HTTP response status codes indicate whether a specific HTTP request has been successfully completed. Responses are grouped in five classes: 1. Informational responses (100–199) 2. Successful responses (200–299) 3. Redirects (300–399) 4. Client errors (400–499) 5. Server errors (500–599) If you receive a response that is not in this list, it is a non-standard response, possibly custom to the server's software. Ref: developer.mozilla.org All HTTP response status codes are separated into five classes or categories. The first digit of the status code defines the class of response, while the last two digits do not have any classifying or categorization role. There are five classes defined by the standard: 1xx informational response – the request was received, continuing process 2xx successful – the request was successfully received, understood, and accepted 3xx redirection – further action needs to be taken in order to complete the request 4xx client error – the request contains bad syntax or cannot be fulfilled 5xx server error – the server failed to fulfil an apparently valid request Ref: en.wikipedia.org Some common error codes one must know: 401 Unauthorized Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. 403 Forbidden The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401, the client's identity is known to the server. 405 Method Not Allowed The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code. 415 Unsupported Media Type The media format of the requested data is not supported by the server, so the server is rejecting the request.RESTful API Response Codes (used by Amazon Drive API)
The HTTP Status Codes used by the RESTful Amazon Drive API. HTTP Status Code --- Description 200 OK --- Successful. 201 Created --- Created. Status code '201' is important for REST APIs that are performing some action such as raising a ticket or logging something. 400 Bad Request --- Bad input parameter. Error message should indicate which one and why. 401 Unauthorized --- The client passed in the invalid Auth token. Client should refresh the token and then try again. 403 Forbidden --- * Customer doesn’t exist. * Application not registered. * Application try to access to properties not belong to an App. * Application try to trash/purge root node. * Application try to update contentProperties. * Operation is blocked (for third-party apps). * Customer account over quota. 404 Not Found --- Resource not found. 405 Method Not Allowed --- The resource doesn't support the specified HTTP verb. 409 Conflict --- Conflict. 411 Length Required --- The Content-Length header was not specified. 412 Precondition Failed --- Precondition failed. 429 Too Many Requests --- Too many request for rate limiting. 500 Internal Server Error --- Servers are not working as expected. The request is probably valid but needs to be requested again later. 503 Service Unavailable --- Service Unavailable. Ref: developer.amazon.com (Dated: 24 Feb 2021) Additional Notes In Europe, the NotFound project, created by multiple European organizations including Missing Children Europe and Child Focus, encourages site operators to add a snippet of code to serve customized 404 error pages which provide data about missing children. Ref: HTTP 404
Tuesday, February 23, 2021
HTTP Error Codes and REST APIs
Revoking a GitHub session
To revoke existing sessins on GitHub, go to URL: https://github.com/settings/security There you will see your sessions at the bottom of the page as shown below: Click on "See More". On the right, you can see the "Revoke Session" button that you can use to revoke this session.Tags: Technology,GitHub,Cyber Security,
Monday, February 22, 2021
GitHub's Security Log Feature
GitHub provides a very detailed Security Log for your account. A snapshot of the browser based report is shown below: Apart from showing the logs in browser, it also allows you to export them as CSV or JSON (as of February 23, 2021). As an example, suppose a user tried your username with a wrong password, some failed login logs will be generated as given below: @xyz_user xyz_user – user.failed_login Failed to login 124.253.221.80 Chandigarh, Chandigarh, India 30 seconds ago The way it tracks location is not so accurate, see the logs below: 124.253.63.52 -- Jalandhar, Punjab, India -- 6 minutes ago 125.62.97.170 -- Ludhiana, Punjab, India -- 1 hour ago 124.253.111.135 -- Mohali, Punjab, India -- 2 days ago 124.253.221.80 -- Chandigarh, Chandigarh, India -- 2 days ago Dated: February 22, 2021Tags: Technology,Cyber Security,GitHub
GitHub account recovery options if you are locked out from MFA
1. Recover accounts elsewhere GitHub can store a recovery token with another provider. This can be used to help verify your identity if you get locked out of your account. 2. Recover your GitHub account with https://www.facebook.com 3. Recovery codes Recovery codes can be used to access your account in the event you lose access to your device and cannot receive two-factor authentication codes. GitHub Support cannot restore access to accounts with two-factor authentication enabled for security reasons, saving your recovery codes in a safe place can help keep you from being locked out of your account. 4. Fallback SMS number Providing a fallback SMS number will allow GitHub to send your two-factor authentication codes to an alternate device if you lose your primary device. For security reasons, GitHub Support cannot restore access to accounts with two-factor authentication enabled. If you lose access to both your primary device and your recovery keys, a backup SMS number can get you back in to your account. 5. Delivery options 5.1. Authenticator app. 5.2. Security keys can be used as your second factor of authentication. Security keys are hardware devices that can be used as your second factor of authentication. 5.3. Via SMS. Dated: February 23, 2021Tags: Technology, GitHub, Cyber Security Title of post: GitHub account recovery options if you are locked out from MFA
Creating new text file from terminal on Windows and Ubuntu
Creating new text file on Ubuntu from terminal
The Linux tee command is a way to write the standard output to a file. Or, to quote from the man page documentation, tee - read from standard input and write to standard output and files This is a little different from redirecting output to a file. In this case, the output is still send to standard out, but an additional copy is sent to create your text file. There are some good examples of how this can be useful, shown in the info documentation for tee. To view the info page, open a terminal window and enter info coreutils 'tee invocation' To understand the basic usage of the tee command, go to a terminal window and navigate to a directory that contains a small number of files. You can then use the ls and tee commands to create a text file that contains a listing of the files in that directory. ls | tee listing.txt You can also append a file using the -a switch. This will insert the output lines at the bottom of a pre-existing file. ls | tee -a listing.txt An example of when tee comes in handy is when you want to create a simple text file as root from your user account. I used it to create the fully qualified domain name file for my Apache configuration. You would think you could use: sudo echo "ServerName localhost" > /etc/apache2/conf.d/fqdn But that doesn't work because the sudo only affects the echo command and not the output redirection. Instead, you can use tee like this. echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn That command succeeds in creating the fqdn file with the desired content. Some other commands to create text files on Ubuntu: Following line creates an "HTML" page. $ echo " " >> mypage.html Following command creates a 0 size text file: $ touch mypage.htmlCreating new text file on Windows from CMD
1. type NUL > EmptyFile.txt 2. echo. 2>EmptyFile.txt This command creates an empty file as there is no error produced here that would go into the file. The command "echo." outputs an empty line in the CMD. 3. copy nul file.txt > nul 4. REM. > empty.file 5. fsutil file createnew file.cmd 0 # to create a file on a mapped drive 6. aaaa > empty_file This will output something like: 'aaaa' is not recognized as an internal or external command, operable program or batch file. But it does create an empty file. In the same spirit and the shortest one is: 7. .>out.txt It does give an error: '.' is not recognized as an internal or external command But this error is on stderr. And > only redirects stdout, where nothing have been produced. Hence the creation of an empty file. The error message can be disregarded here. Or redirected to NUL: 8. .>out.txt 2>NUL 9. echo.>filename (echo "" would actually put "" in the file! And echo without the '.' would put "Command ECHO activated" in the file...) Note: the resulting file is not empty but includes a return line sequence: 2 bytes. 10. Batch solution for a real empty file: <nul (set/p z=) >filename dir filename 11/09/2009 19:45 0 filename 1 file(s) 0 bytes The "<nul" pipes a nul response to the set/p command, which will cause the variable used to remain unchanged. As usual with set/p, the string to the right of the equal sign is displayed as a prompt with no CRLF. Since here the "string to the right of the equal sign" is empty... the result is an empty file. The difference with cd. > filename (does produce a 0-byte-length file) is that this "bit of redirection" (the <nul... trick) can be used to echo lines without any CR: <nul (set/p z=hello) >out.txt <nul (set/p z= world!) >>out.txt dir out.txt The dir command should indicate the file size as 11 bytes: "helloworld!".
