I'm clutching at straws a little here but was wondering if anyone had any insight into whether this was possible. It doesn't seem as though Amazon provide any kind of [public] API for getting data about a users kindle books and specifically how far through them they have read, but I'm hoping I've missed something.
So basically, given a users amazon login or kindle email address or some other unique identifier I would like to be able to connect to a web service to get back the list of kindle books the user has purchased/downloaded and then determine how far through them they have read. Amazon must have this data in order to be able to sync books across devices, but it doesn't appear that they have made available an API to get this data.
You are correct, Amazon does have this data but as you suspected there is not a public API for non-Kindles to query it.
Related
I use a public AMI from a third party which runs an nginx web server, and it uses the EC2 instance ID for the default admin password. I'm trying to think of any vulnerabilities with this, if I do not change the default password. Since the HTTPS server is public, is there any way someone could discover the EC2 instance ID?
I know this can be seen by anyone in my company who has ec2:DescribeInstances permission, but I'm not really concerned about that. I just want to make sure no one outside can find it.
Off the top of my head and without considering any crazy specific scenarios, I do not believe it is possible for one to retrieve this information without exploiting some sort of 0-day vulnerability we presently don't know about.
Now let's stop living in a perfect world and begin to threat model about what could potentially happen.
Depending on the functionality you have going on and some other variables, I don't think it is crazy to think the instance ID could be leaked in some manner. Let's say you exposed a web application and you had some functionality which took user input and did not validate this input, then I could see the instance ID potentially being capable of being leaked.
For all intensive purposes, let's say our host is hosting a web application which analyzes users' LinkedIn profiles and offers them career advice. In addition, let's assume that the web application poorly accepts input and does not validate that a spoofed URL has been provided instead of a LinkedIn URL, and it will provide the response details after it has made a request to the URL provided by the attacker.
Considering all these, if I was an attacker trying to get the instance ID of your host, I would navigate to the part of the web application which accepts my input and I would provide the following input, and considering the scenarios I posed above, an attacker could potentially get the desired information:
http://169.254.169.254/latest/meta-data/instance-id
How I came up with that payload was I looked at:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html#instance-metadata-ex-1
I believe that if all these prerequisites were met, then this would potentially leak the instance ID.
But until all these scenarios exist, it is not likely. I have seen some web applications which allow you to add an integration to your website poorly validate input given by the user. As such, one can exploit a server side request vulnerability to attack the host.
I hope this is a good explanation of how it could potentially happen, but again, I don't think it is likely.
I am trying to write a Kafka connector to fetch data from the facebook. The problems are,
How to fetch data from facebook through their API without exceeding the limit of API hit provided by facebook? The connector should call facebook API for data after a specific time interval so that the number of hits won't exceed.
Each user can hit the facebook API with their Access Token so users can't share the same topic partition. So how to handle this scenario. Do we have to create one partition for each user?
I read a few guides and blogs to understand Kafka connect and write a connector.
Confluent- https://docs.confluent.io/current/connect/index.html
Kafka Documentation- https://kafka.apache.org/documentation/#connect
Conceptually It gave me an idea about what is Kafka connect, how it works and what are the important classes to write a Kafka connector. But still, I am confused that practically how to write and run a connector. I tried to find step by step development guide but didn't get.
Any tutorial or pdf If you could suggest which have detailed step by step development guide to write and run Kafka connector.
The only "official guide" is in those links you have
https://docs.confluent.io/current/connect/devguide.html#developing-a-simple-connector
I personally have no experience with the Facebook API, but I assume it uses REST, so you could make start by forking the kafka-connect-rest project, but the simplest answer to not exceed the limit would be to not send more requests than you are allowed within a given time period (add a timer to the code that waits between requests)
Also, one connector would only have one set of access keys. How you create the ConnectRecord objects to ultimately partition the records is up to you, but I don't think having an access key per user will scale very well. It might make more sense to have one key tied to one application, then each user will accept that that application has access to read certain details from their account.
I have integrated my amazon echo device with the amazon portal associated to my account. I was able to create my own custom question with the Alexa Skills Kit and process with an AWS Lambda function to generate a response.
My question is: is it possible to programatically "push" a message to the echo device? For example, I would like for it to speak without having to ask it a question. I'd like it to do something at a specific moment.
If it is possible, could you please share any sample code to achieve this?
It is not currently possible, but it is an oft requested feature on the AWS forums.
http://forums.developer.amazon.com/forums/thread.jspa;jsessionid=EC0D457A400B594DD0F0561EEB43A8FA?messageID=17713䔱
I've not done this myself but it seems using the Alexa Voice Service could do the trick. It allows processing of voice from any type of audio capture and sends it to the Alexa Service. It seems possible you could record the proper phrase into a sound file and send that to AVS, thus triggering the Alexa service.
I know it's capable but Amazon hasn't offered it as a feature yet. If you go to the Echo web site http://alexa.amazon.com/spa/index.html#cards, Settings, Connected Home and select Discover devices, the echo will perform a command triggered from the web site and will speak when completed. I didn't have to say a word.
From what I read on an article about notifications here, they were going to do something that meant you still had to ask Alexa to tell you your notifications, which would build up throughout the day and cause your device to light up and chime to let you know you had a notification to listen to.
Rather than allowing Alexa to randomly blurt stuff out any time she feels like it.
Which kinda seems pointless if you don't get the notification at the exact time it was sent, for example a smart home connected device triggering an alert to let you know you left your door open too long or the app automatically reading you the weather when you get up and turn on the coffee pot in a morning, things like that. If you have to ask for the notifications you may as well just do the speaking and request stuff from the beginning.
Maybe I'm wrong but that's how it reads to me.
