DOCSLIB.ORG

Bigfix Compliance Open Source Licenses and Notices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Bigfix Compliance Open Source Licenses and Notices ---------------------------------- BigFix Compliance 10.0 Jan 2021 ---------------------------------- ------------------------------------------------------------------------- ------------------------------------------------------------------------- The HCL license agreement and any applicable information on the web download page for HCL products refers Licensee to this file for details concerning notices applicable to code included in the products listed above ("the Program"). Notwithstanding the terms and conditions of any other agreement Licensee may have with HCL or any of its related or affiliated entities (collectively "HCL"), the third party code identified below is subject to the terms and conditions of the HCL license agreement for the Program and not the license terms that may be contained in the notices below. The notices are provided for informational purposes. Please note: This Notices file may identify information that is not used by, or that was not shipped with, the Program as Licensee installed it. IMPORTANT: HCL does not represent or warrant that the information in this NOTICES file is accurate. Third party websites are independent of HCL and HCL does not represent or warrant that the information on any third party website referenced in this NOTICES file is accurate. HCL disclaims any and all liability for errors and omissions or for any damages accruing from the use of this NOTICES file or its contents, including without limitation URLs or references to any third party websites. ------------------------------------------------------------------------- ------------------------------------------------------------------------- <<START OF BigFix Compliance>> <<START OF Compliance Analytics>> ====== DETAIL 1: Compliance Analytics ====== License Library Description License Reference Copyrights Homepage Author Apache 2.0 addressable-2.7.0.gem "Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. It is flexible, offers heuristic parsing, and additionally provides extensive support for IRIs and URI templates. " https://rubygems.org/gems/addressable/versions/2.7.0 Copyright © Bob Aman</dd> https://github.com/sporkmonger/addressable Bob Aman Apache 2.0 ant-1.7.0.jar Apache Ant "1999-2006 Copyright 1999- 2006 The Apache Software Foundation 2002 Copyright 2002 Landmark" http://ant.apache.org/ Apache Software Foundation Apache 2.0 log4j-core-2.8.2.jar The Apache Log4j Implementation "1999-2005 Copyright 1999-2005 The Apache Software Foundation 2005-2006 Copyright 2005-2006 Tim Fennell 1999-2012 Copyright 1999-2012 Apache Software Foundation" https://logging.apache.org/log4j/2.x/ The Apache Software Foundation Apache 2.0 msgpack-1.3.3-java.gem MessagePack is a binary-based efficient object serialization library. It enables to exchange structured objects between many languages like JSON. But unlike JSON, it is very fast and small. https://rubygems.org/gems/msgpack/versions/1.3.3 http://msgpack.org/ Sadayuki Furuhashi, Theo Hultberg, Satoshi Tagomori Apache 2.0 spoon-0.0.6.gem Spoon is an FFI binding of the posix_spawn function (and Windows equivalent), providing fork+exec functionality in a single shot. https://rubygems.org/gems/spoon/versions/0.0.6 https://rubygems.org/gems/spoon-0.0.6.gem Charles Oliver Nutter Apache 2.0 thread_safe-0.3.6-java.gem A collection of data structures and utilities to make thread-safe programming in Ruby easier https://rubygems.org/gems/thread_safe/versions/0.3.6 https://github.com/ruby-concurrency/thread_safe Charles Oliver Nutter, thedarkone Apache 2.0 uuidtools-2.1.5.gem "A simple universally unique ID generation library. " https://rubygems.org/gems/uuidtools/versions/2.1.5 