% http://tuxtweaks.com/2010/06/command-line-basics-create-text-files-with-tee/
% https://stackoverflow.com/questions/1702762/how-to-create-an-empty-file-at-the-command-line-in-windows
Tags: Linux, Windows CMD, Technology
Saturday, February 20, 2021
Journal (Remembering my grandfather)
My grandpa passed away a few days back. I was at work at that time in Chandigarh. It was a very unpleasant thought at first but I kept myself occupied instead of mourning even in person. I switched off my phone on the first day and kept it on total silence on the next day. It is 6:30 AM today, still dark and I woke up to sound of a dog barking in the street. Like any other person on the Earth, he was also bit of a complicated man. He did have strong family values and religious values. He would be the first person in the temple everyday until few years back. I won't be able to write him a eulogy but I can be honest about what I liked in him. The takeaways from his life would be: 1. Discipline Waking up on time. Reaching temple on time. Then reaching law court on time. 2. Hard work He worked way past into his 80s. My dad had epilepsy and grandpa took a lot of care of that too (though I would not call it the best treatment). 3. Educate yourself He was himself a lawyer. My two buas are lawyers. My uncle is from IIT. I was not very good at school but my grandpa paid for my tuitions. He paid for my JEE coaching. He bore the expenses for my Bachelor's education. He lived a pretty long life according to everything I know about him. Had he passed away even an year before it would have meant a world of difference (on the bad side). Pictures shared by my family: Anu: Manju bua: Aunt: Srishti:
Vulnerability, Threat and Risk (in Information Technology)
1. Vulnerability Definition 1: A vulnerability is a weakness or error in a system or device's code that, when exploited, can compromise the confidentiality, availability, and integrity of data stored in them through unauthorized access, elevation of privileges, or denial of service. Definition 2: In computer security, a vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface. Vulnerability management is the cyclical practice that varies in theory but contains common processes which include: 1. discover all assets 2. prioritize assets 3. assess or perform a complete vulnerability scan 4. report on results 5. remediate vulnerabilities 6. verify remediation 7. repeat This practice generally refers to 'software vulnerabilities' in computing systems. Ref: Vulnerability Additional note on 'vulnerability': Some common attacks are: social engineering, spear phishing, malware, RATs, DDoS, Vulnerability Exploits (eg SQL Injection and 0-Days) A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Capable of deleting, downloading or altering files and file systems. Motives behind a security breach: - Fame - Political - Terrorism - Financial - Espionage - Reputation Damage 2. Zero-day vulnerability A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability (including the vendor of the target software). Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network. An exploit directed at a zero-day is called a zero-day exploit, or zero-day attack. The term "zero-day" originally referred to the number of days since a new piece of software was released to the public, so "zero-day" software was software that had been obtained by hacking into a developer's computer before release. Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them. Once the vendor learns of the vulnerability, the vendor will usually create patches or advise workarounds to mitigate it. The more recently that the vendor has become aware of the vulnerability, the more likely that no fix or mitigation has been developed. Even after a fix is developed, the fewer the days since then, the higher the probability that an attack against the afflicted software will be successful, because not every user of that software will have applied the fix. For zero-day exploits, unless the vulnerability is inadvertently fixed, e.g. by an unrelated update that happens to fix the vulnerability, the probability that a user has applied a vendor-supplied patch that fixes the problem is zero, so the exploit would remain available. Zero-day attacks are a severe threat. Ref: Zero-day vulnerability 3. Threat In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application. A threat can be either a negative "intentional" event (i.e. hacking: an individual cracker or a criminal organization) or an "accidental" negative event (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster event such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event. Ref: Threat 4. Threat agents or actors The term Threat Agent is used to indicate an individual or group that can manifest a threat. It is fundamental to identify who would want to exploit the assets of a company, and how they might use them against the company. Individuals within a threat population; Practically anyone and anything can, under the right circumstances, be a threat agent – the well-intentioned, but inept, computer operator who trashes a daily batch job by typing the wrong command, the regulator performing an audit, or the squirrel that chews through a data cable. Threat agents can take one or more of the following actions against an asset: % Access – simple unauthorized access % Misuse – unauthorized use of assets (e.g., identity theft, setting up a porn distribution service on a compromised server, etc.) % Disclose – the threat agent illicitly discloses sensitive information % Modify – unauthorized changes to an asset % Deny access – includes destruction, theft of a non-data asset, etc. OWASP collects a list of potential threat agents to prevent system designers, and programmers insert vulnerabilities in the software. These individuals and groups can be classified as follows: % Non-Target Specific: Non-Target Specific Threat Agents are computer viruses, worms, trojans and logic bombs. % Employees: Staff, contractors, operational/maintenance personnel, or security guards who are annoyed with the company. % Organized Crime and Criminals: Criminals target information that is of value to them, such as bank accounts, credit cards or intellectual property that can be converted into money. Criminals will often make use of insiders to help them. % Corporations: Corporations are engaged in offensive information warfare or competitive intelligence. Partners and competitors come under this category. % Human, Unintentional: Accidents, carelessness. % Human, Intentional: Insider, outsider. % Natural: Flood, fire, lightning, meteor, earthquakes. 5. Risk In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environment), often focusing on negative, undesirable consequences. Many different definitions have been proposed. The international standard definition of risk for common understanding in different applications is “effect of uncertainty on objectives”. The understanding of risk, the methods of assessment and management, the descriptions of risk and even the definitions of risk differ in different practice areas (business, economics, environment, finance, information technology, health, insurance, safety, security etc). This article provides links to more detailed articles on these areas. Risk (in information security domain) = Likelihood * Impact = Frequency * Severity Ref: Risk When dealing with vulnerability and risk, three registers one should know are: 1. Asset Registers is list of assets. 