That’s the question Francesco Cesarini, founder of Erlang Solutions has asked of dozens of language inventors. He said that José Valim was the first person whose reply included a “focus…on the adoption of ides, semantics, and runtime of another extremely powerful language, Erlang.”
[Read More]Restarting...
Wow, almost a year since my last post.
I learned three things from my first attempt to learn Elixir.
Cool language!
Cool community!
Old brain can no longer jump between a major Python project and a new language.
But there’s no longer any need to jump!
[Read More]Ecto
Decided to switch from (A)Mnesia to Ecto with SQLite3 for my NVD (CVE) caching application.
- The historic NVD data is over 1GB which means I’m already starting to run into limitations.
- The planned database is extremely simple (two tables?).
- Experience with Ecto is more important in the long term for planned projects.
Useful and interesting links:
[Read More]Back to Elixir (II)
Can’t believe it has been almost two months since I’ve written any Elixir. I’m sufficiently ahead on my client’s second Python project that I’m taking a break and getting back to Elixir for the rest of the month. My goal is to make significant progress on the NVD Cache project.
[Read More]Streaming into Mnesia
CSV -> Mnesia
Implemented a stream directly from the source CSV file into the Mnesia data store.
Was surprised to see that the Mnesia-stored data is smaller than the original CSV data:
- CSV: 835 Mbytes
- Mnesia: 757 MBytes
Loading a CSV File
NimbleCSV
Importing a .csv file using NimbleCSV
An article by Jacob Swanner NimbleCSV: Parsing into Elixir Maps filled in some gaps in the official documentation.
[Read More]Sidetrip Through the National Vulnerability Database
I tossed together some Python scripts that download and massage the Common Vulnerabilities and Exposure (CVE) data from the NIST/NVD website.
[Read More]Bandit Routing
and Req
Built a simple playground consisting of:
- Bandit
- Plug.Router, Plug.Debugger, and Plug.ErrorHandler
- Req
CacheNVD
Project #2
Been thinking about a second project before I need to head back to Python report-building land.
I recently wrote a Python-based vulnerability reporting application that cached API lookups from the NIST NVD service.
API Constraints
The most severe NVD API constraint is the rate limiting:
- 5 lookups per 30 seconds without an API key.
- 50 lookups per 30 seconds with an API key.
I’ve also seen API requests take over 30 seconds to respond.
A typical report requires hundreds of CVE lookups which makes caching mandatory.
[Read More]