2005-2014 Copyright 2005-2014 Bob Aman</dd> https://github.com/sporkmonger/uuidtools Bob Aman Apache 2.0 websocket-driver-0.7.2-java.gem https://rubygems.org/gems/websocket-driver/versions/0.7.2 2010-2020 Copyright 2010-2020 James Coglan https://github.com/faye/websocket- driver-ruby James Coglan Apache 2.0 websocket-extensions-0.1.5.gem https://rubygems.org/gems/websocket-extensions/versions/0.1.5 2014-2020 Copyright 2014-2020 James Coglan https://github.com/faye/websocket-extensions-ruby James Coglan Artistic 2.0 diff-lcs-1.3.gem* "Diff::LCS computes the difference between two Enumerable sequences using the McIlroy-Hunt longest common subsequence (LCS) algorithm. It includes utilities to create a simple HTML diff output format and a standard diff-like tool. This is release 1.3, providing a tentative fix to a long-standing issue related to incorrect detection of a patch direction. Also modernizes the gem infrastructure, testing infrastructure, and provides a warning-free experience to Ruby 2.4 users." https://rubygems.org/gems/diff-lcs/versions/1.3 2004-2013 Copyright 2004-2013 Austin Ziegler https://github.com/halostatue/diff-lcs Austin Ziegler BSD 2 csv-3.0.9.gem The CSV library provides a complete interface to CSV files and data. It offers tools to enable you to read and write to and from Strings or IO objects, as needed. https://rubygems.org/gems/csv/versions/3.0.9 "2017 Copyright 2017 Olivier Lacan 2018 Copyright 2018 Kouhei Sutou 2007-2017 Copyright 2007-2017 Yukihiro Matsumoto 2005-2016 Copyright 2005-2016 James Edward Gray II 2018 Copyright 2018 Tomohiro Ogoke 2017 Copyright 2017 Marcus Stollsteimer 2017 Copyright 2017 SHIBATA Hiroshi 2018 Copyright 2018 Vladislav 2018 Copyright 2018 Mitsutaka Mimura 2017-2018 Copyright 2017-2018 Steven Daniels 2017 Copyright 2017 pavel 2017 Copyright 2017 Espartaco Palma" https://github.com/ruby/csv James Edward Gray II, Kouhei Sutou BSD 2 domain_name-0.5.20190701.gem* "This is a Domain Name manipulation library for Ruby. It can also be used for cookie domain validation based on the Public Suffix List. " https://rubygems.org/gems/domain_name/versions/0.5.20190701 "2011-2017 Copyright 2011-2017 Akinori MUSHA 2000-2002 Copyright 2000-2002 Verisign Inc., All rights reserved" https://github.com/knu/ruby-domain_name Akinori MUSHA BSD 2 rubyzip-1.3.0.gem https://rubygems.org/gems/rubyzip/versions/1.3.0 http://github.com/rubyzip/rubyzip Alexander Simonov BSD 2 unf-0.1.4-java.gem "This is a wrapper library to bring Unicode Normalization Form support to Ruby/JRuby. " https://rubygems.org/gems/unf/versions/0.1.4 "2011-2012 Copyright 2011-2012 Akinori MUSHA 2011-2012 Copyright 2011-2012 2013 Akinori MUSHA" https://github.com/knu/ruby-unf Akinori MUSHA BSD 3 d3-3.2.8.min.js A JavaScript visualization library for HTML and SVG. https://cdnjs.com/libraries/d3/3.2.8 https://d3js.org BSD 3 domain_name-0.5.20190701.gem* "This is a Domain Name manipulation library for Ruby. It can also be used for cookie domain validation based on the Public Suffix List. " https://rubygems.org/gems/domain_name/versions/0.5.20190701 "2011-2017 Copyright 2011-2017 Akinori MUSHA 2000-2002 Copyright 2000-2002 Verisign Inc., All rights reserved" https://github.com/knu/ruby-domain_name Akinori MUSHA BSD 3 ffi-1.12.2-java.gem Ruby FFI library https://rubygems.org/gems/ffi/versions/1.12.2 "2008-2013 Copyright 2008-2013 Ruby FFI project contributors 2008-2016 Copyright 2008-2016 Ruby FFI project contributors 1996-2011 Copyright 1996-2011 Anthony Green, Red Hat, Inc and others" https://github.com/ffi/ffi/wiki Wayne Meissner BSD 3 jquery.easing-1.3.js* A jQuery plugin from GSGD to give advanced easing options https://cdnjs.com/libraries/jquery-easing/1.3 http://gsgd.co.uk/sandbox/jquery/easing/ BSD 3 sinon-no-sourcemaps-2.3.4.js JavaScript test