2. Threat Registers is threats associated with an asset. 3. Vulnerability Registers is vulnerabilities associated with an asset. 6. Exposure belencruz An exposure is defined by MITRE’s CVE Terminology as a system configuration issue or a mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network. An exposure: % Allows an attacker to conduct information gathering activities. % Allows an attacker to hide activities. % Includes a capability that behaves as expected, but can be easily compromised. % Is a primary point of entry that an attacker may attempt to use to gain access to the system or data. % Is considered a problem according to some reasonable security policy. Revisiting few definitions again: % A threat is a potential cause of an unwanted impact to a system or organization (ISO 13335-1). Threats fall into two categories: vulnerabilities and exposures. % A vulnerability, according to MITRE’s CVE Terminology, is a mistake in software that can be used by a hacker to gain access to a system. A vulnerability: - Allows an attacker to execute commands as another user. - Allows an attacker to access data that is contrary to the specified access restrictions for that data. - Allows an attacker to pose as another entity. - Allows an attacker to conduct a denial of service % A risk according to the ISO 31000 definition is the effect of uncertainty upon objectives where an effect is a deviation from the expected, positive or negative. ISO 31000 notes that risk can be regarded in terms of: - Likelihood of an event occurring. - Impact of the event if it occurs. 7. Countermeasure In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. The definition is as IETF RFC 2828 that is the same as CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems of United States of America. According to the Glossary by InfosecToday, the meaning of countermeasure is: The deployment of a set of security services to protect against a security threat. A synonym is security control. In telecommunications, communication countermeasures are defined as security services as part of OSI Reference model by ITU-T X.800 Recommendation. X.800 and ISO ISO 7498-2 (Information processing systems – Open systems interconnection – Basic Reference Model – Part 2: Security architecture are technically aligned. The following picture explain the relationships between these concepts and terms: + - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+ | An Attack: | |Counter- | | A System Resource: | | i.e., A Threat Action | | measure | | Target of the Attack | | +----------+ | | | | +-----------------+ | | | Attacker |<==================||<========= | | | | i.e., | Passive | | | | | Vulnerability | | | | A Threat |<=================>||<========> | | | | Agent | or Active | | | | +-------|||-------+ | | +----------+ Attack | | | | VVV | | | | | | Threat Consequences | + - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+ A resource (both physical or logical) can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromises the confidentiality, integrity or availability properties of resources (potentially different that the vulnerable one) of the organization and others involved parties (customers, suppliers). The so-called CIA triad is the basis of information security. The attack can be active when it attempts to alter system resources or affect their operation: so it compromises integrity or availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources, compromising confidentiality. A threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger enabling the exploitation of a vulnerability. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado). A set of policies concerned with information security management, the information security management systems (ISMS), has been developed to manage, according to risk management principles, the countermeasures in order to accomplish to a security strategy set up following rules and regulations applicable in a country. Ref: Countermeasure 8. Four strategies to deal with vulnerability: 8.1. Accepting the risk 8.2. Mitigating the risk 8.3. Avoiding the risk / Preventing the risk 8.4. Transfering the risk Tags: Technology, Cyber Security
Friday, February 19, 2021
Journal (Invigorating Life in House in Tri Nagar)
This is about my time in Tri Nagar for roughly two months before I came to Chandigarh in 2018. The entire house was a storeroom for unused and waste items along with bricks and stone blocks. The grandma's room was filled with wood pieces (big and small) of Shyam and grandpa's room had the sofa set, table and single bed. These items had been adjusted so the room was completely packed leaving no room for anyone to even stand. At first I had tried to adjust into the environment but it was not possible. I would be in the room on the side of 73rd street upstairs. Sitting there on the floor to use my laptop was okay for some time but not for long for extended hours. Everyday we would be removing some of the wood pieces and waste items from the first hall (grandma's room). At first, the way to grandpa's room was cleared. I was still advised that I take every care while passing from the first hall as the wooden girders had bent from the middle due to the load of the stone blocks. Some stone blocks were completely taken off from the point right above where the fan hook was (which was the main weight that had resulted in the hole in the roof). Everytime it would rain, the water would make the entire roof to become heavy and weak. The waste had a lot of items that belonged to my grandma such as the small trunk (small as if to store 12-15 novels) with religious reading material. There was a round wheat grinding stone. There were some other trunks that contained electrical items (such as wires and sockets and two old ceiling fans (these were the ones that weighed over a kilo)) or kitchen utensils. Mom was reluctant to touch these trunks but I insisted that small kitchen utensils (such as glasses and plates) should be put into use, religious items be removed, electrical waste be removed as they are there as they are not being used anywhere. There was a time when my mom and I had a huge conflict. I was of the opinion that mice and rodents should be done away with by any means. Mom is a religious person and she said that she does not mind that mice are there. When she would learn about steps I had taken to deal with rodents, she said "they are the vehicle of lord Ganesha" and am neither religious nor pro-animal life. There were some king-size utensils made of alloys (instead of stainless steel) that were not suitable for day to day use such as a flat circular dish (thaali), or wok, rolling pin and board (made of marble), the pots (patila) and et cetera. I got them removed too. With time, the furniture was also removed item by item as space was needed such as when Sri Bhagwan joined as a tenant in October. Grandpa's room got a paint work as Sri Bhagwan stayed in it and he also painted the windows and walls outside. The paint was a much needed improvement to make the room liveable. This was the first step towards invigorating life in that house.