Surely we want, with opt-in permission per skill, to allow Alexa to just say whatever she likes whenever she likes from the skills we have set up receiving such commands, without us having to say oh I see I have notifications let me ask what those are.
Just for people who stumble across this question in 2021:
The solution is to use Amazon Proactive Events
Your Skill has to request for the notification permission, subscribe for a specific event and then you can generate a access token and POST events to the amazon API.
Took me some hours to find out because Amazon offers different things which all sound quite similar but some are deprecated (ASK CLI v1) and others are just for Alexa device manufacturers.
Wuhu! Sounds like Amazon may enable push notifications this Fall.
Digital Trends Article
Amazon is expected to establish guidelines for developers and manufacturers so that Alexa remains classy and doesn’t become an interrupting nag.
To start off, I am extremely sorry if my question is not clear but I have very little knowledge about web services in general and the vast nature of varying available information has driven me crazy over the past few weeks. So please do bear with me.
Summary: I want to create a live score update app for android. (I haven't added android as a tag because I do know how to retrieve data from say twitter's JSON api.) However, like the twitter JSON api, I want to be able to add(POST maybe?) data to the Apache 7.0 service that I have running. I then want the app to be able to be able to retrieve this data that I have posted.
I had asked a more generic question earlier and I was told that I should look up some api's. I did that but I have still not been unable to make a break through.
So my questions is:
Is setting up an API on my local web service the correct way to do this?
If so, how can I setup an API that will return JSON objects to the Android app. Also, I would need to be able to constantly update this API with new data.
Additionally, would I also need to setup a database for all this?
Any links to well explained matter would be appreciated too.
Note: I would like to carry this out using a RESTful Web Service through Jersey and use JSON Objects during retrieval.
Again, I am sorry about my terrible knowledge with web services in general despite trying my best to research a lot. The best I could do was get my RESTful Web to respond to a GET with some pre-defined text that I had set in Eclipse.
Thanks.
If I understand you correctly, what you try to do is something like this:
There will be a match or multiple matches of some sort. Whenever a team/player scores someone (i.e. you) will use the app to update the score. People who previously subscribed to the match, will be notified and see the updated score.
Even though I'm not familiar with backends based on Java, the implementation should be fairly similar to other programming languages.
First of all a few words to REST in general. REST is generally needed, when you need to share information between multiple devices and or users. This seems to be the case here. To implement the REST you are going to need an API of some sorts. Within the web APIs are implemented by webservers answering to certain predefined HTTP Requests.
Thus setting up an API on a web server is the correct way.
Next a few words on databases. A database is generally needed, if you want to store information persistently. This might, or might not be what you are planning to do. If there are just going to be a few matches at the same time and you don't care about persistence of the data, you can use Java to store a collection of match objects in memory. I'm just saying it is possible, not that it is a good idea. Once your server crashes or you run out of memory due to w/e reason, data is going to be lost. (Of course within the actual implementation you want to cache data for current matches in some way and keeping objects in memory is way to do so).
I'd recommend to use a database.
Within the database, you can then store and access information about the matches like the score, which users subscribed, who played, etc.
JSON is just a way to represent the data/objects that will be shared between the server and the client. You can use JSON to encode request and response data/bodies.
The user has to be informed about the updated score. There are two basic ways to do so. Push or Pull. With pull, the client will check for updated scores after fixed intervals or actions. With push, the server will notify the client about changed scores which will cause him to update the information. Since you are planning on doing a live application and using Java anyways, push seems to be the better way to go.
Last but not least let's have a look at a possible implementation using
Webserver (API endpoints + database)
Administrator (keeps score updated)
User (receives updates)
We assume that the server will respond to HTTP Requests (POST#/api/my-endpoint) with JSON-Objects.
Possible flow
1)
First the administrator creates a match
REQUEST
POST # /api/matches
body: team1=someteam&team2=someotherteam
The server now will create a match object and store it in the database. The response will contain information about the object and whether the action was successful.
2)
The user asks for a list of matches
REQUEST
GET # /api/matches/curret
The response will be a JSON object containing a list of current matches.
RESPONSE
{
matches: [
{id: 1, teams:...}, ...
]
}
3)
(If push)
A user subscribes to a match
REQUEST
GET # /api/SOME_MATCH_ID/observe
The user will now be added as an observer for the match. Again, the response contains information about whether the action was successful or not.
4)
The administrator updates a score
REQUEST
UPDATE # /api/SOME_MATCH_ID
body: team1scored...
The score now gets update on the server (in memory/database) and the user will be notified about the updated score.
5)
The user gets the updated score
REQUEST
GET # /api/SOME_MATCH_ID
RESPONSE
... (Updated score in some way)
I am sure this question may seem a bit lacking, but I literally do not know where to begin with. I want to develop a solution that will allow me to manage ALL of my Amazon and Rakuten/Buy.com inventory from my own website.
My main concern is keeping the inventory in sync, so the process would be as follows:
1.Fetch Orders sold today
a.Subtract the respective quantities
2.Fetch Rakuten orders sold
a.Subtract the respective quantities
3.Update Internal DB of products
a.Send out updated feeds to Amazon and Rakuten.
Again, I apologize if this question may seem a bit lacking, but I am having trouble understanding how exactly to implement this, any tips would be appreciated
For the Amazon part look at https://developer.amazonservices.com/
Rakuten, I think you will be able to do what you want with it via the FTP access, I'm still researching this. If I find more I'll respond with a better answer.
In order to process orders, you'll need to use be registered with Rakuten in order to get an authorisation token. For the API doc etc... try sending an email to support#rakuten.co.uk.
Incidentally, to send out updated feeds, you'll need to use the inventory API in order to update stock quantities (given that you'll be selling the same item Amazon etc..).