spies, stubs and mocks. https://cdnjs.com/libraries/sinon.js/2.3.4 http://sinonjs.org/ Common Public 1.0 htmllexer.jar https://mvnrepository.com/artifact/org.htmlparser/htmllexer Eclipse 1.0 jruby-jars-9.2.12.0.gem "This gem includes the core JRuby code and the JRuby 1.8/1.9 stdlib as jar files. It provides a way to have other gems depend on JRuby without including (and freezing to) a specific jruby-complete jar version." https://rubygems.org/gems/jruby-jars/versions/9.2.12.0 https://github.com/jruby/jruby/tree/master/maven/jruby-jars Charles Oliver Nutter IBM ant-contrib-0.6.jar Websphere Liberty "2002 Copyright 2002 The IronSmith Project 2000-2004 Copyright 2000-2004 Jason Hunter & Brett McLaughlin 1999 Copyright 1999 Sun Microsystems., http://www.sun.com 2003-2004 Copyright 2003-2004 The Apache Software Foundation 1999-2002 Copyright 1999-2002 The Apache Software Foundation 2000-2002 Copyright 2000-2002 The Apache Software Foundation 2000 Copyright 2000 World Wide Web Consortium, http://www.w3.org 2003 Copyright 2003 (C) James Strachan and Bob Mcwhirter 1999-2001 Copyright 1999-2001 The Apache Software Foundation 1999 Copyright 1999 IBM Corporation., http://www.ibm.com 1999-2003 Copyright 1999-2003 The Apache Software Foundation 2004 Copyright 2004 The Apache Software Foundation" http://archive.apache.org/dist/cocoon/cocoon-2.1.8-src.zip Eclipse IBM bsf-2.4.0.jar Websphere Liberty "1999-2009 Copyright 1999- 2009 Apache Software Foundation 2001-2008 Copyright 2001-2008 The Apache Software Foundation 2001-2007 Copyright 2001-2007 The Apache Software Foundation 2002-2003 Copyright 2002-2003 The Apache Software Foundation 2003-2008 Copyright 2003-2008 The Apache Software Foundation 2003 Copyright 2003 The Visigoth Software Society 2005-2009 Copyright 2005-2009 Apache Software Foundation 2001-2004 Copyright 2001-2004 Unicode, Inc 1999 Copyright 1999 Sun Microsystems., http://www.sun.com 2006 Copyright 2006 The Apache Software Foundation 2001-2006 Copyright 2001-2006 The Apache Software Foundation 1999-2007 Copyright 1999-2007
Load more

Recommended publications
  • Rubyperf.Pdf
    Ruby Performance. Tips, Tricks & Hacks Who am I? • Ezra Zygmuntowicz (zig-mun-tuv-itch) • Rubyist for 4 years • Engine Yard Founder and Architect • Blog: http://brainspl.at Ruby is Slow Ruby is Slow?!? Well, yes and no. The Ruby Performance Dichotomy Framework Code VS Application Code Benchmarking: The only way to really know performance characteristics Profiling: Measure don’t guess. ruby-prof What is all this good for in real life? Merb Merb Like most useful code it started as a hack, Merb == Mongrel + Erb • No cgi.rb !! • Clean room implementation of ActionPack • Thread Safe with configurable Mutex Locks • Rails compatible REST routing • No Magic( well less anyway ;) • Did I mention no cgi.rb? • Fast! On average 2-4 times faster than rails Design Goals • Small core framework for the VC in MVC • ORM agnostic, use ActiveRecord, Sequel, DataMapper or roll your own db access. • Prefer simple code over magic code • Keep the stack traces short( I’m looking at you alias_method_chain) • Thread safe, reentrant code Merb Hello World No code is faster then no code • Simplicity and clarity trumps magic every time. • When in doubt leave it out. • Core framework to stay small and simple and easy to extend without gross hacks • Prefer plugins for non core functionality • Plugins can be gems Key Differences • No auto-render. The return value of your controller actions is what gets returned to client • Merb’s render method just returns a string, allowing for multiple renders and more flexibility • PartController’s allow for encapsualted applets without big performance cost Why not work on Rails instead of making a new framework? • Originally I was trying to optimize Rails and make it more thread safe.