Personality Types Associated With Anxiety
Not all negative self-talk is the same. Human beings are not only diverse but complex, with multifaceted personalities. These facets are sometimes referred to as “subpersonalities.” Our different subpersonalities each play their own distinct role and possess their own voice in the complex workings of consciousness, memory, and dreams. Below you will find four of the more common subpersonality types that tend to be prominent in people who are prone to anxiety: the Worrier, the Critic, the Victim, and the Perfectionist. Since the strength of these inner voices varies for different people, you might find it useful to rank them from strongest to weakest in yourself. 1. The Worrier (promotes anxiety) Characteristics: This usually is the strongest subpersonality in people who are prone to anxiety. The Worrier creates anxiety by imagining the worst-case scenario. It scares you with fantasies of disaster or catastrophe when you imagine confronting something you fear. It also aggravates panic by reacting to the first physical symptoms of a panic attack. The Worrier promotes your fears that what is happening is dangerous or embarrassing. “What if I have a heart attack?!” “What will they think if they see me?!” In short, the Worrier’s dominant tendencies include: 1) anticipating the worst, 2) overestimating the odds of something bad or embarrassing happening, and 3) creating grandiose images of potential failure or catastrophe. The Worrier is always vigilant, watching with uneasy apprehension for any small symptoms or signs of trouble. Favorite expression: By far the favorite expression of the Worrier is “what if...?” Examples: Some typical dialogue from the Worrier might be: “Oh no, my heart’s starting to beat faster! What if I panic and lose complete control of myself?” “What if I start stammering in the middle of my speech?” “What if they see me shaking?” “What if I’m alone and there’s nobody to call?” “What if I just can’t get over this phobia?” or “What if I’m restricted from going to work for the rest of my life?” These subpersonalities are based on Reid Wilson’s descriptions of the Worried, Critical, and Hopeless Observers in his book Don’t Panic: Taking Control of Anxiety Attacks. 2. The Critic (promotes low self-esteem) Characteristics: The Critic is that part of you that is constantly judging and evaluating your behavior (and in this sense may seem more “apart” from you than the other subpersonalities). It tends to point out your flaws and limitations whenever possible. It jumps on any mistake you make to remind you that you’re a failure. The Critic generates anxiety by putting you down for not being able to handle your panic symptoms, for not being able to go places you used to go, for being unable to perform at your best, or for having to be dependent on someone else. It also likes to compare you with others and usually sees them coming out favorably. It tends to ignore your positive qualities and emphasizes your weaknesses and inadequacies. The Critic may be personified in your own dialogue as the voice of your mother or father, a dreaded teacher, or anyone who wounded you in the past with their criticism. Favorite expressions: “What a disappointment you are!” “That was stupid!” Examples: The following would be typical of the Critic’s self-talk: “You stupid...” (The Critic relishes negative labels.) “Can’t you ever get it right?” “Why are you always this way?” “Look at how capable is,” or “You could have done better.” The Critic holds negative self-beliefs, such as: “I’m inferior to others,” “I’m not worth much,” “There’s something inherently wrong with me,” or “I’m weak—I should be stronger.” 3. The Victim (promotes depression) Characteristics: The Victim is that part of you that feels helpless or hopeless. It generates anxiety by telling you that you’re not making any progress, that your condition is incurable, or that the road is too long and steep for you to have a real chance at recovering. The Victim also plays a major role in creating depression. The Victim believes that there is something inherently wrong with you: you are in some way deprived, defective, or unworthy. The Victim always perceives insurmountable obstacles between you and your goals. Characteristically, it bemoans, complains, and regrets things as they are at present. It believes that nothing will ever change. Favorite expressions: “I can’t.” “I’ll never be able to.” Examples: The Victim will say such things as: “I’ll never be able to do that, so what’s the point in even trying?” “I feel physically drained today—why bother doing anything?” “Maybe I could have done it if I’d had more initiative ten years ago—but it’s too late now.” The Victim holds such negative self-beliefs as: “I’m hopeless,” “I’ve had this problem too long—it will never get better,” or “I’ve tried everything—nothing is ever going to work.” 4. The Perfectionist (promotes chronic stress and burnout) Characteristics: The Perfectionist is a close cousin of the Critic, but its concern is less to put you down than to push and goad you to do better. It generates anxiety by constantly telling you that your efforts aren’t good enough, that you should be working harder, that you should always have everything under control; that you should always be competent, should always be pleasing, should always be (fill in whatever you keep telling yourself that you “should” do or be). The Perfectionist is the hard-driving part of you that wants to be best and is intolerant of mistakes or setbacks. It has a tendency to try to convince you that your self-worth is dependent on externals, such as vocational achievement, money and status, acceptance by others, being loved, or your ability to be pleasing and nice to others, regardless of what they do. The Perfectionist isn’t convinced by any notions of your inherent self-worth, but instead pushes you into stress, exhaustion, and burnout in pursuit of its goals. It likes to ignore warning signals from your body. Favorite expressions: “I should.” “I have to.” “I must.” Examples: The Perfectionist may provide such instructions as: “I should always be on top of things,” “I should always be considerate and unselfish,” “I should always be pleasant and nice,” or “I have to (get this job, make this amount of money, receive approval, and so on) or I’m not worth much.”Personality Styles That Perpetuate Anxiety
People who are prone to anxiety disorders tend to share certain personality traits. Some of these traits are positive—such as creativity, intuitive ability, emotional sensitivity, empathy, and amiability. Such traits as these endear anxiety-prone people to their friends and relatives. Other common traits tend to aggravate anxiety and interfere with the self-confidence of people with anxiety disorders. This chapter focuses on four of these traits, all of which need to be addressed at some point in the process of recovery. • Perfectionism • Excessive need for approval • Tendency to ignore physical and psychological signs of stress • Excessive need for control You may not possess all four of these traits. But if panic, phobias, or generalized anxiety have been part of your life for any length of time, you probably identify with at least two or three of them. 1. Perfectionism Perfectionism has two aspects. (1.1) First, you have a tendency to have expectations about yourself, others, and life that are unrealistically high. When anything falls short, you become disappointed and/or critical. (1.2) Second, you tend to be overconcerned with small flaws and mistakes in yourself or your accomplishments. In focusing on what’s wrong, you tend to discount and ignore what’s right. Perfectionism is a common cause of low self-esteem. It is critical of every effort and convinces you that nothing is ever good enough. It can also cause you to drive yourself to the point of chronic stress, exhaustion, and burnout. Every time perfectionism counsels you that you “should,” “have to,” or “must,” you tend to push yourself forward out of anxiety, rather than from natural desire and inclination. The more perfectionistic you are, the more often you’re likely to feel anxious. 