct control over resources.example.com. www.example.com ultimately wants access to resource.example.com/dashboard. The idea here is the resource should be protected; secured.

I also cannot validate www.example.com user credentials for authentication (i.e. username, password). I don’t have access to their user store. Ultimately, above all else, my priority is ensuring that www.example.com is the identity of the resource requester.

My first thought was having www.example.com issue a CORS request to resources.example.com for authorization and send back a token. Token expiry is small (<5 seconds). I check that the request is POST, validate the origin header and the referrer, if it exists. If no origin header is passed, authorization fails. User then passes back token with standard POST request to resources.example.com/dashboard.

The problem is this is a very bad authorization scheme. Origin header is resistant to spoofing but it absolutely can be spoofed. Referrer is even easier to bypass.

www.example.com wants to keep effort minimal, which probably means it’s up to me to code their piece because I don’t know if there’s a simple solution here. They are open to CORS request.

My question is how can I secure the resource on my site in a CORS request and ensure the identity of the client is www.example.com, knowing the origin header can be spoofed?

Is there some way I can possibly leverage, i.e. aJSON Web Token (JWT) using asymmetric cryptography in order to prove the identity of the requester is www.example.com, even if the origin header is compromised? If so, who would generate the JWT, me or www.example.com?

Is it recommended to send an authentication request to the Resource Owner (by the Authorization Server) if it already has an active session?

In OAuth 2.0 Authorization Code Flow (Grant Type), is it recommended (or is it maybe even a best practice) to send an authentication request (e.g. a login-request form) to the Resource Owner (by the Authorization Server), even if the Resource Owner has already an active session on the Authorization Server, when obtaining an Authorization Code for the first time for a certain Client?

In other words, is it recommended to kill/destroy a currently active session first, if there’s one? Or is it not important at all?