    [Show full text]
  • Merb's Role in the MVC Holy Wars
    BattleBattle RoyaleRoyale Merb's Role in the MVC Holy Wars >> whoamiwhoami >> whoamiwhoami ● Foy Savas >> whoamiwhoami ● Foy Savas ● foysavas online (github, irc, twitter, etc) >> whoamiwhoami ● Foy Savas ● foysavas online (github, irc, twitter, etc) ● Ruby Application Developer >> whoamiwhoami ● Foy Savas ● foysavas online (github, irc, twitter, etc) ● Ruby Application Developer ● Merb and DataMapper Contributor >> whoamiwhoami ● Foy Savas ● foysavas online (github, irc, twitter, etc) ● Ruby Application Developer ● Merb and DataMapper Contributor ● Bet Dan Grigsby $20 we could patch Extlib against some ridiculous edge case bug Dan,Dan, youyou betterbetter paypay up.up. TheThe MerbMerb WayWay AA wayway thatthat cancan bebe takentaken rarelyrarely staysstays thethe way.way. AA namename thatthat cancan bebe givengiven rarelyrarely staysstays thethe name.name. AppliesApplies toto WebWeb FrameworksFrameworks AppliesApplies toto WebWeb FrameworksFrameworks ● OpenACS AppliesApplies toto WebWeb FrameworksFrameworks ● OpenACS ● JSP AppliesApplies toto WebWeb FrameworksFrameworks ● OpenACS ● JSP ● ASP AppliesApplies toto WebWeb FrameworksFrameworks ● OpenACS ● JSP ● ASP ● Coldfusion AppliesApplies toto WebWeb FrameworksFrameworks ● OpenACS ● JSP ● ASP ● Coldfusion ● Bird's Nests of PHP AppliesApplies toto WebWeb FrameworksFrameworks ● OpenACS ● JSP ● ASP ● Coldfusion ● Bird's Nests of PHP ● Ruby on Rails AppliesApplies toto WebWeb FrameworksFrameworks ● OpenACS ● JSP ● ASP ● Coldfusion ● Bird's Nests of PHP ● Ruby on Rails ● Django AppliesApplies
    [Show full text]
  • Ruby on Rails™ Tutorial: Learn Web Developments with Rails
    ptg8286261 www.it-ebooks.info Praise for Michael Hartl’s Books and Videos on Ruby on RailsTM ‘‘My former company (CD Baby) was one of the first to loudly switch to Ruby on ptg8286261 Rails, and then even more loudly switch back to PHP (Google me to read about the drama). This book by Michael Hartl came so highly recommended that I had to try it, and the Ruby on RailsTM Tutorial is what I used to switch back to Rails again.’’ —From the Foreword by Derek Sivers (sivers.org) Formerly: Founder, CD Baby Currently: Founder, Thoughts Ltd. ‘‘Michael Hartl’s Rails Tutorial book is the #1 (and only, in my opinion) place to start when it comes to books about learning Rails. It’s an amazing piece of work and, unusually, walks you through building a Rails app from start to finish with testing. If you want to read just one book and feel like a Rails master by the end of it, pick the Ruby on RailsTM Tutorial.’’ —Peter Cooper Editor, Ruby Inside www.it-ebooks.info ‘‘Grounded in the real world.’’ —I Programmer (www.i-programmer.info), by Ian Elliot ‘‘The book gives you the theory and practice, while the videos focus on showing you in person how its done. Highly recommended combo.’’ —Antonio Cangiano, Software Engineer, IBM ‘‘The author is clearly an expert at the Ruby language and the Rails framework, but more than that, he is a working software engineer who introduces best practices throughout the text.’’ —Greg Charles, Senior Software Developer, Fairway Technologies ‘‘Overall, these video tutorials should be a great resource for anyone new to Rails.’’ —Michael Morin, ruby.about.com ‘‘Hands-down, I would recommend this book to anyone wanting to get into Ruby on Rails development.’’ —Michael Crump, Microsoft MVP ptg8286261 www.it-ebooks.info RUBY ON RAILSTM TUTORIAL Second Edition ptg8286261 www.it-ebooks.info Visit informit.com/ruby for a complete list of available products.