2. Excessive Need for Approval All human beings need approval. Yet for many people struggling with anxiety and phobias, the need for approval can be excessive. Being overly concerned with approval often arises from an inner sense of being flawed or unworthy. This leads to the mistaken belief that you are unacceptable just the way you are (“If people really saw who I am, they wouldn’t accept me”). Individuals with an excessive need for approval are always looking for validation from other people. In trying to be generally pleasing, they may conform so well to others’ expectations that they often ignore their own needs and feelings. Frequently, they have a difficult time setting boundaries or saying no. The long-term consequence of always accommodating and pleasing others at the expense of yourself is that you end up with a lot of withheld frustration and resentment over not having taken care of your own basic needs. Withheld frustration and resentment form the unconscious foundation for a lot of chronic anxiety and tension. 3. Tendency to Ignore Physical and Psychological Signs of Stress People with anxiety disorders are often out of touch with their bodies. If you are anxious or preoccupied with worrying, you may, as the expression goes, be “living in your head”—not feeling strongly connected with the rest of your body, below the neck. Try checking in with yourself as you are reading right now. Do you feel as if most of your energy—your “center of gravity”—is situated from your neck up? Or do you feel solidly connected with the rest of your body, in touch with your chest, stomach, arms, and legs? To the extent that you are out of touch with your body, you may ignore— often unconsciously—an entire range of physical symptoms that arise when you’re under stress. Examples of physical symptoms that may signify stress are fatigue, headaches, nervous stomach, tight muscles, cold hands, and diarrhea, to mention a few. Unfortunately, when you’re unaware that you’re under stress, you’re likely to keep pushing yourself without taking time out or slowing down. You may keep going until you reach a state of exhaustion or illness. Many individuals with anxiety disorders have a long history of pushing themselves very hard and continually overextending themselves—trying to fit too much into too little time. Driven by perfectionist standards, they keep striving to do more and be more for everyone. Often they may go for months at a time—even years—without noticing, or simply ignoring, that they are under high levels of stress. One possible outcome of chronic, cumulative stress is that the neuroendocrine regulatory systems in the brain begin to malfunction, and you develop panic attacks, generalized anxiety, depression, mood swings, or some combination of these three. You might also develop ulcers, hypertension, headaches, or other psychosomatic illnesses under conditions of chronic stress. If it is your neurotransmitter systems that happen to be vulnerable, the effects of chronic stress are likely to show up in the form of an anxiety or mood disorder. Although these disorders cause significant distress in themselves, they are, in fact, warning signs. The body has built-in mechanisms for preventing its self-destruction. Developing panic disorder or depression may be viewed as a way in which your body forces you to slow down and alter your lifestyle before you push yourself into catastrophic illness or death. 4. Excessive Need for Control The excessive need for control makes you want to have everything in life be predictable. It’s a kind of vigilance that requires all the bases to be covered—the opposite of letting go and trusting in the process of life. Often an excessive need for control has its origins in a traumatic personal history. After living through experiences in which you felt frightened, vulnerable, or violated and powerless, it’s easy to grow up feeling defensive and vigilant. You may go through life this way, ready to put up your defenses in response to any situation that seems to challenge your sense of security (whether it actually does or not). Survivors of severe trauma often develop highly controlled and/or controlling personalities; or else they may have been so distressed that they decided to give up, feeling depressed and discouraged about maintaining any control of their lives (the latter outcome has been referred to as “learned helplessness”). Overcoming the excessive need for control takes time and persistence. Reference for further reading: Anxiety and Phobia Workbook (6e, Edmund Bourne) Tags: Behavioral Science, Emotional Intelligence, Medicine, Personality Types, Psychology
Wednesday, February 17, 2021
Definitions of 'Artificial Intelligence'
Contents: A. Definition of “Artificial Intelligence” B. Foundations of “Artificial Intelligence” A. Definition of “Artificial Intelligence” Different people in the history of AI have tried to provide definitions for it and these definitions can organized into four categories: 1.1. Thinking Humanly “The exciting new effort to make computers think... machines with minds, in the full and literal sense.” (Haugeland, 1985) “The automation of activities that we associate with human thinking, activities such as decision-making, problem solving, learning...” (Bellman, 1978) 1.2. Thinking Humanly [1] Thinking humanly means trying to understand and model how the human mind works. There are (at least) two possible routes that humans use to find the answer to a question: 1.2.A. We reason about it to find the answer. This is called “introspection”. 1.2.B. We conduct experiments to find the answer, drawing upon scientific techniques to conduct controlled experiments and measure change. The field of ‘Cognitive Science’ focuses on modeling how people think. 1.3. Thinking humanly: The cognitive modeling approach [2] If we are going to say that a given program thinks like a human, we must have some way of determining how humans think. We need to get inside the actual workings of human minds. There are three ways to do this: a. through introspection—trying to catch our own thoughts as they go by; b. through psychological experiments—observing a person in action; and c. through brain imaging—observing the brain in action. Once we have a sufficiently precise theory of the mind, it becomes possible to express the theory as a computer program. If the program’s input–output behavior matches corresponding human behavior, that is evidence that some of the program’s mechanisms could also be operating in humans. For example, Allen Newell and Herbert Simon, who developed GPS, the “General Problem Solver” (Newell and Simon, 1961), were not content merely to have their program solve problems correctly. They were more concerned with comparing the trace of its reasoning steps to traces of human subjects solving the same problems. The interdisciplinary field of cognitive science brings together computer models from AI and experimental techniques from psychology to construct precise and testable theories of the human mind. Cognitive science is a fascinating field in itself, worthy of several textbooks and at least one encyclopedia (Wilson and Keil, 1999). We will occasionally comment on similarities or differences between AI techniques and human cognition. Real cognitive science, however, is necessarily based on experimental investigation of actual humans or animals. We will leave that for other books, as we assume the reader has only a computer for experimentation. In the early days of AI there was often confusion between the approaches: an author would argue that an algorithm performs well on a task and that it is therefore a good model of human performance, or vice versa. Modern authors separate the two kinds of claims; this distinction has allowed both AI and cognitive science to develop more rapidly. The two fields continue to fertilize each other, most notably in computer vision, which incorporates neurophysiological evidence into computational models. 