Restarting...

Wow, almost a year since my last post.

I learned three things from my first attempt to learn Elixir.

  1. Cool language!

  2. Cool community!

  3. Old brain can no longer jump between a major Python project and a new language.

But there’s no longer any need to jump!

[Read More]

Ecto

Decided to switch from (A)Mnesia to Ecto with SQLite3 for my NVD (CVE) caching application.

  1. The historic NVD data is over 1GB which means I’m already starting to run into limitations.
  2. The planned database is extremely simple (two tables?).
  3. Experience with Ecto is more important in the long term for planned projects.

Useful and interesting links:

[Read More]

Back to Elixir (II)

Can’t believe it has been almost two months since I’ve written any Elixir. I’m sufficiently ahead on my client’s second Python project that I’m taking a break and getting back to Elixir for the rest of the month. My goal is to make significant progress on the NVD Cache project.

[Read More]

CacheNVD

Project #2

Been thinking about a second project before I need to head back to Python report-building land.

I recently wrote a Python-based vulnerability reporting application that cached API lookups from the NIST NVD service.

API Constraints

The most severe NVD API constraint is the rate limiting:

  • 5 lookups per 30 seconds without an API key.
  • 50 lookups per 30 seconds with an API key.

I’ve also seen API requests take over 30 seconds to respond.

A typical report requires hundreds of CVE lookups which makes caching mandatory.

[Read More]