    [Show full text]
  • X-XSS- Protection
    HTTP SECURITY HEADERS (Protection For Browsers) BIO • Emmanuel JK Gbordzor ISO 27001 LI, CISA, CCNA, CCNA-Security, ITILv3, … 11 years in IT – About 2 years In Security Information Security Manager @ PaySwitch Head, Network & Infrastructure @ PaySwitch Head of IT @ Financial Institution Bug bounty student by night – 1st Private Invite on Hackerone Introduction • In this presentation, I will introduce you to HyperText Transfer Protocol (HTTP) response security headers. • By specifying expected and allowable behaviors, we will see how security headers can prevent a number of attacks against websites. • I’ll explain some of the different HTTP response headers that a web server can include in a response, and what impact they can have on the security of the web browser. • How web developers can implement these security headers to make user experience more secure A Simple Look At Web Browsing Snippet At The Request And Response Headers Browser Security Headers help: ➢ to define whether a set of security precautions should be activated or Why deactivated on the web browser. ➢ to reinforce the security of your web Browser browser to fend off attacks and to mitigate vulnerabilities. Security ➢ in fighting client side (browser) attacks such as clickjacking, Headers? injections, Multipurpose Internet Mail Extensions (MIME) sniffing, Cross-Site Scripting (XSS), etc. Content / Context HTTP STRICT X-FRAME-OPTIONS EXPECT-CT TRANSPORT SECURITY (HSTS) CONTENT-SECURITY- X-XSS-PROTECTION X-CONTENT-TYPE- POLICY OPTIONS HTTP Strict Transport Security (HSTS)
    [Show full text]
  • Collaborative Topic Modeling for Recommending Github Repositories
    Collaborative Topic Modeling for Recommending GitHub Repositories Naoki Orii School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213, USA [email protected] ABSTRACT While an increase in the number of availble open source software projects certainly benefits the open source ecosys- The rise of distributed version control systems has led to a tem, it has become more difficult for programmers to find significant increase in the number of open source projects projects of interest. In 2009, GitHub hosted a recommenda- available online. As a consequence, finding relevant projects tion contest to recommend repositories to users. The train- has become more difficult for programmers. Item recom- ing dataset was based on 440,000 user-watches-repository mendation provides a way to solve this problem. In this pa- relationships given by over 56,000 users to nearly 121,000 per, we utilize a recently proposed algorithm that combines repositories. The test dataset consisted of 4,800 users (which traditional collaborative filtering and probabilistic topic mod- all of them are in the training data), and the goal is to rec- eling. We study a large dataset from GitHub, a social net- ommend up to 10 repositories for each of the test users. working and open source hosting site for programmers, and compare the method against traditional methods. We also The problem of item recommendation has been studied provide interpretations on the latent structure for users and extensively, especially involving the Netflix Prize. However, repositories. there is a distinct difference between the Netflix Prize and GitHub's recommendation contest. While in both contests we have the user-item matrix, we can also consider source 1.
    [Show full text]
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]
  • Open Source Software As Intangible Capital: Measuring the Cost and Impact of Free Digital Tools Preliminary Draft October 31, 20181 Carol A
    Open Source Software as Intangible Capital: Measuring the Cost and Impact of Free Digital Tools Preliminary Draft October 31, 20181 Carol A. Robbins*(1), Gizem Korkmaz (2), José Bayoán Santiago Calderón (3), Daniel Chen (2), Claire Kelling (4) , Stephanie Shipp (2), Sallie Keller (2) Abstract Open source software is everywhere, both as specialized applications nurtured by devoted user communities, and as digital infrastructure underlying platforms used by millions daily, yet its value and impact are not currently measured (with small exceptions). We develop an approach to document the scope and impact of open source software created by all sectors of the economy: businesses, universities, government research institutions, nonprofits, and individuals. We use a bottom-up approach to measure subset of OSS projects and languages, collecting data on open source software languages R, Python, Julia, and JavaScript, as well as from the Federal Government’s code.gov website. Using lines of code and a standard model to estimate package developer time, we convert lines of code to resource cost. We estimate that the resource cost for developing R, Python, Julia, and JavaScript exceeds $3 billion dollars, based on 2017 costs. Applying this approach to open source software available on code.gov results in an estimated value of more than $1 billion, based on 2017 costs, as a lower bound for the resource cost of this software. We analyze the dependencies between software packages through network analysis and estimate re-use statistics. This reuse is one measure of relative impact. Key words: Open Source Software, Intangibles, Network Analysis National Center for Science and Engineering Statistics, National Science Foundation; 2) Social & Decision Analytics Division, Biocomplexity Institute & Initiative, University of Virginia; 3) Claremont Graduate University; 4) Pennsylvania State University 1 An earlier version of this paper was presented August 21, 2018 at the International Association for Research on Income and Wealth.