2. Thinking Rationally 2.a. The study of mental faculties through the use of computational models. (Charniak and McDermott, 1985) 2.b. The study of the computations that make it possible to perceive, reason, and act. (Winston, 1992) 2.1. Thinking Rationally • Trying to understand how we actually think is one route to AI. • But another approach is to model how we should think. • The “thinking rationally” approach to AI uses symbolic logic to capture the laws of rational thought as symbols that can be manipulated. • Reasoning involves manipulating the symbols according to well-defined rules, kind of like algebra. • The result is an idealized model of human reasoning. This approach is attractive to theoretists, i.e., modeling how humans should think and reason in an ideal world. 2.2. Thinking rationally: The “laws of thought” approach The Greek philosopher Aristotle was one of the first to attempt to codify “right thinking,” that is, irrefutable reasoning processes. His syllogisms provided patterns for argument structures that always yielded correct conclusions when given correct premises—for example, “Socrates is a man; all men are mortal; therefore, Socrates is mortal.” These laws of thought were LOGIC supposed to govern the operation of the mind; their study initiated the field called logic. Logicians in the 19th century developed a precise notation for statements about all kinds of objects in the world and the relations among them. (Contrast this with ordinary arithmetic notation, which provides only for statements about numbers.) By 1965, programs existed that could, in principle, solve any solvable problem described in logical notation. (Although if no solution exists, the program might loop forever.) The so-called logicist tradition within artificial intelligence hopes to build on such programs to create intelligent systems. There are two main obstacles to this approach. First, it is not easy to take informal knowledge and state it in the formal terms required by logical notation, particularly when the knowledge is less than 100% certain. Second, there is a big difference between solving a problem “in principle” and solving it in practice. Even problems with just a few hundred facts can exhaust the computational resources of any computer unless it has some guidance as to which reasoning steps to try first. Although both of these obstacles apply to any attempt to build computational reasoning systems, they appeared first in the logicist tradition. 3. Acting Humanly 3.a. “The art of creating machines that perform functions that require intelligence when performed by people.” (Kurzweil, 1990) 3.b. “The study of how to make computers do things at which, at the moment, people are better.” (Rich and Knight, 1991) 3.1 Acting Humanly: Turing Test • This is a problem that has greatly troubled AI researchers for years. They ask the question “when can we count a machine as being intelligent?” • The most famous response is attributed to Alan Turing, a British mathematician and computing pioneer. The famous “Turing Test” was named after him, based on ideas he expressed in a paper published in 1950. Human interrogates entity via teletype for 5 minutes. If, after 5 minutes, human cannot tell whether entity is human or machine, then the entity must be counted as intelligent. • To date, no program has yet passed the Turing Test! However, there is the annual Loebner Prize which awards scientists for getting close. See http://www.loebner.net/Prizef/loebner-prize.html for more information. • In order to pass the Turing Test, a program that succeeded would need to be capable of:speech recognition, natural language understanding and generation, and speech synthesis; knowledge representation; learning; and automated reasoning and decision making. (Note: that the basic Turing Test does not specify a visual or aural component.) 3.2. Acting Humanly: Searle’s Chinese Room • Another famous test is called the “Chinese Room” which was proposed by John Searle in a paper published in 1980. • Suppose you have a computer in a room that reads Chinese characters as input, follows a program and outputs (other) Chinese characters. Suppose this computer does this so well that it passes the Turing Test (convinces a human Chinese speaker that it is talking to another human Chinese speaker). Does the computer understand Chinese? • Suppose Searle is in the room, and he uses a dictionary to translate the input characters from Chinese to English; he then constructs his answer to the question, translates that back into Chinese and delivers the output—does Searle understand Chinese? • Of course not. • This is Searle’s argument: the computer doesn’t understand it either, because all it is doing is translating words (symbols) from one language (representation) to another. 3.3. Acting humanly: The Turing Test approach [2] The Turing Test, proposed by Alan Turing (1950), was designed to provide a satisfactory operational definition of intelligence. A computer passes the test if a human interrogator, after posing some written questions, cannot tell whether the written responses come from a person or from a computer. For now, we note that programming a computer to pass a rigorously applied test provides plenty to work on. The computer would need to possess the following capabilities: • Natural Language Processing to enable it to communicate successfully in English; • Knowledge Representation to store what it knows or hears; • Automated Reasoning to use the stored information to answer questions and to draw new conclusions; • Machine Learning to adapt to new circumstances and to detect and extrapolate patterns. Turing’s test deliberately avoided direct physical interaction between the interrogator and the computer, because physical simulation of a person is unnecessary for intelligence. However, the so-called total Turing Test includes a video signal so that the interrogator can test the subject’s perceptual abilities, as well as the opportunity for the interrogator to pass physical objects “through the hatch.” To pass the total Turing Test, the computer will need: • Computer Vision to perceive objects, and • Robotics to manipulate objects and move about. These six disciplines compose most of AI, and Turing deserves credit for designing a test that remains relevant 60 years later. Yet AI researchers have devoted little effort to passing the Turing Test, believing that it is more important to study the underlying principles of intelligence than to duplicate an exemplar. The quest for “artificial flight” succeeded when the Wright brothers and others stopped imitating birds and started using wind tunnels and learning about aerodynamics. Aeronautical engineering texts do not define the goal of their field as making “machines that fly so exactly like pigeons that they can fool even other pigeons.” 