    [Show full text]
  • Lista Ofrecida Por Mashe De Forobeta. Visita Mi Blog Como Agradecimiento :P Y Pon E Me Gusta En Forobeta!
    Lista ofrecida por mashe de forobeta. Visita mi blog como agradecimiento :P Y pon e Me Gusta en Forobeta! http://mashet.com/ Seguime en Twitter si queres tambien y avisame que sos de Forobeta y voy a evalu ar si te sigo o no.. >>@mashet NO ABUSEN Y SIGAN LOS CONSEJOS DEL THREAD! http://blog.newsarama.com/2009/04/09/supernaturalcrimefightinghasanewname anditssolomonstone/ http://htmlgiant.com/?p=7408 http://mootools.net/blog/2009/04/01/anewnameformootools/ http://freemovement.wordpress.com/2009/02/11/rlctochangename/ http://www.mattheaton.com/?p=14 http://www.webhostingsearch.com/blog/noavailabledomainnames068 http://findportablesolarpower.com/updatesandnews/worldresponsesearthhour2009 / http://www.neuescurriculum.org/nc/?p=12 http://www.ybointeractive.com/blog/2008/09/18/thewrongwaytochooseadomain name/ http://www.marcozehe.de/2008/02/29/easyariatip1usingariarequired/ http://www.universetoday.com/2009/03/16/europesclimatesatellitefailstoleave pad/ http://blogs.sjr.com/editor/index.php/2009/03/27/touchinganerveresponsesto acolumn/ http://blog.privcom.gc.ca/index.php/2008/03/18/yourcreativejuicesrequired/ http://www.taiaiake.com/27 http://www.deadmilkmen.com/2007/08/24/leaveusaloan/ http://www.techgadgets.in/household/2007/06/roboamassagingchairresponsesto yourvoice/ http://blog.swishzone.com/?p=1095 http://www.lorenzogil.com/blog/2009/01/18/mappinginheritancetoardbmswithst ormandlazrdelegates/ http://www.venganza.org/about/openletter/responses/ http://www.middleclassforum.org/?p=405 http://flavio.castelli.name/qjson_qt_json_library http://www.razorit.com/designers_central/howtochooseadomainnameforapree
    [Show full text]
  • Evaluating Web Development Frameworks: Django, Ruby on Rails and Cakephp
    Evaluating web development frameworks: Django, Ruby on Rails and CakePHP Julia Plekhanova Temple University © September 2009 Institute for Business and Information Technology Fox School of Business Temple University The IBIT Report © 2009 Institute for Business and Information Technology, Bruce Fadem Fox School of Business, Temple University, Philadelphia, PA Editor-in-chief 19122, USA. All rights reserved. ISSN 1938-1271. Retired VP and CIO, Wyeth The IBIT Report is a publication for the members of the Fox Munir Mandviwalla School’s Institute for Business and Information Technology. IBIT reports are written for industry and based on rigorous Editor academic research and vendor neutral analysis. For additional Associate Professor and Executive Director reports, please visit our website at http://ibit.temple.edu. Fox School of Business, Temple University No part of this publication may be reproduced, stored in a Laurel Miller retrieval system or transmitted in any form or by any means, Managing Editor electronic, mechanical, photocopying, recording, scanning Director, Fox School of Business, Temple University or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher Board of editors for permission should be addressed to Institute for Business and Information Technology, Fox School of Business, Temple Andrea Anania University, 1810 N. 13th Street, Philadelphia, PA 19122, Retired VP and CIO, CIGNA USA, 215.204.5642, or [email protected]. Jonathan A. Brassington Disclaimer: The conclusions and statements of this report Founding Partner and CEO are solely the work of the authors. They do not represent LiquidHub Inc.