4. Acting Rationally 4.a. “Computational Intelligence is the study of the design of intelligent agents.” (Poole et al., 1998) 4.b. “AI... is concerned with intelligent behavior in artifacts.” (Nilsson, 1998) 4.1. Acting Rationally • Acting rationally means acting to achieve one’s goals, given one’s beliefs or understanding about the world. An agent is a system that perceives an environment and acts within that environment. An intelligent agent is one that acts rationally with respect to its goals. For example, an agent that is designed to play a game should make moves that increase its chances of winning the game. • When constructing an intelligent agent, emphasis shifts from designing the theoretically best decision-making procedure to designing the best decision-making procedure possible within the circumstances in which the agent is acting. • Logical approaches may be used to help find the best action, but there are also other approaches. • Achieving so-called “perfect rationality”, making the best decision theoretically possible, is not usually possible due to limited resources in a real environment (e.g., time, memory, computational power, uncertainty, etc.). • The trick is to do the best with the information and resources you have. This represents a shift in the field of AI from optimizing (early AI) to satisfying (more recent AI). 4.2. Acting rationally: The rational agent approach [2] An agent is just something that acts. Of course, all computer programs do something, but computer agents are expected to do more: operate autonomously, perceive their environment, persist over a prolonged time period, adapt to change, and create and pursue goals. A rational agent is one that acts so as to achieve the best outcome or, when there is uncertainty, the best expected outcome. In the “laws of thought” approach to AI, the emphasis was on correct inferences. Making correct inferences is sometimes part of being a rational agent, because one way to act rationally is to reason logically to the conclusion that a given action will achieve one’s goals and then to act on that conclusion. On the other hand, correct inference is not all of rationality; in some situations, there is no provably correct thing to do, but something must still be done. There are also ways of acting rationally that cannot be said to involve inference. For example, recoiling from a hot stove is a reflex action that is usually more successful than a slower action taken after careful deliberation. All the skills needed for the Turing Test also allow an agent to act rationally. Knowledge representation and reasoning enable agents to reach good decisions. We need to be able to generate comprehensible sentences in natural language to get by in a complex society. We need learning not only for erudition, but also because it improves our ability to generate effective behavior. The rational-agent approach has two advantages over the other approaches. First, it is more general than the “laws of thought” approach because correct inference is just one of several possible mechanisms for achieving rationality. Second, it is more amenable to scientific development than are approaches based on human behavior or human thought. The standard of rationality is mathematically well defined and completely general, and can be “unpacked” to generate agent designs that provably achieve it. Human behavior, on the other hand, is well adapted for one specific environment and is defined by, well, the sum total of all the things that humans do. The Peter Norvig book therefore concentrates on general principles of rational agents and on components for constructing them. One important point to keep in mind: We will see before too long that achieving perfect rationality—always doing the right thing—is not feasible in complicated environments. The computational demands are just too high. For most of the book, however, we will adopt the working hypothesis that perfect rationality is a good starting point for analysis. It simplifies the problem and provides the appropriate setting for most of the foundational material in the field. At times, one needs to deal explicitly with the issue of limited rationality—acting appropriately when there is not enough time to do all the computations one might like. B. Foundations of “Artificial Intelligence” In this section, we provide ideas, viewpoints, and techniques from different disciplines that contributed towards AI. We certainly would not wish to give the impression that these questions are the only ones the disciplines address or that the disciplines have all been working toward AI as their ultimate fruition. B.1. Philosophy B.2. Mathematics B.3. Economics B.4. Neuroscience B.5. Psychology B.6. Computer engineering B.7. Control theory and cybernetics B.8. Linguistics B.1. Philosophy • Can formal rules be used to draw valid conclusions? • How does the mind arise from a physical brain? • Where does knowledge come from? • How does knowledge lead to action? B.2. Mathematics • What are the formal rules to draw valid conclusions? • What can be computed? • How do we reason with uncertain information? B.3. Economics • How should we make decisions so as to maximize payoff? • How should we do this when others may not go along? • How should we do this when the payoff may be far in the future? Most people think of economics as being about money, but economists will say that they are really studying how people make choices that lead to preferred outcomes. When McDonald’s offers a hamburger for a dollar, they are asserting that they would prefer the dollar and hoping that customers will prefer the hamburger. B.4. Neuroscience • How do brains process information? B.5. Psychology • How do humans and animals think and act? B.6. Computer engineering • How can we build an efficient computer? For artificial intelligence to succeed, we need two things: intelligence and an artifact. The computer has been the artifact of choice. The modern digital electronic computer was invented independently and almost simultaneously by scientists in three countries embattled in World War II. The first operational computer was the electromechanical Heath Robinson, built in 1940 by Alan Turing’s team for a single purpose: deciphering German messages. In 1943, the same group developed the Colossus, a powerful general-purpose machine based on vacuum tubes. (In the postwar period, Turing wanted to use these computers for AI research—for example, one of the first chess programs (Turing et al., 1953). His efforts were blocked by the British government.) The first operational programmable computer was the Z-3, the invention of Konrad Zuse in Germany in 1941. Zuse also invented floating-point numbers and the first high-level programming language, Plankalk¨ul. The first electronic computer, the ABC, was assembled by John Atanasoff and his student Clifford Berry between 1940 and 1942 at Iowa State University. Atanasoff’s research received little support or recognition; it was the ENIAC, developed as part of a secret military project at the University of Pennsylvania by a team including John Mauchly and John Eckert, that proved to be the most influential forerunner of modern computers. B.7. Control theory and cybernetics • How can artifacts operate under their own control? B.8. Linguistics • How does language relate to thought?
Tuesday, February 16, 2021
Getting a Web Server's Response Header Using Python
We have a Python code that will get the response headers for a website: from datetime import datetime import requests url = 'http://survival8.blogspot.com/' x = requests.get(url) print(x.headers) curr_time = datetime.now() # We also write our main HTML output to a file. with open("s8_" + str(curr_time).replace(":", "_") + ".log", mode='w') as f: f.write(x.text) The output of this code looks like as shown below: (base) ~/Desktop$ python response_header_info.py {'Content-Type': 'text/html; charset=UTF-8', 'Expires': 'Tue, 16 Feb 2021 10:13:29 GMT', 'Date': 'Tue, 16 Feb 2021 10:13:29 GMT', 'Cache-Control': 'private, max-age=0', 'Last-Modified': 'Tue, 16 Feb 2021 08:54:25 GMT', 'ETag': 'W/"047a2cb250a2ad10a53227bf4085727f97833f5235788c95f99a149e4d1afa68"', 'Content-Encoding': 'gzip', 'X-Content-Type-Options': 'nosniff', 'X-XSS-Protection': '1; mode=block', 'Content-Length': '135818', 'Server': 'GSE'} Next we discuss some important Response Headers: 1: Response header Ref: developer.mozilla.org A response header is an HTTP header that can be used in an HTTP response and that doesn't relate to the content of the message. Response headers, like Age, Location or Server are used to give a more detailed context of the response. Not all headers appearing in a response are categorized as response headers by the specification. For example, the Content-Length header is an Representation metadata header indicating the size of the body of the response message (and as an entity header in older versions of the specification). However, "conversationally" all headers are usually referred to as response headers in a response message. The following shows a few response headers after a GET request. Note that strictly speaking, the Content-Encoding and Content-Type headers are entity header: 200 OK Access-Control-Allow-Origin: * Connection: Keep-Alive Content-Encoding: gzip Content-Type: text/html; charset=utf-8 Date: Mon, 18 Jul 2016 16:06:00 GMT Etag: "c561c68d0ba92bbeb8b0f612a9199f722e3a621a" Keep-Alive: timeout=5, max=997 Last-Modified: Mon, 18 Jul 2016 02:36:04 GMT Server: Apache Set-Cookie: mykey=myvalue; expires=Mon, 17-Jul-2017 16:06:00 GMT; Max-Age=31449600; Path=/; secure Transfer-Encoding: chunked Vary: Cookie, Accept-Encoding X-Backend-Server: developer2.webapp.scl3.mozilla.com X-Cache-Info: not cacheable; meta data too large X-kuma-revision: 1085259 x-frame-options: DENY ### 2: 'Cache-Control': 'private' Ref: developer.mozilla.org Cacheability Directives that define whether a response/request can be cached, where it may be cached, and whether it must be validated with the origin server before caching. public The response may be stored by any cache, even if the response is normally non-cacheable. private The response may be stored only by a browser's cache, even if the response is normally non-cacheable. If you mean to not store the response in any cache, use no-store instead. This directive is not effective in preventing caches from storing your response. no-cache The response may be stored by any cache, even if the response is normally non-cacheable. However, the stored response MUST always go through validation with the origin server first before using it, therefore, you cannot use no-cache in-conjunction with immutable. If you mean to not store the response in any cache, use no-store instead. This directive is not effective in preventing caches from storing your response. no-store The response may not be stored in any cache. Note that this will not prevent a valid pre-existing cached response being returned. Clients can set max-age=0 to also clear existing cache responses, as this forces the cache to revalidate with the server (no other directives have an effect when used with no-store). ### 'Transfer-Encoding': 'chunked' The Transfer-Encoding header specifies the form of encoding used to safely transfer the payload body to the user. chunked Data is sent in a series of chunks. The Content-Length header is omitted in this case and at the beginning of each chunk you need to add the length of the current chunk in hexadecimal format, followed by '\r\n' and then the chunk itself, followed by another '\r\n'. The terminating chunk is a regular chunk, with the exception that its length is zero. It is followed by the trailer, which consists of a (possibly empty) sequence of entity header fields. ### 'Content-Type': 'application/json; charset=utf-8' Content-type: application/json; charset=utf-8 designates the content to be in JSON format, encoded in the UTF-8 character encoding. ### 'Server': 'Private Server', The Server header describes the software used by the origin server that handled the request — that is, the server that generated the response. Examples: Server: Apache/2.4.1 (Unix) Ref: developer.mozilla.org ### 'jsonerror': 'true' Nothing found about it. ### 'X-Frame-Options': 'SAMEORIGIN' The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites. The added security is provided only if the user accessing the document is using a browser that supports X-Frame-Options. There are two possible directives for X-Frame-Options: X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN SAMEORIGIN The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin (see bug 725490). Also see Browser compatibility for support details. Ref: developer.mozilla.org ### 'Strict-Transport-Security': 'max-age=31536000', The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP. max-age=<expire-time> The time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS. ### 'X-UA-Compatible': 'IE=EmulateIE7' Ref: docs.microsoft.com Web developers can also specify a document mode by including instructions in a meta element or HTTP response header: Webpages that include a meta element (see [HTML5:2014]) with an http-equivalent value of X-UA-Compatible. Webpages that are served with an HTTP header named "X-UA-Compatible". IE=EmulateIE7 :: IE7 mode (if a valid <!DOCTYPE> declaration is present) Quirks Mode (otherwise) ### 'X-Contet-Type-Options': 'nosniff' Ref: developer.mozilla.org The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. This is a way to opt out of MIME type sniffing, or, in other words, to say that the MIME types are deliberately configured. This header was introduced by Microsoft in IE 8 as a way for webmasters to block content sniffing that was happening and could transform non-executable MIME types into executable MIME types. Since then, other browsers have introduced it, even if their MIME sniffing algorithms were less aggressive. Starting with Firefox 72, the opting out of MIME sniffing is also applied to top-level documents if a Content-type is provided. This can cause HTML web pages to be downloaded instead of being rendered when they are served with a MIME type other than text/html. Make sure to set both headers correctly. Site security testers usually expect this header to be set. X-Content-Type-Options: nosniff nosniff Blocks a request if the request destination is of type: "style" and the MIME type is not text/css, or "script" and the MIME type is not a JavaScript MIME type Enables Cross-Origin Read Blocking (CORB) protection for the MIME-types: text/html text/plain text/json, application/json or any other type with a JSON extension: */*+json text/xml, application/xml or any other type with an XML extension: */*+xml (excluding image/svg+xml) ### 'X-XSS-Protection': '1; mode=block' Ref: developer.mozilla.org The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Although these protections are largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript ('unsafe-inline'), they can still provide protections for users of older web browsers that don't yet support CSP. X-XSS-Protection: 0 X-XSS-Protection: 1 X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; report=<reporting-uri> 1; mode=block Enables XSS filtering. Rather than sanitizing the page, the browser will prevent rendering of the page if an attack is detected. ### Date The Date general HTTP header contains the date and time at which the message was originated. Ref: developer.mozilla.org fetch('https://httpbin.org/get', { 'headers': { 'Date': (new Date()).toUTCString() } }) Header type: General header Tags: Technology, Web Scraping, Web Development
Subscribe to:
Posts (Atom)