    [Show full text]
  • Identifying Javascript Skimmers on High-Value Websites
    Imperial College of Science, Technology and Medicine Department of Computing CO401 - Individual Project MEng Identifying JavaScript Skimmers on High-Value Websites Author: Supervisor: Thomas Bower Dr. Sergio Maffeis Second marker: Dr. Soteris Demetriou June 17, 2019 Identifying JavaScript Skimmers on High-Value Websites Thomas Bower Abstract JavaScript Skimmers are a new type of malware which operate by adding a small piece of code onto a legitimate website in order to exfiltrate private information such as credit card numbers to an attackers server, while also submitting the details to the legitimate site. They are impossible to detect just by looking at the web page since they operate entirely in the background of the normal page operation and display no obvious indicators to their presence. Skimmers entered the public eye in 2018 after a series of high-profile attacks on major retailers including British Airways, Newegg, and Ticketmaster, claiming the credit card details of hundreds of thousands of victims between them. To date, there has been little-to-no work towards preventing websites becoming infected with skimmers, and even less so for protecting consumers. In this document, we propose a novel and effective solution for protecting users from skimming attacks by blocking attempts to contact an attackers server with sensitive information, in the form of a Google Chrome web extension. Our extension takes a two-pronged approach, analysing both the dynamic behaviour of the script such as outgoing requests, as well as static analysis by way of a number of heuristic techniques on scripts loaded onto the page which may be indicative of a skimmer.
    [Show full text]
  • Bigfix Inventory Open Source Licenses and Notices
    The HCL license agreement and any applicable information on the web download page for HCL products refers Licensee to this file for details concerning notices applicable to code included in the products listed above ("the Program"). Notwithstanding the terms and conditions of any other agreement Licensee may have with HCL or any of its related or affiliated entities (collectively "HCL"), the third party code identified below is subject to the terms and conditions of the HCL license agreement for the Program and not the license terms that may be contained in the notices below. The notices are provided for informational purposes. Please note: This Notices file may identify information that is not used by, or that was not shipped with, the Program as Licensee installed it. IMPORTANT: HCL does not represent or warrant that the information in this NOTICES file is accurate. Third party websites are independent of HCL and HCL does not represent or warrant that the information on any third party website referenced in this NOTICES file is accurate. HCL disclaims any and all liability for errors and omissions or for any damages accruing from the use of this NOTICES file or its contents, including without limitation URLs or references to any third party websites. <<Begin Inventory Application Notices>> License Library Description License Reference Reference Type Copyrights Homepage Download Link Author Apache 2.0 ant-1.7.0.jar Apache Ant https://repo.maven.apache.org/maven2/org/apache/ant/ant/1.7.0/ant- 1.7.0.pom POM file "1999-2006 Copyright 1999-2006 The Apache Software Foundation 2002 Copyright 2002 Landmark" https://repo.maven.apache.org/maven2/org/apache/ant/ant/1.7.0/ant- 1.7.0.jar Apache Software Foundation Apache 2.0 cglib-nodep-2.2.2.jar Code generation library with shaded ASM dependecies POM file http://cglib.sourceforge.net/ https://repo.maven.apache.org/maven2/cglib/cglib-nodep/2.2.2/cglib- nodep-2.2.2.jar Apache 2.0 commons-codec-1.4.jar "The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal.
    [Show full text]
  • An Empirical Study of the Use of Integrity Verification Mechanisms
    An Empirical Study of the Use of Integrity Verification Mechanisms for Web Subresources Bertil Chapuis, Olamide Omolola, Mauro Cherubini, Mathias Humbert, Kévin Huguenin To cite this version: Bertil Chapuis, Olamide Omolola, Mauro Cherubini, Mathias Humbert, Kévin Huguenin. An Empiri- cal Study of the Use of Integrity Verification Mechanisms for Web Subresources. The Web Conference (WWW), Apr 2020, Taipei, Taiwan. pp.34-45, 10.1145/3366423.3380092. hal-02435688 HAL Id: hal-02435688 https://hal.archives-ouvertes.fr/hal-02435688 Submitted on 20 Jan 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. An Empirical Study of the Use of Integrity Verification Mechanisms for Web Subresources Bertil Chapuis Olamide Omolola Mauro Cherubini UNIL – HEC Lausanne TU Graz UNIL – HEC Lausanne Switzerland Austria Switzerland [email protected] [email protected] [email protected] Mathias Humbert Kévin Huguenin armasuisse S+T UNIL – HEC Lausanne Switzerland Switzerland [email protected] [email protected] ABSTRACT 1 INTRODUCTION Web developers can (and do) include subresources such as scripts, The Web is a set of interlinked resources identied by their URLs. stylesheets and images in their webpages.
    [Show full text]